Naléhavé, nevím jak se mi sem dostal přes McAfee vir! Řádí mi to na ploše jak blázen a já nevím co dělat, už jsem to jednou odstraňovala, ale u kamaráda na pc, a já toho tady mám podstatně více....co dělat? Co dříve?????
Prosím......
HELP!!!!! Naskočila červená plocha!
HELP!!!!! Naskočila červená plocha!
Naléhavé, nevím jak se mi sem dostal přes McAfee vir! Řádí mi to na ploše jak blázen a já nevím co dělat, už jsem to jednou odstraňovala, ale u kamaráda na pc, a já toho tady mám podstatně více....co dělat? Co dříve?????
Prosím......
Naposledy upravil(a) Helik dne 22 říj 2007 08:41, celkem upraveno 1 x.
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
pozdrav
první sem vlož log z hijack this ať vidíme co tam všechno máš
tady je návod:
http://www.pc-help.cz/viewtopic.php?t=13601
tady je návod:
http://www.pc-help.cz/viewtopic.php?t=13601
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:04, on 2007-10-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Svátky a narozeniny\SaN.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\McAfee\MSC\mcshell.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\AdwareRemover2007\AdwareRemover2007.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Maxthon2\Maxthon.exe
C:\Program Files\Maxthon2\Maxthon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dagmar\Local Settings\Temporary Internet Files\Content.IE5\0DQFWDQ5\HiJackThis[1].exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cscript.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2ADD7B0F-B71B-DE03-8647-04C9FBFA06F7} - C:\Program Files\urzsagpb\vguppsaz.dll
O2 - BHO: MSVPS System - {480598DD-AE28-48B7-82F7-6ADDA1AA6B66} - C:\WINDOWS\ntspkfxt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: The htunistock - {C58A4487-4C2E-45E4-9E3A-52B3A23CC396} - C:\WINDOWS\htunistock.dll
O4 - HKLM\..\Run: [SiSRaid] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [retutcna] regsvr32 /u "C:\Documents and Settings\All Users\Data aplikací\retutcna.dll"
O4 - HKLM\..\Run: [NI.UGA6P_0001_N119M1510] "c:\documents and settings\dagmar\data aplikací\install_en[1].exe"
O4 - HKLM\..\RunOnce: [freinst] "C:\Program Files\PCSecureSystem\pgs.exe" /empty
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Freebie Notes] "C:\Program Files\Power Soft\Freebie Notes\FreebieNotes.exe"
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [AdwareRemover2007] C:\Program Files\AdwareRemover2007\AdwareRemover2007.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Svátky a narozeniny.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{991756C8-FB6D-4EAC-BE3F-EED45726E729}: NameServer = 89.235.6.106,212.80.66.7
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: hostctrl - {8EC00736-246C-428A-BBBF-0A3E7387DF78} - C:\WINDOWS\hostctrl.dll
O21 - SSODL: hstsys - {3007CBCA-CE18-4BA4-A19A-ED6F4A2B3369} - C:\WINDOWS\hstsys.dll
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Plánovač automatické aktualizace LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 9809 bytes
Projíždí mi to nějakej AdwareRemover, a můj Ad-Adware SE, ale asi to bude na to slabý...to se mi na mým pc ještě nestalo...na ploše mám jakejsi čevenej znak v červené obrazovce.
Scan saved at 22:04, on 2007-10-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Svátky a narozeniny\SaN.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\McAfee\MSC\mcshell.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\AdwareRemover2007\AdwareRemover2007.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Maxthon2\Maxthon.exe
C:\Program Files\Maxthon2\Maxthon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dagmar\Local Settings\Temporary Internet Files\Content.IE5\0DQFWDQ5\HiJackThis[1].exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cscript.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2ADD7B0F-B71B-DE03-8647-04C9FBFA06F7} - C:\Program Files\urzsagpb\vguppsaz.dll
O2 - BHO: MSVPS System - {480598DD-AE28-48B7-82F7-6ADDA1AA6B66} - C:\WINDOWS\ntspkfxt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: The htunistock - {C58A4487-4C2E-45E4-9E3A-52B3A23CC396} - C:\WINDOWS\htunistock.dll
O4 - HKLM\..\Run: [SiSRaid] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [retutcna] regsvr32 /u "C:\Documents and Settings\All Users\Data aplikací\retutcna.dll"
O4 - HKLM\..\Run: [NI.UGA6P_0001_N119M1510] "c:\documents and settings\dagmar\data aplikací\install_en[1].exe"
O4 - HKLM\..\RunOnce: [freinst] "C:\Program Files\PCSecureSystem\pgs.exe" /empty
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Freebie Notes] "C:\Program Files\Power Soft\Freebie Notes\FreebieNotes.exe"
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [AdwareRemover2007] C:\Program Files\AdwareRemover2007\AdwareRemover2007.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Svátky a narozeniny.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{991756C8-FB6D-4EAC-BE3F-EED45726E729}: NameServer = 89.235.6.106,212.80.66.7
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: hostctrl - {8EC00736-246C-428A-BBBF-0A3E7387DF78} - C:\WINDOWS\hostctrl.dll
O21 - SSODL: hstsys - {3007CBCA-CE18-4BA4-A19A-ED6F4A2B3369} - C:\WINDOWS\hstsys.dll
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Plánovač automatické aktualizace LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 9809 bytes
Projíždí mi to nějakej AdwareRemover, a můj Ad-Adware SE, ale asi to bude na to slabý...to se mi na mým pc ještě nestalo...na ploše mám jakejsi čevenej znak v červené obrazovce.
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
Stáhni si SDFix
a spusť ho,vybalí se do vlastní složky (bude asi na C:\SDfix).
Poté restartuj PC do nouzového režimu.Otevři složku kde je vybalený SDFix a spusť soubor RunThis.bat a stiskni Y pro zahájení čistícího procesu.
Pro dokončení bude třeba stisknout libovolnou klávesu a počítač se restartuje.
Při nabíhání operačního systému budeš muset po vyzvání stisknout libovolnou klávesu pro vstup do do Win.
Po naběhnutí OS by ti měl zobrazit výpis SDFixu tak ho sem zkopíruj pokud by ti nevyběhne tak je umístěný ve své vlastní složce jako Report.txt (nezapomeň sem zkopírovat jeho obsah) + nový HJT log.
a spusť ho,vybalí se do vlastní složky (bude asi na C:\SDfix).
Poté restartuj PC do nouzového režimu.Otevři složku kde je vybalený SDFix a spusť soubor RunThis.bat a stiskni Y pro zahájení čistícího procesu.
Pro dokončení bude třeba stisknout libovolnou klávesu a počítač se restartuje.
Při nabíhání operačního systému budeš muset po vyzvání stisknout libovolnou klávesu pro vstup do do Win.
Po naběhnutí OS by ti měl zobrazit výpis SDFixu tak ho sem zkopíruj pokud by ti nevyběhne tak je umístěný ve své vlastní složce jako Report.txt (nezapomeň sem zkopírovat jeho obsah) + nový HJT log.
nouz.režim
Nemůžu najít opravu nouzového režimu, jsem tak vynervovaná...že to snad nenajdu...on mi totiž nefachá
tak už jsem to našla, ale ani po opravě se do nouzáku nedostanu...chjo!
Nouzový režim mi nefunguje ani po přeinstalaci systému Windows xp.
tak už jsem to našla, ale ani po opravě se do nouzáku nedostanu...chjo!
Nouzový režim mi nefunguje ani po přeinstalaci systému Windows xp.
Nový log - prosím o pomoc
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:47, on 2007-10-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AdwareRemover2007\AdwareRemover2007.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Svátky a narozeniny\SaN.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Maxthon2\Maxthon.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Dagmar\LOCALS~1\Temp\Rar$EX00.422\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2ADD7B0F-B71B-DE03-8647-04C9FBFA06F7} - C:\Program Files\urzsagpb\vguppsaz.dll (file missing)
O2 - BHO: MSVPS System - {480598DD-AE28-48B7-82F7-6ADDA1AA6B66} - C:\WINDOWS\ntspkfxt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: The htunistock - {C58A4487-4C2E-45E4-9E3A-52B3A23CC396} - C:\WINDOWS\htunistock.dll
O4 - HKLM\..\Run: [SiSRaid] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [retutcna] regsvr32 /u "C:\Documents and Settings\All Users\Data aplikací\retutcna.dll"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Freebie Notes] "C:\Program Files\Power Soft\Freebie Notes\FreebieNotes.exe"
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [AdwareRemover2007] C:\Program Files\AdwareRemover2007\AdwareRemover2007.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Svátky a narozeniny.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{991756C8-FB6D-4EAC-BE3F-EED45726E729}: NameServer = 89.235.6.106,212.80.66.7
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: hostctrl - {8EC00736-246C-428A-BBBF-0A3E7387DF78} - C:\WINDOWS\hostctrl.dll (file missing)
O21 - SSODL: hstsys - {3007CBCA-CE18-4BA4-A19A-ED6F4A2B3369} - C:\WINDOWS\hstsys.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Plánovač automatické aktualizace LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 8275 bytes
Scan saved at 08:47, on 2007-10-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AdwareRemover2007\AdwareRemover2007.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Svátky a narozeniny\SaN.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Maxthon2\Maxthon.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Dagmar\LOCALS~1\Temp\Rar$EX00.422\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2ADD7B0F-B71B-DE03-8647-04C9FBFA06F7} - C:\Program Files\urzsagpb\vguppsaz.dll (file missing)
O2 - BHO: MSVPS System - {480598DD-AE28-48B7-82F7-6ADDA1AA6B66} - C:\WINDOWS\ntspkfxt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: The htunistock - {C58A4487-4C2E-45E4-9E3A-52B3A23CC396} - C:\WINDOWS\htunistock.dll
O4 - HKLM\..\Run: [SiSRaid] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [retutcna] regsvr32 /u "C:\Documents and Settings\All Users\Data aplikací\retutcna.dll"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Freebie Notes] "C:\Program Files\Power Soft\Freebie Notes\FreebieNotes.exe"
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [AdwareRemover2007] C:\Program Files\AdwareRemover2007\AdwareRemover2007.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Svátky a narozeniny.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{991756C8-FB6D-4EAC-BE3F-EED45726E729}: NameServer = 89.235.6.106,212.80.66.7
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: hostctrl - {8EC00736-246C-428A-BBBF-0A3E7387DF78} - C:\WINDOWS\hostctrl.dll (file missing)
O21 - SSODL: hstsys - {3007CBCA-CE18-4BA4-A19A-ED6F4A2B3369} - C:\WINDOWS\hstsys.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Plánovač automatické aktualizace LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 8275 bytes
Re: Nový log - prosím o pomoc
no pokud se ti ta cervena obrazovka obeji po chvili a funguje jako odkaz a 1 az 2x za minutu se ti otevre IE tak by to mohl byt W32 Looksky aspon ja sem to mel a nejak se mi toho nepovedlo zbavit tak sem reinstaloval windows 
PS mel sem avasta ale i tak se mi to tam dostalo
PS mel sem avasta ale i tak se mi to tam dostalo
Core i7 9700KF, MSI Z390A Pro, 32GB RAM , 3070, 1TB, 650W Corsair, Creative X-fi Windows 7 HP
O2 VDSL 16MB
Xbox One
O2 VDSL 16MB
Xbox One
kontrola logu z ComboFix
ComboFix 07-10-22.5 - Dagmar 2007-10-22 12:35:28.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.184 [GMT 2:00]
Running from: C:\Documents and Settings\Dagmar\Plocha\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Dagmar\Data aplikacˇ\install_en[1].exe
C:\WINDOWS\nmcuninstall.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NWSAPAGENT
-------\NwSapAgent
((((((((((((((((((((((((( Files Created from 2007-09-22 to 2007-10-22 )))))))))))))))))))))))))))))))
.
2007-10-22 12:34 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-22 12:05 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2007-10-22 12:03 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-10-22 12:03 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2007-10-22 12:03 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-10-22 12:03 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2007-10-22 10:51 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-10-22 09:55 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-10-22 09:45 <DIR> d-------- C:\Program Files\Panda Security
2007-10-22 09:27 1,035,316 --a------ C:\SmitfraudFix.exe
2007-10-22 01:20 <DIR> d-------- C:\Program Files\Avira
2007-10-22 00:46 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-21 22:36 <DIR> C:\Documents and Settings\Dagmar\Data aplikací\PCSecureSystem
2007-10-21 21:36 <DIR> d-------- C:\Program Files\AdwareRemover2007
2007-10-21 06:02 <DIR> d-------- C:\Program Files\urzsagpb
2007-10-21 05:56 278,528 --a------ C:\WINDOWS\ntspkfxt.dll
2007-10-20 14:25 <DIR> d-------- C:\Program Files\PDFCreator Toolbar
2007-10-20 14:25 <DIR> d-------- C:\Program Files\PDFCreator
2007-10-20 14:25 264,097 --a------ C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_687.exe
2007-10-20 14:25 116,224 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2007-10-20 14:25 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
2007-10-16 15:57 <DIR> d-------- C:\WINDOWS\pss
2007-10-15 21:24 <DIR> C:\Documents and Settings\Dagmar\Data aplikací\Lavasoft
2007-10-15 14:15 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-14 18:19 <DIR> d-a------ C:\WINDOWS\system32\systems.txt
2007-10-14 17:34 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-14 00:02 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-10-12 12:50 <DIR> d-a------ C:\WINDOWS\system32\Delete_Me_Dummy_systems.txt
2007-10-11 21:34 <DIR> C:\Documents and Settings\Mirka\Data aplikací\Macromedia
2007-10-11 21:30 <DIR> d-------- C:\Documents and Settings\Mirka\ćablony
2007-10-11 21:30 <DIR> d-------- C:\Documents and Settings\Mirka\Oblˇben‚ polo§ky
2007-10-11 21:30 <DIR> d-------- C:\Documents and Settings\Mirka\Dokumenty
2007-10-11 21:30 <DIR> C:\Documents and Settings\Mirka\Data aplikací\Microsoft
2007-10-11 21:30 <DIR> d-------- C:\Documents and Settings\Mirka\Data aplikacˇ
2007-10-09 11:53 <DIR> d-------- C:\Program Files\Ikony
2007-10-08 11:54 <DIR> d-------- C:\Program Files\Scan2PDF
2007-10-05 23:26 <DIR> d-------- C:\Program Files\Web Page Maker
2007-10-05 23:17 <DIR> d-------- C:\Program Files\Web Page Maker V2
2007-10-01 18:48 <DIR> C:\Documents and Settings\Dagmar\Data aplikací\Help
2007-10-01 18:36 <DIR> C:\Documents and Settings\Dagmar\Data aplikací\WinRAR
2007-09-30 20:33 <DIR> d-------- C:\Program Files\ICQToolbar
2007-09-30 20:32 <DIR> d-------- C:\Program Files\ICQ6
2007-09-30 17:53 <DIR> d-------- C:\Program Files\Google
2007-09-28 17:43 <DIR> C:\Documents and Settings\Dagmar\Data aplikací\AdobeUM
2007-09-27 16:34 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2007-09-27 16:34 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2007-09-27 16:34 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
2007-09-27 16:34 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2007-09-27 16:34 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2007-09-27 10:25 <DIR> d-------- C:\Program Files\Easy Editor 2005
2007-09-25 13:18 <DIR> d-------- C:\TRANSLAT
2007-09-25 13:10 <DIR> d-------- C:\Program Files\PC Translator 02 EN - CZ
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-22 10:27 --------- d-----w C:\Program Files\Maxthon2
2007-10-22 06:58 167 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-10-21 03:39 --------- d-----w C:\Documents and Settings\Dagmar\Data aplikací\Web Page Maker V2
2007-10-20 16:17 --------- d-----w C:\Documents and Settings\Dagmar\Data aplikací\Skype
2007-10-15 15:03 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-13 21:58 --------- d-----w C:\Program Files\CCleaner
2007-10-13 20:06 --------- d-s---w C:\Documents and Settings\Dagmar\Data aplikací\Microsoft
2007-09-30 18:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-30 18:33 --------- d-----w C:\Documents and Settings\Dagmar\Data aplikací\ICQ
2007-09-30 18:02 --------- d-----w C:\Program Files\Yahoo!
2007-09-28 14:59 --------- d-----w C:\Documents and Settings\Dagmar\Data aplikací\Scan2PDF
2007-09-25 19:40 --------- d-----w C:\Documents and Settings\Dagmar\Data aplikací\Ahead
2007-09-19 08:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-09-18 08:24 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-09-18 08:24 10,676 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-09-17 16:47 --------- d-----w C:\Documents and Settings\Dagmar\Data aplikací\Adobe
2007-09-17 07:24 --------- d-----w C:\Program Files\Power Soft
2007-09-17 07:06 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-16 13:40 --------- d-----w C:\Documents and Settings\Dagmar\Data aplikací\Apple Computer
2007-09-16 13:39 --------- d-----w C:\Program Files\QuickTime
2007-09-16 13:38 --------- d-----w C:\Program Files\Apple Software Update
2007-09-16 13:33 --------- d-----w C:\Program Files\Giovanni Software
2007-09-14 13:10 --------- d-----w C:\Documents and Settings\Dagmar\Data aplikací\ICQ Toolbar
2007-09-12 20:06 --------- d-----w C:\Documents and Settings\Dagmar\Data aplikací\CyberLink
2007-09-11 14:56 --------- d-----w C:\Program Files\KYE
2007-09-11 14:56 --------- d-----w C:\Program Files\Common Files\snpstd
2007-09-11 09:54 29,352 ----a-w C:\Documents and Settings\Dagmar\Data aplikací\GDIPFONTCACHEV1.DAT
2007-09-10 07:46 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-09-10 07:46 --------- d-----w C:\Program Files\Codec Pack - All In 1
2007-09-09 14:54 --------- d-----w C:\Program Files\Pinnacle
2007-09-09 14:53 --------- d-----w C:\Program Files\SmartSound Software
2007-09-09 14:53 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-09-09 14:52 --------- d-----w C:\Program Files\DivX
2007-09-09 14:32 --------- d-----w C:\Program Files\CyberLink
2007-09-07 20:28 --------- d-----w C:\Program Files\Sunbelt Software
2007-09-06 15:41 --------- d-----w C:\Program Files\PhotoFiltre
2007-09-05 18:16 --------- d-----w C:\Program Files\MSXML 4.0
2007-09-05 10:14 --------- d-----w C:\Program Files\Ahead
2007-09-05 10:02 --------- d-----w C:\Program Files\Common Files\Ahead
2007-09-05 01:45 --------- d-----w C:\Program Files\Java
2007-09-05 01:45 --------- d-----w C:\Program Files\Common Files\Java
2007-09-05 01:45 --------- d-----w C:\Documents and Settings\Dagmar\Data aplikací\Sun
2007-09-05 01:38 --------- d-----w C:\Program Files\Svátky a narozeniny
2007-09-05 01:11 --------- d-----w C:\Program Files\PowerShrink
2007-09-05 00:53 --------- d-s---w C:\Documents and Settings\LocalService\Data aplikací\Microsoft
2007-09-05 00:52 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-05 00:46 --------- d-----w C:\Program Files\Seznam
2007-09-05 00:39 --------- d-----w C:\Program Files\Skype
2007-09-05 00:39 --------- d-----w C:\Program Files\Common Files\Skype
2007-09-05 00:36 --------- d-----w C:\Program Files\IrfanView
2007-09-05 00:23 --------- d-----w C:\Program Files\QIP
2007-09-05 00:14 --------- d-----w C:\Documents and Settings\Dagmar\Data aplikací\Mozilla
2007-09-05 00:14 --------- d-----w C:\Documents and Settings\Dagmar\Data aplikací\Macromedia
2007-09-05 00:14 --------- d-----w C:\Documents and Settings\Dagmar\Data aplikací\InstallShield
2007-09-04 23:36 --------- d-----w C:\Program Files\HP
2007-09-04 23:34 --------- d-----w C:\Program Files\Common Files\HP
2007-09-04 23:33 --------- d-----w C:\Program Files\Hewlett-Packard
2007-09-04 23:31 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-09-04 23:06 8,972 ----a-w C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin
2007-09-04 23:06 --------- d-s---w C:\WINDOWS\system32\config\systemprofile\Data aplikací\Microsoft
2007-09-04 23:06 --------- d-s---w C:\WINDOWS\system32\config\systemprofile\Data aplikací\Microsoft
2007-09-04 22:52 --------- d-----w C:\Documents and Settings\Dagmar\Data aplikací\MxBoost
2007-09-04 21:42 --------- d-----w C:\Program Files\Analog Devices
2007-09-04 21:41 --------- d-----w C:\Program Files\sisagp
2007-09-04 21:41 --------- d-----w C:\Program Files\SiS VGA Utilities V3.67e
2007-09-04 21:38 --------- d-----w C:\Program Files\Silicon Integrated Systems
2007-09-04 21:30 --------- d-----w C:\Documents and Settings\Dagmar\Data aplikací\Identities
2007-09-04 21:24 --------- d-----w C:\Program Files\microsoft frontpage
2007-09-04 21:23 --------- d-s---w C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
2007-09-04 21:23 --------- d-s---w C:\Documents and Settings\Default User\Data aplikací\Microsoft
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ADD7B0F-B71B-DE03-8647-04C9FBFA06F7}]
C:\Program Files\urzsagpb\vguppsaz.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{480598DD-AE28-48B7-82F7-6ADDA1AA6B66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C58A4487-4C2E-45E4-9E3A-52B3A23CC396}"= C:\WINDOWS\htunistock.dll [ ]
[HKEY_CLASSES_ROOT\CLSID\{C58A4487-4C2E-45E4-9E3A-52B3A23CC396}]
[HKEY_CLASSES_ROOT\htunistock.ToolBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{84C94803-B5EC-4491-B2BE-7B113E013B77}]
[HKEY_CLASSES_ROOT\htunistock.ToolBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSRaid"="C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe" [2005-03-01 10:56]
"SiSPower"="SiSPower.dll" [2005-05-26 05:01 C:\WINDOWS\system32\SiSPower.dll]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41]
"SMail"="C:\Program Files\Seznam\Postak\Postak.exe" [2006-05-18 14:36]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-08-27 04:01]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-11 00:26]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 13:48]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"FinePrint Dispatcher v5"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2006-12-08 22:10]
"retutcna"="regsvr32 /u C:\Documents and Settings\All Users\Data aplikací\retutcna.dll" []
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-22 01:22]
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.184 [GMT 2:00]
Running from: C:\Documents and Settings\Dagmar\Plocha\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Dagmar\Data aplikacˇ\install_en[1].exe
C:\WINDOWS\nmcuninstall.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NWSAPAGENT
-------\NwSapAgent
((((((((((((((((((((((((( Files Created from 2007-09-22 to 2007-10-22 )))))))))))))))))))))))))))))))
.
2007-10-22 12:34 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-22 12:05 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2007-10-22 12:03 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-10-22 12:03 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2007-10-22 12:03 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-10-22 12:03 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2007-10-22 10:51 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-10-22 09:55 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-10-22 09:45 <DIR> d-------- C:\Program Files\Panda Security
2007-10-22 09:27 1,035,316 --a------ C:\SmitfraudFix.exe
2007-10-22 01:20 <DIR> d-------- C:\Program Files\Avira
2007-10-22 00:46 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-21 22:36 <DIR> C:\Documents and Settings\Dagmar\Data aplikací\PCSecureSystem
2007-10-21 21:36 <DIR> d-------- C:\Program Files\AdwareRemover2007
2007-10-21 06:02 <DIR> d-------- C:\Program Files\urzsagpb
2007-10-21 05:56 278,528 --a------ C:\WINDOWS\ntspkfxt.dll
2007-10-20 14:25 <DIR> d-------- C:\Program Files\PDFCreator Toolbar
2007-10-20 14:25 <DIR> d-------- C:\Program Files\PDFCreator
2007-10-20 14:25 264,097 --a------ C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_687.exe
2007-10-20 14:25 116,224 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2007-10-20 14:25 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
2007-10-16 15:57 <DIR> d-------- C:\WINDOWS\pss
2007-10-15 21:24 <DIR> C:\Documents and Settings\Dagmar\Data aplikací\Lavasoft
2007-10-15 14:15 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-14 18:19 <DIR> d-a------ C:\WINDOWS\system32\systems.txt
2007-10-14 17:34 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-14 00:02 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-10-12 12:50 <DIR> d-a------ C:\WINDOWS\system32\Delete_Me_Dummy_systems.txt
2007-10-11 21:34 <DIR> C:\Documents and Settings\Mirka\Data aplikací\Macromedia
2007-10-11 21:30 <DIR> d-------- C:\Documents and Settings\Mirka\ćablony
2007-10-11 21:30 <DIR> d-------- C:\Documents and Settings\Mirka\Oblˇben‚ polo§ky
2007-10-11 21:30 <DIR> d-------- C:\Documents and Settings\Mirka\Dokumenty
2007-10-11 21:30 <DIR> C:\Documents and Settings\Mirka\Data aplikací\Microsoft
2007-10-11 21:30 <DIR> d-------- C:\Documents and Settings\Mirka\Data aplikacˇ
2007-10-09 11:53 <DIR> d-------- C:\Program Files\Ikony
2007-10-08 11:54 <DIR> d-------- C:\Program Files\Scan2PDF
2007-10-05 23:26 <DIR> d-------- C:\Program Files\Web Page Maker
2007-10-05 23:17 <DIR> d-------- C:\Program Files\Web Page Maker V2
2007-10-01 18:48 <DIR> C:\Documents and Settings\Dagmar\Data aplikací\Help
2007-10-01 18:36 <DIR> C:\Documents and Settings\Dagmar\Data aplikací\WinRAR
2007-09-30 20:33 <DIR> d-------- C:\Program Files\ICQToolbar
2007-09-30 20:32 <DIR> d-------- C:\Program Files\ICQ6
2007-09-30 17:53 <DIR> d-------- C:\Program Files\Google
2007-09-28 17:43 <DIR> C:\Documents and Settings\Dagmar\Data aplikací\AdobeUM
2007-09-27 16:34 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2007-09-27 16:34 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2007-09-27 16:34 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
2007-09-27 16:34 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2007-09-27 16:34 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2007-09-27 10:25 <DIR> d-------- C:\Program Files\Easy Editor 2005
2007-09-25 13:18 <DIR> d-------- C:\TRANSLAT
2007-09-25 13:10 <DIR> d-------- C:\Program Files\PC Translator 02 EN - CZ
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-22 10:27 --------- d-----w C:\Program Files\Maxthon2
2007-10-22 06:58 167 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-10-21 03:39 --------- d-----w C:\Documents and Settings\Dagmar\Data aplikací\Web Page Maker V2
2007-10-20 16:17 --------- d-----w C:\Documents and Settings\Dagmar\Data aplikací\Skype
2007-10-15 15:03 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-13 21:58 --------- d-----w C:\Program Files\CCleaner
2007-10-13 20:06 --------- d-s---w C:\Documents and Settings\Dagmar\Data aplikací\Microsoft
2007-09-30 18:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-30 18:33 --------- d-----w C:\Documents and Settings\Dagmar\Data aplikací\ICQ
2007-09-30 18:02 --------- d-----w C:\Program Files\Yahoo!
2007-09-28 14:59 --------- d-----w C:\Documents and Settings\Dagmar\Data aplikací\Scan2PDF
2007-09-25 19:40 --------- d-----w C:\Documents and Settings\Dagmar\Data aplikací\Ahead
2007-09-19 08:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-09-18 08:24 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-09-18 08:24 10,676 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-09-17 16:47 --------- d-----w C:\Documents and Settings\Dagmar\Data aplikací\Adobe
2007-09-17 07:24 --------- d-----w C:\Program Files\Power Soft
2007-09-17 07:06 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-16 13:40 --------- d-----w C:\Documents and Settings\Dagmar\Data aplikací\Apple Computer
2007-09-16 13:39 --------- d-----w C:\Program Files\QuickTime
2007-09-16 13:38 --------- d-----w C:\Program Files\Apple Software Update
2007-09-16 13:33 --------- d-----w C:\Program Files\Giovanni Software
2007-09-14 13:10 --------- d-----w C:\Documents and Settings\Dagmar\Data aplikací\ICQ Toolbar
2007-09-12 20:06 --------- d-----w C:\Documents and Settings\Dagmar\Data aplikací\CyberLink
2007-09-11 14:56 --------- d-----w C:\Program Files\KYE
2007-09-11 14:56 --------- d-----w C:\Program Files\Common Files\snpstd
2007-09-11 09:54 29,352 ----a-w C:\Documents and Settings\Dagmar\Data aplikací\GDIPFONTCACHEV1.DAT
2007-09-10 07:46 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-09-10 07:46 --------- d-----w C:\Program Files\Codec Pack - All In 1
2007-09-09 14:54 --------- d-----w C:\Program Files\Pinnacle
2007-09-09 14:53 --------- d-----w C:\Program Files\SmartSound Software
2007-09-09 14:53 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-09-09 14:52 --------- d-----w C:\Program Files\DivX
2007-09-09 14:32 --------- d-----w C:\Program Files\CyberLink
2007-09-07 20:28 --------- d-----w C:\Program Files\Sunbelt Software
2007-09-06 15:41 --------- d-----w C:\Program Files\PhotoFiltre
2007-09-05 18:16 --------- d-----w C:\Program Files\MSXML 4.0
2007-09-05 10:14 --------- d-----w C:\Program Files\Ahead
2007-09-05 10:02 --------- d-----w C:\Program Files\Common Files\Ahead
2007-09-05 01:45 --------- d-----w C:\Program Files\Java
2007-09-05 01:45 --------- d-----w C:\Program Files\Common Files\Java
2007-09-05 01:45 --------- d-----w C:\Documents and Settings\Dagmar\Data aplikací\Sun
2007-09-05 01:38 --------- d-----w C:\Program Files\Svátky a narozeniny
2007-09-05 01:11 --------- d-----w C:\Program Files\PowerShrink
2007-09-05 00:53 --------- d-s---w C:\Documents and Settings\LocalService\Data aplikací\Microsoft
2007-09-05 00:52 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-05 00:46 --------- d-----w C:\Program Files\Seznam
2007-09-05 00:39 --------- d-----w C:\Program Files\Skype
2007-09-05 00:39 --------- d-----w C:\Program Files\Common Files\Skype
2007-09-05 00:36 --------- d-----w C:\Program Files\IrfanView
2007-09-05 00:23 --------- d-----w C:\Program Files\QIP
2007-09-05 00:14 --------- d-----w C:\Documents and Settings\Dagmar\Data aplikací\Mozilla
2007-09-05 00:14 --------- d-----w C:\Documents and Settings\Dagmar\Data aplikací\Macromedia
2007-09-05 00:14 --------- d-----w C:\Documents and Settings\Dagmar\Data aplikací\InstallShield
2007-09-04 23:36 --------- d-----w C:\Program Files\HP
2007-09-04 23:34 --------- d-----w C:\Program Files\Common Files\HP
2007-09-04 23:33 --------- d-----w C:\Program Files\Hewlett-Packard
2007-09-04 23:31 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-09-04 23:06 8,972 ----a-w C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin
2007-09-04 23:06 --------- d-s---w C:\WINDOWS\system32\config\systemprofile\Data aplikací\Microsoft
2007-09-04 23:06 --------- d-s---w C:\WINDOWS\system32\config\systemprofile\Data aplikací\Microsoft
2007-09-04 22:52 --------- d-----w C:\Documents and Settings\Dagmar\Data aplikací\MxBoost
2007-09-04 21:42 --------- d-----w C:\Program Files\Analog Devices
2007-09-04 21:41 --------- d-----w C:\Program Files\sisagp
2007-09-04 21:41 --------- d-----w C:\Program Files\SiS VGA Utilities V3.67e
2007-09-04 21:38 --------- d-----w C:\Program Files\Silicon Integrated Systems
2007-09-04 21:30 --------- d-----w C:\Documents and Settings\Dagmar\Data aplikací\Identities
2007-09-04 21:24 --------- d-----w C:\Program Files\microsoft frontpage
2007-09-04 21:23 --------- d-s---w C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
2007-09-04 21:23 --------- d-s---w C:\Documents and Settings\Default User\Data aplikací\Microsoft
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ADD7B0F-B71B-DE03-8647-04C9FBFA06F7}]
C:\Program Files\urzsagpb\vguppsaz.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{480598DD-AE28-48B7-82F7-6ADDA1AA6B66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C58A4487-4C2E-45E4-9E3A-52B3A23CC396}"= C:\WINDOWS\htunistock.dll [ ]
[HKEY_CLASSES_ROOT\CLSID\{C58A4487-4C2E-45E4-9E3A-52B3A23CC396}]
[HKEY_CLASSES_ROOT\htunistock.ToolBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{84C94803-B5EC-4491-B2BE-7B113E013B77}]
[HKEY_CLASSES_ROOT\htunistock.ToolBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSRaid"="C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe" [2005-03-01 10:56]
"SiSPower"="SiSPower.dll" [2005-05-26 05:01 C:\WINDOWS\system32\SiSPower.dll]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41]
"SMail"="C:\Program Files\Seznam\Postak\Postak.exe" [2006-05-18 14:36]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-08-27 04:01]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-11 00:26]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 13:48]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"FinePrint Dispatcher v5"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2006-12-08 22:10]
"retutcna"="regsvr32 /u C:\Documents and Settings\All Users\Data aplikací\retutcna.dll" []
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-22 01:22]
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
použij avenger http://www.spyware.cz/go.php?p=spyware&t=aplikace&id=35
a tento skript
Files to delete:
C:\WINDOWS\ntspkfxt.dll
C:\WINDOWS\iun6002.exe
C:\Program Files\urzsagpb\vguppsaz.dll
C:\WINDOWS\htunistock.dll
po restartu pošli novej log z hijackthis
toto
C:\Documents and Settings\All Users\Data aplikací\retutcna.dll
nech zkontrolovat tady
http://www.virustotal.com/flash/index_en.html
a tento skript
Files to delete:
C:\WINDOWS\ntspkfxt.dll
C:\WINDOWS\iun6002.exe
C:\Program Files\urzsagpb\vguppsaz.dll
C:\WINDOWS\htunistock.dll
po restartu pošli novej log z hijackthis
toto
C:\Documents and Settings\All Users\Data aplikací\retutcna.dll
nech zkontrolovat tady
http://www.virustotal.com/flash/index_en.html
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 3 hosti