Trojan.FakeAlert
Napsal: 03 úno 2009 20:57
Systém mi stále hlásí, že mám v počítači Trojan.FakeAlert. Spouštěl jsem MBAW, pak SDFix a opět MBAW. Přikládám i aktuální HiJackthis. WProsím o kontrolu logů.
První MBAW
Malwarebytes' Anti-Malware 1.33
Verze databáze: 1716
Windows 5.1.2600 Service Pack 3
3. 2. 2009 17:16:32
mbam-log-2009-02-03 (17-16-32).txt
Typ skenu: Rychlý sken
Objektu skenováno: 69882
Uplynulý cas: 4 minute(s), 41 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 1
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_CLASSES_ROOT\CLSID\{0b014b81-4e12-46f9-806f-55867af8fd3c} (Trojan.FakeAlert) -> Delete on reboot.
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)
SDFix log
System Report
*************
Run on Łt 03. 02. 2009 at 17:31
Microsoft Windows XP [Verze 5.1.2600]
Current user is an administrator
Running Processes:
\SystemRoot\System32\smss.exe [160]
\??\C:\WINDOWS\system32\csrss.exe [208]
\??\C:\WINDOWS\system32\winlogon.exe [232]
C:\WINDOWS\system32\services.exe [276]
C:\WINDOWS\system32\lsass.exe [288]
C:\WINDOWS\system32\svchost.exe [448]
C:\WINDOWS\system32\svchost.exe [512]
C:\WINDOWS\system32\svchost.exe [580]
C:\WINDOWS\Explorer.EXE [868]
Drivers - Running:
ACPI
atapi
Beep
Cdfs
Cdrom
Disk
dmio
dmload
Fdc
FltMgr
Ftdisk
i8042prt
Imapi
isapnp
Kbdclass
KSecDD
Mouclass
MountMgr
Msfs
mssmbios
Mup
NDIS
Npfs
Ntfs
Null
PartMgr
PCI
PxHelp20
rdpdr
redbook
sfdrv01
sfhlp02
sfvfs02
snapman
sr
swenum
TermDD
Update
usbehci
usbhub
USBSTOR
usbuhci
VgaSave
viaagp
viaagp1
ViaIde
VolSnap
WudfPf
Drivers - Stopped:
Aavmker4
Abiosdsk
abp480n5
ACPIEC
adpu160m
aec
AFD
Aha154x
aic78u2
aic78xx
ALCXWDM
AliIde
amsint
asc
asc3350p
asc3550
aswFsBlk
aswMon2
aswRdr
aswSP
aswTdi
AsyncMac
Atdisk
ati2mtaa
ati2mtag
Atmarpc
audstub
cbidf2k
cd20xrnt
Cdaudio
Changer
CmdIde
Cpqarray
dac960nt
dmboot
DMusic
dpti2o
drmkaud
Fastfat
Fips
Flpydisk
gameenum
gel90xne
GMSIPCI
Gpc
HidUsb
hpn
HSFHWBS2
HSF_DP
HSF_DPV
HTTP
i2omgmt
i2omp
InCDFs
InCDPass
InCDRm
ini910u
IntelIde
intelppm
Ip6Fw
IpFilterDriver
IpInIp
IpNat
IPSec
IRENUM
iteio
kmixer
lbrtfdc
mdmxsdk
mnmdd
Modem
MODEMCSA
mraid35x
MREMP50
MREMP50a64
MREMPR5
MRENDIS5
MRESP50
MRESP50a64
MRxDAV
MRxSmb
MSKSSRV
MSPCLOCK
MSPQM
NdisTapi
Ndisuio
NdisWan
NDProxy
NetBIOS
NetBT
NwlnkFlt
NwlnkFwd
Parport
ParVdm
PCIDump
PCIIde
Pcmcia
PDCOMP
PDFRAME
PDRELI
PDRFRAME
perc2
perc2hib
PptpMiniport
PSched
Ptilink
ql1080
Ql10wnt
ql12160
ql1240
ql1280
RasAcd
Rasl2tp
RasPppoe
Raspti
Rdbss
RDPCDD
RDPWD
rtl8139
rtport
SANDRA
SASDIFSV
SASENUM
SASKUTIL
Secdrv
serenum
Serial
sermouse
Sfloppy
Simbad
Sparrow
splitter
Srv
StreamDispatcher
swmidi
symc810
symc8xx
sym_hi
sym_u3
sysaudio
Tcpip
TDPIPE
TDTCP
TosIde
Udfs
ultra
usbccgp
usbprint
usbscan
USB_RNDIS
Wanarp
WDICA
wdmaud
winachsf
WpdUsb
WS2IFSL
WudfRd
Services - Running:
CryptSvc
DcomLaunch
dmserver
Eventlog
helpsvc
PlugPlay
RpcSs
srservice
winmgmt
Services - Stopped:
Alerter
ALG
AppMgmt
aspnet_state
aswUpdSv
Ati
ATI
AudioSrv
avast!
avast!
avast!
BITS
Browser
CiSvc
ClipSrv
clr_optimization_v2.0.50727_32
COMSysApp
Dhcp
dmadmin
Dnscache
Dot3svc
EapHost
ERSvc
EventSystem
FastUserSwitchingCompatibility
FontCache3.0.0.0
HidServ
hkmsvc
HTTPFilter
IDriverT
idsvc
ImapiService
lanmanserver
lanmanworkstation
LmHosts
McciCMService
Messenger
mnmsrvc
MSDTC
MSIServer
napagent
NetDDE
NetDDEdsdm
Netlogon
Netman
NetTcpPortSharing
Nla
NtLmSsp
NtmsSvc
ose
PolicyAgent
ProtectedStorage
RasAuto
RasMan
RDSessMgr
RemoteAccess
RemoteRegistry
RpcLocator
RSVP
SamSs
SandraAgentSrv
SCardSvr
Schedule
seclogon
SENS
SharedAccess
ShellHWDetection
Spooler
SSDPSRV
stisvc
SwPrv
SysmonLog
TapiSrv
TermService
Themes
TlntSvr
TrkWks
upnphost
UPS
VSS
W32Time
WebClient
WmdmPmSN
Wmi
WmiApSrv
WMPNetworkSvc
wscsvc
wuauserv
WudfSvc
WZCSVC
xmlprov
Files Created/Modified - 60 Days:
C:\
3 Feb 2009 17.31.02 0 A.SHR "C:\IO.SYS"
3 Feb 2009 17.31.02 0 A.SHR "C:\MSDOS.SYS"
3 Feb 2009 17.28.48 402 653 184 A.SH. "C:\pagefile.sys"
C:\WINDOWS\
3 Feb 2009 17.29.12 2 048 A.S.. "C:\WINDOWS\bootstat.dat"
7 Dec 2008 16.11.52 2 560 A.... "C:\WINDOWS\_MSRSTRT.EXE"
1 Feb 2009 19.58.14 512 176 A.... "C:\WINDOWS\system32\FNTCACHE.DAT"
10 Jan 2009 2.35.28 20 853 704 A.... "C:\WINDOWS\system32\MRT.exe"
13 Dec 2008 7.39.10 3 593 216 A.... "C:\WINDOWS\system32\mshtml.dll"
1 Feb 2009 19.34.30 83 004 A.... "C:\WINDOWS\system32\perfc005.dat"
1 Feb 2009 19.34.30 71 474 A.... "C:\WINDOWS\system32\perfc009.dat"
1 Feb 2009 19.34.30 437 718 A.... "C:\WINDOWS\system32\perfh005.dat"
1 Feb 2009 19.34.30 441 260 A.... "C:\WINDOWS\system32\perfh009.dat"
3 Feb 2009 17.27.42 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"
2 Feb 2009 18.00.22 6 588 A.... "C:\WINDOWS\Temp\14l7hVpd.dat"
3 Feb 2009 17.31.04 794 A.... "C:\WINDOWS\Temp\scs4.tmp"
13 Dec 2008 7.39.10 3 593 216 A.... "C:\WINDOWS\system32\dllcache\mshtml.dll"
11 Dec 2008 11.57.10 333 952 ..... "C:\WINDOWS\system32\dllcache\srv.sys"
14 Jan 2009 16.11.28 15 504 A.... "C:\WINDOWS\system32\drivers\mbam.sys"
14 Jan 2009 16.11.32 38 496 A.... "C:\WINDOWS\system32\drivers\mbamswissarmy.sys"
11 Dec 2008 11.57.10 333 952 A.... "C:\WINDOWS\system32\drivers\srv.sys"
1 Feb 2009 19.33.50 8 192 A.... "C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll"
1 Feb 2009 19.33.58 258 048 A.... "C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll"
1 Feb 2009 19.33.58 113 664 A.... "C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll"
24 Dec 2008 20.22.44 82 432 A.... "C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll"
5 Dec 2008 20.12.12 5 931 008 A.... "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll"
5 Dec 2008 19.35.22 1 736 528 A.... "C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll"
C:\Program Files\
14 Jan 2009 16.11.28 380 048 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam-dor.exe"
14 Jan 2009 16.11.26 73 360 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll"
14 Jan 2009 16.11.26 1 273 488 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
14 Jan 2009 16.11.28 73 360 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll"
14 Jan 2009 16.11.30 399 504 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe"
14 Jan 2009 16.11.30 170 640 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"
14 Jan 2009 16.11.30 44 688 A.... "C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll"
2 Feb 2009 19.17.02 9 056 A.... "C:\Program Files\Malwarebytes' Anti-Malware\unins000.dat"
2 Feb 2009 19.16.30 688 784 A.... "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
14 Jan 2009 16.11.32 77 968 A.... "C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll"
15 Jan 2009 16.17.36 1 830 128 A.... "C:\Program Files\SUPERAntiSpyware\b3a83c21-b090-4e30-9001-f97bbbea91ba.exe"
15 Jan 2009 16.17.40 8 944 A.... "C:\Program Files\SUPERAntiSpyware\sasdifsv.sys"
15 Jan 2009 16.17.42 7 408 A...R "C:\Program Files\SUPERAntiSpyware\SASENUM.SYS"
15 Jan 2009 16.17.38 55 024 A.... "C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS"
22 Dec 2008 11.05.34 356 352 A.... "C:\Program Files\SUPERAntiSpyware\SASWINLO.dll"
15 Jan 2009 16.17.34 158 960 A.... "C:\Program Files\SUPERAntiSpyware\SSUpdate.exe"
15 Jan 2009 16.17.36 1 830 128 A.... "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
24 Dec 2008 18.23.20 121 344 A.... "C:\Program Files\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll"
17 Dec 2008 18.17.38 93 074 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\includes.pups.zip"
14 Jan 2009 18.17.40 7 878 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\includes.security.zip"
21 Jan 2009 18.18.54 515 011 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\includes.trojans.zip"
28 Jan 2009 18.18.00 182 586 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\includes.spybots.zip"
28 Jan 2009 18.20.16 1 699 844 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip"
7 Jan 2009 18.16.44 123 967 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\includes.dialer.zip"
10 Dec 2008 18.16.56 76 923 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\includes.keyloggers.zip"
28 Jan 2009 18.18.30 597 983 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\supplemental.zip"
31 Jan 2009 17.31.50 133 124 A.... "C:\Program Files\WinSpeedUp\Backups\Vymazan‚ z znamy registru z 01-31-2009.reg"
2 Feb 2009 21.15.00 67 676 A.... "C:\Program Files\Alwil Software\Avast4\DATA\iNews.htm"
27 Dec 2008 12.01.06 159 792 A.... "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll"
5 Dec 2008 19.30.50 5 283 840 A.... "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll"
5 Dec 2008 20.12.12 5 931 008 A.... "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll"
5 Dec 2008 20.55.30 442 368 A.... "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.dll"
5 Dec 2008 20.55.30 1 277 952 A.... "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll"
5 Dec 2008 20.55.30 139 264 A.... "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.dll"
5 Dec 2008 20.55.30 229 376 A.... "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.dll"
5 Dec 2008 20.55.30 294 912 A.... "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Client.dll"
Files with hidden attributes:
Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll"
Program Folders:
C:\Program Files\
Adobe
ahead
Alwil Software
ATI Technologies
ATI_install
AvRack
Axis Communications
CCleaner
CDex_150
Codec Pack - All In 1
Common Files
ComPlus Applications
CONEXANT
directx
DivX
EA GAMES
ESET
Hewlett-Packard
hp deskjet 656c series
InstallShield Installation Information
Internet Explorer
Java
Kodak
Malwarebytes' Anti-Malware
Messenger
microsoft frontpage
Microsoft Office
Microsoft.NET
Movie Maker
MSBuild
MSN Gaming Zone
MSXML 4.0
MSXML 6.0
Nero
NetMeeting
Online Services
Outlook Express
QuickTime
Reference Assemblies
SCi
SIMSMAZLICCI
SiSoftware
Spybot - Search & Destroy
SUPERAntiSpyware
TC PowerPack
TO2SAM
TO2SSM
totalcmd
Trend Micro
Ubisoft
Uninstall Information
VIA Technologies, INC
Windows Media Components
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WinSpeedUp
WinZip
WizCom Entertainment
xerox
Xvid CZ
Zoner
C:\Program Files\Common Files\
Acronis
Adobe
Ahead
Autodesk Shared
DESIGNER
DirectX
GraphBoard 2.50
InstallShield
Java
Microsoft Shared
Motive
MSSoap
ODBC
Services
SpeechEngines
SWF Studio
System
Wise Installation Wizard
Add/Remove Programs:
Druhý MBAW
Malwarebytes' Anti-Malware 1.33
Verze databáze: 1716
Windows 5.1.2600 Service Pack 3
3. 2. 2009 18:10:31
mbam-log-2009-02-03 (18-09-59).txt
Typ skenu: Úplný sken (C:\|D:\|)
Objektu skenováno: 19214
Uplynulý cas: 4 minute(s), 32 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 1
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_CLASSES_ROOT\CLSID\{0b014b81-4e12-46f9-806f-55867af8fd3c} (Trojan.FakeAlert) -> No action taken.
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)
No a konečně hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51:48, on 3. 2. 2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\TC PowerPack\totalcmd.exe
c:\Install\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - (no file)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://www.gfp.cz:88/activex/AMC.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe
--
End of file - 6394 bytes
Moc díky, přeinstalovávat celý komp se mi moc nechce.
První MBAW
Malwarebytes' Anti-Malware 1.33
Verze databáze: 1716
Windows 5.1.2600 Service Pack 3
3. 2. 2009 17:16:32
mbam-log-2009-02-03 (17-16-32).txt
Typ skenu: Rychlý sken
Objektu skenováno: 69882
Uplynulý cas: 4 minute(s), 41 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 1
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_CLASSES_ROOT\CLSID\{0b014b81-4e12-46f9-806f-55867af8fd3c} (Trojan.FakeAlert) -> Delete on reboot.
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)
SDFix log
System Report
*************
Run on Łt 03. 02. 2009 at 17:31
Microsoft Windows XP [Verze 5.1.2600]
Current user is an administrator
Running Processes:
\SystemRoot\System32\smss.exe [160]
\??\C:\WINDOWS\system32\csrss.exe [208]
\??\C:\WINDOWS\system32\winlogon.exe [232]
C:\WINDOWS\system32\services.exe [276]
C:\WINDOWS\system32\lsass.exe [288]
C:\WINDOWS\system32\svchost.exe [448]
C:\WINDOWS\system32\svchost.exe [512]
C:\WINDOWS\system32\svchost.exe [580]
C:\WINDOWS\Explorer.EXE [868]
Drivers - Running:
ACPI
atapi
Beep
Cdfs
Cdrom
Disk
dmio
dmload
Fdc
FltMgr
Ftdisk
i8042prt
Imapi
isapnp
Kbdclass
KSecDD
Mouclass
MountMgr
Msfs
mssmbios
Mup
NDIS
Npfs
Ntfs
Null
PartMgr
PCI
PxHelp20
rdpdr
redbook
sfdrv01
sfhlp02
sfvfs02
snapman
sr
swenum
TermDD
Update
usbehci
usbhub
USBSTOR
usbuhci
VgaSave
viaagp
viaagp1
ViaIde
VolSnap
WudfPf
Drivers - Stopped:
Aavmker4
Abiosdsk
abp480n5
ACPIEC
adpu160m
aec
AFD
Aha154x
aic78u2
aic78xx
ALCXWDM
AliIde
amsint
asc
asc3350p
asc3550
aswFsBlk
aswMon2
aswRdr
aswSP
aswTdi
AsyncMac
Atdisk
ati2mtaa
ati2mtag
Atmarpc
audstub
cbidf2k
cd20xrnt
Cdaudio
Changer
CmdIde
Cpqarray
dac960nt
dmboot
DMusic
dpti2o
drmkaud
Fastfat
Fips
Flpydisk
gameenum
gel90xne
GMSIPCI
Gpc
HidUsb
hpn
HSFHWBS2
HSF_DP
HSF_DPV
HTTP
i2omgmt
i2omp
InCDFs
InCDPass
InCDRm
ini910u
IntelIde
intelppm
Ip6Fw
IpFilterDriver
IpInIp
IpNat
IPSec
IRENUM
iteio
kmixer
lbrtfdc
mdmxsdk
mnmdd
Modem
MODEMCSA
mraid35x
MREMP50
MREMP50a64
MREMPR5
MRENDIS5
MRESP50
MRESP50a64
MRxDAV
MRxSmb
MSKSSRV
MSPCLOCK
MSPQM
NdisTapi
Ndisuio
NdisWan
NDProxy
NetBIOS
NetBT
NwlnkFlt
NwlnkFwd
Parport
ParVdm
PCIDump
PCIIde
Pcmcia
PDCOMP
PDFRAME
PDRELI
PDRFRAME
perc2
perc2hib
PptpMiniport
PSched
Ptilink
ql1080
Ql10wnt
ql12160
ql1240
ql1280
RasAcd
Rasl2tp
RasPppoe
Raspti
Rdbss
RDPCDD
RDPWD
rtl8139
rtport
SANDRA
SASDIFSV
SASENUM
SASKUTIL
Secdrv
serenum
Serial
sermouse
Sfloppy
Simbad
Sparrow
splitter
Srv
StreamDispatcher
swmidi
symc810
symc8xx
sym_hi
sym_u3
sysaudio
Tcpip
TDPIPE
TDTCP
TosIde
Udfs
ultra
usbccgp
usbprint
usbscan
USB_RNDIS
Wanarp
WDICA
wdmaud
winachsf
WpdUsb
WS2IFSL
WudfRd
Services - Running:
CryptSvc
DcomLaunch
dmserver
Eventlog
helpsvc
PlugPlay
RpcSs
srservice
winmgmt
Services - Stopped:
Alerter
ALG
AppMgmt
aspnet_state
aswUpdSv
Ati
ATI
AudioSrv
avast!
avast!
avast!
BITS
Browser
CiSvc
ClipSrv
clr_optimization_v2.0.50727_32
COMSysApp
Dhcp
dmadmin
Dnscache
Dot3svc
EapHost
ERSvc
EventSystem
FastUserSwitchingCompatibility
FontCache3.0.0.0
HidServ
hkmsvc
HTTPFilter
IDriverT
idsvc
ImapiService
lanmanserver
lanmanworkstation
LmHosts
McciCMService
Messenger
mnmsrvc
MSDTC
MSIServer
napagent
NetDDE
NetDDEdsdm
Netlogon
Netman
NetTcpPortSharing
Nla
NtLmSsp
NtmsSvc
ose
PolicyAgent
ProtectedStorage
RasAuto
RasMan
RDSessMgr
RemoteAccess
RemoteRegistry
RpcLocator
RSVP
SamSs
SandraAgentSrv
SCardSvr
Schedule
seclogon
SENS
SharedAccess
ShellHWDetection
Spooler
SSDPSRV
stisvc
SwPrv
SysmonLog
TapiSrv
TermService
Themes
TlntSvr
TrkWks
upnphost
UPS
VSS
W32Time
WebClient
WmdmPmSN
Wmi
WmiApSrv
WMPNetworkSvc
wscsvc
wuauserv
WudfSvc
WZCSVC
xmlprov
Files Created/Modified - 60 Days:
C:\
3 Feb 2009 17.31.02 0 A.SHR "C:\IO.SYS"
3 Feb 2009 17.31.02 0 A.SHR "C:\MSDOS.SYS"
3 Feb 2009 17.28.48 402 653 184 A.SH. "C:\pagefile.sys"
C:\WINDOWS\
3 Feb 2009 17.29.12 2 048 A.S.. "C:\WINDOWS\bootstat.dat"
7 Dec 2008 16.11.52 2 560 A.... "C:\WINDOWS\_MSRSTRT.EXE"
1 Feb 2009 19.58.14 512 176 A.... "C:\WINDOWS\system32\FNTCACHE.DAT"
10 Jan 2009 2.35.28 20 853 704 A.... "C:\WINDOWS\system32\MRT.exe"
13 Dec 2008 7.39.10 3 593 216 A.... "C:\WINDOWS\system32\mshtml.dll"
1 Feb 2009 19.34.30 83 004 A.... "C:\WINDOWS\system32\perfc005.dat"
1 Feb 2009 19.34.30 71 474 A.... "C:\WINDOWS\system32\perfc009.dat"
1 Feb 2009 19.34.30 437 718 A.... "C:\WINDOWS\system32\perfh005.dat"
1 Feb 2009 19.34.30 441 260 A.... "C:\WINDOWS\system32\perfh009.dat"
3 Feb 2009 17.27.42 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"
2 Feb 2009 18.00.22 6 588 A.... "C:\WINDOWS\Temp\14l7hVpd.dat"
3 Feb 2009 17.31.04 794 A.... "C:\WINDOWS\Temp\scs4.tmp"
13 Dec 2008 7.39.10 3 593 216 A.... "C:\WINDOWS\system32\dllcache\mshtml.dll"
11 Dec 2008 11.57.10 333 952 ..... "C:\WINDOWS\system32\dllcache\srv.sys"
14 Jan 2009 16.11.28 15 504 A.... "C:\WINDOWS\system32\drivers\mbam.sys"
14 Jan 2009 16.11.32 38 496 A.... "C:\WINDOWS\system32\drivers\mbamswissarmy.sys"
11 Dec 2008 11.57.10 333 952 A.... "C:\WINDOWS\system32\drivers\srv.sys"
1 Feb 2009 19.33.50 8 192 A.... "C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll"
1 Feb 2009 19.33.58 258 048 A.... "C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll"
1 Feb 2009 19.33.58 113 664 A.... "C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll"
24 Dec 2008 20.22.44 82 432 A.... "C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll"
5 Dec 2008 20.12.12 5 931 008 A.... "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll"
5 Dec 2008 19.35.22 1 736 528 A.... "C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll"
C:\Program Files\
14 Jan 2009 16.11.28 380 048 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam-dor.exe"
14 Jan 2009 16.11.26 73 360 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll"
14 Jan 2009 16.11.26 1 273 488 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
14 Jan 2009 16.11.28 73 360 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll"
14 Jan 2009 16.11.30 399 504 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe"
14 Jan 2009 16.11.30 170 640 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"
14 Jan 2009 16.11.30 44 688 A.... "C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll"
2 Feb 2009 19.17.02 9 056 A.... "C:\Program Files\Malwarebytes' Anti-Malware\unins000.dat"
2 Feb 2009 19.16.30 688 784 A.... "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
14 Jan 2009 16.11.32 77 968 A.... "C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll"
15 Jan 2009 16.17.36 1 830 128 A.... "C:\Program Files\SUPERAntiSpyware\b3a83c21-b090-4e30-9001-f97bbbea91ba.exe"
15 Jan 2009 16.17.40 8 944 A.... "C:\Program Files\SUPERAntiSpyware\sasdifsv.sys"
15 Jan 2009 16.17.42 7 408 A...R "C:\Program Files\SUPERAntiSpyware\SASENUM.SYS"
15 Jan 2009 16.17.38 55 024 A.... "C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS"
22 Dec 2008 11.05.34 356 352 A.... "C:\Program Files\SUPERAntiSpyware\SASWINLO.dll"
15 Jan 2009 16.17.34 158 960 A.... "C:\Program Files\SUPERAntiSpyware\SSUpdate.exe"
15 Jan 2009 16.17.36 1 830 128 A.... "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
24 Dec 2008 18.23.20 121 344 A.... "C:\Program Files\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll"
17 Dec 2008 18.17.38 93 074 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\includes.pups.zip"
14 Jan 2009 18.17.40 7 878 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\includes.security.zip"
21 Jan 2009 18.18.54 515 011 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\includes.trojans.zip"
28 Jan 2009 18.18.00 182 586 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\includes.spybots.zip"
28 Jan 2009 18.20.16 1 699 844 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip"
7 Jan 2009 18.16.44 123 967 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\includes.dialer.zip"
10 Dec 2008 18.16.56 76 923 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\includes.keyloggers.zip"
28 Jan 2009 18.18.30 597 983 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\supplemental.zip"
31 Jan 2009 17.31.50 133 124 A.... "C:\Program Files\WinSpeedUp\Backups\Vymazan‚ z znamy registru z 01-31-2009.reg"
2 Feb 2009 21.15.00 67 676 A.... "C:\Program Files\Alwil Software\Avast4\DATA\iNews.htm"
27 Dec 2008 12.01.06 159 792 A.... "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll"
5 Dec 2008 19.30.50 5 283 840 A.... "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll"
5 Dec 2008 20.12.12 5 931 008 A.... "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll"
5 Dec 2008 20.55.30 442 368 A.... "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.dll"
5 Dec 2008 20.55.30 1 277 952 A.... "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll"
5 Dec 2008 20.55.30 139 264 A.... "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.dll"
5 Dec 2008 20.55.30 229 376 A.... "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.dll"
5 Dec 2008 20.55.30 294 912 A.... "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Client.dll"
Files with hidden attributes:
Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll"
Program Folders:
C:\Program Files\
Adobe
ahead
Alwil Software
ATI Technologies
ATI_install
AvRack
Axis Communications
CCleaner
CDex_150
Codec Pack - All In 1
Common Files
ComPlus Applications
CONEXANT
directx
DivX
EA GAMES
ESET
Hewlett-Packard
hp deskjet 656c series
InstallShield Installation Information
Internet Explorer
Java
Kodak
Malwarebytes' Anti-Malware
Messenger
microsoft frontpage
Microsoft Office
Microsoft.NET
Movie Maker
MSBuild
MSN Gaming Zone
MSXML 4.0
MSXML 6.0
Nero
NetMeeting
Online Services
Outlook Express
QuickTime
Reference Assemblies
SCi
SIMSMAZLICCI
SiSoftware
Spybot - Search & Destroy
SUPERAntiSpyware
TC PowerPack
TO2SAM
TO2SSM
totalcmd
Trend Micro
Ubisoft
Uninstall Information
VIA Technologies, INC
Windows Media Components
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WinSpeedUp
WinZip
WizCom Entertainment
xerox
Xvid CZ
Zoner
C:\Program Files\Common Files\
Acronis
Adobe
Ahead
Autodesk Shared
DESIGNER
DirectX
GraphBoard 2.50
InstallShield
Java
Microsoft Shared
Motive
MSSoap
ODBC
Services
SpeechEngines
SWF Studio
System
Wise Installation Wizard
Add/Remove Programs:
Druhý MBAW
Malwarebytes' Anti-Malware 1.33
Verze databáze: 1716
Windows 5.1.2600 Service Pack 3
3. 2. 2009 18:10:31
mbam-log-2009-02-03 (18-09-59).txt
Typ skenu: Úplný sken (C:\|D:\|)
Objektu skenováno: 19214
Uplynulý cas: 4 minute(s), 32 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 1
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_CLASSES_ROOT\CLSID\{0b014b81-4e12-46f9-806f-55867af8fd3c} (Trojan.FakeAlert) -> No action taken.
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)
No a konečně hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51:48, on 3. 2. 2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\TC PowerPack\totalcmd.exe
c:\Install\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - (no file)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://www.gfp.cz:88/activex/AMC.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe
--
End of file - 6394 bytes
Moc díky, přeinstalovávat celý komp se mi moc nechce.