Prosím o kontrolu...

[franni]

//téma odděleno
fredik

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:51: VIRUS ALERT!, on 1.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\RSSoft\RedSwoosh.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Documents and Settings\All Users\Data aplikací\Secure Solutions\Antispyware 2008 XP\as2008xp.exe
C:\Program Files\Look'Trojan'Stop\looktstop.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Jabbim\jabbim.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Administrator\Plocha\DC++- klient pro tento server\DCPlusPlus.exe
C:\Documents and Settings\Administrator\Plocha\SysInspector.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\FlashGet\flashget.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ECGHLY2U\AntiMalwareGuard_Free[1].exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: QXK Olive - {B763BE68-B1D1-41F4-9087-8BF71BB93155} - C:\WINDOWS\nfavxwdbdfm.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: AOL Toolbar - {FB0E529A-3D2C-473E-83FE-9E56AC6CC0EB} - C:\WINDOWS\system32\AOLTOO~1.DLL
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: fdkowvbp - {FB3486FF-2A37-4536-B847-D999BA4E7776} - C:\WINDOWS\fdkowvbp.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=080308 serial=DR12WUC-0322499-PYR lang=CZ
O4 - HKLM\..\Run: [advap32] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\scksexde.exe/r
O4 - HKLM\..\Run: [\Win47C.exe] C:\Windows\system32\Win47C.exe
O4 - HKLM\..\Run: [\Win47E.exe] C:\Windows\system32\Win47E.exe
O4 - HKLM\..\Run: [\Win47F.exe] C:\Windows\system32\Win47F.exe
O4 - HKLM\..\Run: [\Win482.exe] C:\Windows\system32\Win482.exe
O4 - HKLM\..\Run: [\Win487.exe] C:\Windows\system32\Win487.exe
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [Red Swoosh] C:\Program Files\RSSoft\RedSwoosh.exe /S
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [\Win47C.exe] C:\Windows\system32\Win47C.exe
O4 - HKCU\..\Run: [\Win47E.exe] C:\Windows\system32\Win47E.exe
O4 - HKCU\..\Run: [\Win47F.exe] C:\Windows\system32\Win47F.exe
O4 - HKCU\..\Run: [\Win482.exe] C:\Windows\system32\Win482.exe
O4 - HKCU\..\Run: [\Win487.exe] C:\Windows\system32\Win487.exe
O4 - HKCU\..\Run: [s9201] "C:\Documents and Settings\All Users\Data aplikací\Secure Solutions\Antispyware 2008 XP\as2008xp.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Jabbim.lnk = C:\Program Files\Jabbim\jabbim.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Místní vyhledávání.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{52459ACB-B93F-453F-A7CF-B3C4A06E0593}: NameServer = 192.168.1.1,10.10.10.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{A243FF32-F854-485B-9F5D-659F5336788F}: NameServer = 192.168.1.1,10.10.10.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O21 - SSODL: wnslvxtf - {56D3AE2F-A77C-4D6B-96A4-50D6914B2CA0} - C:\WINDOWS\wnslvxtf.dll
O21 - SSODL: eqvwamkl - {E16A9F14-FED2-49CA-82D6-A669D7975B43} - C:\WINDOWS\eqvwamkl.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 15814 bytes
diky moc,na plose mam tu obrazovku s cervenym napisem,diky za pomoc,zmizli mi i disky c a f a nektere ikonky na plose a nastaveni u "startu"

[Reklama]

[fredik]

Vítej na fóru

Vypni rezidentní štít ve Spyware Terminátoru:
Spusť Spywater Terminátora, nahoře klikni na ikonu Rezidentní štít
- program se přepne do okna Natavení rezidentního štítu
- tam na záložce Nastavení štítu zruš zatržení u položky: Aktivovat Rezidentní štít
- klikni dole na tlačítko: Uložit změny
- zavři program

Pak si stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

PS: příště si založ prosím tě vlastní téma i kdyby jsi měl stejný problém jako se řeší zde. Dík.

[franni]

diky za upozorneni,tak jsem udelal co jsi napsal,ale asi jsem tam neco blbe odkliknul a cele se mi to zpravilo,ale nevim kam se ulozil ten log soubor

[fredik]

Ten log by se ti měl po proběhnutí kontroly sám objevit. Jinak by měl být přímo na disku C v souboru ComboFix.txt případně se zkus mrknou ještě sem: C:\ComboFix\ComboFix.txt

[franni]

ne zadnej txt tam neni,pustim to jeste jednou

[franni]

tak je to tu,ale je to na podruhe


ComboFix 08-07-31.06 - Administrator 2008-08-02 8:32:24.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.906 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Plocha\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Administrator\Data aplikací\inst.exe
C:\Documents and Settings\Administrator\Oblíbené položky\Error Cleaner.url
C:\Documents and Settings\Administrator\Oblíbené položky\Privacy Protector.url
C:\Documents and Settings\Administrator\Oblíbené položky\Spyware&Malware Protection.url
C:\Documents and Settings\Administrator\Plocha\Error Cleaner.url
C:\Documents and Settings\Administrator\Plocha\Privacy Protector.url
C:\Documents and Settings\Administrator\Plocha\Spyware&Malware Protection.url
C:\Program Files\AntiMalwareGuard
C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\0.exe
C:\Program Files\PCHealthCenter\0.gif
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\PCHealthCenter\5.exe
C:\Program Files\PCHealthCenter\7.exe
C:\Program Files\PCHealthCenter\sex1.ico
C:\Program Files\PCHealthCenter\sex2.ico
C:\WINDOWS\edot.exe
C:\WINDOWS\eqvwamkl.dll
C:\WINDOWS\fdkowvbp.dll
C:\WINDOWS\grswptdl.exe
C:\WINDOWS\nfavxwdbdfm.dll
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\system32\sex1.ico
C:\WINDOWS\system32\sex2.ico
C:\WINDOWS\system32\vav.cpl
C:\WINDOWS\system32\win32.dll
C:\WINDOWS\system32\WinCtrl32.dl_
C:\WINDOWS\system32\WinCtrl32.dll
C:\WINDOWS\Trcl.dll
C:\WINDOWS\wnslvxtf.dll

.
((((((((((((((((((((((((( Files Created from 2008-07-02 to 2008-08-02 )))))))))))))))))))))))))))))))
.

2008-08-02 08:36 . 2008-08-02 08:36 27 --a------ C:\WINDOWS\Trcl.dll
2008-08-01 22:49 . 2008-08-01 22:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-01 21:30 . 2008-08-01 21:34 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-08-01 21:24 . 2008-08-01 21:30 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-08-01 21:24 . 2008-08-01 21:24 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-08-01 19:59 . 2008-08-02 08:37 <DIR> d-------- C:\Program Files\Look'Trojan'Stop
2008-08-01 19:58 . 2008-08-01 19:58 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-08-01 19:13 . 2008-08-01 19:13 18,944 --a------ C:\WINDOWS\system32\aoltoolbar.dll
2008-08-01 17:46 . 2008-08-01 17:46 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-08-01 17:40 . 2007-02-22 18:05 90,112 --a------ C:\Progr_.dll
2008-08-01 13:57 . 2008-08-01 13:57 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-08-01 13:57 . 2008-08-01 13:57 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-07-28 21:57 . 2008-07-28 21:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-28 21:57 . 2008-07-28 21:57 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-28 20:01 . 2004-08-17 15:48 96,768 -----c--- C:\WINDOWS\system32\dllcache\dpcdll.dll
2008-07-28 19:51 . 2008-07-28 19:51 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-07-28 19:51 . 2008-07-28 19:51 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-07-24 22:56 . 2008-07-24 22:56 31 --a------ C:\WINDOWS\DSCF7449.jpx
2008-07-19 14:49 . 2008-07-19 14:55 1,640,335 --a------ C:\WINDOWS\DSCF7449.JPG
2008-07-15 10:05 . 2008-07-15 10:05 <DIR> d-------- C:\Program Files\Sun
2008-07-14 18:12 . 1998-10-09 18:04 327,168 --a------ C:\WINDOWS\IsUn0405.exe
2008-07-13 09:51 . 2008-07-13 09:51 <DIR> d-------- C:\Program Files\Easy Editor 2005
2008-07-13 09:29 . 2008-07-13 09:29 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-07-13 09:29 . 2008-07-13 09:29 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-07-04 22:41 . 2008-07-04 22:41 <DIR> d-------- C:\Program Files\Sony Setup
2008-07-04 17:51 . 2005-06-13 10:05 96,224 --a------ C:\WINDOWS\system32\drivers\w800mdm.sys
2008-07-04 17:51 . 2005-06-13 10:06 87,792 --a------ C:\WINDOWS\system32\drivers\w800mgmt.sys
2008-07-04 17:51 . 2005-06-13 10:08 85,664 --a------ C:\WINDOWS\system32\drivers\w800obex.sys
2008-07-04 17:51 . 2005-06-13 10:03 60,768 --a------ C:\WINDOWS\system32\drivers\w800bus.sys
2008-07-04 17:51 . 2005-06-13 10:05 9,264 --a------ C:\WINDOWS\system32\drivers\w800mdfl.sys
2008-07-04 17:51 . 2005-06-13 10:08 6,144 --a------ C:\WINDOWS\system32\drivers\w800cmnt.sys
2008-07-04 17:51 . 2005-06-13 10:08 6,144 --a------ C:\WINDOWS\system32\drivers\w800cm.sys
2008-07-04 17:51 . 2005-06-13 10:03 5,744 --a------ C:\WINDOWS\system32\drivers\w800whnt.sys
2008-07-04 17:51 . 2005-06-13 10:03 5,744 --a------ C:\WINDOWS\system32\drivers\w800wh.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-02 06:38 --------- d-----w C:\Program Files\RSSoft
2008-08-02 06:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-02 06:29 --------- d-----w C:\Program Files\FlashGet
2008-08-01 20:06 --------- d-----w C:\Program Files\ICQToolbar
2008-08-01 16:03 --------- d-----w C:\Program Files\Ubisoft
2008-08-01 15:42 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-08-01 15:38 --------- d-----w C:\Program Files\DAEMON Tools Pro
2008-07-28 17:35 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-15 14:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-15 08:05 --------- d-----w C:\Program Files\Java
2008-07-04 15:36 --------- d-----w C:\Program Files\Sony Ericsson
2008-06-29 09:48 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-29 09:44 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-06-27 20:22 --------- d-----w C:\Program Files\BitComet
2008-06-20 17:42 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 18:00 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-04 18:54 --------- d-----w C:\Program Files\Corel
2008-06-04 18:54 --------- d-----w C:\Program Files\Common Files\Corel
2008-05-07 05:16 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
2007-09-15 09:09 1 ----a-w C:\Documents and Settings\Administrator\SI.bin
2007-09-07 14:44 3,655,488 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2007-09-07 14:44 2,293,712 ----a-w C:\Program Files\FLV PlayerFCSetup.exe
2007-09-07 14:42 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
.

[fredik]

Otestuj tento soubor na VirusTotal
C:\WINDOWS\system32\aoltoolbar.dll
stačí jen zkopírovat na té stránce do toho prázdného okénka celou cestu a dát odeslat. Pak sem vlož výsledek.

Ten log z Combofix není celý, opravdu tam nebylo toho víc? Pokud ne tak zkus toto:

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře:
"%userprofile%\Plocha\ComboFix.exe" /f3m a dej Ok.
- pak sem vlož log co se ti zobrazí.