Prosím o kontrolu HJT logu. Díky moc.

[Mirďa]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:43, on 1.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\tcpIQ\Line Speed Meter\LineSpeedMeter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\xxx\Plocha\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKLM\..\Run: [Line Speed Meter] C:\Program Files\tcpIQ\Line Speed Meter\LineSpeedMeter.exe -minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Přidat do stávajícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 8126 bytes

[Reklama]

[zlobyl]

Log vypadá dobře.

Jen pár maličkostí na fixnutí:

Kód: Vybrat vše

O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)


[Mirďa]

Díky moc. Fixnul jsem to. Šlo by ještě něco udělat s logem z MWAV?
Zde je část výpisu:
Thu Nov 01 11:10:46 2007 => ***** Scanning Registry and File system for Adware/Spyware *****
Thu Nov 01 11:10:46 2007 => Loading Spyware Signatures from new External Database [Name: C:\DOCUME~1\xxx\LOCALS~1\Temp\spydb.avs, Size: 255868].
Thu Nov 01 11:10:46 2007 => Indexed Spyware Databases Successfully Created...

Thu Nov 01 11:10:48 2007 => Offending Key found: HKCU\Software\magnet !!!
Thu Nov 01 11:10:50 2007 => Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Nov 01 11:10:52 2007 => Offending Key found: HKCR\magnet !!!
Thu Nov 01 11:10:52 2007 => Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Nov 01 11:10:53 2007 => Offending file found: C:\WINDOWS\system32\swreg.exe
Thu Nov 01 11:10:53 2007 => System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (swreg.exe)! Action taken: No Action Taken.

Thu Nov 01 11:10:53 2007 => Offending file found: C:\WINDOWS\system32\swsc.exe
Thu Nov 01 11:10:53 2007 => System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (swsc.exe)! Action taken: No Action Taken.

Thu Nov 01 11:10:53 2007 => Offending Folder found: C:\Documents and Settings\xxx\Data aplikací\icq\bart\1024
Thu Nov 01 11:10:53 2007 => Object "smitfraud Browser Hijacker" found in File System! Action Taken: No Action Taken.

Thu Nov 01 11:10:54 2007 => Offending file found: C:\Documents and Settings\xxx\Oblíbené položky\obchodování v cizině\ebay.url
Thu Nov 01 11:10:54 2007 => System found infected with ezula Spyware/Adware (ebay.url)! Action taken: No Action Taken.

Thu Nov 01 11:10:54 2007 => Offending file found: C:\Documents and Settings\xxx\Oblíbené položky\počítače\antivirus test online.url
Thu Nov 01 11:10:54 2007 => System found infected with smitfraud Browser Hijacker (antivirus test online.url)! Action taken: No Action Taken.

Thu Nov 01 11:10:58 2007 => Offending file found: C:\Documents and Settings\xxx\Dokumenty\instalačky\grafika\finereader 8.0\program\image.dll
Thu Nov 01 11:10:58 2007 => System found infected with coolwwwsearch.smartsearch Browser Hijacker (image.dll)! Action taken: No Action Taken.

Thu Nov 01 11:11:02 2007 => Offending file found: C:\Documents and Settings\xxx\Dokumenty\instalačky\system\sync_toucan\app\toucan\help\secure.html
Thu Nov 01 11:11:02 2007 => System found infected with smitfraud Browser Hijacker (secure.html)! Action taken: No Action Taken.

Thu Nov 01 11:11:02 2007 => Offending file found: C:\Documents and Settings\xxx\Dokumenty\instalačky\system\sysinternals\sync.exe
Thu Nov 01 11:11:02 2007 => System found infected with whenu/clocksync Spyware/Adware (sync.exe)! Action taken: No Action Taken.

Thu Nov 01 11:11:02 2007 => Offending file found: C:\Documents and Settings\xxx\Dokumenty\instalačky\system\tuneup\tuneup\access.exe
Thu Nov 01 11:11:02 2007 => System found infected with egroup Spyware/Adware (access.exe)! Action taken: No Action Taken.

Thu Nov 01 11:11:03 2007 => Offending file found: C:\Documents and Settings\xxx\Dokumenty\instalačky\toolbar.exe
Thu Nov 01 11:11:03 2007 => System found infected with elite toolbar Spyware/Adware (toolbar.exe)! Action taken: No Action Taken.

Thu Nov 01 11:11:03 2007 => Offending file found: C:\Documents and Settings\xxx\Dokumenty\instalačky\vypalka\nero\nero\core\image.dll
Thu Nov 01 11:11:03 2007 => System found infected with coolwwwsearch.smartsearch Browser Hijacker (image.dll)! Action taken: No Action Taken.

Thu Nov 01 11:11:08 2007 => Offending file found: C:\Documents and Settings\xxx\Dokumenty\pepi\hry\dopewars.exe
Thu Nov 01 11:11:08 2007 => System found infected with dope wars Spyware/Adware (dopewars.exe)! Action taken: No Action Taken.

Thu Nov 01 11:11:24 2007 => Offending file found: C:\Documents and Settings\xxx\Dokumenty\pepi\hry\star wars chess\bf.dll
Thu Nov 01 11:11:24 2007 => System found infected with yuupsearch adware and variants Spyware/Adware (bf.dll)! Action taken: No Action Taken.

Thu Nov 01 11:11:24 2007 => Offending file found: C:\Documents and Settings\xxx\Dokumenty\pepi\hry\star wars chess\sp.dll
Thu Nov 01 11:11:24 2007 => System found infected with tinybar Spyware/Adware (sp.dll)! Action taken: No Action Taken.

Thu Nov 01 11:11:26 2007 => Offending file found: C:\Documents and Settings\xxx\Dokumenty\pepi\zzzzzzáloha pepa!!!!!!!!!!!!!!!!!!!\flešdisk 290907\pepek námořník\oblíbené\ebay.url
Thu Nov 01 11:11:26 2007 => System found infected with ezula Spyware/Adware (ebay.url)! Action taken: No Action Taken.

Thu Nov 01 11:11:26 2007 => Offending file found: C:\Documents and Settings\xxx\Dokumenty\pepi\zzzzzzáloha pepa!!!!!!!!!!!!!!!!!!!\flešdisk 290907\pepek námořník\oblíbené\počítače\antivirus test online.url
Thu Nov 01 11:11:26 2007 => System found infected with smitfraud Browser Hijacker (antivirus test online.url)! Action taken: No Action Taken.

Thu Nov 01 11:11:37 2007 => Offending file found: C:\Documents and Settings\xxx\Dokumenty\instalačky\grafika\finereader 8.0\program\image.dll
Thu Nov 01 11:11:37 2007 => System found infected with coolwwwsearch.smartsearch Browser Hijacker (image.dll)! Action taken: No Action Taken.

Thu Nov 01 11:11:37 2007 => Offending file found: C:\Documents and Settings\xxx\Dokumenty\instalačky\system\sync_toucan\app\toucan\help\secure.html
Thu Nov 01 11:11:37 2007 => System found infected with smitfraud Browser Hijacker (secure.html)! Action taken: No Action Taken.

Thu Nov 01 11:11:37 2007 => Offending file found: C:\Documents and Settings\xxx\Dokumenty\instalačky\system\sysinternals\sync.exe
Thu Nov 01 11:11:37 2007 => System found infected with whenu/clocksync Spyware/Adware (sync.exe)! Action taken: No Action Taken.

Thu Nov 01 11:11:37 2007 => Offending file found: C:\Documents and Settings\xxx\Dokumenty\instalačky\system\tuneup\tuneup\access.exe
Thu Nov 01 11:11:37 2007 => System found infected with egroup Spyware/Adware (access.exe)! Action taken: No Action Taken.

Thu Nov 01 11:11:37 2007 => Offending file found: C:\Documents and Settings\xxx\Dokumenty\instalačky\toolbar.exe
Thu Nov 01 11:11:37 2007 => System found infected with elite toolbar Spyware/Adware (toolbar.exe)! Action taken: No Action Taken.

Thu Nov 01 11:11:38 2007 => Offending file found: C:\Documents and Settings\xxx\Dokumenty\instalačky\vypalka\nero\nero\core\image.dll
Thu Nov 01 11:11:38 2007 => System found infected with coolwwwsearch.smartsearch Browser Hijacker (image.dll)! Action taken: No Action Taken.

Thu Nov 01 11:11:38 2007 => Offending file found: C:\Documents and Settings\xxx\Dokumenty\pepi\hry\dopewars.exe
Thu Nov 01 11:11:38 2007 => System found infected with dope wars Spyware/Adware (dopewars.exe)! Action taken: No Action Taken.

Thu Nov 01 11:11:39 2007 => Offending file found: C:\Documents and Settings\xxx\Dokumenty\pepi\hry\star wars chess\bf.dll
Thu Nov 01 11:11:39 2007 => System found infected with yuupsearch adware and variants Spyware/Adware (bf.dll)! Action taken: No Action Taken.

Thu Nov 01 11:11:39 2007 => Offending file found: C:\Documents and Settings\xxx\Dokumenty\pepi\hry\star wars chess\sp.dll
Thu Nov 01 11:11:39 2007 => System found infected with tinybar Spyware/Adware (sp.dll)! Action taken: No Action Taken.

Thu Nov 01 11:11:39 2007 => Offending file found: C:\Documents and Settings\xxx\Dokumenty\pepi\zzzzzzáloha pepa!!!!!!!!!!!!!!!!!!!\flešdisk 290907\pepek námořník\oblíbené\ebay.url
Thu Nov 01 11:11:39 2007 => System found infected with ezula Spyware/Adware (ebay.url)! Action taken: No Action Taken.

Thu Nov 01 11:11:39 2007 => Offending file found: C:\Documents and Settings\xxx\Dokumenty\pepi\zzzzzzáloha pepa!!!!!!!!!!!!!!!!!!!\flešdisk 290907\pepek námořník\oblíbené\počítače\antivirus test online.url
Thu Nov 01 11:11:39 2007 => System found infected with smitfraud Browser Hijacker (antivirus test online.url)! Action taken: No Action Taken.

Thu Nov 01 11:11:41 2007 => Offending file found: C:\WINDOWS\system32\unrar.dll
Thu Nov 01 11:11:41 2007 => System found infected with savenow Adware (C:\WINDOWS\system32\unrar.dll)! Action taken: No Action Taken.

Thu Nov 01 11:11:43 2007 => Checking MountPoints2 Registry Key...
Thu Nov 01 11:11:43 2007 => Executable Command Found in M\Shell\AutoRun\command: M:\CDautorun.exe
Thu Nov 01 11:11:43 2007 => Offending Key found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M !!!
Thu Nov 01 11:11:43 2007 => Object "Possible Fujacks-type Worm" found in File System! Action Taken: No Action Taken.

Thu Nov 01 11:11:43 2007 => Invalid Command Found in N\Shell\AutoRun\command: N:\Setup.exe
Thu Nov 01 11:11:43 2007 => Offending Key found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\N !!!
Thu Nov 01 11:11:43 2007 => Object "Possible Fujacks-type Worm" found in File System! Action Taken: No Action Taken.

Thu Nov 01 11:11:43 2007 => Invalid Command Found in {e0963d0c-6074-11dc-a738-00113b05c6e1}\Shell\Autoplay\DropTarget\AutoRun\command: G:\TrueCrypt\TrueCrypt.exe /q background /e /m rm /v "USB"
Thu Nov 01 11:11:43 2007 => Offending Key found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0963d0c-6074-11dc-a738-00113b05c6e1} !!!
Thu Nov 01 11:11:43 2007 => Object "Possible Fujacks-type Worm" found in File System! Action Taken: No Action Taken.


Thu Nov 01 11:14:49 2007 => Scan Completed.

[zlobyl]

Já nejsem v tomhle moc zkušený, ale mně se zdá být v pořádku.

Když už jseš v té údržbě, tak můžeš vyčistit systém pomocí programu Ccleaner.

[Baron Prášil]

nainstaluj antispyware
doporučuju Spyware Terminator nebo Spybot S&D

aktualizuj a proskenuj komp

[Mirďa]

Díky moc všem. Teď se mi to zdá už dobrý.