Zdravím,
Chytnul jsem Trojana nevím si s ním rady, rád bych vás požádal o pomoc. MWAW mi ukáže toto:
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "direct advertiser Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "direct advertiser Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "mirar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "savenow Adware" found in File System! Action Taken: No Action Taken.
Object "remacc.multiwebsurv Generic Malware" found in File System! Action Taken: No Action Taken.
Object "backdoor (ircbot) trojans Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Possible Fujacks-type Worm" found in File System! Action Taken: No Action Taken.
File H:\System Volume Information\_restore{A20E1286-AAC4-47A8-B856-0284C02EE2BF}\RP286\A0050940.exe tagged as "not-a-virus:AdTool.Win32.WhenU.a". Action Taken: No Action Taken.
File H:\Eliáš Martin\Data aplikací\Opera\Opera\profile\cache4\opr04XLQ.htm infected by "Trojan-Downloader.HTML.Agent.c" Virus! Action Taken: No Action Taken.
File H:\Staré soubory\Eliáš Martin\Data aplikací\Opera\Opera\profile\cache4\opr04XLQ.htm infected by "Trojan-Downloader.HTML.Agent.c" Virus! Action Taken: No Action Taken.
Entry "HKCR\ICQPhone.SipxPhoneManager" refers to invalid object "{82308D15-1A2C-416A-A5BE-21DAF85DDB75}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\NMUIEngine.NMUIResourceLoaderHarddisk" refers to invalid object "{03DC5606-EA66-4f02-AB52-2065524B03821}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\system32\DIMM.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Windows.Forms.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscoree.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.EnterpriseServices.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.JScript.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Drawing.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscoree.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorlib.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\Program Files\Opera\program\plugins\\NPSWF32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\system32\pxwma.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\system32\pxcpyi64.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\Program Files\Common Files\Real\GToolbar\BarControl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "H:\WINDOWS\system32\msxml3a.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "H:\Program Files\Opera\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "H:\Program Files\Opera\program\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "H:\Program Files\Opera\program\plugins\". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".3mpg". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".prc". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sfv". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sub". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".TMP". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "XTTB00001.XTTB00001Toolbar". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{01D2D18F-B421-4D45-9668-3BC302A91ACD}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{02BE569D-7BBD-4451-A955-C0CDFB0695F1}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{0CE2C834-9737-4330-8E46-6A257DBC7804}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{191BB17D-7BB4-43E9-8C98-7A981EF8AA43}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{2AFBAC85-8F32-4EDB-AF56-D68239DAFF7D}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{3A494A73-0731-48A6-B705-3965382F86D6}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{3D65BA49-E991-493F-B572-10A25FC4E11B}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{4031623D-AC43-4B41-A0DF-584797918684}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{52F34B4D-32E3-4065-9869-74F96B1AFA23}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{691E8ABA-4D04-4389-8738-692BF5E426C5}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{6EE34979-0355-44EB-8761-21D32B1CE4AB}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{72A8EF9E-B939-4098-A8DB-B6FE08075C20}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{750B9AD1-4C63-4143-94C5-6FB304199BAD}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{9F931B29-A990-47A8-AC1C-C3AA70A5BB5F}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B377E890-0EB2-40B1-ADDA-B8FFD2B835A9}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{C6F1E87D-F3E1-4874-97EC-F87DAB6D6878}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{CE80F122-71C4-48F4-9BFE-0A49BEF050A6}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{D79FC678-C0AE-41E0-89FA-0A603B4335B6}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{DD0CF6CB-ADBC-4062-B30C-D53B21A83AFB}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{F0EDE60D-BD69-4351-81BA-706E51179F7E}". Action Taken: No Action Taken.
File H:\System Volume Information\_restore{A20E1286-AAC4-47A8-B856-0284C02EE2BF}\RP286\A0050940.exe tagged as "not-a-virus:AdTool.Win32.WhenU.a". Action Taken: No Action Taken.
HiJack mi pak ukáže toto:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:39:02, on 7.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Windows Defender\MsMpEng.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
H:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
H:\PROGRA~1\Grisoft\AVG7\avgemc.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
H:\Program Files\Spyware Terminator\sp_rsser.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Analog Devices\Core\smax4pnp.exe
H:\Program Files\Analog Devices\SoundMAX\Smax4.exe
H:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\ICQLite\ICQLite.exe
H:\Program Files\Windows Defender\MSASCui.exe
H:\Program Files\Common Files\Real\Update_OB\realsched.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Program Files\QuickTime\qttask.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
H:\PROGRA~1\Grisoft\AVG7\avgcc.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
H:\Program Files\DAEMON Tools\daemon.exe
H:\Program Files\Skype\Phone\Skype.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\ISP Monitor\isp.exe
H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
H:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\Documents and Settings\Martin Eliáš\Plocha\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - H:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - H:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - H:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [SoundMAXPnP] H:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "H:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] H:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ICQ Lite] "H:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Windows Defender] "H:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "H:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "H:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [AVG7_CC] H:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "H:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ISPMonitor] H:\Program Files\ISP Monitor\isp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] H:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2446888218
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2448678593
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - H:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - H:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - H:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 8214 bytes
AVG mi nic nenajde, zkoušel jsem i starší verzi NODa, Spyware terminátor a Spybot S&D také proběhli, nic nenašli. Zkoušel jsem také CCleaner a nic. Počítač je pomalejší, zasekává se a nejdou mi zavřít okna otevřených programů či adresářů klasickým křížkem vpravo nahoře, musím na otevřené okno kliknout dole na liště a dát „zavřít“. V Opeře mi jde zavírat jen prvních 5 otevřených oken, další zavřít nejdou. Mám podezření, že jsem něco chytil právě přes Operu, odinstaloval jsem ji a smazal zbylé soubory, bohužel nic…
Prosím o pomoc, již si nevím rady.
P.S.: Dále mi mé Windows XP nejdou pustit v nouzovém módu…ani když je natvrdo restartuji…
Prosím o kontrolu výpisu MWAW a HiJack, mám trojana...
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
vidim tři antispy běžet naráz.to je docela slušná pecka pro systém 
takže si vyber ST nebo Spybot nebo WD a u ostatních vypni štít.
odinstaluj CrowlerToolbar
vypni obnovu systému
pravím na Tento počítač>vlastnosti>obnova systému a zaškrtni a ok a potvrdit
restartuj a zase si ji zapni.
vyčisti systém CCleanerem a RegCleanerem
takže si vyber ST nebo Spybot nebo WD a u ostatních vypni štít.
odinstaluj CrowlerToolbar
vypni obnovu systému
pravím na Tento počítač>vlastnosti>obnova systému a zaškrtni a ok a potvrdit
restartuj a zase si ji zapni.
vyčisti systém CCleanerem a RegCleanerem
mám problém s regCleanerem, nastavím ho automaticky, pak spustím nástroje a dám Spustit vše, vyběhne mi tabulka která ale píše:"Programy registrované v registru. Můžete odstranit všechny položky, o nichž víte, že je již nebudete potřebovat" a pod tím je seznam věcí v registru...
Projel jsem to tedy jen CClearem, ale MWAW mi opět ukazuje problémy...
děkuji za pomoc
Projel jsem to tedy jen CClearem, ale MWAW mi opět ukazuje problémy...
děkuji za pomoc
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
.............................. 
Omlouvám se,
Tedy PC chodí rychle, ale pořád mi nejdou zavřít otevřená okna křížkem či minimalizovat do traye podtržítkem na okně, nejdou též maximalizovat...
Vypnul jsem tedy obnovu systému, projel to CClearem, RegCleaner mi bohužel automaticky nepromazal, ale zde překládám, co mi nabídl za spuštěné věci v registru:
Autor Software
Neznámý C07ft5Y
Neznámý Sunbelt Software
Neznámý AC3filter
Neznámý Microworld
Ahead Nero Home
Analog device Smwdmif
Analog device IFSShare
Analog device Smax4
Analog device Smax4pnp
Apple Computer IPod
Apple Computer Quick time
Grisoft AVG7
Hewlett-úackard HP memoric Disk
Hewlett-Packard Digitallmaging
ISPMonitor Account
ISPmonitor Disk
ISPMonitor Graph
ISPMonitor Mail
ISPmonitor News
ISPMonitor Premium
ISPMonitor Smtp
ISPMonitor SpeedTest
ISPMonitor TrafficMonitor
ISPmonitor Warning
Local AppWizard-Generated-applications JMRaidTool
Mirabilis ICQ
Nullsoft Sinal
NVIDIA Corporation Global
Oak Technology Omsg
Oak Technology Afsinst
RealNetworks Rnadnim
Realtek REALTEK GbE & FE Eternit PCI-E NIC Driver
Skype phone
Sunbelt Software Personal Firewall
VB and VBA Program Settings CCleaner
WinRar Formats
Yttb00001 Toolbar
HiJack hlásí toto:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:11:13, on 8.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Windows Defender\MsMpEng.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
H:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
H:\PROGRA~1\Grisoft\AVG7\avgemc.exe
H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\WINDOWS\system32\nvsvc32.exe
H:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Program Files\Windows Defender\MSASCui.exe
H:\Program Files\QuickTime\qttask.exe
H:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\PROGRA~1\Grisoft\AVG7\avgcc.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
H:\Program Files\DAEMON Tools\daemon.exe
H:\Program Files\Skype\Phone\Skype.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\ISP Monitor\isp.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Documents and Settings\Martin Eliáš\Plocha\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - H:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [SoundMAXPnP] H:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "H:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] H:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "H:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] H:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "H:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ISPMonitor] H:\Program Files\ISP Monitor\isp.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] H:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2446888218
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2448678593
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - H:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
MWA hlásí pak toto:
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "direct advertiser Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "direct advertiser Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "mirar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "savenow Adware" found in File System! Action Taken: No Action Taken.
Object "regsort Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Object "remacc.multiwebsurv Generic Malware" found in File System! Action Taken: No Action Taken.
Object "Possible Fujacks-type Worm" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{01D2D18F-B421-4D45-9668-3BC302A91ACD}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{02BE569D-7BBD-4451-A955-C0CDFB0695F1}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{0CE2C834-9737-4330-8E46-6A257DBC7804}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{191BB17D-7BB4-43E9-8C98-7A981EF8AA43}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{2AFBAC85-8F32-4EDB-AF56-D68239DAFF7D}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{3A494A73-0731-48A6-B705-3965382F86D6}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{3D65BA49-E991-493F-B572-10A25FC4E11B}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{4031623D-AC43-4B41-A0DF-584797918684}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{52F34B4D-32E3-4065-9869-74F96B1AFA23}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{691E8ABA-4D04-4389-8738-692BF5E426C5}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{6EE34979-0355-44EB-8761-21D32B1CE4AB}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{72A8EF9E-B939-4098-A8DB-B6FE08075C20}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{9F931B29-A990-47A8-AC1C-C3AA70A5BB5F}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B377E890-0EB2-40B1-ADDA-B8FFD2B835A9}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{C6F1E87D-F3E1-4874-97EC-F87DAB6D6878}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{CE80F122-71C4-48F4-9BFE-0A49BEF050A6}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{D79FC678-C0AE-41E0-89FA-0A603B4335B6}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{DD0CF6CB-ADBC-4062-B30C-D53B21A83AFB}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{F0EDE60D-BD69-4351-81BA-706E51179F7E}". Action Taken: No Action Taken.
Místo 10 kritických objektů to našlo objektů 8…takže pokrok k lepšímu
Díky za pomoc!
Tedy PC chodí rychle, ale pořád mi nejdou zavřít otevřená okna křížkem či minimalizovat do traye podtržítkem na okně, nejdou též maximalizovat...
Vypnul jsem tedy obnovu systému, projel to CClearem, RegCleaner mi bohužel automaticky nepromazal, ale zde překládám, co mi nabídl za spuštěné věci v registru:
Autor Software
Neznámý C07ft5Y
Neznámý Sunbelt Software
Neznámý AC3filter
Neznámý Microworld
Ahead Nero Home
Analog device Smwdmif
Analog device IFSShare
Analog device Smax4
Analog device Smax4pnp
Apple Computer IPod
Apple Computer Quick time
Grisoft AVG7
Hewlett-úackard HP memoric Disk
Hewlett-Packard Digitallmaging
ISPMonitor Account
ISPmonitor Disk
ISPMonitor Graph
ISPMonitor Mail
ISPmonitor News
ISPMonitor Premium
ISPMonitor Smtp
ISPMonitor SpeedTest
ISPMonitor TrafficMonitor
ISPmonitor Warning
Local AppWizard-Generated-applications JMRaidTool
Mirabilis ICQ
Nullsoft Sinal
NVIDIA Corporation Global
Oak Technology Omsg
Oak Technology Afsinst
RealNetworks Rnadnim
Realtek REALTEK GbE & FE Eternit PCI-E NIC Driver
Skype phone
Sunbelt Software Personal Firewall
VB and VBA Program Settings CCleaner
WinRar Formats
Yttb00001 Toolbar
HiJack hlásí toto:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:11:13, on 8.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Windows Defender\MsMpEng.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
H:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
H:\PROGRA~1\Grisoft\AVG7\avgemc.exe
H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\WINDOWS\system32\nvsvc32.exe
H:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Program Files\Windows Defender\MSASCui.exe
H:\Program Files\QuickTime\qttask.exe
H:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\PROGRA~1\Grisoft\AVG7\avgcc.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
H:\Program Files\DAEMON Tools\daemon.exe
H:\Program Files\Skype\Phone\Skype.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\ISP Monitor\isp.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Documents and Settings\Martin Eliáš\Plocha\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - H:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [SoundMAXPnP] H:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "H:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] H:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "H:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] H:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "H:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ISPMonitor] H:\Program Files\ISP Monitor\isp.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] H:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2446888218
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2448678593
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - H:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
MWA hlásí pak toto:
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "direct advertiser Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "direct advertiser Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "mirar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "savenow Adware" found in File System! Action Taken: No Action Taken.
Object "regsort Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Object "remacc.multiwebsurv Generic Malware" found in File System! Action Taken: No Action Taken.
Object "Possible Fujacks-type Worm" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{01D2D18F-B421-4D45-9668-3BC302A91ACD}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{02BE569D-7BBD-4451-A955-C0CDFB0695F1}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{0CE2C834-9737-4330-8E46-6A257DBC7804}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{191BB17D-7BB4-43E9-8C98-7A981EF8AA43}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{2AFBAC85-8F32-4EDB-AF56-D68239DAFF7D}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{3A494A73-0731-48A6-B705-3965382F86D6}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{3D65BA49-E991-493F-B572-10A25FC4E11B}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{4031623D-AC43-4B41-A0DF-584797918684}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{52F34B4D-32E3-4065-9869-74F96B1AFA23}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{691E8ABA-4D04-4389-8738-692BF5E426C5}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{6EE34979-0355-44EB-8761-21D32B1CE4AB}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{72A8EF9E-B939-4098-A8DB-B6FE08075C20}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{9F931B29-A990-47A8-AC1C-C3AA70A5BB5F}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B377E890-0EB2-40B1-ADDA-B8FFD2B835A9}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{C6F1E87D-F3E1-4874-97EC-F87DAB6D6878}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{CE80F122-71C4-48F4-9BFE-0A49BEF050A6}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{D79FC678-C0AE-41E0-89FA-0A603B4335B6}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{DD0CF6CB-ADBC-4062-B30C-D53B21A83AFB}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{F0EDE60D-BD69-4351-81BA-706E51179F7E}". Action Taken: No Action Taken.
Místo 10 kritických objektů to našlo objektů 8…takže pokrok k lepšímu
Díky za pomoc!
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
logy sou v pořádku.
nu,přijde někdy čas v životě kompjůtru,kdy je třeba použít Combofix
tvému kompu ta šťastná chvíle nastala dnes
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
nu,přijde někdy čas v životě kompjůtru,kdy je třeba použít Combofix
tvému kompu ta šťastná chvíle nastala dnes
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Tak změna, udělal jsem scan systému programem Super AntiSpyware Professional a smazal jsem nějaké věci, které to našlo, nyní vše běhá ok, alespoň mi to přijde, problém je v tom, že MWAW opět hlásí 10 chyb, přikládám výpis z něj a HiJack a také zmiňovaný ComboFix (v průběhu ComboFix běželo AVG a Kerio - nevěděl jsem, zda to vypnout):
MWAW:
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "direct advertiser Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "smitfraud Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "direct advertiser Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "mirar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "savenow Adware" found in File System! Action Taken: No Action Taken.
Object "regsort Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Object "remacc.multiwebsurv Generic Malware" found in File System! Action Taken: No Action Taken.
Object "Possible Fujacks-type Worm" found in File System! Action Taken: No Action Taken.
Entry "HKCR\Icq.XtraApi" refers to invalid object "{95E8BB28-911A-45CE-9AE8-EC05FA106D2F}". Action Taken: No Action Taken.
Entry "HKCR\MISB.DhtmlPluginWrapper" refers to invalid object "{8D18DFF4-0943-4347-8BCA-0C57033F6820}". Action Taken: No Action Taken.
Entry "HKCR\MXtra.DhtmlWrapper" refers to invalid object "{8D18DFF4-0943-4347-8BCA-0C57033F6820}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{01D2D18F-B421-4D45-9668-3BC302A91ACD}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{02BE569D-7BBD-4451-A955-C0CDFB0695F1}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{0CE2C834-9737-4330-8E46-6A257DBC7804}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{191BB17D-7BB4-43E9-8C98-7A981EF8AA43}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{2AFBAC85-8F32-4EDB-AF56-D68239DAFF7D}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{3A494A73-0731-48A6-B705-3965382F86D6}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{3D65BA49-E991-493F-B572-10A25FC4E11B}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{4031623D-AC43-4B41-A0DF-584797918684}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{52F34B4D-32E3-4065-9869-74F96B1AFA23}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{691E8ABA-4D04-4389-8738-692BF5E426C5}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{6EE34979-0355-44EB-8761-21D32B1CE4AB}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{72A8EF9E-B939-4098-A8DB-B6FE08075C20}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{9F931B29-A990-47A8-AC1C-C3AA70A5BB5F}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B377E890-0EB2-40B1-ADDA-B8FFD2B835A9}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{C6F1E87D-F3E1-4874-97EC-F87DAB6D6878}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{CE80F122-71C4-48F4-9BFE-0A49BEF050A6}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{D79FC678-C0AE-41E0-89FA-0A603B4335B6}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{DD0CF6CB-ADBC-4062-B30C-D53B21A83AFB}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{F0EDE60D-BD69-4351-81BA-706E51179F7E}". Action Taken: No Action Taken.
Hi Jack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:34, on 9.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Windows Defender\MsMpEng.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
H:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
H:\PROGRA~1\Grisoft\AVG7\avgemc.exe
H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\WINDOWS\system32\nvsvc32.exe
H:\Program Files\Windows Defender\MSASCui.exe
H:\Program Files\QuickTime\qttask.exe
H:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\PROGRA~1\Grisoft\AVG7\avgcc.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
H:\Program Files\DAEMON Tools\daemon.exe
H:\Program Files\Skype\Phone\Skype.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\ICQ6\ICQ.exe
H:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\WINDOWS\system32\msiexec.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
H:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
H:\Documents and Settings\Martin Eliáš\Plocha\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - H:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [SoundMAXPnP] H:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "H:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] H:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "H:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] H:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "H:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ICQ] "H:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] H:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2446888218
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2448678593
O20 - Winlogon Notify: !SASWinLogon - H:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QHMJF - Sysinternals - http://www.sysinternals.com - H:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\QHMJF.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - H:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
--
End of file - 6981 bytes
COMBO FIX:
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.445 [GMT 1:00]
Running from: H:\Documents and Settings\Martin Eliáš\Plocha\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
H:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
H:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
H:\WINDOWS\regedit.com
H:\WINDOWS\system32\taskmgr.com
----- BITS: Possible infected sites -----
hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 )))))))))))))))))))))))))))))))
.
2008-02-08 21:35 . 2008-02-08 21:35 <DIR> d-------- H:\Program Files\Opera
2008-02-08 20:59 . 2008-02-08 20:59 <DIR> d-------- H:\Program Files\Common Files\Wise Installation Wizard
2008-02-08 19:59 . 2008-02-08 21:35 <DIR> d-------- H:\Program Files\SUPERAntiSpyware
2008-02-08 19:59 . 2008-02-08 20:59 <DIR> d-------- H:\Documents and Settings\Martin Eliáš\Data aplikací\SUPERAntiSpyware.com
2008-02-08 19:59 . 2008-02-08 19:59 <DIR> d-------- H:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2008-02-08 18:27 . 2008-02-08 18:29 <DIR> d-------- H:\Program Files\ICQ6
2008-02-08 18:27 . 2008-02-08 18:29 <DIR> d-------- H:\Documents and Settings\Martin Eliáš\Data aplikací\ICQ
2008-02-08 18:26 . 2008-02-08 18:26 <DIR> d-------- H:\Documents and Settings\Martin Eliáš\Data aplikací\InstallShield
2008-02-07 21:05 . 2008-02-07 21:10 <DIR> d-------- H:\Program Files\RegCleaner
2008-02-07 17:24 . 2008-02-07 17:24 <DIR> d-------- H:\Documents and Settings\Martin Eliáš\Data aplikací\Lavasoft
2008-02-06 21:43 . 2008-02-06 21:43 <DIR> d-------- H:\Program Files\CCleaner
2008-02-06 21:06 . 2008-02-09 09:32 <DIR> d-------- H:\Documents and Settings\Martin Eliáš\Data aplikací\AVG7
2008-02-06 21:06 . 2008-02-06 21:06 <DIR> d-------- H:\Documents and Settings\LocalService\Data aplikací\AVG7
2008-02-06 21:06 . 2008-02-06 21:06 <DIR> d-------- H:\Documents and Settings\LocalService\Data aplikací\AVG7
2008-02-06 21:06 . 2008-02-06 21:06 <DIR> d-------- H:\Documents and Settings\LocalService\Data aplikací\AVG7
2008-02-06 21:06 . 2008-02-06 21:06 <DIR> d-------- H:\Documents and Settings\All Users\Data aplikací\Grisoft
2008-02-06 21:06 . 2008-02-07 17:26 <DIR> d-------- H:\Documents and Settings\All Users\Data aplikací\avg7
2008-02-06 20:08 . 2008-02-06 20:08 <DIR> d-a------ H:\WINDOWS\zts2.exe
2008-02-06 20:08 . 2008-02-06 20:08 <DIR> d-a------ H:\WINDOWS\system32\vcmgcd32.dll
2008-02-06 20:08 . 2008-02-06 20:08 <DIR> d-a------ H:\WINDOWS\system32\iifgfgf.dll
2008-02-06 20:08 . 2008-02-06 20:08 <DIR> d-a------ H:\WINDOWS\rundll16.exe
2008-02-06 20:08 . 2008-02-06 20:08 <DIR> d-a------ H:\WINDOWS\rundl132.dll
2008-02-06 20:08 . 2008-02-06 20:08 <DIR> d-a------ H:\WINDOWS\logo1_.exe
2008-02-06 20:06 . 2004-08-17 16:49 147,968 --a------ H:\WINDOWS\R.COM
2008-02-06 20:06 . 2004-08-17 16:49 137,216 --a------ H:\WINDOWS\system32\T.COM
2008-02-06 20:06 . 2008-02-09 10:47 26 --a------ H:\WINDOWS\Lic.xxx
2008-02-06 19:51 . 2008-02-07 18:41 <DIR> d-------- H:\Program Files\Crawler
2008-02-06 16:21 . 2008-02-07 17:24 <DIR> d-------- H:\Program Files\Lavasoft
2008-02-06 15:36 . 2008-02-07 20:56 <DIR> d-------- H:\Program Files\Spybot - Search & Destroy
2008-02-06 15:36 . 2008-02-07 20:54 <DIR> d-------- H:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-01-18 21:06 . 2008-01-18 21:13 256 --a------ H:\WINDOWS\system32\drivers\fwdrv.err
2008-01-09 22:50 . 2008-01-09 22:50 <DIR> d-------- H:\WINDOWS\PIF
2008-01-09 15:11 . 2008-01-09 15:11 <DIR> d-------- H:\Program Files\Sunbelt Software
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-08 21:34 --------- d-----w H:\Program Files\ICQToolbar
2008-02-08 17:29 --------- d--h--w H:\Program Files\InstallShield Installation Information
2008-02-07 20:41 82,380 ----a-w H:\WINDOWS\system32\drivers\AFS2K.SYS
2008-02-07 17:01 --------- d-----w H:\Program Files\ESET
2008-02-06 18:57 --------- d-----w H:\Program Files\DAEMON Tools
2008-02-06 15:39 --------- d-----w H:\Documents and Settings\Martin Eliáš\Data aplikací\Skype
2008-01-30 18:19 737,280 ----a-w H:\WINDOWS\iun6002.exe
2008-01-15 18:12 1,392,671 ----a-w H:\WINDOWS\system32\msvbvm60.dll
2008-01-06 15:34 --------- d-----w H:\Program Files\Common Files\InstallShield
2007-05-12 12:31 164 ---ha-w H:\Documents and Settings\All Users\hpothb07.dat
2007-05-12 12:30 337 ---ha-w H:\Documents and Settings\Martin Eliáš\hpothb07.dat
2007-05-12 12:30 337 ---ha-w H:\Documents and Settings\Martin Eliáš\hpothb07.dat
2006-06-23 06:48 32,768 ----a-r H:\WINDOWS\inf\UpdateUSB.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="H:\WINDOWS\system32\ctfmon.exe" [2004-08-17 16:49 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="H:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-11-24 15:38 94208]
"DAEMON Tools"="H:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"Skype"="H:\Program Files\Skype\Phone\Skype.exe" [2006-07-21 13:06 20036648]
"MSMSGS"="H:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"ICQ"="H:\Program Files\ICQ6\ICQ.exe" [2007-12-19 15:48 172280]
"SUPERAntiSpyware"="H:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="H:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 11:07 843776]
"SoundMAX"="H:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19 729088]
"JMB36X Configure"="H:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 09:45 385024]
"NvCplDaemon"="H:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 H:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="H:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"NeroFilterCheck"="H:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"Windows Defender"="H:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"TkBellExe"="realsched.exe" []
"QuickTime Task"="H:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58 282624]
"iTunesHelper"="H:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576]
"AVG7_CC"="H:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-06 21:06 579072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="H:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 16:49 15360]
"DWQueuedReporting"="H:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]
"AVG7_Run"="H:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-06 21:06 219136]
H:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
hp psc 2000 Series.lnk - H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-05 23:37:10 323646]
hpoddt01.exe.lnk - H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58 28672]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= H:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
H:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 H:\Program Files\SUPERAntiSpyware\SASWINLO.dll
R1 fwdrv;Firewall Driver;H:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;H:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 SPF4;Sunbelt Personal Firewall 4;"H:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
R3 PSched;Plánovač paketů technologie QoS;H:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 00:04]
S3 BTNetFilter;Bluetooth Network Filter;H:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 15:32]
S3 QHMJF;QHMJF;H:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\QHMJF.exe [2008-02-08 19:06]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55081fb0-c521-11db-8b08-806d6172696f}]
\Shell\AutoRun\command - G:\ASUSACPI.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-01-25 08:15:03 H:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- H:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-29 11:56:15 H:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1190371602.job"
- H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2008-02-09 08:35:44 H:\WINDOWS\Tasks\MP Scheduled Scan.job"
- H:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-09 11:20:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-09 11:21:31
ComboFix-quarantined-files.txt 2008-02-09 10:21:26
Otázka: To používání BomboFixu už asi není žádná sranda co?:-)
Díky MOC za pomoc
MWAW:
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "direct advertiser Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "smitfraud Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "direct advertiser Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "mirar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "savenow Adware" found in File System! Action Taken: No Action Taken.
Object "regsort Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Object "remacc.multiwebsurv Generic Malware" found in File System! Action Taken: No Action Taken.
Object "Possible Fujacks-type Worm" found in File System! Action Taken: No Action Taken.
Entry "HKCR\Icq.XtraApi" refers to invalid object "{95E8BB28-911A-45CE-9AE8-EC05FA106D2F}". Action Taken: No Action Taken.
Entry "HKCR\MISB.DhtmlPluginWrapper" refers to invalid object "{8D18DFF4-0943-4347-8BCA-0C57033F6820}". Action Taken: No Action Taken.
Entry "HKCR\MXtra.DhtmlWrapper" refers to invalid object "{8D18DFF4-0943-4347-8BCA-0C57033F6820}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{01D2D18F-B421-4D45-9668-3BC302A91ACD}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{02BE569D-7BBD-4451-A955-C0CDFB0695F1}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{0CE2C834-9737-4330-8E46-6A257DBC7804}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{191BB17D-7BB4-43E9-8C98-7A981EF8AA43}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{2AFBAC85-8F32-4EDB-AF56-D68239DAFF7D}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{3A494A73-0731-48A6-B705-3965382F86D6}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{3D65BA49-E991-493F-B572-10A25FC4E11B}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{4031623D-AC43-4B41-A0DF-584797918684}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{52F34B4D-32E3-4065-9869-74F96B1AFA23}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{691E8ABA-4D04-4389-8738-692BF5E426C5}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{6EE34979-0355-44EB-8761-21D32B1CE4AB}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{72A8EF9E-B939-4098-A8DB-B6FE08075C20}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{9F931B29-A990-47A8-AC1C-C3AA70A5BB5F}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B377E890-0EB2-40B1-ADDA-B8FFD2B835A9}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{C6F1E87D-F3E1-4874-97EC-F87DAB6D6878}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{CE80F122-71C4-48F4-9BFE-0A49BEF050A6}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{D79FC678-C0AE-41E0-89FA-0A603B4335B6}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{DD0CF6CB-ADBC-4062-B30C-D53B21A83AFB}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{F0EDE60D-BD69-4351-81BA-706E51179F7E}". Action Taken: No Action Taken.
Hi Jack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:34, on 9.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Windows Defender\MsMpEng.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
H:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
H:\PROGRA~1\Grisoft\AVG7\avgemc.exe
H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\WINDOWS\system32\nvsvc32.exe
H:\Program Files\Windows Defender\MSASCui.exe
H:\Program Files\QuickTime\qttask.exe
H:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\PROGRA~1\Grisoft\AVG7\avgcc.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
H:\Program Files\DAEMON Tools\daemon.exe
H:\Program Files\Skype\Phone\Skype.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\ICQ6\ICQ.exe
H:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\WINDOWS\system32\msiexec.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
H:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
H:\Documents and Settings\Martin Eliáš\Plocha\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - H:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [SoundMAXPnP] H:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "H:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] H:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "H:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] H:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "H:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ICQ] "H:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] H:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2446888218
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2448678593
O20 - Winlogon Notify: !SASWinLogon - H:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QHMJF - Sysinternals - http://www.sysinternals.com - H:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\QHMJF.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - H:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
--
End of file - 6981 bytes
COMBO FIX:
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.445 [GMT 1:00]
Running from: H:\Documents and Settings\Martin Eliáš\Plocha\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
H:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
H:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
H:\WINDOWS\regedit.com
H:\WINDOWS\system32\taskmgr.com
----- BITS: Possible infected sites -----
hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 )))))))))))))))))))))))))))))))
.
2008-02-08 21:35 . 2008-02-08 21:35 <DIR> d-------- H:\Program Files\Opera
2008-02-08 20:59 . 2008-02-08 20:59 <DIR> d-------- H:\Program Files\Common Files\Wise Installation Wizard
2008-02-08 19:59 . 2008-02-08 21:35 <DIR> d-------- H:\Program Files\SUPERAntiSpyware
2008-02-08 19:59 . 2008-02-08 20:59 <DIR> d-------- H:\Documents and Settings\Martin Eliáš\Data aplikací\SUPERAntiSpyware.com
2008-02-08 19:59 . 2008-02-08 19:59 <DIR> d-------- H:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2008-02-08 18:27 . 2008-02-08 18:29 <DIR> d-------- H:\Program Files\ICQ6
2008-02-08 18:27 . 2008-02-08 18:29 <DIR> d-------- H:\Documents and Settings\Martin Eliáš\Data aplikací\ICQ
2008-02-08 18:26 . 2008-02-08 18:26 <DIR> d-------- H:\Documents and Settings\Martin Eliáš\Data aplikací\InstallShield
2008-02-07 21:05 . 2008-02-07 21:10 <DIR> d-------- H:\Program Files\RegCleaner
2008-02-07 17:24 . 2008-02-07 17:24 <DIR> d-------- H:\Documents and Settings\Martin Eliáš\Data aplikací\Lavasoft
2008-02-06 21:43 . 2008-02-06 21:43 <DIR> d-------- H:\Program Files\CCleaner
2008-02-06 21:06 . 2008-02-09 09:32 <DIR> d-------- H:\Documents and Settings\Martin Eliáš\Data aplikací\AVG7
2008-02-06 21:06 . 2008-02-06 21:06 <DIR> d-------- H:\Documents and Settings\LocalService\Data aplikací\AVG7
2008-02-06 21:06 . 2008-02-06 21:06 <DIR> d-------- H:\Documents and Settings\LocalService\Data aplikací\AVG7
2008-02-06 21:06 . 2008-02-06 21:06 <DIR> d-------- H:\Documents and Settings\LocalService\Data aplikací\AVG7
2008-02-06 21:06 . 2008-02-06 21:06 <DIR> d-------- H:\Documents and Settings\All Users\Data aplikací\Grisoft
2008-02-06 21:06 . 2008-02-07 17:26 <DIR> d-------- H:\Documents and Settings\All Users\Data aplikací\avg7
2008-02-06 20:08 . 2008-02-06 20:08 <DIR> d-a------ H:\WINDOWS\zts2.exe
2008-02-06 20:08 . 2008-02-06 20:08 <DIR> d-a------ H:\WINDOWS\system32\vcmgcd32.dll
2008-02-06 20:08 . 2008-02-06 20:08 <DIR> d-a------ H:\WINDOWS\system32\iifgfgf.dll
2008-02-06 20:08 . 2008-02-06 20:08 <DIR> d-a------ H:\WINDOWS\rundll16.exe
2008-02-06 20:08 . 2008-02-06 20:08 <DIR> d-a------ H:\WINDOWS\rundl132.dll
2008-02-06 20:08 . 2008-02-06 20:08 <DIR> d-a------ H:\WINDOWS\logo1_.exe
2008-02-06 20:06 . 2004-08-17 16:49 147,968 --a------ H:\WINDOWS\R.COM
2008-02-06 20:06 . 2004-08-17 16:49 137,216 --a------ H:\WINDOWS\system32\T.COM
2008-02-06 20:06 . 2008-02-09 10:47 26 --a------ H:\WINDOWS\Lic.xxx
2008-02-06 19:51 . 2008-02-07 18:41 <DIR> d-------- H:\Program Files\Crawler
2008-02-06 16:21 . 2008-02-07 17:24 <DIR> d-------- H:\Program Files\Lavasoft
2008-02-06 15:36 . 2008-02-07 20:56 <DIR> d-------- H:\Program Files\Spybot - Search & Destroy
2008-02-06 15:36 . 2008-02-07 20:54 <DIR> d-------- H:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-01-18 21:06 . 2008-01-18 21:13 256 --a------ H:\WINDOWS\system32\drivers\fwdrv.err
2008-01-09 22:50 . 2008-01-09 22:50 <DIR> d-------- H:\WINDOWS\PIF
2008-01-09 15:11 . 2008-01-09 15:11 <DIR> d-------- H:\Program Files\Sunbelt Software
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-08 21:34 --------- d-----w H:\Program Files\ICQToolbar
2008-02-08 17:29 --------- d--h--w H:\Program Files\InstallShield Installation Information
2008-02-07 20:41 82,380 ----a-w H:\WINDOWS\system32\drivers\AFS2K.SYS
2008-02-07 17:01 --------- d-----w H:\Program Files\ESET
2008-02-06 18:57 --------- d-----w H:\Program Files\DAEMON Tools
2008-02-06 15:39 --------- d-----w H:\Documents and Settings\Martin Eliáš\Data aplikací\Skype
2008-01-30 18:19 737,280 ----a-w H:\WINDOWS\iun6002.exe
2008-01-15 18:12 1,392,671 ----a-w H:\WINDOWS\system32\msvbvm60.dll
2008-01-06 15:34 --------- d-----w H:\Program Files\Common Files\InstallShield
2007-05-12 12:31 164 ---ha-w H:\Documents and Settings\All Users\hpothb07.dat
2007-05-12 12:30 337 ---ha-w H:\Documents and Settings\Martin Eliáš\hpothb07.dat
2007-05-12 12:30 337 ---ha-w H:\Documents and Settings\Martin Eliáš\hpothb07.dat
2006-06-23 06:48 32,768 ----a-r H:\WINDOWS\inf\UpdateUSB.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="H:\WINDOWS\system32\ctfmon.exe" [2004-08-17 16:49 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="H:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-11-24 15:38 94208]
"DAEMON Tools"="H:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"Skype"="H:\Program Files\Skype\Phone\Skype.exe" [2006-07-21 13:06 20036648]
"MSMSGS"="H:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"ICQ"="H:\Program Files\ICQ6\ICQ.exe" [2007-12-19 15:48 172280]
"SUPERAntiSpyware"="H:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="H:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 11:07 843776]
"SoundMAX"="H:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19 729088]
"JMB36X Configure"="H:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 09:45 385024]
"NvCplDaemon"="H:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 H:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="H:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"NeroFilterCheck"="H:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"Windows Defender"="H:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"TkBellExe"="realsched.exe" []
"QuickTime Task"="H:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58 282624]
"iTunesHelper"="H:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576]
"AVG7_CC"="H:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-06 21:06 579072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="H:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 16:49 15360]
"DWQueuedReporting"="H:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]
"AVG7_Run"="H:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-06 21:06 219136]
H:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
hp psc 2000 Series.lnk - H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-05 23:37:10 323646]
hpoddt01.exe.lnk - H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58 28672]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= H:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
H:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 H:\Program Files\SUPERAntiSpyware\SASWINLO.dll
R1 fwdrv;Firewall Driver;H:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;H:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 SPF4;Sunbelt Personal Firewall 4;"H:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
R3 PSched;Plánovač paketů technologie QoS;H:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 00:04]
S3 BTNetFilter;Bluetooth Network Filter;H:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 15:32]
S3 QHMJF;QHMJF;H:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\QHMJF.exe [2008-02-08 19:06]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55081fb0-c521-11db-8b08-806d6172696f}]
\Shell\AutoRun\command - G:\ASUSACPI.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-01-25 08:15:03 H:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- H:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-29 11:56:15 H:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1190371602.job"
- H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2008-02-09 08:35:44 H:\WINDOWS\Tasks\MP Scheduled Scan.job"
- H:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-09 11:20:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-09 11:21:31
ComboFix-quarantined-files.txt 2008-02-09 10:21:26
Otázka: To používání BomboFixu už asi není žádná sranda co?:-)
Díky MOC za pomoc
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
človíčku,já tam nikde nic k zamordování nevidím.
používáš nějakou utilitku na systém
O23 - Service: QHMJF - Sysinternals - http://www.sysinternals.com - H:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\QHMJF.exe
nezpůsobil jsi si to nějakým zásahem do registru?
vytvořil si si zálohu,pokud jsi jí použil?
používáš nějakou utilitku na systém
O23 - Service: QHMJF - Sysinternals - http://www.sysinternals.com - H:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\QHMJF.exe
nezpůsobil jsi si to nějakým zásahem do registru?
vytvořil si si zálohu,pokud jsi jí použil?
Já jsem se hrabal v tom regCleaneru, jak mi nešel, tak jsem tam něco smazal, pak jsem ale registr obnovil ze zálohy CCleaneru, protože v RegCleaneru jsem se nevyznal. Faktem je, že mi poté odešla tiskárna, kterou se chystám přeinstalovat, až vyřeším trojany.
Mám s tím řádkem něco dělat tedy? A proč mi MWAW najde problémy, když tam k zamordování nic není?
sorry za spoustu problémů a díky za čas který mi věnuješ...jinak mi PC běhá bez problémů, takže jestli tam nic nevidíš, tak je po problému, akorát mě znervózňuje to MWAW že nechází chyby...
Mám s tím řádkem něco dělat tedy? A proč mi MWAW najde problémy, když tam k zamordování nic není?
sorry za spoustu problémů a díky za čas který mi věnuješ...jinak mi PC běhá bez problémů, takže jestli tam nic nevidíš, tak je po problému, akorát mě znervózňuje to MWAW že nechází chyby...
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 3 hosti