Prosím o kontrolu logu Vyřešeno

[Buzo]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:18:46, on 3.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: is-EE4IP.lnk = C:\Documents and Settings\Marek\Plocha\Virus Removal Tool\is-EE4IP\startup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwar ... TSUEng.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe

--
End of file - 7015 bytes

[Reklama]

[Damned]

Odinstaluj si ICQ6Toolbar.

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - Startup: is-EE4IP.lnk = C:\Documents and Settings\Marek\Plocha\Virus Removal Tool\is-EE4IP\startup.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Buzo]

Malwarebytes' Anti-Malware 1.41
Verze databáze: 2824
Windows 5.1.2600 Service Pack 3

3.10.2009 20:47:49
mbam-log-2009-10-03 (20-47-49).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 102029
Uplynulý čas: 6 minute(s), 37 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

[Damned]

Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.

C:\Documents and Settings\Marek\Plocha\Virus Removal Tool\is-EE4IP\startup.exe
*****************************************************************************************************************************************
Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Buzo]

Ten soubor sem nenašel ani když sem měl zaplé skryté systemove soubory.

ComboFix 09-10-01.05 - Marek 03.10.2009 23:04.5.1 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.666 [GMT 2:00]
Spuštěný z: c:\documents and settings\Marek\Dokumenty\Stažené soubory\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 091003-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-09-03 do 2009-10-03 )))))))))))))))))))))))))))))))
.

2009-10-03 21:10 . 2009-10-03 21:10 53248 ----a-w- c:\temp\catchme.dll
2009-10-03 19:12 . 2009-10-03 19:12 -------- d-----w- c:\program files\McAfee Security Scan
2009-10-03 19:11 . 2009-10-03 19:11 -------- d-----w- c:\program files\NOS
2009-10-03 18:54 . 2009-10-03 18:54 -------- d-----w- c:\temp\WPDNSE
2009-10-03 18:54 . 2009-10-03 18:54 16384 ----a-w- c:\temp\Perflib_Perfdata_4d0.dat
2009-10-03 07:16 . 2009-10-03 07:16 -------- d-----w- c:\program files\FastStone Photo Resizer
2009-10-03 05:25 . 2009-10-03 05:25 0 ----a-w- c:\windows\nsreg.dat
2009-10-03 05:11 . 2009-10-03 05:11 -------- d-----w- c:\temp\__SkypeIEToolbar_Cache
2009-10-02 21:37 . 2009-10-02 21:37 -------- d-----w- c:\program files\E.M. PowerPoint Video Converter
2009-10-02 21:15 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-10-02 21:05 . 2009-10-02 21:05 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-10-02 21:02 . 2009-10-02 21:02 -------- d-----w- c:\temp\Rar$EX00.985
2009-10-02 20:16 . 2009-10-02 20:16 -------- d-----w- c:\program files\Microsoft Works
2009-10-02 20:14 . 2009-10-02 20:14 -------- d-----w- c:\program files\Microsoft.NET
2009-10-02 20:12 . 2009-10-02 20:12 -------- d-----w- c:\windows\SHELLNEW
2009-10-02 20:10 . 2009-10-02 20:11 -------- d-----r- C:\MSOCache
2009-10-02 19:22 . 2009-10-02 19:22 -------- d-----w- c:\program files\VideoMach-3.4.1
2009-10-01 09:03 . 1999-12-17 07:13 86016 ----a-w- c:\windows\unvise32.exe
2009-10-01 09:03 . 2009-10-01 09:03 -------- d-----w- C:\Sierra
2009-09-30 18:16 . 2009-09-30 18:16 -------- d-----w- c:\program files\Valve
2009-09-27 18:24 . 2009-09-27 18:24 -------- d-----w- c:\program files\Counter-Strike 1.6 Patch Version 26
2009-09-27 17:48 . 2009-09-27 17:48 -------- d-----w- c:\documents and settings\Marek\errorlogs
2009-09-27 12:36 . 2009-09-27 12:36 -------- d-----w- c:\program files\Recuva
2009-09-27 11:55 . 2009-09-27 11:55 -------- d-----w- c:\program files\PC Inspector File Recovery
2009-09-23 14:59 . 2009-09-23 14:59 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-09-23 14:56 . 2009-09-23 14:56 -------- d-----w- c:\program files\Google
2009-09-23 14:56 . 2009-09-23 14:56 -------- d-----w- c:\program files\Common Files\Skype
2009-09-23 14:56 . 2009-09-23 14:56 -------- d-----r- c:\program files\Skype
2009-09-19 18:01 . 2009-10-03 18:52 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-19 18:01 . 2008-07-08 12:54 148496 ----a-w- c:\windows\system32\drivers\20244942.sys
2009-09-19 16:14 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-19 16:14 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-19 16:14 . 2009-09-19 16:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-18 13:15 . 2009-09-18 13:15 -------- d-----w- c:\program files\DaemonicMU
2009-09-16 05:13 . 2009-09-16 05:13 -------- d-----w- C:\FOUND.000
2009-09-14 09:24 . 2009-09-14 09:24 -------- d-----w- c:\program files\ICQ6Toolbar
2009-09-14 09:12 . 2009-09-14 09:12 -------- d-----w- c:\program files\ICQ6.5
2009-09-07 07:50 . 2009-09-07 07:50 -------- d-----w- c:\program files\7-Zip
2009-09-07 06:47 . 2009-09-07 06:47 -------- d-----w- c:\windows\Logs
2009-09-06 18:01 . 2009-09-06 18:01 -------- d-----w- c:\program files\gBurner
2009-09-06 12:57 . 2009-09-06 12:57 -------- d-----w- c:\program files\ImgBurn
2009-09-05 09:56 . 2009-09-05 09:56 -------- d-----w- c:\program files\CCleaner
2009-09-05 06:35 . 2009-09-05 06:35 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-09-05 06:31 . 2009-09-05 06:31 -------- d--h--w- c:\program files\Zero G Registry
2009-09-05 06:30 . 2009-09-05 06:31 -------- d--h--w- c:\documents and settings\Marek\InstallAnywhere
2009-09-04 17:56 . 2009-09-04 17:56 -------- d-----w- c:\program files\trend micro
2009-09-04 08:25 . 2009-09-04 08:25 -------- d-----w- c:\program files\uTorrent
2009-09-04 05:58 . 2009-09-04 05:58 -------- d-----w- c:\program files\Prime95

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-03 18:52 . 2009-09-19 18:01 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-03 18:52 . 2009-09-01 13:46 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000000-00000000-0000000B-00001102-00000002-80611102}.dat
2009-10-03 18:52 . 2009-09-01 13:46 24 ----a-w- c:\windows\system32\DVCState-{00000000-00000000-0000000B-00001102-00000002-80611102}.dat
2009-09-15 10:59 . 2009-09-03 18:26 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 10:56 . 2009-09-03 18:26 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-15 10:56 . 2009-09-03 18:26 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-15 10:55 . 2009-09-03 18:26 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 10:55 . 2009-09-03 18:26 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 10:54 . 2009-09-03 18:26 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 10:54 . 2009-09-03 18:26 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 10:53 . 2009-09-03 18:26 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-15 10:53 . 2009-09-03 18:26 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-08 14:53 . 1979-12-31 22:00 172643 ----a-w- C:\BUGHUNT.DAT
2009-09-03 18:26 . 2009-09-03 18:26 -------- d-----w- c:\program files\Alwil Software
2009-09-01 17:32 . 2009-09-01 17:32 -------- d-----w- c:\program files\ATI Technologies
2009-09-01 17:21 . 2009-09-01 17:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-01 17:21 . 2009-09-01 17:21 -------- d-----w- c:\program files\sisagp
2009-09-01 17:21 . 2009-09-01 17:21 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-01 17:05 . 2009-09-01 17:05 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-09-01 16:22 . 2009-09-01 16:22 -------- d-----w- c:\program files\Sports Interactive
2009-09-01 15:43 . 2008-04-14 10:00 82372 ----a-w- c:\windows\system32\perfc005.dat
2009-09-01 15:43 . 2008-04-14 10:00 437558 ----a-w- c:\windows\system32\perfh005.dat
2009-09-01 15:35 . 2009-09-01 15:35 -------- d-----w- c:\program files\Centauri
2009-09-01 15:06 . 2009-06-19 13:17 75264 ----a-w- c:\windows\system32\storprop.dll
2009-09-01 15:06 . 2008-04-14 10:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-09-01 15:06 . 2008-04-14 10:00 188288 ----a-w- c:\windows\system32\drivers\acpi.sys
2009-09-01 15:06 . 2007-04-16 19:46 33792 ----a-w- c:\windows\system32\drivers\AmdPPM.sys
2009-09-01 15:06 . 2008-04-14 10:00 68736 ----a-w- c:\windows\system32\drivers\pci.sys
2009-09-01 15:06 . 2008-04-14 10:00 37248 ----a-w- c:\windows\system32\drivers\isapnp.sys
2009-09-01 15:06 . 2008-04-14 10:00 3328 ----a-w- c:\windows\system32\drivers\pciide.sys
2009-09-01 15:06 . 2008-04-14 10:00 24960 ----a-w- c:\windows\system32\drivers\pciidex.sys
2009-09-01 11:15 . 2009-09-01 11:15 -------- d-----w- c:\program files\Creative
2009-09-01 10:49 . 2009-09-01 10:49 0 ----a-w- c:\windows\ativpsrm.bin
2009-08-05 09:01 . 2008-04-14 10:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:36 . 2008-04-14 10:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:36 . 2008-04-14 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-21 16:30 . 2009-07-21 16:30 3565056 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-07-21 15:55 . 2009-07-21 15:55 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-07-21 15:54 . 2009-07-21 15:54 325120 ----a-w- c:\windows\system32\ati2dvag.dll
2009-07-21 15:44 . 2009-07-21 15:44 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-07-21 15:44 . 2009-07-21 15:44 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-07-21 15:43 . 2009-07-21 15:43 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-07-21 15:43 . 2009-07-21 15:43 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-07-21 15:43 . 2009-07-21 15:43 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-07-21 15:42 . 2009-07-21 15:42 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-07-21 15:40 . 2009-07-21 15:40 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-07-21 15:35 . 2009-07-21 15:35 307200 ----a-w- c:\windows\system32\atiiiexx.dll
2009-07-21 15:32 . 2009-07-21 15:32 11845632 ----a-w- c:\windows\system32\atioglxx.dll
2009-07-21 15:32 . 2009-07-21 15:32 3818272 ----a-w- c:\windows\system32\ati3duag.dll
2009-07-21 15:17 . 2009-07-21 15:17 2670720 ----a-w- c:\windows\system32\ativvaxx.dll
2009-07-21 15:17 . 2009-07-21 15:17 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-07-21 15:17 . 2009-07-21 15:17 3107788 ----a-w- c:\windows\system32\ativva5x.dat
2009-07-21 15:01 . 2009-07-21 15:01 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2009-07-21 14:57 . 2009-07-21 14:57 475136 ----a-w- c:\windows\system32\atikvmag.dll
2009-07-21 14:55 . 2009-07-21 14:55 126976 ----a-w- c:\windows\system32\atiadlxx.dll
2009-07-21 14:54 . 2009-07-21 14:54 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-07-21 14:54 . 2009-07-21 14:54 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-07-21 14:53 . 2009-07-21 14:53 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-07-21 14:53 . 2009-07-21 14:53 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-07-21 14:52 . 2009-07-21 14:52 290816 ----a-w- c:\windows\system32\atiok3x2.dll
2009-07-21 14:52 . 2009-07-21 14:52 3227648 ----a-w- c:\windows\system32\aticaldd.dll
2009-07-21 14:48 . 2009-07-21 14:48 626688 ----a-w- c:\windows\system32\ati2cqag.dll
2009-07-21 08:40 . 2009-09-01 17:32 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-07-17 19:04 . 2008-04-14 10:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2008-04-14 10:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-09-04 288048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-21 61440]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-28 28672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [3.9.2009 20:26 114768]
R1 is-EE4IPdrv;is-EE4IPdrv;c:\windows\system32\drivers\20244942.sys [19.9.2009 20:01 148496]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3.9.2009 20:26 20560]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [14.4.2008 12:00 14336]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - GETPLUSHELPER

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Doplňkový sken -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\g2tkv2kt.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-{6889EE56-1816-4E89-94DF-9F56E7804039}_is1 - c:\program files\Valve\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-03 23:10
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(548)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3732)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2009-10-03 23:11
ComboFix-quarantined-files.txt 2009-10-03 21:11

Před spuštěním: Volných bajtů: 31 499 255 808
Po spuštění: Volných bajtů: 32 149 667 840

221 --- E O F --- 2009-09-27 11:44

[Damned]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\temp\catchme.dll
c:\windows\system32\ezsidmv.dat
c:\windows\system32\drivers\20244942.sys
C:\BUGHUNT.DAT
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\McAfee Security Scan.lnk
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan.lnk

Folder::
C:\Documents and Settings\Marek\Plocha\Virus Removal Tool
c:\program files\McAfee Security Scan
c:\program files\NOS
C:\FOUND.000
c:\program files\ICQ6Toolbar

Driver::
20244942
getPlusHelper;getPlus(R) Helper
getPlusHelper

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"getPlusHelper"=-



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

ježíš!!!

[Buzo]

ComboFix 09-10-01.05 - Marek 04.10.2009 0:39.6.1 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.602 [GMT 2:00]
Spuštěný z: c:\documents and settings\Marek\Dokumenty\Stažené soubory\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Marek\Plocha\CFScript
AV: avast! antivirus 4.8.1356 [VPS 091003-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"C:\BUGHUNT.DAT"
"c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\McAfee Security Scan.lnk"
"c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan.lnk"
"c:\temp\catchme.dll"
"c:\windows\system32\drivers\20244942.sys"
"c:\windows\system32\ezsidmv.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\BUGHUNT.DAT
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan.lnk
C:\FOUND.000
c:\found.000\FILE0000.CHK
c:\found.000\FILE0001.CHK
c:\found.000\FILE0002.CHK
c:\found.000\FILE0003.CHK
c:\found.000\FILE0004.CHK
c:\found.000\FILE0005.CHK
c:\found.000\FILE0006.CHK
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\program files\McAfee Security Scan
c:\program files\McAfee Security Scan\1.0.150\ftconfig.ini
c:\program files\McAfee Security Scan\1.0.150\mcbrwsr2.dll
c:\program files\McAfee Security Scan\1.0.150\mcuicnt.exe
c:\program files\McAfee Security Scan\1.0.150\SecurityScanner.dll
c:\program files\McAfee Security Scan\1.0.150\SecurityScanner_LD.dll
c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe
c:\program files\McAfee Security Scan\uninstall.exe
c:\program files\NOS
c:\program files\NOS\bin\getPlus_Helper.dll
c:\program files\NOS\bin\getPlusPlus_Adobe.exe
c:\program files\NOS\bin\gp.ocx
c:\windows\system32\drivers\20244942.sys
c:\windows\system32\ezsidmv.dat

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GETPLUSHELPER
-------\Service_getPlusHelper
-------\Legacy_is-EE4IPdrv
-------\Service_is-EE4IPdrv


((((((((((((((((((((((((( Soubory vytvořené od 2009-09-03 do 2009-10-03 )))))))))))))))))))))))))))))))
.

2009-10-03 22:47 . 2009-10-03 22:47 -------- d-----w- c:\temp\WPDNSE
2009-10-03 22:47 . 2009-10-03 22:47 16384 ----a-w- c:\temp\Perflib_Perfdata_4e0.dat
2009-10-03 22:47 . 2009-10-03 22:47 -------- d-----w- c:\temp\_av_proI.tm~a01740
2009-10-03 07:16 . 2009-10-03 07:16 -------- d-----w- c:\program files\FastStone Photo Resizer
2009-10-03 05:25 . 2009-10-03 05:25 0 ----a-w- c:\windows\nsreg.dat
2009-10-03 05:11 . 2009-10-03 05:11 -------- d-----w- c:\temp\__SkypeIEToolbar_Cache
2009-10-02 21:37 . 2009-10-02 21:37 -------- d-----w- c:\program files\E.M. PowerPoint Video Converter
2009-10-02 21:15 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-10-02 21:05 . 2009-10-02 21:05 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-10-02 21:02 . 2009-10-02 21:02 -------- d-----w- c:\temp\Rar$EX00.985
2009-10-02 20:16 . 2009-10-02 20:16 -------- d-----w- c:\program files\Microsoft Works
2009-10-02 20:14 . 2009-10-02 20:14 -------- d-----w- c:\program files\Microsoft.NET
2009-10-02 20:12 . 2009-10-02 20:12 -------- d-----w- c:\windows\SHELLNEW
2009-10-02 20:10 . 2009-10-02 20:11 -------- d-----r- C:\MSOCache
2009-10-02 19:22 . 2009-10-02 19:22 -------- d-----w- c:\program files\VideoMach-3.4.1
2009-10-01 09:03 . 1999-12-17 07:13 86016 ----a-w- c:\windows\unvise32.exe
2009-10-01 09:03 . 2009-10-01 09:03 -------- d-----w- C:\Sierra
2009-09-30 18:16 . 2009-09-30 18:16 -------- d-----w- c:\program files\Valve
2009-09-27 18:24 . 2009-09-27 18:24 -------- d-----w- c:\program files\Counter-Strike 1.6 Patch Version 26
2009-09-27 17:48 . 2009-09-27 17:48 -------- d-----w- c:\documents and settings\Marek\errorlogs
2009-09-27 12:36 . 2009-09-27 12:36 -------- d-----w- c:\program files\Recuva
2009-09-27 11:55 . 2009-09-27 11:55 -------- d-----w- c:\program files\PC Inspector File Recovery
2009-09-23 14:56 . 2009-09-23 14:56 -------- d-----w- c:\program files\Google
2009-09-23 14:56 . 2009-09-23 14:56 -------- d-----w- c:\program files\Common Files\Skype
2009-09-23 14:56 . 2009-09-23 14:56 -------- d-----r- c:\program files\Skype
2009-09-19 18:01 . 2009-10-03 22:46 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-19 16:14 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-19 16:14 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-19 16:14 . 2009-09-19 16:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-18 13:15 . 2009-09-18 13:15 -------- d-----w- c:\program files\DaemonicMU
2009-09-14 09:12 . 2009-09-14 09:12 -------- d-----w- c:\program files\ICQ6.5
2009-09-07 07:50 . 2009-09-07 07:50 -------- d-----w- c:\program files\7-Zip
2009-09-07 06:47 . 2009-09-07 06:47 -------- d-----w- c:\windows\Logs
2009-09-06 18:01 . 2009-09-06 18:01 -------- d-----w- c:\program files\gBurner
2009-09-06 12:57 . 2009-09-06 12:57 -------- d-----w- c:\program files\ImgBurn
2009-09-05 09:56 . 2009-09-05 09:56 -------- d-----w- c:\program files\CCleaner
2009-09-05 06:35 . 2009-09-05 06:35 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-09-05 06:31 . 2009-09-05 06:31 -------- d--h--w- c:\program files\Zero G Registry
2009-09-05 06:30 . 2009-09-05 06:31 -------- d--h--w- c:\documents and settings\Marek\InstallAnywhere
2009-09-04 17:56 . 2009-09-04 17:56 -------- d-----w- c:\program files\trend micro
2009-09-04 08:25 . 2009-09-04 08:25 -------- d-----w- c:\program files\uTorrent
2009-09-04 05:58 . 2009-09-04 05:58 -------- d-----w- c:\program files\Prime95

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-03 22:46 . 2009-09-19 18:01 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-03 22:46 . 2009-09-01 13:46 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000000-00000000-0000000B-00001102-00000002-80611102}.dat
2009-10-03 22:46 . 2009-09-01 13:46 24 ----a-w- c:\windows\system32\DVCState-{00000000-00000000-0000000B-00001102-00000002-80611102}.dat
2009-09-15 10:59 . 2009-09-03 18:26 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 10:56 . 2009-09-03 18:26 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-15 10:56 . 2009-09-03 18:26 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-15 10:55 . 2009-09-03 18:26 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 10:55 . 2009-09-03 18:26 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 10:54 . 2009-09-03 18:26 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 10:54 . 2009-09-03 18:26 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 10:53 . 2009-09-03 18:26 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-15 10:53 . 2009-09-03 18:26 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-03 18:26 . 2009-09-03 18:26 -------- d-----w- c:\program files\Alwil Software
2009-09-01 17:32 . 2009-09-01 17:32 -------- d-----w- c:\program files\ATI Technologies
2009-09-01 17:21 . 2009-09-01 17:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-01 17:21 . 2009-09-01 17:21 -------- d-----w- c:\program files\sisagp
2009-09-01 17:21 . 2009-09-01 17:21 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-01 17:05 . 2009-09-01 17:05 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-09-01 16:22 . 2009-09-01 16:22 -------- d-----w- c:\program files\Sports Interactive
2009-09-01 15:43 . 2008-04-14 10:00 82372 ----a-w- c:\windows\system32\perfc005.dat
2009-09-01 15:43 . 2008-04-14 10:00 437558 ----a-w- c:\windows\system32\perfh005.dat
2009-09-01 15:35 . 2009-09-01 15:35 -------- d-----w- c:\program files\Centauri
2009-09-01 15:06 . 2009-06-19 13:17 75264 ----a-w- c:\windows\system32\storprop.dll
2009-09-01 15:06 . 2008-04-14 10:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-09-01 15:06 . 2008-04-14 10:00 188288 ----a-w- c:\windows\system32\drivers\acpi.sys
2009-09-01 15:06 . 2007-04-16 19:46 33792 ----a-w- c:\windows\system32\drivers\AmdPPM.sys
2009-09-01 15:06 . 2008-04-14 10:00 68736 ----a-w- c:\windows\system32\drivers\pci.sys
2009-09-01 15:06 . 2008-04-14 10:00 37248 ----a-w- c:\windows\system32\drivers\isapnp.sys
2009-09-01 15:06 . 2008-04-14 10:00 3328 ----a-w- c:\windows\system32\drivers\pciide.sys
2009-09-01 15:06 . 2008-04-14 10:00 24960 ----a-w- c:\windows\system32\drivers\pciidex.sys
2009-09-01 11:15 . 2009-09-01 11:15 -------- d-----w- c:\program files\Creative
2009-09-01 10:49 . 2009-09-01 10:49 0 ----a-w- c:\windows\ativpsrm.bin
2009-08-05 09:01 . 2008-04-14 10:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:36 . 2008-04-14 10:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:36 . 2008-04-14 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-21 16:30 . 2009-07-21 16:30 3565056 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-07-21 15:55 . 2009-07-21 15:55 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-07-21 15:54 . 2009-07-21 15:54 325120 ----a-w- c:\windows\system32\ati2dvag.dll
2009-07-21 15:44 . 2009-07-21 15:44 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-07-21 15:44 . 2009-07-21 15:44 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-07-21 15:43 . 2009-07-21 15:43 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-07-21 15:43 . 2009-07-21 15:43 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-07-21 15:43 . 2009-07-21 15:43 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-07-21 15:42 . 2009-07-21 15:42 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-07-21 15:40 . 2009-07-21 15:40 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-07-21 15:35 . 2009-07-21 15:35 307200 ----a-w- c:\windows\system32\atiiiexx.dll
2009-07-21 15:32 . 2009-07-21 15:32 11845632 ----a-w- c:\windows\system32\atioglxx.dll
2009-07-21 15:32 . 2009-07-21 15:32 3818272 ----a-w- c:\windows\system32\ati3duag.dll
2009-07-21 15:17 . 2009-07-21 15:17 2670720 ----a-w- c:\windows\system32\ativvaxx.dll
2009-07-21 15:17 . 2009-07-21 15:17 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-07-21 15:17 . 2009-07-21 15:17 3107788 ----a-w- c:\windows\system32\ativva5x.dat
2009-07-21 15:01 . 2009-07-21 15:01 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2009-07-21 14:57 . 2009-07-21 14:57 475136 ----a-w- c:\windows\system32\atikvmag.dll
2009-07-21 14:55 . 2009-07-21 14:55 126976 ----a-w- c:\windows\system32\atiadlxx.dll
2009-07-21 14:54 . 2009-07-21 14:54 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-07-21 14:54 . 2009-07-21 14:54 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-07-21 14:53 . 2009-07-21 14:53 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-07-21 14:53 . 2009-07-21 14:53 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-07-21 14:52 . 2009-07-21 14:52 290816 ----a-w- c:\windows\system32\atiok3x2.dll
2009-07-21 14:52 . 2009-07-21 14:52 3227648 ----a-w- c:\windows\system32\aticaldd.dll
2009-07-21 14:48 . 2009-07-21 14:48 626688 ----a-w- c:\windows\system32\ati2cqag.dll
2009-07-21 08:40 . 2009-09-01 17:32 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-07-17 19:04 . 2008-04-14 10:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2008-04-14 10:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-09-04 288048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-21 61440]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-28 28672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [3.9.2009 20:26 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3.9.2009 20:26 20560]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Doplňkový sken -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\g2tkv2kt.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe
AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program files\NOS\bin\getPlus_Helper.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-04 00:47
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(548)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3708)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
c:\program files\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\MOM.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASHDISP.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
c:\program files\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\CCC.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
.
**************************************************************************
.
Celkový čas: 2009-10-03 0:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-10-03 22:49
ComboFix2.txt 2009-10-03 21:11

Před spuštěním: Volných bajtů: 32 127 221 760
Po spuštění: Volných bajtů: 32 046 645 248

273 --- E O F --- 2009-09-27 11:44

[Damned]

Vlož mi sem ještě log z HJT.

[Buzo]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:03:27, on 4.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: is-EE4IP.lnk = C:\Documents and Settings\Marek\Plocha\Virus Removal Tool\is-EE4IP\startup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwar ... TSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 5907 bytes

[Damned]

Reklamy ti sami od sebe budou vyskakovat pouze v případě, že se ti do PC dostane nějaký šmejd, nebo pokud si je sám povolíš třeba při stažení softu s licencí Adware. Takže, při čistém PC, reklamy neskáčou.

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

R3 - URLSearchHook: (no name) - - (no file)
O4 - Startup: is-EE4IP.lnk = C:\Documents and Settings\Marek\Plocha\Virus Removal Tool\is-EE4IP\startup.exe
*****************************************************************************************************************************************
Toto: O4 - Startup: is-EE4IP.lnk = C:\Documents and Settings\Marek\Plocha\Virus Removal Tool\is-EE4IP\startup.exe nejde fixnout?

[Buzo]

už je to fixlý zapomněl sem vypnout minule internet.

[Damned]

Co ty reklamy?

Odinstaluj ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš

(pozn.Pokud máš AVG, avast! nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, avast! i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG,avast!, Aviru.)


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.

ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache,
cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer,
Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Kdyby něco, tak se zastav.
Označ topic za vyřešený (zelená fajfka) a měj se.