Prosim o kontrolu logu - TROJANI ??? Vyřešeno

[jaro3]

Odinstaluj : Cole2k Media Toolbar , pokud půjde.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\program files\Cole2k Media Toolbar\v2.0.0.2\Cole2k_Media_Toolbar.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08825191-C3C7-44e9-8CA6-07AB521FA8F2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{015407A9-D183-4379-8452-DFD7C2297902}"=-
[-HKEY_CLASSES_ROOT\clsid\{015407a9-d183-4379-8452-dfd7c2297902}]
[-HKEY_CLASSES_ROOT\TypeLib\{B3A98058-DE1F-413f-9921-FF3EEA6B716F}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
[-HKEY_CLASSES_ROOT\clsid\{015407a9-d183-4379-8452-dfd7c2297902}]
[-HKEY_CLASSES_ROOT\ToolBar.ToolBarObj.1]
[-HKEY_CLASSES_ROOT\TypeLib\{B3A98058-DE1F-413f-9921-FF3EEA6B716F}]
[-HKEY_CLASSES_ROOT\ToolBar.ToolBarObj]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Později večer..

[Reklama]

[KingDuck]

ComboFix 09-02-02.04 - Duck 2009-02-04 17:48:10.11 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.2047.1637 [GMT 1:00]
Spuštěný z: c:\documents and settings\Duck\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Duck\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení

FILE ::
c:\program files\Cole2k Media Toolbar\v2.0.0.2\Cole2k_Media_Toolbar.dll
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Cole2k Media Toolbar\v2.0.0.2\Cole2k_Media_Toolbar.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-01-04 do 2009-02-04 )))))))))))))))))))))))))))))))
.

2009-02-04 12:07 . 2001-12-19 15:47 49,152 --------- c:\windows\system32\TempDel.EXE
2009-02-04 12:07 . 2005-01-06 16:55 9,446 --a------ c:\windows\system32\drivers\WFIOCTL.sys
2009-02-04 12:07 . 2002-06-03 23:01 8,734 --a------ c:\windows\system32\WFSch.ICO
2009-02-04 12:03 . 2009-02-04 12:03 <DIR> d-------- c:\windows\system32\DX9
2009-02-04 12:03 . 2002-09-20 18:06 286,720 --a------ c:\windows\system32\msh263.drv
2009-02-04 12:03 . 2004-10-18 11:25 208,851 --a------ c:\windows\system32\drivers\wf88vcap.sys
2009-02-04 12:03 . 2002-09-20 18:04 50,176 --a------ c:\windows\system32\vfwwdm32.dll
2009-02-04 12:03 . 2002-09-20 18:04 50,176 --a--c--- c:\windows\system32\dllcache\vfwwdm32.dll
2009-02-04 12:03 . 2001-10-24 12:24 45,568 --a------ c:\windows\system32\iyuv_32.dll
2009-02-04 12:03 . 2001-10-24 12:24 45,568 --a--c--- c:\windows\system32\dllcache\iyuv_32.dll
2009-02-04 12:03 . 2004-10-18 11:25 34,789 --a------ c:\windows\system32\drivers\wf88tune.sys
2009-02-04 12:03 . 2004-10-18 11:25 10,324 --a------ c:\windows\system32\drivers\WF88XBAR.sys
2009-02-04 12:03 . 2001-10-24 12:25 8,192 --a------ c:\windows\system32\tsbyuv.dll
2009-02-04 12:03 . 2001-10-24 12:25 8,192 --a--c--- c:\windows\system32\dllcache\tsbyuv.dll
2009-02-04 12:03 . 2002-06-03 22:52 2,238 --a------ c:\windows\system32\WFDRV.ico
2009-02-04 10:01 . 2009-02-04 10:01 <DIR> d-------- c:\documents and settings\Duck\DoctorWeb
2009-02-03 19:28 . 2009-02-03 19:28 <DIR> d-------- c:\program files\Java
2009-02-03 19:28 . 2009-02-03 19:28 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-30 12:11 . 2009-01-30 12:23 <DIR> d-------- c:\program files\VDOWNLOADER
2009-01-28 18:42 . 2009-01-28 18:42 <DIR> d-------- C:\ZAV_DOMA
2009-01-24 23:00 . 2009-02-02 23:39 <DIR> d-------- c:\program files\Metin2_TESTER
2009-01-06 05:09 . 2009-01-06 05:09 <DIR> d-------- c:\program files\Realtek Sound Manager
2009-01-06 05:09 . 2009-01-06 05:09 <DIR> d-------- c:\program files\AvRack

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-04 10:33 --------- d-----w c:\documents and settings\Duck\Data aplikací\Hamachi
2009-02-04 10:33 --------- d-----w c:\documents and settings\Duck\Data aplikací\Hamachi
2009-02-04 10:33 --------- d-----w c:\documents and settings\Duck\Data aplikací\Hamachi
2009-02-03 18:28 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-02-03 17:27 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-01-30 12:00 --------- d-----w c:\documents and settings\Duck\Data aplikací\gtk-2.0
2009-01-30 12:00 --------- d-----w c:\documents and settings\Duck\Data aplikací\gtk-2.0
2009-01-30 12:00 --------- d-----w c:\documents and settings\Duck\Data aplikací\gtk-2.0
2009-01-26 01:50 --------- d-----w c:\program files\OpenOffice.org 2.4
2009-01-25 17:04 --------- d-----w c:\documents and settings\Duck\Data aplikací\Skype
2009-01-25 17:04 --------- d-----w c:\documents and settings\Duck\Data aplikací\Skype
2009-01-25 17:04 --------- d-----w c:\documents and settings\Duck\Data aplikací\Skype
2009-01-25 16:46 --------- d-----w c:\documents and settings\Duck\Data aplikací\skypePM
2009-01-25 16:46 --------- d-----w c:\documents and settings\Duck\Data aplikací\skypePM
2009-01-25 16:46 --------- d-----w c:\documents and settings\Duck\Data aplikací\skypePM
2009-01-17 18:21 --------- d-----w c:\documents and settings\Duck\Data aplikací\Desktopicon
2009-01-17 18:21 --------- d-----w c:\documents and settings\Duck\Data aplikací\Desktopicon
2009-01-17 18:21 --------- d-----w c:\documents and settings\Duck\Data aplikací\Desktopicon
2009-01-05 22:42 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-05 22:10 --------- d-----w c:\documents and settings\Duck\Data aplikací\Zoner
2009-01-05 22:10 --------- d-----w c:\documents and settings\Duck\Data aplikací\Zoner
2009-01-05 22:10 --------- d-----w c:\documents and settings\Duck\Data aplikací\Zoner
2008-12-28 18:36 --------- d-----w c:\documents and settings\Duck\Data aplikací\ICQ
2008-12-28 18:36 --------- d-----w c:\documents and settings\Duck\Data aplikací\ICQ
2008-12-28 18:36 --------- d-----w c:\documents and settings\Duck\Data aplikací\ICQ
2008-12-22 10:27 --------- d-----w c:\program files\Panasonic
2008-12-22 10:21 --------- d-----w c:\documents and settings\All Users\Data aplikací\Panasonic
2008-12-22 10:12 --------- d-----w c:\program files\Common Files\Panasonic
2008-12-22 10:10 --------- d-----w c:\program files\Common Files\IviSDK
2008-12-22 10:10 --------- d-----w c:\program files\Common Files\CNC
2008-12-22 10:04 --------- d-----w c:\documents and settings\Duck\Data aplikací\InstallShield
2008-12-22 10:04 --------- d-----w c:\documents and settings\Duck\Data aplikací\InstallShield
2008-12-22 10:04 --------- d-----w c:\documents and settings\Duck\Data aplikací\InstallShield
2008-12-20 23:14 --------- d-----w c:\documents and settings\Duck\Data aplikací\uTorrent
2008-12-20 23:14 --------- d-----w c:\documents and settings\Duck\Data aplikací\uTorrent
2008-12-20 23:14 --------- d-----w c:\documents and settings\Duck\Data aplikací\uTorrent
2008-12-20 18:05 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll
2008-12-09 02:28 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-12-09 02:28 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-12-09 02:28 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-12-09 02:28 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-12-06 18:32 --------- d-----w c:\program files\GameSpy Arcade
2008-11-06 16:37 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-11-06 16:35 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-06 16:35 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-21 15:28 32 ----a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
2008-06-07 22:03 22,328 ----a-w c:\documents and settings\Duck\Data aplikací\PnkBstrK.sys
2008-06-07 22:03 22,328 ----a-w c:\documents and settings\Duck\Data aplikací\PnkBstrK.sys
2008-06-07 22:03 22,328 ----a-w c:\documents and settings\Duck\Data aplikací\PnkBstrK.sys
.

((((((((((((((((((((((((((((( snapshot_2009-02-04_ 8.16.09,70 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-26 17:21:30 1,236,208 ----a-w c:\windows\system32\aswBoot.exe
+ 2008-11-26 17:15:10 97,480 ----a-w c:\windows\system32\AvastSS.scr
+ 2008-11-26 17:15:35 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys
+ 2008-11-26 17:18:25 93,296 ----a-w c:\windows\system32\drivers\aswmon.sys
+ 2008-11-26 17:18:18 94,032 ----a-w c:\windows\system32\drivers\aswmon2.sys
+ 2008-11-26 17:16:29 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys
+ 2008-11-26 17:17:36 111,184 ----a-w c:\windows\system32\drivers\aswSP.sys
+ 2008-11-26 17:16:38 50,864 ----a-w c:\windows\system32\drivers\aswTdi.sys
+ 2009-02-04 14:44:00 16,384 ----atw c:\windows\temp\Perflib_Perfdata_5f4.dat
+ 2009-02-04 14:44:17 16,384 ----atw c:\windows\temp\Perflib_Perfdata_c4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\ctfmon.exe" [2002-09-20 13312]
"SpybotSD TeaTimer"="c:\programy\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-06-01 7618560]
"SW20"="c:\windows\System32\sw20.exe" [2006-05-18 208896]
"SW24"="c:\windows\System32\sw24.exe" [2006-05-17 69632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-03 148888]
"avast!"="c:\programy\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2005-03-02 278528]
"nwiz"="nwiz.exe" [2006-06-01 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-01-08 c:\windows\SOUNDMAN.EXE]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-09-20 13312]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\programy\Bluetooth Software\BTTray.exe [2005-10-09 610365]
InterVideo WinCinema Manager.lnk - c:\programy\Common\Bin\WinCinemaMgr.exe [2006-12-11 155648]
MotionSD STUDIO - SD Browser auto start -.lnk - c:\programy\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe [2008-12-22 66952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.X264"= x264vfw.dll
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.DVSD"= pdvcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2004-09-02 22:57 57344 c:\programy\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
--a------ 2004-01-14 03:10 409600 c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-04 111184]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2002-08-29 66048]
S2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [2009-02-04 208851]
S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [2009-02-04 10324]
S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [2009-02-04 34789]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
S3 WFIOCTL;WFIOCTL;\??\c:\programy\WinFast\WFTVFM\WFIOCTL.SYS --> c:\programy\WinFast\WFTVFM\WFIOCTL.SYS [?]
.
Obsah adresáře 'Naplánované úlohy'

2008-11-03 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\programy\Spybot - Search & Destroy\SpybotSD.exe [2008-07-30 14:45]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.postarticles.net
uInternet Connection Wizard,ShellNext = iexplore
IE: &ICQ Toolbar Search - c:\programy\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Send to &Bluetooth Device... - c:\programy\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz.
Trusted Zone: mojebanka.cz\www
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {A20B1BB0-AC3D-4530-85F3-791B81303190} - hxxp://xtraz.icq.com/xtraz/products/pho ... vilImg.cab
FF - ProfilePath - c:\documents and settings\Duck\Data aplikací\Mozilla\Firefox\Profiles\k4owlely.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/?from=icqhp
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\programy\DivX\DivX Web Player\npdivx32.dll

---- NASTAVENÍ FIREFOXU ----
c:\programy\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-04 17:49:42
Windows 5.1.2600 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-861567501-764733703-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-861567501-764733703-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*'*x*%\OpenWithList]
@Class="Shell"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(824)
c:\windows\System32\ODBC32.dll

- - - - - - - > 'lsass.exe'(892)
c:\windows\System32\dssenh.dll
.
Celkový čas: 2009-02-04 17:51:46
ComboFix-quarantined-files.txt 2009-02-04 16:51:24
ComboFix2.txt 2009-02-04 08:50:31
ComboFix3.txt 2009-02-04 08:10:08
ComboFix4.txt 2009-02-04 07:17:43
ComboFix5.txt 2009-02-04 16:47:39

Před spuštěním: 6 022 959 104
Po spuštění: 6,076,915,712

212

--------------------------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:54:33, on 4.2.2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programy\Alwil Software\Avast4\aswUpdSv.exe
C:\Programy\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Programy\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programy\Bluetooth Software\BTTray.exe
C:\Programy\Common\Bin\WinCinemaMgr.exe
C:\Programy\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe
C:\Programy\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\bgsvcgen.exe
C:\Programy\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Programy\Alwil Software\Avast4\ashWebSv.exe
C:\Programy\Alwil Software\Avast4\ashMaiSv.exe
C:\Programy\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Programy\Mozilla Firefox\firefox.exe
C:\Programy\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.postarticles.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programy\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programy\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\Programy\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programy\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programy\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: MotionSD STUDIO - SD Browser auto start -.lnk = C:\Programy\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programy\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Programy\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programy\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programy\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programy\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programy\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {A20B1BB0-AC3D-4530-85F3-791B81303190} (ICQDevilImg Control) - http://xtraz.icq.com/xtraz/products/pho ... vilImg.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programy\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programy\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programy\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programy\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programy\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe

--
End of file - 8023 bytes

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.

Napiš , jak se chová comp, v logu nic závažného nevidím.
Doinstaluj IE7 a SP2.

[KingDuck]

Pc vypada v pohode, udelal jsem vse krome doinstalace IC7 a SP2

IC7: tohle vubec nwm co je
SP2: je opravdu dulezite instalovat service pack 2 ? Protoze pak mi nejdou nektere stare hry ... napr Cossacks


Tady je log s HjT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:45:24, on 6.2.2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programy\Alwil Software\Avast4\aswUpdSv.exe
C:\Programy\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Programy\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Programy\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programy\Spybot - Search & Destroy\TeaTimer.exe
C:\Programy\Bluetooth Software\BTTray.exe
C:\Programy\Common\Bin\WinCinemaMgr.exe
C:\Programy\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe
C:\Programy\Alwil Software\Avast4\ashWebSv.exe
C:\Programy\BLUETO~1\BTSTAC~1.EXE
C:\Programy\Alwil Software\Avast4\ashMaiSv.exe
C:\Programy\Mozilla Firefox\firefox.exe
C:\Programy\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.postarticles.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programy\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programy\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\Programy\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programy\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programy\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: MotionSD STUDIO - SD Browser auto start -.lnk = C:\Programy\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programy\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Programy\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programy\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programy\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programy\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programy\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {A20B1BB0-AC3D-4530-85F3-791B81303190} (ICQDevilImg Control) - http://xtraz.icq.com/xtraz/products/pho ... vilImg.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programy\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programy\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programy\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programy\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programy\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe

--
End of file - 8116 bytes

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
návod: viewtopic.php?f=70&t=5119

Kód: Vybrat vše

R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)

Nebylo to fixnuto.
IE7- internet explorer verze7.lepší ochrana proti phishing atd.
SP2 nainstaluj -záplaty systému.

[KingDuck]

Tak uz jsem to podle uvedeneho navodu fixnul.
A doinstaloval jsem upload IE7, ale pouzivam mozzilu tak to ale neplati pro mozzilu ale jen pro explorer ze?
Mel bych tedy ted pouzivat explorer ?

[jaro3]

Sám používám Operu, IE7 jen , když ho používáš, má lepší ochrany než verze IE6..

[KingDuck]

Ok diky problem je tedy vyresen, dekuji mnohokrat za rady, bez Vas by mi pc uz asi nejel