Dobrý den, prosím o pomoc. Při používání internetu mi pořád vyskakují okna - většinou reklamy, travians...
Předem díky za pomoc! :-)
Tady je log z HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:21:51, on 30.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
D:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
D:\Program Files\F-Secure\Common\FSMA32.EXE
D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
D:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
D:\Program Files\F-Secure\Common\FAMEH32.EXE
D:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\F-Secure\Common\FNRB32.EXE
D:\Program Files\F-Secure\FSAUA\program\fsaua.exe
D:\Program Files\F-Secure\Common\FIH32.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
D:\Program Files\EeePC\ACPI\AsTray.exe
D:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
D:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxext.exe
D:\Program Files\F-Secure\Common\FSM32.EXE
D:\Program Files\lg_fwupdate\fwupdate.exe
D:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
D:\Program Files\Nero\Nero 7\InCD\InCD.exe
D:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\program files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
D:\Program Files\F-Secure\FSGUI\fsguidll.exe
D:\program files\Sun\StarOffice 8\program\soffice.exe
D:\program files\Sun\StarOffice 8\program\soffice.BIN
D:\Program Files\F-Secure\Anti-Virus\fsav32.exe
D:\PROGRA~1\Crawler\CToolbar.exe
D:\Program Files\AVG\AVG8\avgtray.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\PROGRA~1\AVG\AVG8\avgnsx.exe
D:\PROGRA~1\AVG\AVG8\avgemc.exe
D:\Program Files\AVG\AVG8\avgcsrvx.exe
D:\Program Files\F-Secure\Anti-Virus\fssm32.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\program files\ICQ6.5\ICQ.exe
C:\Documents and Settings\Veronika\Plocha\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1392740
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60049
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://eeepc.asus.com/global
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - *{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - D:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - D:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - D:\Program Files\Internet Saving Optimizer\3.6.0.4470\NPIEAddOn.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - D:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\Msdxm6.ocx
O3 - Toolbar: (no name) - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - (no file)
O3 - Toolbar: (no name) - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - D:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - D:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusTray] D:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] D:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] D:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [F-Secure Manager] "D:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [LGODDFU] "D:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] D:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1000135862-3181516787-1816074733-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-1000135862-3181516787-1816074733-1006 Startup: StarOffice 8.lnk = D:\program files\Sun\StarOffice 8\program\quickstart.exe (User '?')
O4 - Startup: StarOffice 8.lnk = D:\program files\Sun\StarOffice 8\program\quickstart.exe
O4 - Global Startup: AutoRun OSCleaner.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: SuperHybridEngine.exe.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\program files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\program files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 2300838468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2300804562
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - D:\PROGRA~1\Crawler\ctbr.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Stavová služba ASP.NET (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: Služba F-Secure Network Request Broker (F-Secure Network Request Broker) - F-Secure Corporation - D:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: FSMA - F-Secure Corporation - D:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
--
End of file - 11397 bytes
Tady ještě log z ComboFix:
ComboFix 09-11-28.04 - Veronika 29.11.2009 21:29.1.2 - x86
Spuštěný z: c:\documents and settings\Veronika\Dokumenty\Stažené soubory\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: F-Secure Anti-Virus for Workstations 7.11 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-1454471165-1417001333-299502267-1003
c:\windows\system32\ieuinit.inf
d:\program files\Internet Saving Optimizer
d:\program files\Internet Saving Optimizer\3.6.0.4470\Data\config.md
d:\program files\Internet Saving Optimizer\3.6.0.4470\FF\components\NPFFAddOn.dll
d:\program files\Internet Saving Optimizer\3.6.0.4470\FF\components\NPFFAddOn.xpt
d:\program files\Internet Saving Optimizer\3.6.0.4470\FF\components\NPFFHelperComponent.js
d:\program files\Internet Saving Optimizer\3.6.0.4470\FF\chrome.manifest
d:\program files\Internet Saving Optimizer\3.6.0.4470\FF\chrome\content\NPAddOn.js
d:\program files\Internet Saving Optimizer\3.6.0.4470\FF\chrome\content\NPAddOn.xul
d:\program files\Internet Saving Optimizer\3.6.0.4470\FF\chrome\NPAddOn.jar
d:\program files\Internet Saving Optimizer\3.6.0.4470\FF\install.rdf
d:\program files\Internet Saving Optimizer\3.6.0.4470\NPCommon.dll
d:\program files\Internet Saving Optimizer\3.6.0.4470\NPIEaddon.dll
d:\program files\Internet Saving Optimizer\3.6.0.4470\unins000.dat
d:\program files\Internet Saving Optimizer\3.6.0.4470\unins000.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-10-28 do 2009-11-29 )))))))))))))))))))))))))))))))
.
2009-11-29 12:43 . 2009-11-29 20:20 -------- d-----w- d:\program files\Crawler
2009-11-22 20:53 . 2009-11-22 20:53 -------- d-----w- d:\program files\TeamViewer
2009-11-22 20:51 . 2009-11-22 20:52 2282880 ----a-w- d:\program files\TeamViewer_Setup.exe
2009-11-22 13:09 . 2009-11-22 13:10 -------- d-----w- d:\program files\CCleaner
2009-11-22 13:08 . 2009-11-22 13:08 3310608 ----a-w- d:\program files\ccsetup225.exe
2009-11-22 12:11 . 2009-11-22 12:11 -------- d-----w- c:\windows\system32\NtmsData
2009-11-21 14:43 . 2008-01-17 18:30 32352 ----a-w- c:\windows\system32\drivers\UimBus.sys
2009-11-21 14:43 . 2008-01-17 18:30 131456 ----a-w- c:\windows\system32\drivers\Uim_IM.sys
2009-11-21 14:43 . 2008-01-17 18:30 11840 ----a-w- c:\windows\system32\drivers\UimFIO.sys
2009-11-21 14:43 . 2008-01-17 18:30 38448 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2009-11-21 14:43 . 2008-01-17 18:30 247824 ----a-w- c:\windows\system32\prgiso.dll
2009-11-21 14:43 . 2008-01-17 18:30 4245008 ----a-w- c:\windows\system32\qtp-mt334.dll
2009-11-21 14:43 . 2008-01-17 18:30 13840 ----a-w- c:\windows\system32\wnaspi32.dll
2009-11-21 14:36 . 2009-11-21 14:36 -------- d-----w- d:\program files\Paragon Software
2009-11-18 20:19 . 2009-11-18 20:19 -------- d-----w- c:\documents and settings\Veronika\temp
2009-11-18 20:19 . 2009-11-18 20:19 1693656 ----a-w- d:\program files\TeamViewerQS.exe
2009-11-17 10:29 . 2009-11-17 10:29 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2009-11-15 20:05 . 2009-11-18 22:44 -------- d-----w- C:\$AVG8.VAULT$
2009-11-15 18:10 . 2009-11-17 10:22 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-15 18:10 . 2009-11-17 10:20 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-15 18:10 . 2009-11-17 10:21 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-15 18:10 . 2009-11-17 10:21 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-15 18:09 . 2009-11-22 10:05 -------- d-----w- c:\windows\system32\drivers\Avg
2009-11-15 18:04 . 2009-11-15 18:04 -------- d-----w- d:\program files\AVG
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-22 14:12 . 2008-05-07 21:59 63370 ----a-w- c:\windows\system32\perfc005.dat
2009-11-22 14:12 . 2008-05-07 21:59 343152 ----a-w- c:\windows\system32\perfh005.dat
2009-11-22 13:35 . 2009-02-06 14:26 -------- d-----w- d:\program files\Java
2009-11-21 19:35 . 2009-02-06 14:26 -------- d-----w- d:\program files\lg_fwupdate
2009-11-21 14:36 . 2009-02-06 14:48 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-11-17 14:44 . 2009-02-06 11:53 -------- d-----w- d:\program files\Eee Storage
2009-11-16 21:58 . 2009-02-06 11:47 -------- d-----w- d:\program files\CyberLink
2009-11-16 21:38 . 2009-06-02 18:39 -------- d-----w- d:\program files\Google
2009-11-13 17:16 . 2009-07-02 17:58 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-15 17:22 . 2009-02-06 14:27 -------- d-----w- d:\program files\Microsoft Works
2009-09-11 14:19 . 2008-05-07 21:57 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:05 . 2008-05-07 21:57 58880 ----a-w- c:\windows\system32\msasn1.dll
2008-12-25 19:26 . 2009-02-06 11:54 671 ----a-w- d:\program files\BS.Player FREE.lnk
2008-09-16 14:12 . 2009-02-06 11:46 33 ---ha-w- d:\program files\oemver.txt
2008-05-07 08:34 . 2009-02-06 11:46 15523560 ----a-w- d:\program files\U1 Setup.exe
2002-07-31 18:51 . 2009-02-13 18:46 108 --sh--w- c:\windows\WSYS049.SYS
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 10:58 1107200 ----a-w- d:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "d:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "d:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LGODDFU"="d:\program files\lg_fwupdate\fwupdate.exe blrun" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusTray"="d:\program files\EeePC\ACPI\AsTray.exe" [2008-07-23 98304]
"AsusACPIServer"="d:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-07-23 479232]
"AsusEPCMonitor"="d:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-20 94208]
"F-Secure Manager"="d:\program files\F-Secure\Common\FSM32.EXE" [2008-02-20 182936]
"F-Secure TNB"="d:\program files\F-Secure\FSGUI\TNBUtil.exe" [2008-02-20 895584]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="d:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1629480]
"InCD"="d:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1057064]
"AVG8_TRAY"="d:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-17 2028312]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-02-06 136600]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-07-31 16806912]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Veronika\Nabˇdka Start\Programy\Po spuçtŘnˇ\
StarOffice 8.lnk - d:\program files\Sun\StarOffice 8\program\quickstart.exe [2009-2-6 122880]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AutoRun OSCleaner.lnk - d:\program files\ASUS\Asus OS Cleaner\AsOSCleaner.exe [2009-2-6 118784]
Bluetooth.lnk - d:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-2-6 604776]
SuperHybridEngine.exe.lnk - d:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-2-6 303104]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-17 10:22 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\program files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\program files\\AVG\\AVG8\\avgupd.exe"=
"d:\\program files\\AVG\\AVG8\\avgemc.exe"=
"d:\\program files\\TeamViewer\\Version4\\TeamViewer.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"85:TCP"= 85:TCP:BroadWave Web Server
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-02-06 717296]
R4 F-Secure Filter;F-Secure File System Filter;d:\program files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2008-02-20 39776]
R4 F-Secure Recognizer;F-Secure File System Recognizer;d:\program files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2008-02-20 25184]
S0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-01-17 38448]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-11-17 335240]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-11-17 108552]
S2 avg8emc;AVG8 E-mail Scanner;d:\progra~1\AVG\AVG8\avgemc.exe [2009-11-17 908056]
S2 avg8wd;AVG8 WatchDog;d:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-11-17 297752]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;d:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2008-02-20 62048]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\DRIVERS\RT2860.sys [2008-03-28 625024]
.
Obsah adresáře 'Naplánované úlohy'
2009-11-29 c:\windows\Tasks\Scheduled scanning task.job
- d:\progra~1\F-Secure\ANTI-V~1\fsav.exe [2009-02-06 17:44]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT1392740
uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global
IE: Crawler Search - tbr:iemenu
IE: Odeslat do zařízení &Bluetooth... - d:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - d:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - d:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\documents and settings\Veronika\Data aplikací\Mozilla\Firefox\Profiles\qyp03wfn.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/sear ... -web_us&p=
FF - component: d:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: d:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: d:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: d:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: d:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: d:\program files\Crawler\firefox\components\xcomm.dll
FF - component: d:\program files\Crawler\firefox\components\xshared.dll
FF - component: d:\program files\Crawler\firefox\components\xsupport.dll
FF - component: d:\program files\Crawler\firefox\components\xwsg.dll
FF - plugin: c:\program files\Windows Media Player\npdrmv2.dll
FF - plugin: c:\program files\Windows Media Player\npdsplay.dll
FF - plugin: c:\program files\Windows Media Player\npwmsdrm.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npmusicn.dll
---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - (no file)
BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
Toolbar-{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC} - (no file)
AddRemove-CToolbar_UNINSTALL - d:\progra~1\Crawler\CToolbar.exe uninst
AddRemove-{1FB52AB3-5987-45a2-85E0-F3EC30DDDC29}}_is1 - d:\program files\Internet Saving Optimizer\3.6.0.4470\unins000.exe
AddRemove-{91810AFC-A4F8-4EBA-A5AA-B198BBC81144} - d:\program files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe REMOVEALL
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-29 21:45
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2009-11-29 21:50
ComboFix-quarantined-files.txt 2009-11-29 20:50
Před spuštěním: 898 236 416
Po spuštění: 907 374 592
- - End Of File - - 3DA3E55D7DA37D9B5883EAC2984C9F1B
Prosím o pomoc - vyskakující okna Vyřešeno
Re: Prosím o pomoc - vyskakující okna
Kto kazal spustit ComboFix?
A napis, ktory antivirus budes pouzivat (F-Secure/AVG).
A napis, ktory antivirus budes pouzivat (F-Secure/AVG).
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Re: Prosím o pomoc - vyskakující okna
ComboFix mi poradil někdo na internetu, bohužel, pak už se neozval. Raději to AVG. Díky
Re: Prosím o pomoc - vyskakující okna
1) Pouzi >>tento<< oficialny odinstalator.
2) Stiahni MbAM. Uloz na plochu, otvor "mbam-setup.exe" a nainstaluj. Updatuj. Potom spravis kompletny scan - co program najde, zmaz. Nasledny log vloz sem.
2) Stiahni MbAM. Uloz na plochu, otvor "mbam-setup.exe" a nainstaluj. Updatuj. Potom spravis kompletny scan - co program najde, zmaz. Nasledny log vloz sem.
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Re: Prosím o pomoc - vyskakující okna
Jaj, tam MbAM si mákl, aneb už nikdy nepůjčuju nb.
Malwarebytes' Anti-Malware 1.41
Verze databáze: 3285
Windows 5.1.2600 Service Pack 3
3.12.2009 16:34:12
mbam-log-2009-12-03 (16-34-12).txt
Typ kontroly: Kompletní kontrola (C:\|D:\|)
Zkontrolované objekty: 139488
Uplynulý čas: 27 minute(s), 17 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 36
Infikované hodnoty registru: 3
Infikované datové položky registru: 0
Infikované adresáře: 10
Infikované soubory: 10
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_CLASSES_ROOT\aimactivexdll.aimhelper (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\aimactivexdll.aimhelper.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oeactivexdll.desktopbuttonhandler (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oeactivexdll.desktopbuttonhandler.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oeactivexdll.desktopoeaddin1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oeactivexdll.desktopoeaddin1.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3fb17508-0bf4-4fde-845a-323a1052957c} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{42c23154-00fa-4a93-9de9-3eb523cffff6} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{803e73fe-cb73-4d49-8aff-653fd6f44171} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{95b92d92-8b7d-4a19-a3f1-43113b4dbcaf} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{57aba38e-6535-48f3-99fd-efdc62137c78} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0514c9b0-e4c6-4d6b-a3a6-b38bc280b115} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d335d84d-61d8-4b5f-9c4e-067dc8b27ed5} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{5297e905-1dfb-4a9c-9871-a4f95fd58945} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\AIMActiveXDLL.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\advantage (Adware.Vomba) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Addins\OEActiveXDLL.DesktopOEAddin1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1fb52ab3-5987-45a2-85e0-f3ec30dddc29}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Funband Serach (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Funband Serach (Adware.DoubleD) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> Quarantined and deleted successfully.
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
D:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
D:\Program Files\Internet Saving Optimizer\3.6.0.4470 (Adware.DoubleD) -> Quarantined and deleted successfully.
D:\Program Files\Internet Saving Optimizer\3.6.0.4470\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
D:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
D:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
D:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
D:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
D:\Program Files\System Search Dispatcher (Adware.DoubleD) -> Quarantined and deleted successfully.
D:\Program Files\System Search Dispatcher\1.3.3.840 (Adware.DoubleD) -> Quarantined and deleted successfully.
D:\Program Files\System Search Dispatcher\1.3.3.840\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
Infikované soubory:
D:\Program Files\Internet Saving Optimizer\3.6.0.4470\NPIEAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
D:\Program Files\Internet Saving Optimizer\3.6.0.4470\NPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
D:\Program Files\Internet Saving Optimizer\3.6.0.4470\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
D:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
D:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
D:\Program Files\System Search Dispatcher\1.3.3.840\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
D:\Program Files\System Search Dispatcher\1.3.3.840\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
D:\Program Files\System Search Dispatcher\1.3.3.840\Data\eacore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
D:\Program Files\System Search Dispatcher\1.3.3.840\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
D:\Program Files\System Search Dispatcher\1.3.3.840\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.41
Verze databáze: 3285
Windows 5.1.2600 Service Pack 3
3.12.2009 16:34:12
mbam-log-2009-12-03 (16-34-12).txt
Typ kontroly: Kompletní kontrola (C:\|D:\|)
Zkontrolované objekty: 139488
Uplynulý čas: 27 minute(s), 17 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 36
Infikované hodnoty registru: 3
Infikované datové položky registru: 0
Infikované adresáře: 10
Infikované soubory: 10
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_CLASSES_ROOT\aimactivexdll.aimhelper (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\aimactivexdll.aimhelper.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oeactivexdll.desktopbuttonhandler (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oeactivexdll.desktopbuttonhandler.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oeactivexdll.desktopoeaddin1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oeactivexdll.desktopoeaddin1.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3fb17508-0bf4-4fde-845a-323a1052957c} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{42c23154-00fa-4a93-9de9-3eb523cffff6} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{803e73fe-cb73-4d49-8aff-653fd6f44171} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{95b92d92-8b7d-4a19-a3f1-43113b4dbcaf} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{57aba38e-6535-48f3-99fd-efdc62137c78} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0514c9b0-e4c6-4d6b-a3a6-b38bc280b115} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d335d84d-61d8-4b5f-9c4e-067dc8b27ed5} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{5297e905-1dfb-4a9c-9871-a4f95fd58945} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\AIMActiveXDLL.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\advantage (Adware.Vomba) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Addins\OEActiveXDLL.DesktopOEAddin1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1fb52ab3-5987-45a2-85e0-f3ec30dddc29}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Funband Serach (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Funband Serach (Adware.DoubleD) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> Quarantined and deleted successfully.
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
D:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
D:\Program Files\Internet Saving Optimizer\3.6.0.4470 (Adware.DoubleD) -> Quarantined and deleted successfully.
D:\Program Files\Internet Saving Optimizer\3.6.0.4470\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
D:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
D:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
D:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
D:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
D:\Program Files\System Search Dispatcher (Adware.DoubleD) -> Quarantined and deleted successfully.
D:\Program Files\System Search Dispatcher\1.3.3.840 (Adware.DoubleD) -> Quarantined and deleted successfully.
D:\Program Files\System Search Dispatcher\1.3.3.840\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
Infikované soubory:
D:\Program Files\Internet Saving Optimizer\3.6.0.4470\NPIEAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
D:\Program Files\Internet Saving Optimizer\3.6.0.4470\NPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
D:\Program Files\Internet Saving Optimizer\3.6.0.4470\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
D:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
D:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
D:\Program Files\System Search Dispatcher\1.3.3.840\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
D:\Program Files\System Search Dispatcher\1.3.3.840\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
D:\Program Files\System Search Dispatcher\1.3.3.840\Data\eacore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
D:\Program Files\System Search Dispatcher\1.3.3.840\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
D:\Program Files\System Search Dispatcher\1.3.3.840\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
Re: Prosím o pomoc - vyskakující okna
Njn, DoubleD je taky...
Mozem vidiet novy log z CF?
Mozem vidiet novy log z CF?
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Re: Prosím o pomoc - vyskakující okna
:-) Tady je:
ComboFix 09-12-05.01 - Veronika 05.12.2009 22:27.1.2 - x86
Spuštěný z: c:\documents and settings\Veronika\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-1454471165-1417001333-299502267-1003
c:\windows\system32\ieuinit.inf
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-05 do 2009-12-05 )))))))))))))))))))))))))))))))
.
2009-12-05 21:20 . 2009-12-05 21:19 390144 ----a-w- c:\windows\system32\CF10531.exe
2009-12-03 14:59 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 14:59 . 2009-12-03 15:00 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2009-12-03 14:59 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-02 23:58 . 2009-12-02 23:59 -------- d-----w- d:\program files\ECAP
2009-12-02 11:39 . 2009-12-02 11:39 -------- d-----w- d:\program files\DreamWorks Interactive
2009-12-02 00:16 . 2009-12-02 00:16 -------- d--h--w- c:\windows\$hf_mig$
2009-11-29 21:27 . 2009-11-29 21:27 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-29 21:05 . 2009-11-29 21:05 -------- d-----w- C:\rsit
2009-11-22 20:53 . 2009-11-22 20:53 -------- d-----w- d:\program files\TeamViewer
2009-11-22 20:51 . 2009-11-22 20:52 2282880 ----a-w- d:\program files\TeamViewer_Setup.exe
2009-11-22 13:09 . 2009-11-22 13:10 -------- d-----w- d:\program files\CCleaner
2009-11-22 13:08 . 2009-11-22 13:08 3310608 ----a-w- d:\program files\ccsetup225.exe
2009-11-22 12:11 . 2009-11-22 12:11 -------- d-----w- c:\windows\system32\NtmsData
2009-11-21 14:43 . 2008-01-17 18:30 32352 ----a-w- c:\windows\system32\drivers\UimBus.sys
2009-11-21 14:43 . 2008-01-17 18:30 131456 ----a-w- c:\windows\system32\drivers\Uim_IM.sys
2009-11-21 14:43 . 2008-01-17 18:30 11840 ----a-w- c:\windows\system32\drivers\UimFIO.sys
2009-11-21 14:43 . 2008-01-17 18:30 38448 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2009-11-21 14:43 . 2008-01-17 18:30 247824 ----a-w- c:\windows\system32\prgiso.dll
2009-11-21 14:43 . 2008-01-17 18:30 4245008 ----a-w- c:\windows\system32\qtp-mt334.dll
2009-11-21 14:43 . 2008-01-17 18:30 13840 ----a-w- c:\windows\system32\wnaspi32.dll
2009-11-21 14:36 . 2009-11-21 14:36 -------- d-----w- d:\program files\Paragon Software
2009-11-18 20:19 . 2009-11-18 20:19 -------- d-----w- c:\documents and settings\Veronika\temp
2009-11-18 20:19 . 2009-11-18 20:19 1693656 ----a-w- d:\program files\TeamViewerQS.exe
2009-11-17 10:29 . 2009-11-17 10:29 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2009-11-15 20:05 . 2009-11-18 22:44 -------- d-----w- C:\$AVG8.VAULT$
2009-11-15 18:10 . 2009-11-17 10:22 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-15 18:10 . 2009-11-17 10:20 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-15 18:10 . 2009-11-17 10:21 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-15 18:10 . 2009-11-17 10:21 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-15 18:09 . 2009-12-05 11:00 -------- d-----w- c:\windows\system32\drivers\Avg
2009-11-15 18:04 . 2009-11-15 18:04 -------- d-----w- d:\program files\AVG
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-02 23:58 . 2009-02-06 14:48 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-12-01 17:02 . 2008-05-07 21:59 342640 ----a-w- c:\windows\system32\perfh005.dat
2009-12-01 17:02 . 2008-05-07 21:59 62992 ----a-w- c:\windows\system32\perfc005.dat
2009-11-22 13:35 . 2009-02-06 14:26 -------- d-----w- d:\program files\Java
2009-11-21 19:35 . 2009-02-06 14:26 -------- d-----w- d:\program files\lg_fwupdate
2009-11-17 14:44 . 2009-02-06 11:53 -------- d-----w- d:\program files\Eee Storage
2009-11-16 21:58 . 2009-02-06 11:47 -------- d-----w- d:\program files\CyberLink
2009-11-16 21:38 . 2009-06-02 18:39 -------- d-----w- d:\program files\Google
2009-11-13 17:16 . 2009-07-02 17:58 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-15 17:22 . 2009-02-06 14:27 -------- d-----w- d:\program files\Microsoft Works
2009-09-11 14:19 . 2008-05-07 21:57 136192 ----a-w- c:\windows\system32\msv1_0.dll
2008-12-25 19:26 . 2009-02-06 11:54 671 ----a-w- d:\program files\BS.Player FREE.lnk
2008-09-16 14:12 . 2009-02-06 11:46 33 ---ha-w- d:\program files\oemver.txt
2008-05-07 08:34 . 2009-02-06 11:46 15523560 ----a-w- d:\program files\U1 Setup.exe
2002-07-31 18:51 . 2009-02-13 18:46 108 --sh--w- c:\windows\WSYS049.SYS
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "d:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 10:58 1107200 ----a-w- d:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "d:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "d:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LGODDFU"="d:\program files\lg_fwupdate\fwupdate.exe blrun" [X]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusTray"="d:\program files\EeePC\ACPI\AsTray.exe" [2008-07-23 98304]
"AsusACPIServer"="d:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-07-23 479232]
"AsusEPCMonitor"="d:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-20 94208]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="d:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1629480]
"InCD"="d:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1057064]
"AVG8_TRAY"="d:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-30 2029336]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-02-06 136600]
"Malwarebytes Anti-Malware (reboot)"="d:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Veronika\Nabˇdka Start\Programy\Po spuçtŘnˇ\
StarOffice 8.lnk - d:\program files\Sun\StarOffice 8\program\quickstart.exe [2009-2-6 122880]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-17 10:22 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\program files\\AVG\\AVG8\\avgemc.exe"=
"d:\\program files\\AVG\\AVG8\\avgupd.exe"=
"d:\\program files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\program files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"85:TCP"= 85:TCP:*:Disabled:BroadWave Web Server
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-02-06 717296]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\DRIVERS\RT2860.sys [2008-03-28 625024]
S0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-01-17 38448]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-11-17 335240]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-11-17 108552]
S2 avg8emc;AVG8 E-mail Scanner;d:\progra~1\AVG\AVG8\avgemc.exe [2009-11-17 908056]
S2 avg8wd;AVG8 WatchDog;d:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-11-17 297752]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT1392740
uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global
IE: Odeslat do zařízení &Bluetooth... - d:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - d:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Veronika\Data aplikací\Mozilla\Firefox\Profiles\qyp03wfn.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/sear ... -web_us&p=
FF - plugin: c:\program files\Windows Media Player\npdrmv2.dll
FF - plugin: c:\program files\Windows Media Player\npdsplay.dll
FF - plugin: c:\program files\Windows Media Player\npwmsdrm.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npmusicn.dll
---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - (no file)
BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
Toolbar-{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-05 22:38
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2009-12-05 22:43
ComboFix-quarantined-files.txt 2009-12-05 21:43
ComboFix2.txt 2009-11-29 20:50
Před spuštěním: 546 607 104
Po spuštění: 530 132 992
- - End Of File - - D42CD2846687B8339A8375BB3EF6FB0F
ComboFix 09-12-05.01 - Veronika 05.12.2009 22:27.1.2 - x86
Spuštěný z: c:\documents and settings\Veronika\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-1454471165-1417001333-299502267-1003
c:\windows\system32\ieuinit.inf
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-05 do 2009-12-05 )))))))))))))))))))))))))))))))
.
2009-12-05 21:20 . 2009-12-05 21:19 390144 ----a-w- c:\windows\system32\CF10531.exe
2009-12-03 14:59 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 14:59 . 2009-12-03 15:00 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2009-12-03 14:59 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-02 23:58 . 2009-12-02 23:59 -------- d-----w- d:\program files\ECAP
2009-12-02 11:39 . 2009-12-02 11:39 -------- d-----w- d:\program files\DreamWorks Interactive
2009-12-02 00:16 . 2009-12-02 00:16 -------- d--h--w- c:\windows\$hf_mig$
2009-11-29 21:27 . 2009-11-29 21:27 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-29 21:05 . 2009-11-29 21:05 -------- d-----w- C:\rsit
2009-11-22 20:53 . 2009-11-22 20:53 -------- d-----w- d:\program files\TeamViewer
2009-11-22 20:51 . 2009-11-22 20:52 2282880 ----a-w- d:\program files\TeamViewer_Setup.exe
2009-11-22 13:09 . 2009-11-22 13:10 -------- d-----w- d:\program files\CCleaner
2009-11-22 13:08 . 2009-11-22 13:08 3310608 ----a-w- d:\program files\ccsetup225.exe
2009-11-22 12:11 . 2009-11-22 12:11 -------- d-----w- c:\windows\system32\NtmsData
2009-11-21 14:43 . 2008-01-17 18:30 32352 ----a-w- c:\windows\system32\drivers\UimBus.sys
2009-11-21 14:43 . 2008-01-17 18:30 131456 ----a-w- c:\windows\system32\drivers\Uim_IM.sys
2009-11-21 14:43 . 2008-01-17 18:30 11840 ----a-w- c:\windows\system32\drivers\UimFIO.sys
2009-11-21 14:43 . 2008-01-17 18:30 38448 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2009-11-21 14:43 . 2008-01-17 18:30 247824 ----a-w- c:\windows\system32\prgiso.dll
2009-11-21 14:43 . 2008-01-17 18:30 4245008 ----a-w- c:\windows\system32\qtp-mt334.dll
2009-11-21 14:43 . 2008-01-17 18:30 13840 ----a-w- c:\windows\system32\wnaspi32.dll
2009-11-21 14:36 . 2009-11-21 14:36 -------- d-----w- d:\program files\Paragon Software
2009-11-18 20:19 . 2009-11-18 20:19 -------- d-----w- c:\documents and settings\Veronika\temp
2009-11-18 20:19 . 2009-11-18 20:19 1693656 ----a-w- d:\program files\TeamViewerQS.exe
2009-11-17 10:29 . 2009-11-17 10:29 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2009-11-15 20:05 . 2009-11-18 22:44 -------- d-----w- C:\$AVG8.VAULT$
2009-11-15 18:10 . 2009-11-17 10:22 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-15 18:10 . 2009-11-17 10:20 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-15 18:10 . 2009-11-17 10:21 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-15 18:10 . 2009-11-17 10:21 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-15 18:09 . 2009-12-05 11:00 -------- d-----w- c:\windows\system32\drivers\Avg
2009-11-15 18:04 . 2009-11-15 18:04 -------- d-----w- d:\program files\AVG
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-02 23:58 . 2009-02-06 14:48 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-12-01 17:02 . 2008-05-07 21:59 342640 ----a-w- c:\windows\system32\perfh005.dat
2009-12-01 17:02 . 2008-05-07 21:59 62992 ----a-w- c:\windows\system32\perfc005.dat
2009-11-22 13:35 . 2009-02-06 14:26 -------- d-----w- d:\program files\Java
2009-11-21 19:35 . 2009-02-06 14:26 -------- d-----w- d:\program files\lg_fwupdate
2009-11-17 14:44 . 2009-02-06 11:53 -------- d-----w- d:\program files\Eee Storage
2009-11-16 21:58 . 2009-02-06 11:47 -------- d-----w- d:\program files\CyberLink
2009-11-16 21:38 . 2009-06-02 18:39 -------- d-----w- d:\program files\Google
2009-11-13 17:16 . 2009-07-02 17:58 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-15 17:22 . 2009-02-06 14:27 -------- d-----w- d:\program files\Microsoft Works
2009-09-11 14:19 . 2008-05-07 21:57 136192 ----a-w- c:\windows\system32\msv1_0.dll
2008-12-25 19:26 . 2009-02-06 11:54 671 ----a-w- d:\program files\BS.Player FREE.lnk
2008-09-16 14:12 . 2009-02-06 11:46 33 ---ha-w- d:\program files\oemver.txt
2008-05-07 08:34 . 2009-02-06 11:46 15523560 ----a-w- d:\program files\U1 Setup.exe
2002-07-31 18:51 . 2009-02-13 18:46 108 --sh--w- c:\windows\WSYS049.SYS
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "d:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 10:58 1107200 ----a-w- d:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "d:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "d:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LGODDFU"="d:\program files\lg_fwupdate\fwupdate.exe blrun" [X]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusTray"="d:\program files\EeePC\ACPI\AsTray.exe" [2008-07-23 98304]
"AsusACPIServer"="d:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-07-23 479232]
"AsusEPCMonitor"="d:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-20 94208]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="d:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1629480]
"InCD"="d:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1057064]
"AVG8_TRAY"="d:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-30 2029336]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-02-06 136600]
"Malwarebytes Anti-Malware (reboot)"="d:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Veronika\Nabˇdka Start\Programy\Po spuçtŘnˇ\
StarOffice 8.lnk - d:\program files\Sun\StarOffice 8\program\quickstart.exe [2009-2-6 122880]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-17 10:22 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\program files\\AVG\\AVG8\\avgemc.exe"=
"d:\\program files\\AVG\\AVG8\\avgupd.exe"=
"d:\\program files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\program files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"85:TCP"= 85:TCP:*:Disabled:BroadWave Web Server
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-02-06 717296]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\DRIVERS\RT2860.sys [2008-03-28 625024]
S0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-01-17 38448]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-11-17 335240]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-11-17 108552]
S2 avg8emc;AVG8 E-mail Scanner;d:\progra~1\AVG\AVG8\avgemc.exe [2009-11-17 908056]
S2 avg8wd;AVG8 WatchDog;d:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-11-17 297752]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT1392740
uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global
IE: Odeslat do zařízení &Bluetooth... - d:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - d:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Veronika\Data aplikací\Mozilla\Firefox\Profiles\qyp03wfn.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/sear ... -web_us&p=
FF - plugin: c:\program files\Windows Media Player\npdrmv2.dll
FF - plugin: c:\program files\Windows Media Player\npdsplay.dll
FF - plugin: c:\program files\Windows Media Player\npwmsdrm.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npmusicn.dll
---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - (no file)
BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
Toolbar-{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-05 22:38
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2009-12-05 22:43
ComboFix-quarantined-files.txt 2009-12-05 21:43
ComboFix2.txt 2009-11-29 20:50
Před spuštěním: 546 607 104
Po spuštění: 530 132 992
- - End Of File - - D42CD2846687B8339A8375BB3EF6FB0F
Re: Prosím o pomoc - vyskakující okna Vyřešeno
Skopiruj do poznamkoveho bloku:
Uloz ako fix.reg (typ vsetky subory) na plochu. Otvor dvojklikom -> OK.
A opis stav a spravanie PC. Uz je vsetko v poriadku?
Kód: Vybrat vše
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001Uloz ako fix.reg (typ vsetky subory) na plochu. Otvor dvojklikom -> OK.
A opis stav a spravanie PC. Uz je vsetko v poriadku?
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Re: Prosím o pomoc - vyskakující okna
Jo, děkuju mockrát, zatím se všechno tváří funkčně, ale u mého pc si člověk nemůže být ničím jistý. Kdyby něco, zase se ozvu. :-) Ještě jednou děkuju 
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 14 hostů