kontrola logu

[Plico]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:53, on 22.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Counter-Strike 1.6\hl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = h
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AmskerBar - {B05D1A1E-9F4C-4CCE-91AD-DB5CFF9796DD} - C:\WINDOWS\system32\hozr.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Unknown owner - C:\Documents and Settings\Plico\Desktop\xampplite\apache\bin\apache.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InterBase 7.5 Guardian gds_db (IBG_gds_db) - Unknown owner - C:\Program Files\Borland\InterBase\bin\ibguard.exe (file missing)
O23 - Service: InterBase 7.5 Server gds_db (IBS_gds_db) - Unknown owner - C:\Program Files\Borland\InterBase\bin\ibserver.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Documents and Settings\Plico\Desktop\xampplite\service.exe (file missing)

--
End of file - 5565 bytes
tohle mi vyskakuje kdys oteviram nejakou slozku treba program files

my viskoci kdys dam ano

Kód: Vybrat vše

http://windefender2009.cn/download.php

tohle kdys du do C:\Documents and Settings\Plico


diky za kontrolu logu

[Reklama]

[fredik]

Vypni pokud máš spuštěný některý prohlížeč a pak udělej toto:

Spusť znovu HijackThis a zaškrtni v něm čtverečky před těmito řádky:
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AmskerBar - {B05D1A1E-9F4C-4CCE-91AD-DB5CFF9796DD} - C:\WINDOWS\system32\hozr.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
po zaškrtnutí klikni na tlačítko Fix Checked

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Stáhni si a spusť DDS (by sUBs) a ulož si ho na plochu.
- spusť ho, objeví se ti okno a tak do něho neklikej a počkej až program proběhne
- po ukončení své činnosti program vytvoří 2 logy a vyhodí ti informativní okno. To zavři přes OK
- vlož sem pak celý obsah logu z DDS

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Plico]

Malwarebytes' Anti-Malware 1.31
Verzia databázy: 1533
Windows 5.1.2600 Service Pack 2

22.12.2008 22:51:10
log

Typ kontroly: Rýchla
Objektov kontrolovaných: 46545
Uplynutý cas: 3 minute(s), 18 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 2
Infikovaných registracných klúcov: 7
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 0
Infikovaných súborov: 22

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
C:\WINDOWS\system32\hozr.dll (Trojan.BHO) -> No action taken.
C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> No action taken.

Infikovaných registracných klúcov:
HKEY_CLASSES_ROOT\jnmsd1 (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\jnmsd1.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{bf9031f9-a14a-4ff4-a65d-e0501ed6394e} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e094a482-8627-460f-bcf1-d258d3afb34b} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{a8954909-1f0f-41a5-a7fa-3b376d69e226} (Rogue.PestPatrol) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b05d1a1e-9f4c-4cce-91ad-db5cff9796dd} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\antiwpa (Trojan.I.Stole.Windows) -> No action taken.

Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)

Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
C:\WINDOWS\system32\hozr.dll (Rogue.PestPatrol) -> No action taken.
C:\RECYCLER\S-1-5-21-789336058-1801674531-725345543-1003\Dc9.exe (Trojan.BHO) -> No action taken.
C:\WINDOWS\system32\sf.ico (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\m3.ico (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\c.ico (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\m.ico (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\p.ico (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\s.ico (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> No action taken.
C:\qip.cmd (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Plico\Favorites\Cheap Software.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Plico\Start Menu\Cheap Software.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Plico\Favorites\MP3 Download.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Plico\Start Menu\MP3 Download.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Plico\Favorites\Search Online.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Plico\Start Menu\Search Online.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Plico\Favorites\VIP Casino.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Plico\Start Menu\VIP Casino.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Plico\Favorites\Cheap Pharmacy Online.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Plico\Start Menu\Cheap Pharmacy Online.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Plico\Favorites\SMS TRAP.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Plico\Start Menu\SMS TRAP.url (Rogue.Link) -> No action taken.
---------------------------

DDS (Version 1.1.0) - NTFSx86
Run by Plico at 22:55:26,39 on po 22.12.2008
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_10
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.503.151 [GMT 1:00]

AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated)
FW: ESET personal firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Plico\Desktop\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = start.qip.ru
mDefault_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
uSearchAssistant = hxxp://search.qip.ru
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 6.0 ce\reader\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [QIP2005] c:\program files\qip\qip.exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: Antiwpa - antiwpa.dll
Notify: igfxcui - igfxdev.dll
Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\wbsrv.dll
AppInit_DLLs: wbsys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\plico\applic~1\mozilla\firefox\profiles\v1740a7a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - component: c:\documents and settings\plico\application data\mozilla\firefox\profiles\v1740a7a.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.SOAPEncoding.schemaCollection", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("security.checkloaduri", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.key.chromeAccess", 4);
c:\program files\mozilla firefox\greprefs\all.js - pref("bidi.characterset", 1);
c:\program files\mozilla firefox\defaults\pref\channel-prefs.js - pref("app.update.channel", "release");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("keyword.URL", "chrome://browser-region/locale/region.properties");

============= SERVICES / DRIVERS ===============

R2 ekrn;Eset Service;"c:\program files\eset\eset smart security\ekrn.exe" [2008-3-13 472320]
R3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-22 38496]
R3 NCHSSVAD;SoundTap Recorder;c:\windows\system32\drivers\nchssvad.sys [2008-12-18 27136]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2006-2-28 69120]
S1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2008-10-29 2944]
S2 Apache2.2;Apache2.2;"c:\documents and settings\plico\desktop\xampplite\apache\bin\apache.exe" -k runservice []
S2 Ca533av;Slim 3000, WDM Video Capture;c:\windows\system32\drivers\Ca533av.sys [2008-11-8 515803]
S2 IBG_gds_db;InterBase 7.5 Guardian gds_db;c:\program files\borland\interbase\bin\ibguard.exe -i "c:\program files\borland\InterBase" -p gds_db []
S2 XAMPP;XAMPP Service;c:\documents and settings\plico\desktop\xampplite\service.exe []
S3 IBS_gds_db;InterBase 7.5 Server gds_db;c:\program files\borland\interbase\bin\ibserver.exe -i "c:\program files\borland\InterBase" -p gds_db []
S3 USBCamera;DSC Still Image Capture (CA100);c:\windows\system32\drivers\Bulk533.sys [2008-11-8 11144]

=============== Created Last 30 ================

2008-12-22 22:46 <DIR> --d----- c:\docume~1\plico\applic~1\Malwarebytes
2008-12-22 22:46 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-22 22:46 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-22 22:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-22 22:46 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-22 21:09 <DIR> --d----- c:\program files\Trend Micro
2008-12-22 13:24 21,446 a------- c:\windows\system32\sf.ico
2008-12-22 13:24 13,942 a------- c:\windows\system32\m3.ico
2008-12-22 13:24 13,942 a------- c:\windows\system32\c.ico
2008-12-22 13:24 7,662 a------- c:\windows\system32\m.ico
2008-12-22 13:24 4,286 a------- c:\windows\system32\s.ico
2008-12-22 13:24 106,496 a------- c:\windows\system32\hozr.dll
2008-12-22 13:24 11,062 a------- c:\windows\system32\p.ico
2008-12-22 13:24 3,095 a------- c:\windows\ios.dat
2008-12-21 19:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Blizzard
2008-12-20 00:30 81,920 a------- c:\windows\system32\frapsvid.dll
2008-12-19 20:36 <DIR> --d----- c:\program files\PokerStars
2008-12-18 14:43 27,136 a------- c:\windows\system32\drivers\nchssvad.sys
2008-12-18 14:43 <DIR> --d----- c:\program files\NCH Software
2008-12-18 14:43 <DIR> --d----- c:\program files\NCH Swift Sound
2008-12-18 14:43 <DIR> --d----- c:\docume~1\plico\applic~1\NCH Swift Sound
2008-12-17 20:06 <DIR> --d----- c:\documents and settings\plico\netinfo
2008-12-17 15:24 <DIR> --d----- C:\My Setups
2008-12-17 15:19 434,688 a------- c:\windows\system32\ss2uinst.exe
2008-12-17 15:19 <DIR> --d----- c:\program files\SetupStream
2008-12-15 19:44 <DIR> --d----- c:\program files\Aleo Software
2008-12-15 19:44 <DIR> --d----- c:\docume~1\plico\applic~1\Aleo Software
2008-12-15 14:12 <DIR> --d----- c:\program files\Insofta 3D Text Commander
2008-12-13 16:28 <DIR> --d----- c:\program files\Metin2_TESTER
2008-12-09 16:27 <DIR> --d----- c:\docume~1\plico\applic~1\QIP
2008-12-07 20:14 <DIR> --d----- C:\Fraps
2008-12-07 18:54 <DIR> --d----- c:\program files\Vstplugins
2008-12-07 18:53 <DIR> --d----- c:\program files\Sony
2008-12-07 17:58 14,048 -------- c:\windows\system32\spmsg2.dll
2008-12-07 17:52 <DIR> --d----- c:\program files\Sony Setup
2008-12-07 11:10 <DIR> --d----- c:\program files\LostInEU
2008-12-06 17:09 0 a------- C:\qip.cmd
2008-12-05 21:06 <DIR> --d----- c:\docume~1\plico\applic~1\Summitsoft
2008-11-30 09:48 0 a------- c:\windows\mngui.INI
2008-11-30 09:46 18,704 a----r-- c:\windows\system32\drivers\se45nd5.sys
2008-11-30 09:46 90,800 a----r-- c:\windows\system32\drivers\se45unic.sys
2008-11-30 09:46 4,128 a----r-- c:\windows\system32\drivers\se45cr.sys
2008-11-30 09:46 88,624 a----r-- c:\windows\system32\drivers\se45mgmt.sys
2008-11-30 09:46 86,432 a----r-- c:\windows\system32\drivers\se45obex.sys
2008-11-30 09:46 9,360 a----r-- c:\windows\system32\drivers\se45mdfl.sys
2008-11-30 09:46 6,240 a----r-- c:\windows\system32\drivers\se45cmnt.sys
2008-11-30 09:46 6,240 a----r-- c:\windows\system32\drivers\se45cm.sys
2008-11-30 09:46 97,088 a----r-- c:\windows\system32\drivers\se45mdm.sys
2008-11-30 09:46 61,536 a----r-- c:\windows\system32\drivers\se45bus.sys
2008-11-30 09:46 5,872 a----r-- c:\windows\system32\drivers\se45whnt.sys
2008-11-30 09:46 5,872 a----r-- c:\windows\system32\drivers\se45wh.sys
2008-11-30 09:45 <DIR> --d----- c:\docume~1\plico\applic~1\Teleca
2008-11-30 09:44 <DIR> --d----- c:\docume~1\plico\applic~1\Sony Ericsson
2008-11-30 09:37 <DIR> --d----- c:\program files\common files\Teleca Shared
2008-11-28 21:42 89,360 a------- c:\windows\system32\VB5DB.DLL
2008-11-28 21:42 69,632 a------- c:\windows\system32\xmltok.dll
2008-11-28 21:42 36,864 a------- c:\windows\system32\xmlparse.dll
2008-11-28 21:42 35,840 a------- c:\windows\system32\comdlg32.oca
2008-11-28 21:42 29,184 a------- c:\windows\system32\MSINET.oca
2008-11-28 21:42 26,096 a------- c:\windows\system32\xmlinst.exe
2008-11-28 21:42 24,576 a------- c:\windows\system32\msxml3a.dll
2008-11-28 21:34 <DIR> --d----- c:\windows\Cache
2008-11-28 21:19 716,272 a------- c:\windows\system32\drivers\sptd.sys
2008-11-27 14:50 31 a------- c:\documents and settings\plico\jagex_runescape_preferences.dat
2008-11-27 14:49 <DIR> --d----- c:\windows\.jagex_cache_32
2008-11-25 22:10 164,352 a------- c:\windows\system32\unrar.dll
2008-11-25 22:10 <DIR> --d----- c:\program files\K-Lite Codec Pack
2008-11-25 20:29 209,608 a------- c:\windows\system32\TABCTL32.OCX
2008-11-25 20:29 109,248 a------- c:\windows\system32\MSWINSCK.OCX
2008-11-25 20:29 132,880 a------- c:\windows\system32\MSINET.OCX
2008-11-24 19:57 <DIR> --d----- c:\docume~1\plico\applic~1\IBP
2008-11-23 19:42 <DIR> --d----- c:\documents and settings\plico\temp

==================== Find3M ====================

2008-12-16 19:14 30 a------- c:\program files\Exiferupdate.ini
2008-11-28 21:45 11,973 a------- c:\windows\system32\drivers\secdrv.sys
2008-11-16 13:13 410,976 a------- c:\windows\system32\deploytk.dll
2008-11-12 19:07 25,280 a------- c:\windows\system32\drivers\hamachi.sys
2008-11-03 20:57 159,841 a------- c:\windows\Marsu-Fix Uninstaller.exe
2008-10-29 18:01 27,776 a------- c:\windows\system32\bbcap.dll
2008-10-29 18:01 4,608 a------- c:\windows\system32\bbchlp.dll
2008-10-29 18:01 2,944 a------- c:\windows\system32\drivers\bbcap.sys
2008-10-13 20:27 499,712 a------- c:\windows\system32\msvcp71.dll
2008-10-13 20:27 348,160 a------- c:\windows\system32\msvcr71.dll

============= FINISH: 22:55:39,59 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Systém Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 14.9.2008 13:56:45
System Uptime: 22.12.2008 9:03:22 (13 hours ago)

Motherboard: Hewlett-Packard | | 30D5
Processor: Intel(R) Core(TM) Duo CPU T2400 @ 1.83GHz | U10 | 1828/166mhz
Processor: Intel(R) Core(TM) Duo CPU T2400 @ 1.83GHz | U10 | 1828/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 66 GiB total, 9,236 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 6,745 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\HPQ0006\2&DABA3FF&0
Manufacturer:
Name:
PNP Device ID: ACPI\HPQ0006\2&DABA3FF&0
Service:

==== System Restore Points ===================

RP49: 8.11.2008 19:43:24 - Installed Slim 3000
RP50: 9.11.2008 21:19:12 - Installed MySQL Server 5.0
RP51: 11.11.2008 19:49:37 - Kontrolný bod systému
RP52: 12.11.2008 22:03:39 - Kontrolný bod systému
RP53: 13.11.2008 20:21:05 - Removed SUPERAntiSpyware Free Edition
RP54: 13.11.2008 20:23:35 - Removed Adobe Help Center 1.0
RP55: 15.11.2008 11:43:49 - Kontrolný bod systému
RP56: 15.11.2008 23:44:01 - Installed linguatec Voice Reader
RP57: 16.11.2008 0:46:28 - Odebráno: Adobe Reader 8.1.0 - Czech
RP58: 16.11.2008 0:47:05 - Installed Adobe Reader 9.
RP59: 16.11.2008 13:13:12 - Installed Java(TM) 6 Update 10
RP60: 16.11.2008 21:33:45 - Nainštalovaný ABBYY PDF Transformer 2.0
RP61: 16.11.2008 21:47:19 - Odstránený ABBYY PDF Transformer 2.0
RP62: 16.11.2008 21:51:57 - Nainstalováno: ABBYY PDF Transformer 2.0
RP63: 17.11.2008 18:36:22 - Odebráno: ABBYY PDF Transformer 2.0
RP64: 17.11.2008 18:38:53 - Removed Acrobat.com
RP65: 17.11.2008 18:39:07 - Removed Adobe AIR
RP66: 17.11.2008 18:39:48 - Removed Adobe Bridge 1.0
RP67: 17.11.2008 18:41:35 - Removed Adobe Reader 9.
RP68: 17.11.2008 18:42:58 - Removed Adobe Stock Photos 1.0
RP69: 17.11.2008 18:44:43 - Removed Adobe Photoshop CS2
RP70: 19.11.2008 16:52:23 - Kontrolný bod systému
RP71: 20.11.2008 17:07:24 - Kontrolný bod systému
RP72: 21.11.2008 21:48:14 - Kontrolný bod systému
RP73: 22.11.2008 9:06:54 - Installed Windows Installer KB893803v2.
RP74: 23.11.2008 10:30:35 - Kontrolný bod systému
RP75: 24.11.2008 17:59:06 - Kontrolný bod systému
RP76: 25.11.2008 18:51:59 - Kontrolný bod systému
RP77: 26.11.2008 21:25:21 - Kontrolný bod systému
RP78: 27.11.2008 15:04:11 - Installed GTA San Andreas
RP79: 28.11.2008 21:19:38 - SPTD setup V1.55
RP80: 28.11.2008 21:33:51 - Instalováno Far Cry
RP81: 30.11.2008 0:38:45 - Kontrolný bod systému
RP82: 30.11.2008 9:37:29 - Nainstalováno: Sony Ericsson PC Suite
RP83: 1.12.2008 16:00:34 - Kontrolný bod systému
RP84: 5.12.2008 18:39:31 - Removed GTA San Andreas
RP85: 5.12.2008 18:41:34 - Removed GTA San Andreas
RP86: 5.12.2008 18:42:31 - Installed GTA San Andreas
RP87: 6.12.2008 20:15:33 - Kontrolný bod systému
RP88: 6.12.2008 23:04:26 - Installed Adobe Photoshop CS2
RP89: 7.12.2008 17:58:30 - Installed Windows XP WIC.
RP90: 7.12.2008 17:58:57 - Installed %1 %2.
RP91: 7.12.2008 17:59:04 - Nainštalovaný ovládač tlačiarne Microsoft XPS Document Writer
RP92: 7.12.2008 18:04:59 - Nainštalovaný Microsoft Visual C++ 2005 Redistributable
RP93: 7.12.2008 18:06:02 - Installed Sony Vegas Pro 8.0
RP94: 7.12.2008 18:18:24 - Odebráno: Sony Ericsson PC Suite
RP95: 7.12.2008 18:28:30 - Removed Sony Vegas Pro 8.0a
RP96: 7.12.2008 18:53:49 - Installed Vegas Movie Studio Platinum 9.0
RP97: 9.12.2008 19:02:41 - Kontrolný bod systému
RP98: 13.12.2008 15:00:56 - Kontrolný bod systému
RP99: 14.12.2008 21:48:56 - Kontrolný bod systému
RP100: 18.12.2008 17:41:58 - Odstránené NetWaiting
RP101: 18.12.2008 17:42:03 - Odstránené NetWaiting
RP102: 18.12.2008 17:43:40 - Odstránený Windows Workflow Foundation
RP103: 18.12.2008 17:44:43 - Removed Windows Presentation Foundation
RP104: 19.12.2008 22:29:17 - Kontrolný bod systému
RP105: 20.12.2008 23:56:38 - Kontrolný bod systému
RP106: 22.12.2008 0:10:43 - Kontrolný bod systému
RP107: 22.12.2008 8:50:57 - Removed Adobe Help Center 1.0
RP108: 22.12.2008 8:52:59 - Removed GTA2
RP109: 22.12.2008 8:56:21 - Removed MySQL Server 5.0
RP110: 22.12.2008 8:59:25 - Odstránený Windows Communication Foundation
RP111: 22.12.2008 9:01:01 - Removed Windows Presentation Foundation

==== Installed Programs ======================

Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Photoshop CS
Adobe Photoshop CS2
Adobe Reader 6.0 CE
Adobe Shockwave Player
Aspell Czech Dictionary-0.50-2
BB FlashBack
CCleaner (remove only)
Creative Software AutoUpdate
Creative System Information
Creative ZEN
CreativeSetup
ESET Smart Security
Exifer
Far Cry
FileZilla Client 3.1.5
GNU Aspell 0.50-3
Golden Records Vinyl to CD Converter
Google Chrome
GTA San Andreas
GTK+ Runtime 2.12.8 rev a (iba vymazať)
Hamachi 1.0.2.5
HijackThis 2.0.2
HP Wireless Assistant
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Java(TM) 6 Update 10
K-Lite Codec Pack 4.3.1 (Basic)
linguatec Voice Reader
Macromedia Dreamweaver 8
Macromedia Extension Manager
Malwarebytes' Anti-Malware
Marsu-Fix
Microangelo Toolset 6
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Office 2000 SR-1 Premium
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Virtual PC 2007
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.4)
MSXML 6.0 Parser (KB927977)
MultiMod 1.6
Nero 6 Ultra Edition
PokerStars
PSPad editor
QIP 2005 8080
QIP 2005 Uninstall
Skype™ 3.8
Slim 3000
SoundTap Streaming Audio Recorder
TeamViewer 3
Total Commander (Remove or Repair)
Uninstall 1.0.0.1
Update for Windows XP (KB911164)
Vegas Movie Studio Platinum 9.0
WebFldrs XP
Windows Media Format 11 runtime
WinRAR archiver
World of Warcraft
XML Paper Specification Shared Components Pack 1.0
ZENcast Organizer

==== End Of File ===========================

[fredik]

Spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results (Zobrazit výsledky)
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected (Odstranit vybrané)
- když skončí odstraňování tak se ti zobrazí log, vlož ho sem
- pak zvol v programu OK a pak program ukonči přes Exit

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře:
cmd /c del /F /Q "%windir%\ios.dat"
a dej Ok.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Dej sem pak ještě nový log z HJT.