Prosím o kontrolu výpisu MWAW a HiJack, mám trojana...
Napsal: 07 úno 2008 18:46
Zdravím,
Chytnul jsem Trojana nevím si s ním rady, rád bych vás požádal o pomoc. MWAW mi ukáže toto:
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "direct advertiser Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "direct advertiser Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "mirar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "savenow Adware" found in File System! Action Taken: No Action Taken.
Object "remacc.multiwebsurv Generic Malware" found in File System! Action Taken: No Action Taken.
Object "backdoor (ircbot) trojans Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Possible Fujacks-type Worm" found in File System! Action Taken: No Action Taken.
File H:\System Volume Information\_restore{A20E1286-AAC4-47A8-B856-0284C02EE2BF}\RP286\A0050940.exe tagged as "not-a-virus:AdTool.Win32.WhenU.a". Action Taken: No Action Taken.
File H:\Eliáš Martin\Data aplikací\Opera\Opera\profile\cache4\opr04XLQ.htm infected by "Trojan-Downloader.HTML.Agent.c" Virus! Action Taken: No Action Taken.
File H:\Staré soubory\Eliáš Martin\Data aplikací\Opera\Opera\profile\cache4\opr04XLQ.htm infected by "Trojan-Downloader.HTML.Agent.c" Virus! Action Taken: No Action Taken.
Entry "HKCR\ICQPhone.SipxPhoneManager" refers to invalid object "{82308D15-1A2C-416A-A5BE-21DAF85DDB75}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\NMUIEngine.NMUIResourceLoaderHarddisk" refers to invalid object "{03DC5606-EA66-4f02-AB52-2065524B03821}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\system32\DIMM.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Windows.Forms.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscoree.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.EnterpriseServices.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.JScript.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Drawing.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscoree.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorlib.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\Program Files\Opera\program\plugins\\NPSWF32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\system32\pxwma.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\system32\pxcpyi64.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\Program Files\Common Files\Real\GToolbar\BarControl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\system32\msxml3a.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "H:\Program Files\Opera\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "H:\Program Files\Opera\program\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "H:\Program Files\Opera\program\plugins\". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".3mpg". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".prc". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sfv". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sub". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".TMP". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "XTTB00001.XTTB00001Toolbar". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{01D2D18F-B421-4D45-9668-3BC302A91ACD}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{02BE569D-7BBD-4451-A955-C0CDFB0695F1}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{0CE2C834-9737-4330-8E46-6A257DBC7804}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{191BB17D-7BB4-43E9-8C98-7A981EF8AA43}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{2AFBAC85-8F32-4EDB-AF56-D68239DAFF7D}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{3A494A73-0731-48A6-B705-3965382F86D6}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{3D65BA49-E991-493F-B572-10A25FC4E11B}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{4031623D-AC43-4B41-A0DF-584797918684}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{52F34B4D-32E3-4065-9869-74F96B1AFA23}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{691E8ABA-4D04-4389-8738-692BF5E426C5}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{6EE34979-0355-44EB-8761-21D32B1CE4AB}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{72A8EF9E-B939-4098-A8DB-B6FE08075C20}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{750B9AD1-4C63-4143-94C5-6FB304199BAD}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{9F931B29-A990-47A8-AC1C-C3AA70A5BB5F}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B377E890-0EB2-40B1-ADDA-B8FFD2B835A9}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{C6F1E87D-F3E1-4874-97EC-F87DAB6D6878}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{CE80F122-71C4-48F4-9BFE-0A49BEF050A6}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{D79FC678-C0AE-41E0-89FA-0A603B4335B6}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{DD0CF6CB-ADBC-4062-B30C-D53B21A83AFB}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{F0EDE60D-BD69-4351-81BA-706E51179F7E}". Action Taken: No Action Taken.
File H:\System Volume Information\_restore{A20E1286-AAC4-47A8-B856-0284C02EE2BF}\RP286\A0050940.exe tagged as "not-a-virus:AdTool.Win32.WhenU.a". Action Taken: No Action Taken.
HiJack mi pak ukáže toto:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:39:02, on 7.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Windows Defender\MsMpEng.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
H:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
H:\PROGRA~1\Grisoft\AVG7\avgemc.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
H:\Program Files\Spyware Terminator\sp_rsser.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Analog Devices\Core\smax4pnp.exe
H:\Program Files\Analog Devices\SoundMAX\Smax4.exe
H:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\ICQLite\ICQLite.exe
H:\Program Files\Windows Defender\MSASCui.exe
H:\Program Files\Common Files\Real\Update_OB\realsched.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Program Files\QuickTime\qttask.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
H:\PROGRA~1\Grisoft\AVG7\avgcc.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
H:\Program Files\DAEMON Tools\daemon.exe
H:\Program Files\Skype\Phone\Skype.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\ISP Monitor\isp.exe
H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
H:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\Documents and Settings\Martin Eliáš\Plocha\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - H:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - H:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - H:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [SoundMAXPnP] H:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "H:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] H:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ICQ Lite] "H:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Windows Defender] "H:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "H:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "H:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [AVG7_CC] H:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "H:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ISPMonitor] H:\Program Files\ISP Monitor\isp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] H:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2446888218
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2448678593
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - H:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - H:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - H:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 8214 bytes
AVG mi nic nenajde, zkoušel jsem i starší verzi NODa, Spyware terminátor a Spybot S&D také proběhli, nic nenašli. Zkoušel jsem také CCleaner a nic. Počítač je pomalejší, zasekává se a nejdou mi zavřít okna otevřených programů či adresářů klasickým křížkem vpravo nahoře, musím na otevřené okno kliknout dole na liště a dát „zavřít“. V Opeře mi jde zavírat jen prvních 5 otevřených oken, další zavřít nejdou. Mám podezření, že jsem něco chytil právě přes Operu, odinstaloval jsem ji a smazal zbylé soubory, bohužel nic…
Prosím o pomoc, již si nevím rady.
P.S.: Dále mi mé Windows XP nejdou pustit v nouzovém módu…ani když je natvrdo restartuji…
Chytnul jsem Trojana nevím si s ním rady, rád bych vás požádal o pomoc. MWAW mi ukáže toto:
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "direct advertiser Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "direct advertiser Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "mirar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "savenow Adware" found in File System! Action Taken: No Action Taken.
Object "remacc.multiwebsurv Generic Malware" found in File System! Action Taken: No Action Taken.
Object "backdoor (ircbot) trojans Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Possible Fujacks-type Worm" found in File System! Action Taken: No Action Taken.
File H:\System Volume Information\_restore{A20E1286-AAC4-47A8-B856-0284C02EE2BF}\RP286\A0050940.exe tagged as "not-a-virus:AdTool.Win32.WhenU.a". Action Taken: No Action Taken.
File H:\Eliáš Martin\Data aplikací\Opera\Opera\profile\cache4\opr04XLQ.htm infected by "Trojan-Downloader.HTML.Agent.c" Virus! Action Taken: No Action Taken.
File H:\Staré soubory\Eliáš Martin\Data aplikací\Opera\Opera\profile\cache4\opr04XLQ.htm infected by "Trojan-Downloader.HTML.Agent.c" Virus! Action Taken: No Action Taken.
Entry "HKCR\ICQPhone.SipxPhoneManager" refers to invalid object "{82308D15-1A2C-416A-A5BE-21DAF85DDB75}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\NMUIEngine.NMUIResourceLoaderHarddisk" refers to invalid object "{03DC5606-EA66-4f02-AB52-2065524B03821}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\system32\DIMM.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Windows.Forms.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscoree.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.EnterpriseServices.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.JScript.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Drawing.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscoree.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorlib.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\Program Files\Opera\program\plugins\\NPSWF32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\system32\pxwma.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\system32\pxcpyi64.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\Program Files\Common Files\Real\GToolbar\BarControl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\system32\msxml3a.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "H:\Program Files\Opera\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "H:\Program Files\Opera\program\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "H:\Program Files\Opera\program\plugins\". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".3mpg". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".prc". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sfv". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sub". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".TMP". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "XTTB00001.XTTB00001Toolbar". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{01D2D18F-B421-4D45-9668-3BC302A91ACD}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{02BE569D-7BBD-4451-A955-C0CDFB0695F1}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{0CE2C834-9737-4330-8E46-6A257DBC7804}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{191BB17D-7BB4-43E9-8C98-7A981EF8AA43}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{2AFBAC85-8F32-4EDB-AF56-D68239DAFF7D}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{3A494A73-0731-48A6-B705-3965382F86D6}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{3D65BA49-E991-493F-B572-10A25FC4E11B}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{4031623D-AC43-4B41-A0DF-584797918684}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{52F34B4D-32E3-4065-9869-74F96B1AFA23}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{691E8ABA-4D04-4389-8738-692BF5E426C5}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{6EE34979-0355-44EB-8761-21D32B1CE4AB}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{72A8EF9E-B939-4098-A8DB-B6FE08075C20}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{750B9AD1-4C63-4143-94C5-6FB304199BAD}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{9F931B29-A990-47A8-AC1C-C3AA70A5BB5F}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B377E890-0EB2-40B1-ADDA-B8FFD2B835A9}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{C6F1E87D-F3E1-4874-97EC-F87DAB6D6878}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{CE80F122-71C4-48F4-9BFE-0A49BEF050A6}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{D79FC678-C0AE-41E0-89FA-0A603B4335B6}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{DD0CF6CB-ADBC-4062-B30C-D53B21A83AFB}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{F0EDE60D-BD69-4351-81BA-706E51179F7E}". Action Taken: No Action Taken.
File H:\System Volume Information\_restore{A20E1286-AAC4-47A8-B856-0284C02EE2BF}\RP286\A0050940.exe tagged as "not-a-virus:AdTool.Win32.WhenU.a". Action Taken: No Action Taken.
HiJack mi pak ukáže toto:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:39:02, on 7.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Windows Defender\MsMpEng.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
H:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
H:\PROGRA~1\Grisoft\AVG7\avgemc.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
H:\Program Files\Spyware Terminator\sp_rsser.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Analog Devices\Core\smax4pnp.exe
H:\Program Files\Analog Devices\SoundMAX\Smax4.exe
H:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\ICQLite\ICQLite.exe
H:\Program Files\Windows Defender\MSASCui.exe
H:\Program Files\Common Files\Real\Update_OB\realsched.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Program Files\QuickTime\qttask.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
H:\PROGRA~1\Grisoft\AVG7\avgcc.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
H:\Program Files\DAEMON Tools\daemon.exe
H:\Program Files\Skype\Phone\Skype.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\ISP Monitor\isp.exe
H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
H:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\Documents and Settings\Martin Eliáš\Plocha\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - H:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - H:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - H:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [SoundMAXPnP] H:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "H:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] H:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ICQ Lite] "H:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Windows Defender] "H:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "H:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "H:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [AVG7_CC] H:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "H:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ISPMonitor] H:\Program Files\ISP Monitor\isp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] H:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2446888218
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2448678593
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - H:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - H:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - H:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 8214 bytes
AVG mi nic nenajde, zkoušel jsem i starší verzi NODa, Spyware terminátor a Spybot S&D také proběhli, nic nenašli. Zkoušel jsem také CCleaner a nic. Počítač je pomalejší, zasekává se a nejdou mi zavřít okna otevřených programů či adresářů klasickým křížkem vpravo nahoře, musím na otevřené okno kliknout dole na liště a dát „zavřít“. V Opeře mi jde zavírat jen prvních 5 otevřených oken, další zavřít nejdou. Mám podezření, že jsem něco chytil právě přes Operu, odinstaloval jsem ji a smazal zbylé soubory, bohužel nic…
Prosím o pomoc, již si nevím rady.
P.S.: Dále mi mé Windows XP nejdou pustit v nouzovém módu…ani když je natvrdo restartuji…