Check It - No. LOG

[Baron Prášil]

máš tam recalle šmejdíka

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

File::
C:\WINDOWS\IFinst27.exe
C:\WINDOWS\system32\Drivers\spyemrg.sys
C:\WINDOWS\system32\Drivers\spyemrg_guard.sys

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

potom spust znovu hjt a tam klik na Open the Mics tools section
klikni na Delete an NT service a do okna zkopíruj
Spy Emergency Shield Service
a ok

potom restartuj komp pošli log z comba kterej je tady C:\ComboFix.txt a novej log z hjt

[Reklama]

[ReCall]

Tak tady je log po přetáhnutí texťáku na ComboFix.exe. A potom jeste jednou spustit CF a další log (po restartu)?


ComboFix 08-02.01.6 - WarezBos 2008-02-02 20:17:42.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.215 [GMT 1:00]
Running from: C:\Documents and Settings\WarezBos\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\WarezBos\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\IFinst27.exe
C:\WINDOWS\system32\Drivers\spyemrg.sys
C:\WINDOWS\system32\Drivers\spyemrg_guard.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\IFinst27.exe
C:\WINDOWS\system32\Drivers\spyemrg.sys
C:\WINDOWS\system32\Drivers\spyemrg_guard.sys

.
((((((((((((((((((((((((( Files Created from 2008-01-02 to 2008-02-02 )))))))))))))))))))))))))))))))
.

2008-02-01 13:21 . 2008-02-01 13:21 <DIR> d-------- C:\Program Files\Kerio
2008-02-01 12:55 . 2008-02-01 13:04 <DIR> dr------- C:\My Software
2008-01-29 14:02 . 2008-01-29 14:02 <DIR> d-------- C:\Documents and Settings\NetworkService\Data aplikací\AVG7
2008-01-29 14:02 . 2008-01-29 14:02 <DIR> d-------- C:\Documents and Settings\NetworkService\Data aplikací\AVG7
2008-01-29 14:02 . 2008-01-29 14:02 <DIR> d-------- C:\Documents and Settings\NetworkService\Data aplikací\AVG7
2008-01-29 14:02 . 2008-01-29 14:02 <DIR> d-------- C:\Documents and Settings\NetworkService\Data aplikací\AVG7
2008-01-28 18:21 . 2008-02-02 19:05 <DIR> d-------- C:\Documents and Settings\WarezBos\Data aplikací\AVG7
2008-01-28 18:21 . 2008-01-28 18:21 <DIR> d-------- C:\Documents and Settings\LocalService\Data aplikací\AVG7
2008-01-28 18:21 . 2008-01-28 18:21 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Grisoft
2008-01-28 18:21 . 2008-01-28 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\avg7
2008-01-27 19:36 . 2008-01-27 19:36 <DIR> d-------- C:\Program Files\Common Files\Everstrike Software
2008-01-27 18:28 . 2008-01-27 18:28 <DIR> d-------- C:\Documents and Settings\Tiger\Data aplikací\Talkback
2008-01-27 18:24 . 2007-07-30 19:07 <DIR> d-------- C:\Documents and Settings\Tiger\Plocha
2008-01-27 18:24 . 2007-07-30 13:04 <DIR> d--h----- C:\Documents and Settings\Tiger\Okolní tiskárny
2008-01-27 18:24 . 2007-07-30 13:04 <DIR> d--h----- C:\Documents and Settings\Tiger\Okolní síť
2008-01-27 18:24 . 2007-07-30 13:04 <DIR> d-------- C:\Documents and Settings\Tiger\Oblíbené položky
2008-01-27 18:24 . 2007-07-30 11:12 <DIR> d--h----- C:\Documents and Settings\Tiger\Šablony
2008-01-27 18:24 . 2007-07-30 13:04 <DIR> dr------- C:\Documents and Settings\Tiger\Nabídka Start
2008-01-27 18:24 . 2007-07-30 13:04 <DIR> d-------- C:\Documents and Settings\Tiger\Dokumenty
2008-01-27 18:24 . 2007-07-30 11:17 <DIR> dr-h----- C:\Documents and Settings\Tiger\Data aplikací
2008-01-24 17:54 . 2008-02-01 12:57 <DIR> d-------- C:\Program Files\URUSoft
2008-01-15 20:12 . 2008-01-15 20:12 2,745 --a------ C:\WINDOWS\wtran32.INI
2008-01-15 20:12 . 2008-01-20 16:37 1,154 --a------ C:\WINDOWS\wdict32.INI
2008-01-10 18:15 . 2008-01-10 18:15 <DIR> d-------- C:\Program Files\Webteh
2008-01-05 21:58 . 2008-02-02 20:15 <DIR> d-------- C:\Incomplete
2008-01-03 21:16 . 2008-01-03 21:16 <DIR> d-------- C:\Documents and Settings\WarezBos\Data aplikací\vlc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-01 11:43 --------- d-----w C:\Documents and Settings\WarezBos\Data aplikací\wsInspector
2008-01-31 21:36 --------- d-----w C:\Program Files\DOSBox-0.65
2008-01-27 13:47 --------- d-----w C:\Documents and Settings\WarezBos\Data aplikací\uTorrent
2008-01-26 13:01 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-01-24 17:18 --------- d-----w C:\Documents and Settings\WarezBos\Data aplikací\Vso
2008-01-21 17:20 --------- d-----w C:\Documents and Settings\WarezBos\Data aplikací\Skype
2008-01-21 17:05 --------- d-----w C:\Documents and Settings\WarezBos\Data aplikací\skypePM
2008-01-02 21:40 --------- d-----w C:\Program Files\styler
2008-01-02 15:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-31 10:54 --------- d-----w C:\Documents and Settings\WarezBos\Data aplikací\LockTime
2007-12-30 15:05 --------- d-----w C:\Documents and Settings\WarezBos\Data aplikací\VSO_HWE
2007-12-29 20:54 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-12-29 20:54 249,856 ------w C:\WINDOWS\Setup1.exe
2007-12-29 14:34 --------- d-----w C:\Documents and Settings\WarezBos\Data aplikací\Ahead
2007-12-29 11:55 47,360 ----a-w C:\WINDOWS\system32\drivers\Pcouffin.sys
2007-12-29 11:55 --------- d-----w C:\Program Files\vso
2007-12-28 21:06 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2007-12-28 19:54 --------- d-----w C:\Documents and Settings\LocalService\Data aplikací\Ahead
2007-12-26 17:23 --------- d-----w C:\Program Files\GDS
2007-12-26 12:38 --------- d-----w C:\Program Files\Polda 5
2007-12-25 18:11 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-25 18:08 --------- d-----w C:\Program Files\Nero
2007-12-25 18:08 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Nero
2007-11-24 12:30 32 ----a-w C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
2007-11-18 17:59 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2007-11-18 17:59 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2007-11-18 17:59 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2007-11-15 14:01 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-03-18 23:05 630784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 16:49 25088]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RAM Idle Professional"="C:\Program Files\RAM Idle\RAM_XP.exe" [2004-06-11 15:28 133632]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-09-09 10:16 196608]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-28 18:21 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 16:49 25088]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-28 18:21 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys [2005-04-26 10:22]
R1 SpyEmrg;Spy Emergency Driver;C:\WINDOWS\system32\Drivers\spyemrg.sys []
R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-08-29 12:07]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 00:04]
S2 LF30FS;LF30FS;C:\Porgramy\LockFolder\LF30XP.sys []
S3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;C:\WINDOWS\system32\Drivers\spyemrg_guard.sys []

.
Contents of the 'Scheduled Tasks' folder
"2007-09-23 17:40:56 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-17 10:09:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 20:19:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-02 20:20:17
ComboFix-quarantined-files.txt 2008-02-02 19:20:03

[Baron Prášil]

a ten hijackthis je zacryptovanej kde?

[ReCall]

V HJT sme udělal to cos psal, potom zkopčil ten text a dal OK. Píše to, že v registrech nic neni.

[Baron Prášil]

recalle,já chci jenom novej log z HIJACKTHIS,nedělej s toho lingvistickou záhadu

[ReCall]

Tak to řeknu hned,ne?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:21:39, on 2.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\RAM Idle\RAM_XP.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Maxthon2\Maxthon.exe
D:\Strong DC++\StrongDC.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle\RAM_XP.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.19\AMVConverter\grab.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://test.catalog.update.microsoft.co ... 5861570609
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5831178687
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5831683703
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Spy Emergency Shield Service (SpyEmrgSrv) - Unknown owner - C:\Program Files\NETGATE\Spy Emergency 2007\SpyEmergencySrv.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)

--
End of file - 7073 bytes


Jako já tam to SE furt vidim.

[Baron Prášil]

nevím,proč si tak vysmátej,je to tvůj komp

Stáhni si LSPFix http://www.cexx.org/LSPFix.exe a spusť ho.
V okně zatrhni čtvereček u volby I know what i'm doing a zaktivují se ti šipečky mezi okny.A potom v levém okně označ spyemergencycnt.dll šipkama >> jej přesuň do pravého okna.Poté klikni na tlačítko Finish.
Ale nepřesunuj nic jiného jinak by jsi si mohl znefukčnit internet

spust znova hijackthis>Open the Mics tools section>Delete an NT service>
vlož Spy Emergency Shield Service >OK

restartuj a novej log z Hijackthis
uvidíme,koho to přestane dřív bavit barona,recalla nebo spyemergency

[ReCall]

Barone ja te snad budu platit

me jedeee interneeet a to uplne normálně

Tady to máš

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:55:54, on 2.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\RAM Idle\RAM_XP.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Maxthon2\Maxthon.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle\RAM_XP.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.19\AMVConverter\grab.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://test.catalog.update.microsoft.co ... 5861570609
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5831178687
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5831683703
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Spy Emergency Shield Service (SpyEmrgSrv) - Unknown owner - C:\Program Files\NETGATE\Spy Emergency 2007\SpyEmergencySrv.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)

--
End of file - 6393 bytes

No jedeeem, jakto zes to jeste nezkontroloval

[Baron Prášil]

když nemáš s kompem potíže,tak to nebudeme dál pitvat.
spyemergency 2007 šmejd neni.možná to prostě jenom zůstalo v registru.
doufejme,že se nemlátí s tim spybotem.sleduj komp a kdyžtak se ozvi

[ReCall]

Ok, díky ti moc. Uzavirám.

[Baron Prášil]

za nic.mam dojem že fredik ví o něčem co ten spyemergency umí vykopat.tak se ho poptám,až tady bude.

[ReCall]

Vyskytl se nový problém po fixnutí SE v LSPfix počítač najíždí strašně pomalu.
Čistil jsem registry a potom hledal viry atd. a nic. Potom jsem ještě odinstaloval SpyBot, ale taky to nepomohlo.