Logfile of HijackThis v1.99.1
Scan saved at 9:27:37, on 5.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\Zuzka\LOCALS~1\Temp\_tc0\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.divoch.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
F3 - REG:win.ini: run=C:\WINDOWS\inet20002\services.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\logm3dim.exe,C:\WINDOWS\system32\cmdletup.exe,C:\WINDOWS\system32\certoenr.exe,C:\WINDOWS\system32\skeypsec.exe,C:\WINDOWS\system32\cmdlonui.exe,C:\WINDOWS\system32\blacdfi1.exe,C:\Documents and Settings\Zuzka\Data aplikací\Explorer\blacdfi1.exe,C:\Documents and Settings\Zuzka\Data aplikací\Explorer\logm3dim.exe,C:\Documents and Settings\Zuzka\Data aplikací\Explorer\cmdlonui.exe,C:\WINDOWS\system32\kbddvr32.exe,C:\Documents and Settings\Zuzka\Data aplikací\Explorer\kbddvr32.exe,C:\WINDOWS\system32\powelien.exe,C:\Documents and Settings\Zuzka\Data aplikací\Explorer\powelien.exe,C:\WINDOWS\system32\hpvatmgr.exe,C:\Documents and Settings\Zuzka\Data aplikací\Explorer\hpvatmgr.exe,C:\Documents and Settings\Zuzka\Data aplikací\Explorer\certoenr.exe,C:\WINDOWS\system32\acleups.exe,C:\WINDOWS\system32\kbdltmgr.exe
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Documents and Settings\Zuzka\Plocha\TADEÁŠ\INSTALACE-TADEÁŠ\BitComet\tools\BitCometBHO.dll
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20002\3.01.00.dll (file missing)
O2 - BHO: {309af308-8a67-653b-bb44-222537778817} - {71887773-5222-44bb-b356-76a8803fa903} - C:\WINDOWS\system32\doxvfdyu.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {89A1E40D-0254-4F99-B9AE-B60A2D8754A9} - C:\WINDOWS\system32\ddcccax.dll (file missing)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\llkierku.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {C4E1017E-8935-4EF1-B3A7-2F517CDAAFBA} - C:\WINDOWS\system32\awtst.dll (file missing)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - C:\Program Files\Helper\1201982356.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [c4ff07ae] rundll32.exe "C:\WINDOWS\system32\ovkwrxei.dll",b
O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe"
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-PERFC.exe" /REG
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O4 - Global Startup: Povolit bezdrátovou pracovní plochu Labtec.lnk = ?
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download all links using BitComet - res://C:\Documents and Settings\Zuzka\Plocha\TADEÁŠ\INSTALACE-TADEÁŠ\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Documents and Settings\Zuzka\Plocha\TADEÁŠ\INSTALACE-TADEÁŠ\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Documents and Settings\Zuzka\Plocha\TADEÁŠ\INSTALACE-TADEÁŠ\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Zobrazit originál - C:\Program Files\VOLNY\akcelerator\original.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} (O2C-Player Version 1.x) - http://www.o2c.de/download/O2CPlayer.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{150F9CF3-98B3-435F-A15D-2849700A4DCF}: NameServer = 194.228.41.65 194.228.41.113
O17 - HKLM\System\CS1\Services\Tcpip\..\{150F9CF3-98B3-435F-A15D-2849700A4DCF}: NameServer = 194.228.41.65 194.228.41.113
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: ddcccax - ddcccax.dll (file missing)
O20 - Winlogon Notify: llkierku - C:\WINDOWS\SYSTEM32\llkierku.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winasp32 - winasp32.dll (file missing)
O21 - SSODL: Connection Internet - {58A5C5F0-2A76-413C-9F5C-4BC3236FAE38} - C:\WINDOWS\system32\mssc32gt.dll (file missing)
O21 - SSODL: IEFilter - {AD680AF1-F6E6-4FE1-AA57-A03C70B76164} - IEFilter.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: zip - {62d7fa3d-71ba-46f5-85bc-a66e613c6230} - C:\WINDOWS\Installer\{62d7fa3d-71ba-46f5-85bc-a66e613c6230}\zip.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Service - Unknown owner - C:\WINDOWS\system32\Service.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
Prosím o kontrolu logu
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
hele,vyděl si nějakej dokument o tom jak se ve vzduchu chová Boeing 737 bez hydrauliky?
řek bych,že asi jako tvůj komp
takže použij nejprve COMBOFIX
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah+nový log z hijackthis
řek bych,že asi jako tvůj komp
takže použij nejprve COMBOFIX
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah+nový log z hijackthis
Log hijackthis + Combofix
Logfile of HijackThis v1.99.1
Scan saved at 12:21, on 2008-02-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\kmd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\ComboFix\Catchme.cfexe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\VFind.exe
C:\ComboFix\grep.cfexe
C:\DOCUME~1\Zuzka\LOCALS~1\Temp\_tc0\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.divoch.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Documents and Settings\Zuzka\Plocha\TADEÁŠ\INSTALACE-TADEÁŠ\BitComet\tools\BitCometBHO.dll
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20002\3.01.00.dll (file missing)
O2 - BHO: {309af308-8a67-653b-bb44-222537778817} - {71887773-5222-44bb-b356-76a8803fa903} - C:\WINDOWS\system32\doxvfdyu.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {C4E1017E-8935-4EF1-B3A7-2F517CDAAFBA} - C:\WINDOWS\system32\awtst.dll (file missing)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - C:\Program Files\Helper\1201982356.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [c4ff07ae] rundll32.exe "C:\WINDOWS\system32\ovkwrxei.dll",b
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O4 - Global Startup: Povolit bezdrátovou pracovní plochu Labtec.lnk = ?
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download all links using BitComet - res://C:\Documents and Settings\Zuzka\Plocha\TADEÁŠ\INSTALACE-TADEÁŠ\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Documents and Settings\Zuzka\Plocha\TADEÁŠ\INSTALACE-TADEÁŠ\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Documents and Settings\Zuzka\Plocha\TADEÁŠ\INSTALACE-TADEÁŠ\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Zobrazit originál - C:\Program Files\VOLNY\akcelerator\original.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} (O2C-Player Version 1.x) - http://www.o2c.de/download/O2CPlayer.CAB
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: ddcccax - ddcccax.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winasp32 - winasp32.dll (file missing)
O21 - SSODL: Connection Internet - {58A5C5F0-2A76-413C-9F5C-4BC3236FAE38} - C:\WINDOWS\system32\mssc32gt.dll (file missing)
O21 - SSODL: IEFilter - {AD680AF1-F6E6-4FE1-AA57-A03C70B76164} - IEFilter.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: zip - {9739bcb5-640d-4be9-a994-612905b9ef2c} - C:\WINDOWS\Installer\{9739bcb5-640d-4be9-a994-612905b9ef2c}\zip.dll
O21 - SSODL: AlrtKernel - {6b72fbd8-fd12-4531-99f3-00247d395fca} - C:\WINDOWS\Installer\{6b72fbd8-fd12-4531-99f3-00247d395fca}\AlrtKernel.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Service - Unknown owner - C:\WINDOWS\system32\Service.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
.........................................................................................................................................................
ComboFix 08-02.05.3 - Zuzka 2008-02-06 12:08:37.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.68 [GMT 1:00]
Running from: C:\Documents and Settings\Zuzka\Plocha\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\llkierku.dll
C:\Documents and Settings\Zuzka\Data aplikací\inst.exe
C:\Documents and Settings\Zuzka\Data aplikací\ultra
C:\Documents and Settings\Zuzka\Data aplikací\ultra\ultra.inf
C:\Documents and Settings\Zuzka\Data aplikací\ultra\uninstall.bat
C:\Program Files\Helper
C:\Program Files\intcodec
C:\Program Files\spoolsv.exe
C:\Program Files\Ultimate Cleaner
C:\Program Files\Ultimate Defender
C:\WINDOWS\inf\ultra.inf
C:\WINDOWS\system32\8_exception.nls
C:\WINDOWS\system32\autorun.ini
C:\WINDOWS\system32\iexrwkvo.ini
C:\WINDOWS\system32\kakle.dll
C:\WINDOWS\system32\llkierku.dll
C:\WINDOWS\system32\llkierku.dllbox
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\tstwa.ini
C:\WINDOWS\system32\tstwa.ini2
C:\WINDOWS\system32\winitn.dll
C:\WINDOWS\system32\wowfx.dll . . . . failed to delete
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_RUNTIME
-------\runtime
((((((((((((((((((((((((( Files Created from 2008-01-06 to 2008-02-06 )))))))))))))))))))))))))))))))
.
2008-02-06 12:00 . 2008-02-06 12:00 11,776 --a------ C:\Program Files\tmp72713875.exe
2008-02-06 12:00 . 2008-02-06 12:00 10,240 --a------ C:\Program Files\tmp72713937.exe
2008-02-06 12:00 . 2008-02-06 12:00 10,240 --a------ C:\Program Files\tmp72713859.exe
2008-02-05 09:36 . 2008-02-05 09:36 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-02-05 09:23 . 2008-02-05 09:53 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-02-05 09:23 . 2006-03-28 01:54 41,472 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2008-02-05 09:23 . 2005-09-12 20:20 25,264 --a------ C:\WINDOWS\system32\smrgdf.exe
2008-02-05 09:23 . 2006-03-28 02:54 9,341 --a------ C:\WINDOWS\system32\drivers\filedisk.sys
2008-02-05 09:22 . 2008-02-05 09:22 <DIR> d-------- C:\Program Files\iolo
2008-02-05 09:22 . 2006-12-20 17:48 1,212,416 --a------ C:\WINDOWS\system32\Incinerator.dll
2008-02-04 08:59 . 2008-02-04 08:59 10,240 --a------ C:\Program Files\1969312.exe
2008-02-02 21:14 . 2005-07-15 10:33 18,944 --a------ C:\WINDOWS\system32\wowfx.dll
2008-02-02 20:58 . 2008-02-05 15:49 25,472 --a------ C:\WINDOWS\system32\drivers\Glq37.sys
2008-02-02 20:58 . 2008-02-02 20:58 16,384 --a------ C:\WINDOWS\system32\mmmblqbl.dll
2008-02-02 20:57 . 2008-02-02 20:57 54,764 --a------ C:\WINDOWS\system32\fnhoje
2008-02-02 20:38 . 2008-02-02 20:38 <DIR> d-------- C:\Program Files\VSO
2008-02-02 20:38 . 2006-09-29 11:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-02-02 20:38 . 2006-09-29 11:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-02-02 20:38 . 2006-09-29 11:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-02-02 20:38 . 2008-02-02 20:38 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-02-02 20:22 . 2008-02-02 20:22 <DIR> d-------- C:\Program Files\Akram
2008-02-01 23:06 . 2008-02-01 23:06 <DIR> d-------- C:\Program Files\NASA
2008-01-27 17:39 . 2003-01-27 14:10 15,016 --a------ C:\WINDOWS\system32\HOOKVIRQ.VXD
2008-01-17 21:44 . 2008-01-27 18:07 <DIR> d-------- C:\Program Files\Giovanni Software
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-05 10:06 --------- d-----w C:\Program Files\Pepa Chytrouš
2008-02-05 10:03 --------- d-----w C:\Program Files\KSB
2008-02-05 10:00 --------- d-----w C:\Program Files\Google
2008-02-02 19:57 --------- d-----w C:\Program Files\Bezdrátová pracovní plocha Labtec
2008-01-27 16:47 --------- d-----w C:\Program Files\IrfanView
2008-01-27 16:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-08 23:52 --------- d-----w C:\Program Files\MyPhoneExplorer
2008-01-08 23:50 --------- d-----w C:\Program Files\Windows Media Bonus Pack for Windows XP
2008-01-03 23:00 --------- d-----w C:\Program Files\XP Codec Pack
2008-01-03 21:33 --------- d-----w C:\Program Files\Winamp
2008-01-02 18:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-02 18:36 --------- d-----w C:\Program Files\KnightsAndMerchants
2008-01-02 18:29 --------- d-----w C:\Program Files\CyberLink
2008-01-02 18:27 --------- d-----w C:\Program Files\2Mega Camera
2008-01-01 20:10 --------- d-----w C:\Program Files\newton
2007-12-26 12:52 --------- d-----w C:\Program Files\DivX
2007-12-24 21:49 --------- d-----w C:\Program Files\Tablet
2007-12-24 21:26 --------- d-----w C:\Program Files\Ambient Design
2006-03-23 23:37 13,261,520 ----a-w C:\Program Files\mozilla-1.7.11.cs-CZ.win32.installer.exe
2005-12-20 10:59 478 ----a-w C:\Program Files\Zástupce - Gator.com.lnk
2005-12-08 17:46 49,898,695 ----a-w C:\Program Files\OOo_OOO680_m3_Win32Intel_sdk.zip
2005-11-05 12:19 40,006,376 ----a-w C:\Program Files\602pc_suite_4.1.exe
2005-09-23 20:36 954,448 ----a-w C:\Program Files\HfAsistentSetup.exe
2002-04-24 14:04 62,713 ----a-w C:\Program Files\setup.ini
2002-04-24 14:04 1,172,480 ----a-w C:\Program Files\WinTalker Voice pro 602.msi
2000-10-03 12:32 102,400 ----a-w C:\Program Files\setup.exe
2000-07-27 12:49 1,526,275 ----a-w C:\Program Files\instmsiw.exe
2000-07-27 12:49 1,513,987 ----a-w C:\Program Files\instmsia.exe
.
Scan saved at 12:21, on 2008-02-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\kmd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\ComboFix\Catchme.cfexe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\VFind.exe
C:\ComboFix\grep.cfexe
C:\DOCUME~1\Zuzka\LOCALS~1\Temp\_tc0\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.divoch.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Documents and Settings\Zuzka\Plocha\TADEÁŠ\INSTALACE-TADEÁŠ\BitComet\tools\BitCometBHO.dll
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20002\3.01.00.dll (file missing)
O2 - BHO: {309af308-8a67-653b-bb44-222537778817} - {71887773-5222-44bb-b356-76a8803fa903} - C:\WINDOWS\system32\doxvfdyu.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {C4E1017E-8935-4EF1-B3A7-2F517CDAAFBA} - C:\WINDOWS\system32\awtst.dll (file missing)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - C:\Program Files\Helper\1201982356.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [c4ff07ae] rundll32.exe "C:\WINDOWS\system32\ovkwrxei.dll",b
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O4 - Global Startup: Povolit bezdrátovou pracovní plochu Labtec.lnk = ?
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download all links using BitComet - res://C:\Documents and Settings\Zuzka\Plocha\TADEÁŠ\INSTALACE-TADEÁŠ\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Documents and Settings\Zuzka\Plocha\TADEÁŠ\INSTALACE-TADEÁŠ\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Documents and Settings\Zuzka\Plocha\TADEÁŠ\INSTALACE-TADEÁŠ\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Zobrazit originál - C:\Program Files\VOLNY\akcelerator\original.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} (O2C-Player Version 1.x) - http://www.o2c.de/download/O2CPlayer.CAB
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: ddcccax - ddcccax.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winasp32 - winasp32.dll (file missing)
O21 - SSODL: Connection Internet - {58A5C5F0-2A76-413C-9F5C-4BC3236FAE38} - C:\WINDOWS\system32\mssc32gt.dll (file missing)
O21 - SSODL: IEFilter - {AD680AF1-F6E6-4FE1-AA57-A03C70B76164} - IEFilter.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: zip - {9739bcb5-640d-4be9-a994-612905b9ef2c} - C:\WINDOWS\Installer\{9739bcb5-640d-4be9-a994-612905b9ef2c}\zip.dll
O21 - SSODL: AlrtKernel - {6b72fbd8-fd12-4531-99f3-00247d395fca} - C:\WINDOWS\Installer\{6b72fbd8-fd12-4531-99f3-00247d395fca}\AlrtKernel.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Service - Unknown owner - C:\WINDOWS\system32\Service.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
.........................................................................................................................................................
ComboFix 08-02.05.3 - Zuzka 2008-02-06 12:08:37.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.68 [GMT 1:00]
Running from: C:\Documents and Settings\Zuzka\Plocha\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\llkierku.dll
C:\Documents and Settings\Zuzka\Data aplikací\inst.exe
C:\Documents and Settings\Zuzka\Data aplikací\ultra
C:\Documents and Settings\Zuzka\Data aplikací\ultra\ultra.inf
C:\Documents and Settings\Zuzka\Data aplikací\ultra\uninstall.bat
C:\Program Files\Helper
C:\Program Files\intcodec
C:\Program Files\spoolsv.exe
C:\Program Files\Ultimate Cleaner
C:\Program Files\Ultimate Defender
C:\WINDOWS\inf\ultra.inf
C:\WINDOWS\system32\8_exception.nls
C:\WINDOWS\system32\autorun.ini
C:\WINDOWS\system32\iexrwkvo.ini
C:\WINDOWS\system32\kakle.dll
C:\WINDOWS\system32\llkierku.dll
C:\WINDOWS\system32\llkierku.dllbox
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\tstwa.ini
C:\WINDOWS\system32\tstwa.ini2
C:\WINDOWS\system32\winitn.dll
C:\WINDOWS\system32\wowfx.dll . . . . failed to delete
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_RUNTIME
-------\runtime
((((((((((((((((((((((((( Files Created from 2008-01-06 to 2008-02-06 )))))))))))))))))))))))))))))))
.
2008-02-06 12:00 . 2008-02-06 12:00 11,776 --a------ C:\Program Files\tmp72713875.exe
2008-02-06 12:00 . 2008-02-06 12:00 10,240 --a------ C:\Program Files\tmp72713937.exe
2008-02-06 12:00 . 2008-02-06 12:00 10,240 --a------ C:\Program Files\tmp72713859.exe
2008-02-05 09:36 . 2008-02-05 09:36 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-02-05 09:23 . 2008-02-05 09:53 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-02-05 09:23 . 2006-03-28 01:54 41,472 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2008-02-05 09:23 . 2005-09-12 20:20 25,264 --a------ C:\WINDOWS\system32\smrgdf.exe
2008-02-05 09:23 . 2006-03-28 02:54 9,341 --a------ C:\WINDOWS\system32\drivers\filedisk.sys
2008-02-05 09:22 . 2008-02-05 09:22 <DIR> d-------- C:\Program Files\iolo
2008-02-05 09:22 . 2006-12-20 17:48 1,212,416 --a------ C:\WINDOWS\system32\Incinerator.dll
2008-02-04 08:59 . 2008-02-04 08:59 10,240 --a------ C:\Program Files\1969312.exe
2008-02-02 21:14 . 2005-07-15 10:33 18,944 --a------ C:\WINDOWS\system32\wowfx.dll
2008-02-02 20:58 . 2008-02-05 15:49 25,472 --a------ C:\WINDOWS\system32\drivers\Glq37.sys
2008-02-02 20:58 . 2008-02-02 20:58 16,384 --a------ C:\WINDOWS\system32\mmmblqbl.dll
2008-02-02 20:57 . 2008-02-02 20:57 54,764 --a------ C:\WINDOWS\system32\fnhoje
2008-02-02 20:38 . 2008-02-02 20:38 <DIR> d-------- C:\Program Files\VSO
2008-02-02 20:38 . 2006-09-29 11:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-02-02 20:38 . 2006-09-29 11:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-02-02 20:38 . 2006-09-29 11:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-02-02 20:38 . 2008-02-02 20:38 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-02-02 20:22 . 2008-02-02 20:22 <DIR> d-------- C:\Program Files\Akram
2008-02-01 23:06 . 2008-02-01 23:06 <DIR> d-------- C:\Program Files\NASA
2008-01-27 17:39 . 2003-01-27 14:10 15,016 --a------ C:\WINDOWS\system32\HOOKVIRQ.VXD
2008-01-17 21:44 . 2008-01-27 18:07 <DIR> d-------- C:\Program Files\Giovanni Software
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-05 10:06 --------- d-----w C:\Program Files\Pepa Chytrouš
2008-02-05 10:03 --------- d-----w C:\Program Files\KSB
2008-02-05 10:00 --------- d-----w C:\Program Files\Google
2008-02-02 19:57 --------- d-----w C:\Program Files\Bezdrátová pracovní plocha Labtec
2008-01-27 16:47 --------- d-----w C:\Program Files\IrfanView
2008-01-27 16:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-08 23:52 --------- d-----w C:\Program Files\MyPhoneExplorer
2008-01-08 23:50 --------- d-----w C:\Program Files\Windows Media Bonus Pack for Windows XP
2008-01-03 23:00 --------- d-----w C:\Program Files\XP Codec Pack
2008-01-03 21:33 --------- d-----w C:\Program Files\Winamp
2008-01-02 18:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-02 18:36 --------- d-----w C:\Program Files\KnightsAndMerchants
2008-01-02 18:29 --------- d-----w C:\Program Files\CyberLink
2008-01-02 18:27 --------- d-----w C:\Program Files\2Mega Camera
2008-01-01 20:10 --------- d-----w C:\Program Files\newton
2007-12-26 12:52 --------- d-----w C:\Program Files\DivX
2007-12-24 21:49 --------- d-----w C:\Program Files\Tablet
2007-12-24 21:26 --------- d-----w C:\Program Files\Ambient Design
2006-03-23 23:37 13,261,520 ----a-w C:\Program Files\mozilla-1.7.11.cs-CZ.win32.installer.exe
2005-12-20 10:59 478 ----a-w C:\Program Files\Zástupce - Gator.com.lnk
2005-12-08 17:46 49,898,695 ----a-w C:\Program Files\OOo_OOO680_m3_Win32Intel_sdk.zip
2005-11-05 12:19 40,006,376 ----a-w C:\Program Files\602pc_suite_4.1.exe
2005-09-23 20:36 954,448 ----a-w C:\Program Files\HfAsistentSetup.exe
2002-04-24 14:04 62,713 ----a-w C:\Program Files\setup.ini
2002-04-24 14:04 1,172,480 ----a-w C:\Program Files\WinTalker Voice pro 602.msi
2000-10-03 12:32 102,400 ----a-w C:\Program Files\setup.exe
2000-07-27 12:49 1,526,275 ----a-w C:\Program Files\instmsiw.exe
2000-07-27 12:49 1,513,987 ----a-w C:\Program Files\instmsia.exe
.
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
takže fixni
v okně programu HJT zaškrtni nalevo u položek co napíšu a potom klik na Fix checked
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20002\3.01.00.dll (file missing)
O2 - BHO: {309af308-8a67-653b-bb44-222537778817} - {71887773-5222-44bb-b356-76a8803fa903} - C:\WINDOWS\system32\doxvfdyu.dll (file missing)
O2 - BHO: (no name) - {C4E1017E-8935-4EF1-B3A7-2F517CDAAFBA} - C:\WINDOWS\system32\awtst.dll (file missing)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - C:\Program Files\Helper\1201982356.dll (file missing)
O4 - HKLM\..\Run: [c4ff07ae] rundll32.exe "C:\WINDOWS\system32\ovkwrxei.dll",b
O20 - Winlogon Notify: ddcccax - ddcccax.dll (file missing)
O20 - Winlogon Notify: winasp32 - winasp32.dll (file missing)
O21 - SSODL: Connection Internet - {58A5C5F0-2A76-413C-9F5C-4BC3236FAE38} - C:\WINDOWS\system32\mssc32gt.dll (file missing)
O21 - SSODL: IEFilter - {AD680AF1-F6E6-4FE1-AA57-A03C70B76164} - IEFilter.dll (file missing)
použij Avenger http://www.spyware.cz/go.php?p=spyware&t=aplikace&id=35
a tento skript
vše povol, po restartu pošli log z avengera ,novej log z hijackthis a info o ochování kompu
v okně programu HJT zaškrtni nalevo u položek co napíšu a potom klik na Fix checked
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20002\3.01.00.dll (file missing)
O2 - BHO: {309af308-8a67-653b-bb44-222537778817} - {71887773-5222-44bb-b356-76a8803fa903} - C:\WINDOWS\system32\doxvfdyu.dll (file missing)
O2 - BHO: (no name) - {C4E1017E-8935-4EF1-B3A7-2F517CDAAFBA} - C:\WINDOWS\system32\awtst.dll (file missing)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - C:\Program Files\Helper\1201982356.dll (file missing)
O4 - HKLM\..\Run: [c4ff07ae] rundll32.exe "C:\WINDOWS\system32\ovkwrxei.dll",b
O20 - Winlogon Notify: ddcccax - ddcccax.dll (file missing)
O20 - Winlogon Notify: winasp32 - winasp32.dll (file missing)
O21 - SSODL: Connection Internet - {58A5C5F0-2A76-413C-9F5C-4BC3236FAE38} - C:\WINDOWS\system32\mssc32gt.dll (file missing)
O21 - SSODL: IEFilter - {AD680AF1-F6E6-4FE1-AA57-A03C70B76164} - IEFilter.dll (file missing)
použij Avenger http://www.spyware.cz/go.php?p=spyware&t=aplikace&id=35
a tento skript
Kód: Vybrat vše
Files to delete
C:\WINDOWS\system32\ovkwrxei.dll
C:\WINDOWS\system32\wowfx.dll
C:\WINDOWS\system32\smrgdf.exe
C:\Program Files\setup.exevše povol, po restartu pošli log z avengera ,novej log z hijackthis a info o ochování kompu
Log + LOg z avengera
Pc funguje už celkem fajn,jen snad se mi zdá,že jé takové celé pomalé.
Každopádně moct děkuji
Ahoj
ogfile of HijackThis v1.99.1
Scan saved at 09:38, on 2008-02-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\Zuzka\LOCALS~1\Temp\_tc0\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.divoch.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Documents and Settings\Zuzka\Plocha\TADEÁŠ\INSTALACE-TADEÁŠ\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O4 - Global Startup: Povolit bezdrátovou pracovní plochu Labtec.lnk = ?
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download all links using BitComet - res://C:\Documents and Settings\Zuzka\Plocha\TADEÁŠ\INSTALACE-TADEÁŠ\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Documents and Settings\Zuzka\Plocha\TADEÁŠ\INSTALACE-TADEÁŠ\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Documents and Settings\Zuzka\Plocha\TADEÁŠ\INSTALACE-TADEÁŠ\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Zobrazit originál - C:\Program Files\VOLNY\akcelerator\original.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} (O2C-Player Version 1.x) - http://www.o2c.de/download/O2CPlayer.CAB
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: zip - {9739bcb5-640d-4be9-a994-612905b9ef2c} - C:\WINDOWS\Installer\{9739bcb5-640d-4be9-a994-612905b9ef2c}\zip.dll
O21 - SSODL: AlrtKernel - {6b72fbd8-fd12-4531-99f3-00247d395fca} - C:\WINDOWS\Installer\{6b72fbd8-fd12-4531-99f3-00247d395fca}\AlrtKernel.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Service - Unknown owner - C:\WINDOWS\system32\Service.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\oklvrwix
*******************
Script file located at: \??\C:\Program Files\jwpctxcw.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\system32\ovkwrxei.dll not found!
Deletion of file C:\WINDOWS\system32\ovkwrxei.dll failed!
Could not process line:
C:\WINDOWS\system32\ovkwrxei.dll
Status: 0xc0000034
File C:\WINDOWS\system32\wowfx.dll not found!
Deletion of file C:\WINDOWS\system32\wowfx.dll failed!
Could not process line:
C:\WINDOWS\system32\wowfx.dll
Status: 0xc0000034
File C:\WINDOWS\system32\smrgdf.exe not found!
Deletion of file C:\WINDOWS\system32\smrgdf.exe failed!
Could not process line:
C:\WINDOWS\system32\smrgdf.exe
Status: 0xc0000034
File C:\Program Files\setup.exe not found!
Deletion of file C:\Program Files\setup.exe failed!
Could not process line:
C:\Program Files\setup.exe
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
Každopádně moct děkuji
Ahoj
ogfile of HijackThis v1.99.1
Scan saved at 09:38, on 2008-02-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\Zuzka\LOCALS~1\Temp\_tc0\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.divoch.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Documents and Settings\Zuzka\Plocha\TADEÁŠ\INSTALACE-TADEÁŠ\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O4 - Global Startup: Povolit bezdrátovou pracovní plochu Labtec.lnk = ?
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download all links using BitComet - res://C:\Documents and Settings\Zuzka\Plocha\TADEÁŠ\INSTALACE-TADEÁŠ\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Documents and Settings\Zuzka\Plocha\TADEÁŠ\INSTALACE-TADEÁŠ\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Documents and Settings\Zuzka\Plocha\TADEÁŠ\INSTALACE-TADEÁŠ\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Zobrazit originál - C:\Program Files\VOLNY\akcelerator\original.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} (O2C-Player Version 1.x) - http://www.o2c.de/download/O2CPlayer.CAB
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: zip - {9739bcb5-640d-4be9-a994-612905b9ef2c} - C:\WINDOWS\Installer\{9739bcb5-640d-4be9-a994-612905b9ef2c}\zip.dll
O21 - SSODL: AlrtKernel - {6b72fbd8-fd12-4531-99f3-00247d395fca} - C:\WINDOWS\Installer\{6b72fbd8-fd12-4531-99f3-00247d395fca}\AlrtKernel.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Service - Unknown owner - C:\WINDOWS\system32\Service.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\oklvrwix
*******************
Script file located at: \??\C:\Program Files\jwpctxcw.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\system32\ovkwrxei.dll not found!
Deletion of file C:\WINDOWS\system32\ovkwrxei.dll failed!
Could not process line:
C:\WINDOWS\system32\ovkwrxei.dll
Status: 0xc0000034
File C:\WINDOWS\system32\wowfx.dll not found!
Deletion of file C:\WINDOWS\system32\wowfx.dll failed!
Could not process line:
C:\WINDOWS\system32\wowfx.dll
Status: 0xc0000034
File C:\WINDOWS\system32\smrgdf.exe not found!
Deletion of file C:\WINDOWS\system32\smrgdf.exe failed!
Could not process line:
C:\WINDOWS\system32\smrgdf.exe
Status: 0xc0000034
File C:\Program Files\setup.exe not found!
Deletion of file C:\Program Files\setup.exe failed!
Could not process line:
C:\Program Files\setup.exe
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
není to ještě vše 
fixni
O21 - SSODL: zip - {9739bcb5-640d-4be9-a994-612905b9ef2c} - C:\WINDOWS\Installer\{9739bcb5-640d-4be9-a994-612905b9ef2c}\zip.dll
O21 - SSODL: AlrtKernel - {6b72fbd8-fd12-4531-99f3-00247d395fca} - C:\WINDOWS\Installer\{6b72fbd8-fd12-4531-99f3-00247d395fca}\AlrtKernel.dll (file missing)
spust služby - napsáním příkazu services.msc do Spustit... v nabídce START a klik na OK
najdi Service zastav a typ spuštění dej na zakázáno
znova avenger
a skript
po restartu opět oba logy,pls
fixni
O21 - SSODL: zip - {9739bcb5-640d-4be9-a994-612905b9ef2c} - C:\WINDOWS\Installer\{9739bcb5-640d-4be9-a994-612905b9ef2c}\zip.dll
O21 - SSODL: AlrtKernel - {6b72fbd8-fd12-4531-99f3-00247d395fca} - C:\WINDOWS\Installer\{6b72fbd8-fd12-4531-99f3-00247d395fca}\AlrtKernel.dll (file missing)
spust služby - napsáním příkazu services.msc do Spustit... v nabídce START a klik na OK
najdi Service zastav a typ spuštění dej na zakázáno
znova avenger
a skript
Kód: Vybrat vše
Files to delete:
C:\WINDOWS\Installer\{9739bcb5-640d-4be9-a994-612905b9ef2c}\zip.dll
C:\WINDOWS\system32\Service.exepo restartu opět oba logy,pls
Log+ Avanger Log
Ahoj
Pc je stále pomalé.Když dám restart ´,tak po klasnické černé obrazovce s nápisem WINDOWS xp trvá 1 min než se oběví ikony na ploše.
Logfile of HijackThis v1.99.1
Scan saved at 17:06, on 2008-02-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\svchost.exe
C:\totalcmd\TOTALCMD.EXE
F:\Instal\avenger.exe
C:\DOCUME~1\Zuzka\LOCALS~1\Temp\_tc0\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.divoch.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Documents and Settings\Zuzka\Plocha\TADEÁŠ\INSTALACE-TADEÁŠ\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] "C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Povolit bezdrátovou pracovní plochu Labtec.lnk = ?
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download all links using BitComet - res://C:\Documents and Settings\Zuzka\Plocha\TADEÁŠ\INSTALACE-TADEÁŠ\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Documents and Settings\Zuzka\Plocha\TADEÁŠ\INSTALACE-TADEÁŠ\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Documents and Settings\Zuzka\Plocha\TADEÁŠ\INSTALACE-TADEÁŠ\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Zobrazit originál - C:\Program Files\VOLNY\akcelerator\original.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} (O2C-Player Version 1.x) - http://www.o2c.de/download/O2CPlayer.CAB
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\oeydhfxm
*******************
Script file located at: \??\C:\WINDOWS\system32\osjaqcat.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\Installer\{9739bcb5-640d-4be9-a994-612905b9ef2c}\zip.dll not found!
Deletion of file C:\WINDOWS\Installer\{9739bcb5-640d-4be9-a994-612905b9ef2c}\zip.dll failed!
Could not process line:
C:\WINDOWS\Installer\{9739bcb5-640d-4be9-a994-612905b9ef2c}\zip.dll
Status: 0xc0000034
File C:\WINDOWS\system32\Service.exe not found!
Deletion of file C:\WINDOWS\system32\Service.exe failed!
Could not process line:
C:\WINDOWS\system32\Service.exe
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
Pc je stále pomalé.Když dám restart ´,tak po klasnické černé obrazovce s nápisem WINDOWS xp trvá 1 min než se oběví ikony na ploše.
Logfile of HijackThis v1.99.1
Scan saved at 17:06, on 2008-02-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\svchost.exe
C:\totalcmd\TOTALCMD.EXE
F:\Instal\avenger.exe
C:\DOCUME~1\Zuzka\LOCALS~1\Temp\_tc0\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.divoch.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Documents and Settings\Zuzka\Plocha\TADEÁŠ\INSTALACE-TADEÁŠ\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] "C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Povolit bezdrátovou pracovní plochu Labtec.lnk = ?
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download all links using BitComet - res://C:\Documents and Settings\Zuzka\Plocha\TADEÁŠ\INSTALACE-TADEÁŠ\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Documents and Settings\Zuzka\Plocha\TADEÁŠ\INSTALACE-TADEÁŠ\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Documents and Settings\Zuzka\Plocha\TADEÁŠ\INSTALACE-TADEÁŠ\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Zobrazit originál - C:\Program Files\VOLNY\akcelerator\original.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} (O2C-Player Version 1.x) - http://www.o2c.de/download/O2CPlayer.CAB
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\oeydhfxm
*******************
Script file located at: \??\C:\WINDOWS\system32\osjaqcat.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\Installer\{9739bcb5-640d-4be9-a994-612905b9ef2c}\zip.dll not found!
Deletion of file C:\WINDOWS\Installer\{9739bcb5-640d-4be9-a994-612905b9ef2c}\zip.dll failed!
Could not process line:
C:\WINDOWS\Installer\{9739bcb5-640d-4be9-a994-612905b9ef2c}\zip.dll
Status: 0xc0000034
File C:\WINDOWS\system32\Service.exe not found!
Deletion of file C:\WINDOWS\system32\Service.exe failed!
Could not process line:
C:\WINDOWS\system32\Service.exe
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
log je ok.
vyčisti systém CCleanerem a RegCleanerem
defragmentuj,pokud to bude třeba
třeba tímto O&O Defrag 2000 Free
vyčisti systém CCleanerem a RegCleanerem
defragmentuj,pokud to bude třeba
třeba tímto O&O Defrag 2000 Free
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 58 hostů