Prosím o kontrolu logu

vilem.12 · Příspěvekod **vilem.12** » 22 dub 2009 20:48

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:46:13, on 22.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\ESB.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Philips\SA28XX Device Manager\main.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~2\4429\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [Zástupce stránky vlastností sběrnice High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [ESB] C:\WINDOWS\system32\ESB.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [Setup] D:\\Setup.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SIMBAR={AEC3D9FE-B410-40AD-B1C5-10A0B54090B8}; .NET CLR 2.0.50727; .NET CLR 1.1.4322)" -"http://www.superhryonline.net/zahraj-si-online-hru/skakacky/240-extreme-heli-boarding-extremny-snowboarding.php"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Philips Device Manager.lnk = C:\Program Files\Philips\SA28XX Device Manager\main.exe
O9 - Extra button: (no name) - {0A6D7036-0BA5-432D-8899-14C769E62686} - C:\WINDOWS\DOWNLO~1\necli212.dll
O9 - Extra 'Tools' menuitem: &Nastavení Eso 9 klient 2.12 - {0A6D7036-0BA5-432D-8899-14C769E62686} - C:\WINDOWS\DOWNLO~1\necli212.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {444785F1-DE89-4295-863A-D46C3A781394} - http://webplayer.unity3d.com/download_w ... Player.cab
O16 - DPF: {C2E6A506-02FF-48EA-9EAC-6BD4E71DF6E7} (Eso 9 klientské komponenty verze 2.12) - https://193.86.76.206/eso9supp/LIB/CAB/necli212.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 9017 bytes

Reklama

Příspěvekod **jaro3** » 22 dub 2009 21:41

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

vilem.12 · Příspěvekod **vilem.12** » 22 dub 2009 22:06

Malwarebytes' Anti-Malware 1.36
Verze databáze: 2028
Windows 5.1.2600 Service Pack 3

22.4.2009 22:04:25
mbam-log-2009-04-22 (22-04-15).txt

Typ skenu: Rychlý sken
Objektu skenováno: 71865
Uplynulý cas: 8 minute(s), 44 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 3
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 16
Infikované soubory: 56

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> No action taken.

Infikované soubory:
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\00F5E382 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\02BD0A6E.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\02BD0C14.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\106A21BA (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\106A2C87.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\106A2E3D.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\106A30BE.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\106A3225.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\106A18FF.urr (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html (Adware.MyWebSearch) -> No action taken.
C:\WINDOWS\Downloaded Program Files\UnityWebPlayer.inf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Jaroušek\Local Settings\Temp\_ad51.exe (Trojan.Agent) -> No action taken.
C:\Program Files\ICQToolbar\4429\toolbaru.dll (Adware.BHO) -> No action taken.

Příspěvekod **jaro3** » 22 dub 2009 22:11

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

Vypni rez. ochranu u Avastu.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Zítra se podívám..

vilem.12 · Příspěvekod **vilem.12** » 22 dub 2009 22:30

Malwarebytes' Anti-Malware 1.36
Verze databáze: 2028
Windows 5.1.2600 Service Pack 3

22.4.2009 22:28:31
mbam-log-2009-04-22 (22-28-31).txt

Typ skenu: Rychlý sken
Objektu skenováno: 71611
Uplynulý cas: 7 minute(s), 41 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 3
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 16
Infikované soubory: 56

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infikované soubory:
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00F5E382 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\02BD0A6E.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\02BD0C14.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\106A21BA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\106A2C87.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\106A2E3D.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\106A30BE.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\106A3225.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\106A18FF.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\UnityWebPlayer.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jaroušek\Local Settings\Temp\_ad51.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\ICQToolbar\4429\toolbaru.dll (Adware.BHO) -> Quarantined and deleted successfully.

vilem.12 · Příspěvekod **vilem.12** » 22 dub 2009 22:42

ComboFix 09-04-23.02 - Jaroušek 22.04.2009 22:34.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1470.922 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jaroušek\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090422-0] *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\Software Licensors
c:\documents and settings\All Users\Data aplikací\Software Licensors\Antispyware PRO XP\LOG\20081020150723484.log
c:\documents and settings\All Users\Data aplikací\Software Licensors\Antispyware PRO XP\LOG\20081020152938192.log
c:\documents and settings\All Users\Data aplikací\Software Licensors\Antispyware PRO XP\LOG\20081020161218239.log
c:\documents and settings\Jaroušek\Data aplikací\Microsoft\SystemCertificates\Request
c:\documents and settings\Jaroušek\Nabídka Start\Programy\Download programs.url
c:\documents and settings\Jaroušek\Nabídka Start\Programy\Games.url
c:\documents and settings\Jaroušek\Nabídka Start\Programy\Translator.url
c:\documents and settings\Jaroušek\Oblíbené položky\Translator.url

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-23 do 2009-04-23 )))))))))))))))))))))))))))))))
.

2009-04-22 20:29 . 2009-04-22 20:29 61440 ----a-w c:\windows\system32\drivers\bssozbf.sys
2009-04-22 19:54 . 2009-04-22 19:54 -------- d-----w c:\documents and settings\Jaroušek\Data aplikací\Malwarebytes
2009-04-22 19:54 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-22 19:54 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-22 19:54 . 2009-04-22 19:54 -------- d-----w c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-04-22 17:11 . 2009-04-22 17:11 -------- d-----w C:\Vlci
2009-04-22 17:00 . 2009-04-22 17:00 -------- d-----w C:\rc
2009-04-22 17:00 . 2009-04-22 17:00 -------- d-----w C:\PRINCEZNA
2009-04-15 01:19 . 2009-03-27 06:53 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 01:19 . 2008-04-21 21:15 216576 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-15 01:18 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 01:18 . 2009-03-06 14:23 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 01:18 . 2009-02-09 11:25 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 01:18 . 2009-02-09 10:56 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 01:18 . 2009-02-09 10:56 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 01:18 . 2009-02-09 10:56 684032 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 01:18 . 2009-02-09 10:56 728064 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 01:18 . 2009-02-09 10:56 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 01:18 . 2009-02-09 10:56 709632 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-02 20:02 . 2009-04-22 17:05 -------- d-----w c:\documents and settings\Jaroušek\Data aplikací\uTorrent
2009-03-24 12:31 . 2009-03-24 12:31 -------- d-----w c:\windows\Cache

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 19:54 . 2009-04-22 19:54 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-22 18:45 . 2009-04-22 18:45 -------- d-----w c:\program files\Trend Micro
2009-04-22 18:14 . 2008-01-17 21:15 -------- d-----w c:\documents and settings\Jaroušek\Data aplikací\OpenOffice.org2
2009-04-22 17:54 . 2009-04-22 17:51 -------- d-----w c:\program files\ICQ6.5
2009-04-22 17:54 . 2009-03-13 15:37 -------- d-----w c:\program files\ICQ6Toolbar
2009-04-22 17:53 . 2008-02-12 07:53 -------- d-----w c:\program files\ICQ6
2009-04-22 17:43 . 2009-04-22 17:00 -------- d-----w c:\program files\Industry Giant 2
2009-04-22 17:21 . 2009-02-15 02:16 -------- d-----w c:\program files\Metin2_TESTER
2009-04-22 17:11 . 2008-03-21 10:02 -------- d-----w c:\program files\DivX
2009-04-22 17:10 . 2009-03-24 12:26 -------- d-----w c:\program files\Pinnacle(2)
2009-04-22 17:09 . 2006-12-22 10:29 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-22 17:06 . 2009-03-25 15:45 -------- d-----w c:\program files\Common Files\Symantec Shared(2)
2009-04-22 17:05 . 2009-04-02 20:02 -------- d-----w c:\program files\uTorrent
2009-04-22 17:00 . 2009-04-22 17:00 -------- d-----w c:\program files\Pinnacle
2009-04-15 10:50 . 2006-01-24 16:17 83450 ----a-w c:\windows\system32\perfc005.dat
2009-04-15 10:50 . 2006-01-24 16:17 422282 ----a-w c:\windows\system32\perfh005.dat
2009-04-03 07:31 . 2008-02-11 20:39 -------- d-----w c:\documents and settings\Jaroušek\Data aplikací\ICQ
2009-03-25 10:57 . 2008-02-11 11:38 -------- d-----w c:\program files\T-Mobile
2009-03-24 12:34 . 2009-03-24 12:32 214816 ----a-w C:\MSDELog.log
2009-03-24 12:32 . 2009-03-24 12:32 -------- d-----w c:\program files\Microsoft SQL Server
2009-03-13 15:37 . 2009-03-13 15:37 -------- d-----w c:\documents and settings\All Users\Data aplikací\ICQ
2009-03-06 14:23 . 2006-01-24 16:17 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:14 . 2006-01-24 16:17 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 17:13 . 2006-01-24 16:17 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-10 17:09 . 2004-08-17 15:45 2068224 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:26 . 2006-01-24 16:17 2191232 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:25 . 2006-01-24 16:17 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:56 . 2006-01-24 16:17 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:56 . 2006-01-24 16:17 728064 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:56 . 2006-01-24 16:17 709632 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:56 . 2006-01-24 16:17 684032 ----a-w c:\windows\system32\advapi32.dll
2009-02-06 10:39 . 2006-01-24 16:17 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:58 . 2006-01-24 16:17 56832 ----a-w c:\windows\system32\secur32.dll
2008-12-30 12:49 . 2008-12-30 12:49 128 ----a-w c:\documents and settings\Jaroušek\Local Settings\Data aplikací\fusioncache.dat
2008-10-20 14:59 . 2008-01-16 17:05 44920 ----a-w c:\documents and settings\Jaroušek\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2004-10-01 14:00 . 2008-01-16 18:02 40960 ----a-w c:\program files\Uninstall_CDS.exe
2008-10-10 21:26 . 2008-10-10 21:26 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008101020081011\index.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 11:22 1172792 ----a-w c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-20 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ESB"="c:\windows\system32\ESB.exe" [2006-05-29 266240]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-07 761946]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-08 1397760]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-21 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-01 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-01-13 111928]
"Zástupce stránky vlastností sběrnice High Definition Audio"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2006-09-21 53248]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2006-07-10 176128]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-28 16248320]
"S3Trayp"="S3trayp.exe" - c:\windows\system32\S3Trayp.exe [2006-10-10 176128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Jarouçek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-3-22 393216]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Philips Device Manager.lnk - c:\program files\Philips\SA28XX Device Manager\main.exe [2008-12-25 7975169]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
S3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2008-04-13 69120]
S3 S3GIGP;S3GIGP;c:\windows\system32\DRIVERS\S3gIGPm.sys [2006-11-15 634880]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b8185aa-91a9-11db-9a56-0040d09f2038}]
\Shell\AutoRun\command - PStart.exe
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-PcSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SIMBAR={AEC3D9FE-B410-40AD-B1C5-10A0B54090B8}; .NET CLR 2.0.50727; .NET

.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
IE: {{0A6D7036-0BA5-432D-8899-14C769E62686} - {0A6D7036-0BA5-432D-8899-14C769E62686} - c:\windows\DOWNLO~1\necli212.dll
DPF: {444785F1-DE89-4295-863A-D46C3A781394} - hxxp://webplayer.unity3d.com/download_w ... Player.cab
DPF: {C2E6A506-02FF-48EA-9EAC-6BD4E71DF6E7} - hxxps://193.86.76.206/eso9supp/LIB/CAB/necli212.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-22 22:36
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,1d,11,38,de,35,
4e,cb,20,e2,63,26,f1,3f,c8,ff,68,97,a4,4c,3f,08,36,2a,75,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,0a,b3,d3,ca,f8,
e7,3e,26,6a,9c,d6,61,af,45,84,18,6d,7b,f4,ee,a5,a2,99,2b,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,91,3e,0b,32,0e,
b0,d9,e9,ff,7c,85,e0,43,d4,0e,fe,f7,ee,e2,0d,8c,b3,53,5f,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,55,95,a7,77,1c,
53,4b,48,86,8c,21,01,be,91,eb,e7,f8,b8,33,c3,dd,fb,0d,c2,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,7c,2d,b5,04,1d,
38,da,5f,f5,1d,4d,73,a8,13,5c,05,a8,7c,3e,60,43,d4,e6,29,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,8c,65,45,16,78,
8c,44,55,df,20,58,62,78,6b,cf,c8,d4,f9,f6,db,02,1e,dc,b5,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,fc,1e,db,b4,07,
bb,5b,1b,fb,a7,78,e6,12,2f,9a,ea,fb,e7,2d,c9,c8,05,2f,07,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,69,dc,cc,e6,96,
cd,b9,9e,01,3a,48,fc,e8,04,4a,f1,d3,d9,e5,6f,dc,a7,11,14,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,0d,b3,37,a7,9a,
6a,65,35,f6,0f,4e,58,98,5b,89,c9,4b,0e,c1,ac,ad,b9,3d,ca,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,9a,44,7c,8b,c9,
45,1c,a6,3d,ce,ea,26,2d,45,aa,78,4b,31,28,d2,c3,0d,91,65,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,fd,c3,fa,77,ce,
ae,da,68,2a,b7,cc,b5,b9,7f,41,e7,c1,6a,b1,ba,dc,e4,e5,d7,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,cf,53,ca,48,54,
63,93,b9,6c,43,2d,1e,aa,22,2f,9c,ae,4e,6f,41,d5,4d,75,ca,6c,43,2d,1e,aa,22,\
.
Celkový čas: 2009-04-22 22:38
ComboFix-quarantined-files.txt 2009-04-22 20:38

Před spuštěním: Volných bajtů: 52 127 465 472
Po spuštění: Volných bajtů: 53 881 589 760

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

236 --- E O F --- 2009-04-22 17:39

Příspěvekod **jaro3** » 23 dub 2009 07:46

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\system32\drivers\bssozbf.sys

Driver::
bssozbf

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto znáš:
C:\Vlci
C:\rc
C:\PRINCEZNA ?

vilem.12 · Příspěvekod **vilem.12** » 23 dub 2009 19:31

ComboFix 09-04-23.02 - Jaroušek 23.04.2009 19:23.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1470.892 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jaroušek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jaroušek\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090423-0] *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení

FILE ::
c:\windows\system32\drivers\bssozbf.sys
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-03-23 do 2009-04-23 )))))))))))))))))))))))))))))))
.

2009-04-22 19:54 . 2009-04-22 19:54 -------- d-----w c:\documents and settings\Jaroušek\Data aplikací\Malwarebytes
2009-04-22 19:54 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-22 19:54 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-22 19:54 . 2009-04-22 19:54 -------- d-----w c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-04-22 17:11 . 2009-04-22 17:11 -------- d-----w C:\Vlci
2009-04-22 17:00 . 2009-04-22 17:00 -------- d-----w C:\rc
2009-04-15 01:19 . 2009-03-27 06:53 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 01:19 . 2008-04-21 21:15 216576 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-15 01:18 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 01:18 . 2009-03-06 14:23 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 01:18 . 2009-02-09 11:25 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 01:18 . 2009-02-09 10:56 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 01:18 . 2009-02-09 10:56 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 01:18 . 2009-02-09 10:56 684032 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 01:18 . 2009-02-09 10:56 728064 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 01:18 . 2009-02-09 10:56 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 01:18 . 2009-02-09 10:56 709632 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-02 20:02 . 2009-04-22 17:05 -------- d-----w c:\documents and settings\Jaroušek\Data aplikací\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 21:12 . 2008-01-17 21:15 -------- d-----w c:\documents and settings\Jaroušek\Data aplikací\OpenOffice.org2
2009-04-22 21:09 . 2009-04-22 21:08 71528 ----a-w C:\avenger.txt
2009-04-22 19:54 . 2009-04-22 19:54 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-22 18:45 . 2009-04-22 18:45 -------- d-----w c:\program files\Trend Micro
2009-04-22 17:54 . 2009-04-22 17:51 -------- d-----w c:\program files\ICQ6.5
2009-04-22 17:54 . 2009-03-13 15:37 -------- d-----w c:\program files\ICQ6Toolbar
2009-04-22 17:53 . 2008-02-12 07:53 -------- d-----w c:\program files\ICQ6
2009-04-22 17:43 . 2009-04-22 17:00 -------- d-----w c:\program files\Industry Giant 2
2009-04-22 17:21 . 2009-02-15 02:16 -------- d-----w c:\program files\Metin2_TESTER
2009-04-22 17:11 . 2008-03-21 10:02 -------- d-----w c:\program files\DivX
2009-04-22 17:10 . 2009-03-24 12:26 -------- d-----w c:\program files\Pinnacle(2)
2009-04-22 17:09 . 2006-12-22 10:29 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-22 17:06 . 2009-03-25 15:45 -------- d-----w c:\program files\Common Files\Symantec Shared(2)
2009-04-22 17:05 . 2009-04-02 20:02 -------- d-----w c:\program files\uTorrent
2009-04-22 17:00 . 2009-04-22 17:00 -------- d-----w c:\program files\Pinnacle
2009-04-15 10:50 . 2006-01-24 16:17 83450 ----a-w c:\windows\system32\perfc005.dat
2009-04-15 10:50 . 2006-01-24 16:17 422282 ----a-w c:\windows\system32\perfh005.dat
2009-04-03 07:31 . 2008-02-11 20:39 -------- d-----w c:\documents and settings\Jaroušek\Data aplikací\ICQ
2009-03-25 10:57 . 2008-02-11 11:38 -------- d-----w c:\program files\T-Mobile
2009-03-24 12:34 . 2009-03-24 12:32 214816 ----a-w C:\MSDELog.log
2009-03-24 12:32 . 2009-03-24 12:32 -------- d-----w c:\program files\Microsoft SQL Server
2009-03-13 15:37 . 2009-03-13 15:37 -------- d-----w c:\documents and settings\All Users\Data aplikací\ICQ
2009-03-06 14:23 . 2006-01-24 16:17 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:14 . 2006-01-24 16:17 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 17:13 . 2006-01-24 16:17 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-10 17:09 . 2004-08-17 15:45 2068224 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 14:07 . 2006-01-24 16:17 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:26 . 2006-01-24 16:17 2191232 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:25 . 2006-01-24 16:17 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:56 . 2006-01-24 16:17 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:56 . 2006-01-24 16:17 728064 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:56 . 2006-01-24 16:17 709632 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:56 . 2006-01-24 16:17 684032 ----a-w c:\windows\system32\advapi32.dll
2009-02-06 10:39 . 2006-01-24 16:17 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:58 . 2006-01-24 16:17 56832 ----a-w c:\windows\system32\secur32.dll
2008-12-30 12:49 . 2008-12-30 12:49 128 ----a-w c:\documents and settings\Jaroušek\Local Settings\Data aplikací\fusioncache.dat
2008-10-20 14:59 . 2008-01-16 17:05 44920 ----a-w c:\documents and settings\Jaroušek\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2004-10-01 14:00 . 2008-01-16 18:02 40960 ----a-w c:\program files\Uninstall_CDS.exe
2008-10-10 21:26 . 2008-10-10 21:26 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008101020081011\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-04-22_20.36.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-22 21:10 . 2009-04-22 21:10 16384 c:\windows\Temp\Perflib_Perfdata_764.dat
+ 2009-04-22 21:10 . 2009-04-22 21:10 16384 c:\windows\Temp\Perflib_Perfdata_5b0.dat
- 2006-01-24 15:47 . 2008-07-09 07:36 26488 c:\windows\system32\spupdsvc.exe
+ 2006-01-24 15:47 . 2007-07-27 07:41 26488 c:\windows\system32\spupdsvc.exe
+ 2008-10-16 18:56 . 2007-11-30 11:18 18296 c:\windows\system32\spmsg.dll
- 2008-10-16 18:56 . 2007-11-30 12:39 18296 c:\windows\system32\spmsg.dll
+ 2009-04-22 20:44 . 2008-07-09 07:36 26488 c:\windows\$hf_mig$\KB967715\update\spcustom.dll
+ 2009-04-22 20:44 . 2008-07-09 07:36 18296 c:\windows\$hf_mig$\KB967715\spmsg.dll
+ 2009-04-22 20:44 . 2008-07-09 07:36 26488 c:\windows\$hf_mig$\KB960715\update\spcustom.dll
+ 2009-04-22 20:44 . 2008-07-09 07:36 18296 c:\windows\$hf_mig$\KB960715\spmsg.dll
+ 2009-04-22 20:47 . 2007-11-30 11:18 26488 c:\windows\$hf_mig$\KB960225\update\spcustom.dll
+ 2009-04-22 20:47 . 2007-11-30 11:18 18296 c:\windows\$hf_mig$\KB960225\spmsg.dll
+ 2009-04-22 20:44 . 2008-07-09 07:36 26488 c:\windows\$hf_mig$\KB958690\update\spcustom.dll
+ 2009-04-22 20:44 . 2008-07-09 07:36 18296 c:\windows\$hf_mig$\KB958690\spmsg.dll
+ 2006-01-24 16:17 . 2008-12-05 06:57 144896 c:\windows\system32\schannel.dll
- 2006-01-24 16:23 . 2009-04-22 17:25 201736 c:\windows\system32\FNTCACHE.DAT
+ 2006-01-24 16:23 . 2009-04-22 21:09 201736 c:\windows\system32\FNTCACHE.DAT
+ 2008-12-05 06:57 . 2008-12-05 06:57 144896 c:\windows\system32\dllcache\schannel.dll
+ 2009-04-22 20:44 . 2008-07-09 07:36 391032 c:\windows\$NtUninstallKB967715$\spuninst\updspapi.dll
+ 2009-04-22 20:44 . 2008-07-09 07:36 233848 c:\windows\$NtUninstallKB967715$\spuninst\spuninst.exe
+ 2009-04-22 20:44 . 2008-07-09 07:36 391032 c:\windows\$NtUninstallKB960715$\spuninst\updspapi.dll
+ 2009-04-22 20:44 . 2008-07-09 07:36 233848 c:\windows\$NtUninstallKB960715$\spuninst\spuninst.exe
+ 2009-04-22 20:47 . 2007-11-30 12:39 391032 c:\windows\$NtUninstallKB960225$\spuninst\updspapi.dll
+ 2009-04-22 20:47 . 2007-11-30 11:18 233848 c:\windows\$NtUninstallKB960225$\spuninst\spuninst.exe
+ 2009-04-22 20:47 . 2008-04-14 03:21 144384 c:\windows\$NtUninstallKB960225$\schannel.dll
+ 2009-04-22 20:43 . 2007-07-27 07:41 382840 c:\windows\$NtUninstallKB959772_WM11$\spuninst\updspapi.dll
+ 2009-04-22 20:43 . 2007-07-27 05:17 233848 c:\windows\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe
+ 2009-04-22 20:44 . 2008-07-09 07:36 391032 c:\windows\$NtUninstallKB958690$\spuninst\updspapi.dll
+ 2009-04-22 20:44 . 2008-07-09 07:36 233848 c:\windows\$NtUninstallKB958690$\spuninst\spuninst.exe
+ 2009-04-22 20:44 . 2008-07-09 07:36 391032 c:\windows\$hf_mig$\KB967715\update\updspapi.dll
+ 2009-04-22 20:44 . 2008-07-09 07:36 759160 c:\windows\$hf_mig$\KB967715\update\update.exe
+ 2009-04-22 20:44 . 2008-07-09 07:36 233848 c:\windows\$hf_mig$\KB967715\spuninst.exe
+ 2009-04-22 20:44 . 2008-07-09 07:36 391032 c:\windows\$hf_mig$\KB960715\update\updspapi.dll
+ 2009-04-22 20:44 . 2008-11-15 17:17 759160 c:\windows\$hf_mig$\KB960715\update\update.exe
+ 2009-04-22 20:44 . 2008-07-09 07:36 233848 c:\windows\$hf_mig$\KB960715\spuninst.exe
+ 2009-04-22 20:47 . 2007-11-30 12:39 391032 c:\windows\$hf_mig$\KB960225\update\updspapi.dll
+ 2009-04-22 20:47 . 2007-11-30 12:39 759160 c:\windows\$hf_mig$\KB960225\update\update.exe
+ 2009-04-22 20:47 . 2007-11-30 11:18 233848 c:\windows\$hf_mig$\KB960225\spuninst.exe
+ 2008-12-05 07:00 . 2008-12-05 07:00 144896 c:\windows\$hf_mig$\KB960225\SP3QFE\schannel.dll
+ 2009-04-22 20:44 . 2008-07-09 07:36 391032 c:\windows\$hf_mig$\KB958690\update\updspapi.dll
+ 2009-04-22 20:44 . 2008-07-09 07:36 759160 c:\windows\$hf_mig$\KB958690\update\update.exe
+ 2009-04-22 20:44 . 2008-07-09 07:36 233848 c:\windows\$hf_mig$\KB958690\spuninst.exe
+ 2006-01-24 16:17 . 2008-06-17 19:02 8465408 c:\windows\system32\shell32.dll
- 2006-01-24 16:17 . 2008-04-14 03:21 8465408 c:\windows\system32\shell32.dll
+ 2008-10-17 08:58 . 2009-02-09 14:07 1846784 c:\windows\system32\dllcache\win32k.sys
+ 2008-06-17 19:02 . 2008-06-17 19:02 8465408 c:\windows\system32\dllcache\shell32.dll
+ 2009-04-22 20:44 . 2008-04-14 03:21 8465408 c:\windows\$NtUninstallKB967715$\shell32.dll
+ 2009-04-22 20:44 . 2008-09-15 15:27 1846400 c:\windows\$NtUninstallKB958690$\win32k.sys
+ 2008-06-17 19:04 . 2008-06-17 19:04 8465920 c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll
+ 2009-02-09 14:01 . 2009-02-09 14:01 1847552 c:\windows\$hf_mig$\KB958690\SP3QFE\win32k.sys
+ 2006-01-24 16:17 . 2008-11-11 16:34 10838016 c:\windows\system32\wmp.dll
+ 2008-02-11 23:12 . 2009-04-06 05:57 24921544 c:\windows\system32\MRT.exe
+ 2006-01-24 16:17 . 2008-11-11 16:34 10838016 c:\windows\system32\dllcache\wmp.dll
+ 2009-04-22 20:43 . 2007-06-11 21:51 10834944 c:\windows\$NtUninstallKB959772_WM11$\wmp.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 11:22 1172792 ----a-w c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-20 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ESB"="c:\windows\system32\ESB.exe" [2006-05-29 266240]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-07 761946]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-08 1397760]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-21 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-01 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-01-13 111928]
"Zástupce stránky vlastností sběrnice High Definition Audio"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2006-09-21 53248]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2006-07-10 176128]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-28 16248320]
"S3Trayp"="S3trayp.exe" - c:\windows\system32\S3Trayp.exe [2006-10-10 176128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Jarouçek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-3-22 393216]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Philips Device Manager.lnk - c:\program files\Philips\SA28XX Device Manager\main.exe [2008-12-25 7975169]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
S3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2008-04-13 69120]
S3 S3GIGP;S3GIGP;c:\windows\system32\DRIVERS\S3gIGPm.sys [2006-11-15 634880]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b8185aa-91a9-11db-9a56-0040d09f2038}]
\Shell\AutoRun\command - PStart.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
IE: {{0A6D7036-0BA5-432D-8899-14C769E62686} - {0A6D7036-0BA5-432D-8899-14C769E62686} - c:\windows\DOWNLO~1\necli212.dll
DPF: {444785F1-DE89-4295-863A-D46C3A781394} - hxxp://webplayer.unity3d.com/download_w ... Player.cab
DPF: {C2E6A506-02FF-48EA-9EAC-6BD4E71DF6E7} - hxxps://193.86.76.206/eso9supp/LIB/CAB/necli212.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-23 19:26
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,1d,11,38,de,35,
4e,cb,20,e2,63,26,f1,3f,c8,ff,68,97,a4,4c,3f,08,36,2a,75,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,0a,b3,d3,ca,f8,
e7,3e,26,6a,9c,d6,61,af,45,84,18,6d,7b,f4,ee,a5,a2,99,2b,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,91,3e,0b,32,0e,
b0,d9,e9,ff,7c,85,e0,43,d4,0e,fe,f7,ee,e2,0d,8c,b3,53,5f,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,55,95,a7,77,1c,
53,4b,48,86,8c,21,01,be,91,eb,e7,f8,b8,33,c3,dd,fb,0d,c2,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,7c,2d,b5,04,1d,
38,da,5f,f5,1d,4d,73,a8,13,5c,05,a8,7c,3e,60,43,d4,e6,29,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,8c,65,45,16,78,
8c,44,55,df,20,58,62,78,6b,cf,c8,d4,f9,f6,db,02,1e,dc,b5,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,fc,1e,db,b4,07,
bb,5b,1b,fb,a7,78,e6,12,2f,9a,ea,fb,e7,2d,c9,c8,05,2f,07,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,69,dc,cc,e6,96,
cd,b9,9e,01,3a,48,fc,e8,04,4a,f1,d3,d9,e5,6f,dc,a7,11,14,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,0d,b3,37,a7,9a,
6a,65,35,f6,0f,4e,58,98,5b,89,c9,4b,0e,c1,ac,ad,b9,3d,ca,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,9a,44,7c,8b,c9,
45,1c,a6,3d,ce,ea,26,2d,45,aa,78,4b,31,28,d2,c3,0d,91,65,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,fd,c3,fa,77,ce,
ae,da,68,2a,b7,cc,b5,b9,7f,41,e7,c1,6a,b1,ba,dc,e4,e5,d7,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,cf,53,ca,48,54,
63,93,b9,6c,43,2d,1e,aa,22,2f,9c,ae,4e,6f,41,d5,4d,75,ca,6c,43,2d,1e,aa,22,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(5844)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2009-04-23 19:29
ComboFix-quarantined-files.txt 2009-04-23 17:28
ComboFix2.txt 2009-04-22 20:38

Před spuštěním: Volných bajtů: 53 969 547 264
Po spuštění: Volných bajtů: 53 990 993 920

283 --- E O F --- 2009-04-22 20:47

vilem.12 · Příspěvekod **vilem.12** » 23 dub 2009 19:32

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:31:09, on 23.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\ESB.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Philips\SA28XX Device Manager\main.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [Zástupce stránky vlastností sběrnice High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [ESB] C:\WINDOWS\system32\ESB.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Philips Device Manager.lnk = C:\Program Files\Philips\SA28XX Device Manager\main.exe
O9 - Extra button: (no name) - {0A6D7036-0BA5-432D-8899-14C769E62686} - C:\WINDOWS\DOWNLO~1\necli212.dll
O9 - Extra 'Tools' menuitem: &Nastavení Eso 9 klient 2.12 - {0A6D7036-0BA5-432D-8899-14C769E62686} - C:\WINDOWS\DOWNLO~1\necli212.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {444785F1-DE89-4295-863A-D46C3A781394} - http://webplayer.unity3d.com/download_w ... Player.cab
O16 - DPF: {C2E6A506-02FF-48EA-9EAC-6BD4E71DF6E7} (Eso 9 klientské komponenty verze 2.12) - https://193.86.76.206/eso9supp/LIB/CAB/necli212.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 7753 bytes

vilem.12 · Příspěvekod **vilem.12** » 23 dub 2009 19:34

A co se týká těch složek - jedno byla prázdná složka, druhý je kus hry a třetí je film.

Příspěvekod **jaro3** » 23 dub 2009 21:03

OK.

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] &quot;C:\Program Files\QuickTime\qttask.exe&quot; -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] &quot;C:\Program Files\Java\jre6\bin\jusched.exe&quot;

takže jestli nejsou problémy,tak vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Vše.

Prosím o kontrolu logu Vyřešeno

Prosím o kontrolu logu Vyřešeno

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Kdo je online