Dobry den, uz nejaky ten patek me vyskakuji okna, abych neco naistaloval atd...
http://img413.imageshack.us/my.php?image=bbbbbwp5.jpg
http://img147.imageshack.us/my.php?image=ppppphu6.jpg
Tak prosim o radu jak tydle okna odstranit, aby me uz nevyskakovali + prikladam log z hijacku.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:10:40, on 15.4.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Free Desktop Clock\DesktopClock.exe
C:\WINDOWS\system32\cfidurch.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
F3 - REG:win.ini: run=
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: (no name) - {10F0C2A9-8E38-43e3-204D-45524C494E20} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: BearShare Media Bar - {E49CE899-CD83-4841-8CC9-6E284D7978D0} - C:\Program Files\BearShare Applications\MediaBar\1.bin\BEARSMBR.DLL
O3 - Toolbar: (no name) - {DC59A0D4-0ED6-4A73-B356-1B977F2A7725} - (no file)
O3 - Toolbar: (no name) - {44d22a64-2399-4edf-8b32-f2c729c1e8a7} - (no file)
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {5F05A807-F90E-4A77-B290-279D0652C2A3} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\SCROLL~1\MouseElf.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Free Desktop Clock\DesktopClock.exe
O4 - HKCU\..\Run: [athtepie] C:\WINDOWS\system32\cfidurch.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] (User 'Default user')
O4 - Startup: .protected
O4 - Global Startup: .protected
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4465346981
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} - http://www.tbcode.com/ist/softwares/v4. ... cracks.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E403B650-EBCF-4B0F-92F5-F56B46E5CF66}: NameServer = 192.168.3.222,112.168.3.222
O20 - Winlogon Notify: dbgmgr - ifcmgr32.dll (file missing)
O20 - Winlogon Notify: msormsxm - C:\WINDOWS\
O21 - SSODL: UnknownDrive - {61bb9811-c1c2-4354-999b-3cebf1e92a27} - C:\WINDOWS\Installer\{61bb9811-c1c2-4354-999b-3cebf1e92a27}\UnknownDrive.dll (file missing)
O22 - SharedTaskScheduler: Service Window Class - {356B3A99-01D7-512D-113C-EBA850C10473} - C:\DOCUME~1\SVA~1\LOCALS~1\Temp\servsys.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
Prosím o pomoc - Vyskakovaci okna
Re: Prosím o pomoc - Vyskakovaci okna
Zdravím.
Nejdříc proscanuj s SDFixem podle tohoto návodu - stáhni si ho tady: http://downloads.andymanchesta.com/Remo ... /SDFix.exe
Pak ještě toto:
Stáhněte a uložte na plochu ComboFix:
Spusťte aplikaci pod účtem Správce počítače - zavřete všechny spuštěné programy(webový prohlížeč, messenger, ...) - následuje licenční ujednání, klikněte na Ano - začne se testovat (celá akce trvá cca. 5-10 minut, někdy i trochu déle) - během skenu se nepokoušejte spouštět žádne jiné aplikace a neklikejte do okna ComboFixu - po dokončení se automaticky otevře okno poznámkového bloku s textem (pokud se tak nestane, log je v C:\ComboFix.txt), který sem pomocí známých klávesových zkratek Ctrl + A (označení celého textu) -> Ctrl + C (uložení do jakési schránky) -> Ctrl + V (vložení textu) zkopírujte - a počkejte na další postup
VAROVÁNÍ: Pokud se vám zobrazí "CRITICAL WARNING !!" nesmíte restartovat počítač, o varování napište.
VAROVÁNÍ2: Je možné, že při testu budou různé bezpečnostní programy hlásit neoprávněný pokus o smazání daného souboru či něco jiného. Povolte jejich případné dotazy nebo na dobu scanu úplně vypněte rezidentní modul daného programu.
Nejdříc proscanuj s SDFixem podle tohoto návodu - stáhni si ho tady: http://downloads.andymanchesta.com/Remo ... /SDFix.exe
Pak ještě toto:
Stáhněte a uložte na plochu ComboFix:
Spusťte aplikaci pod účtem Správce počítače - zavřete všechny spuštěné programy(webový prohlížeč, messenger, ...) - následuje licenční ujednání, klikněte na Ano - začne se testovat (celá akce trvá cca. 5-10 minut, někdy i trochu déle) - během skenu se nepokoušejte spouštět žádne jiné aplikace a neklikejte do okna ComboFixu - po dokončení se automaticky otevře okno poznámkového bloku s textem (pokud se tak nestane, log je v C:\ComboFix.txt), který sem pomocí známých klávesových zkratek Ctrl + A (označení celého textu) -> Ctrl + C (uložení do jakési schránky) -> Ctrl + V (vložení textu) zkopírujte - a počkejte na další postup
VAROVÁNÍ: Pokud se vám zobrazí "CRITICAL WARNING !!" nesmíte restartovat počítač, o varování napište.
VAROVÁNÍ2: Je možné, že při testu budou různé bezpečnostní programy hlásit neoprávněný pokus o smazání daného souboru či něco jiného. Povolte jejich případné dotazy nebo na dobu scanu úplně vypněte rezidentní modul daného programu.
Re: Prosím o pomoc - Vyskakovaci okna
Opet Zdravim SDfix jsme zpustil, ale hodilo mi to chybu, ale Combofix uz ezel jak mel + log
ComboFix 08-04-16.5 - síva 2008-04-19 20:59:15.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.479 [GMT 2:00]
Running from: C:\Documents and Settings\síva\Plocha\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\.protected
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\.protected
C:\Documents and Settings\LocalService\Data aplikací\NetMon
C:\Documents and Settings\LocalService\Data aplikací\NetMon\domains.txt
C:\Documents and Settings\LocalService\Data aplikací\NetMon\log.txt
C:\Documents and Settings\síva\Data aplikací\NetMon
C:\Documents and Settings\síva\Data aplikací\NetMon\domains.txt
C:\Documents and Settings\síva\Data aplikací\NetMon\log.txt
C:\Documents and Settings\síva\Nabídka Start\Programy\Po spuštění\.protected
C:\Documents and Settings\síva\Oblíbené položky\Error Cleaner.url
C:\Documents and Settings\síva\Oblíbené položky\Privacy Protector.url
C:\Documents and Settings\síva\Oblíbené položky\Spyware&Malware Protection.url
C:\Program Files\Common Files\{34E11~1
C:\Program Files\Common Files\{34E11~1\UnInstall.exe
C:\Program Files\Common Files\{64E11~1
C:\Program Files\Common Files\{64E11~1\services.dll
C:\Program Files\Common Files\{64E11~2
C:\Program Files\Common Files\misc001
C:\Program Files\Common Files\simtest
C:\Program Files\Common Files\simtest\svchostsys.bat
C:\Program Files\Common Files\simtest\temp.txt
C:\Program Files\Common Files\svchostsys
C:\Program Files\Common Files\svchostsys\ICSharpCode.SharpZipLib.dll
C:\Program Files\Common Files\svchostsys\svchostsys.exe.config
C:\Program Files\Common Files\svchostsys\svchostupdate.exe.config
C:\Program Files\Common Files\svchostsys\Version.txt
C:\Program Files\ipwins
C:\Program Files\ipwins\count.dat
C:\Program Files\ipwins\data.dat
C:\Program Files\ipwins\date.dat
C:\Program Files\ipwins\Desktop.ini
C:\Program Files\ipwins\s12s.1.dat
C:\Program Files\ipwins\s19c.6.dat
C:\Program Files\ipwins\s19c.dat
C:\Program Files\ipwins\s1ec.2.dat
C:\Program Files\ipwins\s1q4.4.dat
C:\Program Files\ipwins\s1qc.3.dat
C:\Program Files\ipwins\s1rs.1.dat
C:\Program Files\ipwins\s1ts.8.dat
C:\Program Files\ipwins\s1v0.1.dat
C:\Program Files\ipwins\s1v8.1.dat
C:\Program Files\ipwins\s3u4.1.dat
C:\Program Files\ipwins\sbo.2.dat
C:\Program Files\ipwins\settings.dat
C:\Program Files\ipwins\settingsDate.dat
C:\Program Files\ipwins\Uninst.exe
C:\Program Files\network monitor
C:\Program Files\network monitor\Desktop.ini
C:\Program Files\printview
C:\Program Files\printview\Desktop.ini
C:\Program Files\printview\hotlist.dat
C:\Program Files\printview\chnlist.dat
C:\Program Files\printview\remlist.dat
C:\Program Files\tclock\tclock_install.exe
C:\WINDOWS\.protected
C:\WINDOWS\drsmartload2.dat
C:\WINDOWS\Installer\{61bb9811-c1c2-4354-999b-3cebf1e92a27}\UnknownDrive.dll
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\newname.dat
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\cent.exe.exe
C:\WINDOWS\system32\drivers\etc\.protected
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\unsvchosts.lzma
C:\WINDOWS\system32\w00392ca.dll
C:\WINDOWS\system32\windev-peers.ini
C:\WINDOWS\system32\winsub.xml
C:\WINDOWS\teller2.chk
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CLIENT_IP-IPX
-------\Legacy_NETWORK_MONITOR
-------\Legacy_WINCOM32
-------\Legacy_WINDEV-C37-6184
-------\Service_Network Monitor
-------\Service_windev-c37-6184
((((((((((((((((((((((((( Files Created from 2008-03-19 to 2008-04-19 )))))))))))))))))))))))))))))))
.
2008-04-18 23:17 . 2008-04-19 20:58 <DIR> d-------- C:\Program Files\Chameleon Clock
2008-04-16 17:13 . 2008-04-16 17:13 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-16 16:59 . 2008-04-16 17:17 <DIR> d-------- C:\SDFix
2008-04-15 14:10 . 2008-04-15 14:10 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-13 13:26 . 2008-04-13 13:26 <DIR> d-------- C:\Program Files\CCleaner
2008-04-06 21:46 . 2008-04-06 21:52 <DIR> d-------- C:\Documents and Settings\síva\Data aplikací\PC-Cleaner
2008-04-06 11:51 . 2008-04-06 11:51 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-04-05 23:04 . 2008-04-13 11:43 <DIR> d-------- C:\Documents and Settings\síva\Data aplikací\Spyware Terminator
2008-04-05 23:04 . 2008-04-07 15:15 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-04-05 23:04 . 2008-04-05 23:04 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-04-05 23:03 . 2008-04-14 16:46 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-04-05 19:26 . 2008-04-05 23:22 <DIR> d-------- C:\Documents and Settings\síva\Data aplikací\TmpRecentIcons
2008-04-05 15:03 . 2008-04-19 20:58 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-04-05 15:03 . 2008-04-19 20:58 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-04-05 15:01 . 2008-04-19 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab
2008-04-05 15:01 . 2008-04-19 20:53 2,802,720 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-05 15:01 . 2008-04-19 20:54 41,504 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-05 15:01 . 2008-04-17 17:06 37,628 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-05 15:01 . 2008-04-17 17:06 4,340 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-05 03:26 . 2008-04-05 03:26 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ujazuhif
2008-04-05 03:26 . 2008-04-05 03:26 106,496 --a------ C:\WINDOWS\system32\cfidurch.exe
2008-03-26 16:33 . 2008-03-26 16:33 <DIR> d-------- C:\Logs
2008-03-24 16:55 . 2008-04-05 02:16 <DIR> d-------- C:\Documents and Settings\síva\Phone Browser
2008-03-24 16:55 . 2008-04-05 02:16 <DIR> d-------- C:\Documents and Settings\síva\Phone Browser
2008-03-24 16:55 . 2008-04-05 02:16 <DIR> d-------- C:\Documents and Settings\síva\Data aplikací\Datalayer
2008-03-24 16:40 . 2008-03-24 16:40 <DIR> d-------- C:\Program Files\DIFX
2008-03-24 16:40 . 2008-03-28 17:58 <DIR> d-------- C:\Documents and Settings\síva\Data aplikací\Nokia
2008-03-24 16:39 . 2008-03-24 16:43 <DIR> d-------- C:\Program Files\Nokia
2008-03-24 16:39 . 2008-03-24 16:39 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-03-24 16:39 . 2008-03-24 16:39 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-03-24 16:39 . 2008-03-28 18:06 <DIR> d-------- C:\Documents and Settings\síva\Data aplikací\PC Suite
2008-03-24 16:39 . 2008-03-24 16:40 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\PC Suite
2008-03-24 16:38 . 2008-03-24 16:38 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Downloaded Installations
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-19 18:58 --------- d-----w C:\Program Files\Chameleon Clock
2008-04-18 14:18 --------- d-----w C:\Program Files\Free Desktop Clock
2008-04-18 13:54 --------- d-s---w C:\Program Files\ICQToolbar
2008-04-17 15:00 --------- d-s---w C:\Program Files\TClock
2008-04-14 17:42 --------- d-----w C:\Documents and Settings\síva\Data aplikací\OpenOffice.org2
2008-04-06 09:28 --------- d-s---w C:\Program Files\DAEMON Tools
2008-04-05 13:01 --------- d-s---w C:\Program Files\Kaspersky Lab
2008-04-02 15:26 --------- d-----w C:\Program Files\World of Warcraft
2008-03-26 15:50 --------- d-----w C:\Program Files\MobMapUpdater
2008-03-22 16:00 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-03-22 13:09 --------- d-----w C:\Documents and Settings\síva\Data aplikací\Vso
2008-03-19 14:12 --------- d-----w C:\Documents and Settings\síva\Data aplikací\PSpad
2008-03-17 15:39 --------- d-----w C:\Program Files\PSPad editor
2008-03-16 15:54 --------- d-----w C:\Program Files\Graffiti Studio 2.0
2008-03-08 11:15 --------- d-----w C:\Program Files\Ventrilo
2008-03-08 11:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-28 20:41 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll
2008-02-28 20:25 --------- d-----w C:\Documents and Settings\síva\Data aplikací\Skype
2008-02-24 07:55 --------- d-----w C:\Program Files\The KMPlayer
2008-02-24 06:55 --------- d-s---w C:\Program Files\VSO
2008-02-23 17:29 --------- d-s---w C:\Program Files\mpegable
2008-02-19 20:04 --------- d-----w C:\Documents and Settings\síva\Data aplikací\BearShare
2008-02-08 16:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
2008-01-29 19:54 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-01-29 19:54 286,720 ------w C:\WINDOWS\Setup1.exe
2007-11-08 16:56 20,128 ----a-w C:\Documents and Settings\síva\Data aplikací\GDIPFONTCACHEV1.DAT
2007-03-08 20:08 87,608 ----a-w C:\Documents and Settings\síva\Data aplikací\ezpinst.exe
2007-03-08 20:08 47,360 ----a-w C:\Documents and Settings\síva\Data aplikací\pcouffin.sys
2007-01-21 15:31 69 --sh--w C:\Program Files\Common Files\Desktop.ini
2005-07-29 14:24 472 --sha-r C:\WINDOWS\SmFrdWIgU2l2YWs\mAIOxqK0oZ5ZsqP.vbs
2005-09-19 15:16 56 --sh--r C:\WINDOWS\system32\C28E70D890.sys
2005-09-19 15:16 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
------- Sigcheck -------
2002-09-20 18:05 1852928 7f35b42175ddebebc9a86251ad5aad70 C:\WINDOWS\explorer.exe
2004-08-18 00:49 1032704 53114d57ab73a406ac7f602227781a99 C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E49CE899-CD83-4841-8CC9-6E284D7978D0}"= "C:\Program Files\BearShare Applications\MediaBar\1.bin\BEARSMBR.DLL" [2006-08-23 22:35 233472]
[HKEY_CLASSES_ROOT\clsid\{e49ce899-cd83-4841-8cc9-6e284d7978d0}]
[HKEY_CLASSES_ROOT\TypeLib\{E49CE890-CD83-4841-8CC9-6E284D7978D0}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HomeAlarm"="C:\Program Files\Chameleon Clock\ChamClock.exe" [2007-07-31 14:29 637440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-07-15 11:42 4112384]
"nwiz"="nwiz.exe" [2004-07-15 11:42 843776 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-07-15 11:42 81920]
"CHotkey"="mHotkey.exe" [2001-10-15 17:42 471040 C:\WINDOWS\mHotkey.exe]
"mouseElf"="C:\PROGRA~1\SCROLL~1\MouseElf.EXE" [2005-02-25 09:02 184320]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"C-Media Mixer"="Mixer.exe" [2002-10-15 19:00 1818624 C:\WINDOWS\mixer.exe]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 13:36 229376]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-04-05 23:04 2957824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-20 18:05 13312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="" []
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{356B3A99-01D7-512D-113C-EBA850C10473}"= C:\DOCUME~1\SVA~1\LOCALS~1\Temp\servsys.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dbgmgr]
ifcmgr32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msormsxm]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2008-04-05 23:04]
R3 genmcmnUSB;USB Scroll Mouse Driver;C:\WINDOWS\System32\DRIVERS\gflmouhid.sys [2005-01-13 11:25]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\System32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys [2002-08-29 01:35]
S2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\System32\DRIVERS\nvtvsnd.sys [2003-04-09 10:47]
S3 ATICDSDr;ATICDSDr;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ATICDSDr.sys []
S3 hide_evr2;!!!!;C:\WINDOWS\hide_evr2.sys []
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-19 21:04:12
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"CHotkey"="mHotkey.exe"
.
Completion time: 2008-04-19 21:07:30
ComboFix-quarantined-files.txt 2008-04-19 19:06:58
Adresářů: 8, Volných bajtů: 17,613,541,376
Adresářů: 15, Volných bajtů: 17,622,859,776
ComboFix 08-04-16.5 - síva 2008-04-19 20:59:15.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.479 [GMT 2:00]
Running from: C:\Documents and Settings\síva\Plocha\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\.protected
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\.protected
C:\Documents and Settings\LocalService\Data aplikací\NetMon
C:\Documents and Settings\LocalService\Data aplikací\NetMon\domains.txt
C:\Documents and Settings\LocalService\Data aplikací\NetMon\log.txt
C:\Documents and Settings\síva\Data aplikací\NetMon
C:\Documents and Settings\síva\Data aplikací\NetMon\domains.txt
C:\Documents and Settings\síva\Data aplikací\NetMon\log.txt
C:\Documents and Settings\síva\Nabídka Start\Programy\Po spuštění\.protected
C:\Documents and Settings\síva\Oblíbené položky\Error Cleaner.url
C:\Documents and Settings\síva\Oblíbené položky\Privacy Protector.url
C:\Documents and Settings\síva\Oblíbené položky\Spyware&Malware Protection.url
C:\Program Files\Common Files\{34E11~1
C:\Program Files\Common Files\{34E11~1\UnInstall.exe
C:\Program Files\Common Files\{64E11~1
C:\Program Files\Common Files\{64E11~1\services.dll
C:\Program Files\Common Files\{64E11~2
C:\Program Files\Common Files\misc001
C:\Program Files\Common Files\simtest
C:\Program Files\Common Files\simtest\svchostsys.bat
C:\Program Files\Common Files\simtest\temp.txt
C:\Program Files\Common Files\svchostsys
C:\Program Files\Common Files\svchostsys\ICSharpCode.SharpZipLib.dll
C:\Program Files\Common Files\svchostsys\svchostsys.exe.config
C:\Program Files\Common Files\svchostsys\svchostupdate.exe.config
C:\Program Files\Common Files\svchostsys\Version.txt
C:\Program Files\ipwins
C:\Program Files\ipwins\count.dat
C:\Program Files\ipwins\data.dat
C:\Program Files\ipwins\date.dat
C:\Program Files\ipwins\Desktop.ini
C:\Program Files\ipwins\s12s.1.dat
C:\Program Files\ipwins\s19c.6.dat
C:\Program Files\ipwins\s19c.dat
C:\Program Files\ipwins\s1ec.2.dat
C:\Program Files\ipwins\s1q4.4.dat
C:\Program Files\ipwins\s1qc.3.dat
C:\Program Files\ipwins\s1rs.1.dat
C:\Program Files\ipwins\s1ts.8.dat
C:\Program Files\ipwins\s1v0.1.dat
C:\Program Files\ipwins\s1v8.1.dat
C:\Program Files\ipwins\s3u4.1.dat
C:\Program Files\ipwins\sbo.2.dat
C:\Program Files\ipwins\settings.dat
C:\Program Files\ipwins\settingsDate.dat
C:\Program Files\ipwins\Uninst.exe
C:\Program Files\network monitor
C:\Program Files\network monitor\Desktop.ini
C:\Program Files\printview
C:\Program Files\printview\Desktop.ini
C:\Program Files\printview\hotlist.dat
C:\Program Files\printview\chnlist.dat
C:\Program Files\printview\remlist.dat
C:\Program Files\tclock\tclock_install.exe
C:\WINDOWS\.protected
C:\WINDOWS\drsmartload2.dat
C:\WINDOWS\Installer\{61bb9811-c1c2-4354-999b-3cebf1e92a27}\UnknownDrive.dll
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\newname.dat
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\cent.exe.exe
C:\WINDOWS\system32\drivers\etc\.protected
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\unsvchosts.lzma
C:\WINDOWS\system32\w00392ca.dll
C:\WINDOWS\system32\windev-peers.ini
C:\WINDOWS\system32\winsub.xml
C:\WINDOWS\teller2.chk
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CLIENT_IP-IPX
-------\Legacy_NETWORK_MONITOR
-------\Legacy_WINCOM32
-------\Legacy_WINDEV-C37-6184
-------\Service_Network Monitor
-------\Service_windev-c37-6184
((((((((((((((((((((((((( Files Created from 2008-03-19 to 2008-04-19 )))))))))))))))))))))))))))))))
.
2008-04-18 23:17 . 2008-04-19 20:58 <DIR> d-------- C:\Program Files\Chameleon Clock
2008-04-16 17:13 . 2008-04-16 17:13 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-16 16:59 . 2008-04-16 17:17 <DIR> d-------- C:\SDFix
2008-04-15 14:10 . 2008-04-15 14:10 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-13 13:26 . 2008-04-13 13:26 <DIR> d-------- C:\Program Files\CCleaner
2008-04-06 21:46 . 2008-04-06 21:52 <DIR> d-------- C:\Documents and Settings\síva\Data aplikací\PC-Cleaner
2008-04-06 11:51 . 2008-04-06 11:51 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-04-05 23:04 . 2008-04-13 11:43 <DIR> d-------- C:\Documents and Settings\síva\Data aplikací\Spyware Terminator
2008-04-05 23:04 . 2008-04-07 15:15 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-04-05 23:04 . 2008-04-05 23:04 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-04-05 23:03 . 2008-04-14 16:46 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-04-05 19:26 . 2008-04-05 23:22 <DIR> d-------- C:\Documents and Settings\síva\Data aplikací\TmpRecentIcons
2008-04-05 15:03 . 2008-04-19 20:58 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-04-05 15:03 . 2008-04-19 20:58 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-04-05 15:01 . 2008-04-19 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab
2008-04-05 15:01 . 2008-04-19 20:53 2,802,720 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-05 15:01 . 2008-04-19 20:54 41,504 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-05 15:01 . 2008-04-17 17:06 37,628 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-05 15:01 . 2008-04-17 17:06 4,340 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-05 03:26 . 2008-04-05 03:26 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ujazuhif
2008-04-05 03:26 . 2008-04-05 03:26 106,496 --a------ C:\WINDOWS\system32\cfidurch.exe
2008-03-26 16:33 . 2008-03-26 16:33 <DIR> d-------- C:\Logs
2008-03-24 16:55 . 2008-04-05 02:16 <DIR> d-------- C:\Documents and Settings\síva\Phone Browser
2008-03-24 16:55 . 2008-04-05 02:16 <DIR> d-------- C:\Documents and Settings\síva\Phone Browser
2008-03-24 16:55 . 2008-04-05 02:16 <DIR> d-------- C:\Documents and Settings\síva\Data aplikací\Datalayer
2008-03-24 16:40 . 2008-03-24 16:40 <DIR> d-------- C:\Program Files\DIFX
2008-03-24 16:40 . 2008-03-28 17:58 <DIR> d-------- C:\Documents and Settings\síva\Data aplikací\Nokia
2008-03-24 16:39 . 2008-03-24 16:43 <DIR> d-------- C:\Program Files\Nokia
2008-03-24 16:39 . 2008-03-24 16:39 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-03-24 16:39 . 2008-03-24 16:39 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-03-24 16:39 . 2008-03-28 18:06 <DIR> d-------- C:\Documents and Settings\síva\Data aplikací\PC Suite
2008-03-24 16:39 . 2008-03-24 16:40 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\PC Suite
2008-03-24 16:38 . 2008-03-24 16:38 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Downloaded Installations
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-19 18:58 --------- d-----w C:\Program Files\Chameleon Clock
2008-04-18 14:18 --------- d-----w C:\Program Files\Free Desktop Clock
2008-04-18 13:54 --------- d-s---w C:\Program Files\ICQToolbar
2008-04-17 15:00 --------- d-s---w C:\Program Files\TClock
2008-04-14 17:42 --------- d-----w C:\Documents and Settings\síva\Data aplikací\OpenOffice.org2
2008-04-06 09:28 --------- d-s---w C:\Program Files\DAEMON Tools
2008-04-05 13:01 --------- d-s---w C:\Program Files\Kaspersky Lab
2008-04-02 15:26 --------- d-----w C:\Program Files\World of Warcraft
2008-03-26 15:50 --------- d-----w C:\Program Files\MobMapUpdater
2008-03-22 16:00 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-03-22 13:09 --------- d-----w C:\Documents and Settings\síva\Data aplikací\Vso
2008-03-19 14:12 --------- d-----w C:\Documents and Settings\síva\Data aplikací\PSpad
2008-03-17 15:39 --------- d-----w C:\Program Files\PSPad editor
2008-03-16 15:54 --------- d-----w C:\Program Files\Graffiti Studio 2.0
2008-03-08 11:15 --------- d-----w C:\Program Files\Ventrilo
2008-03-08 11:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-28 20:41 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll
2008-02-28 20:25 --------- d-----w C:\Documents and Settings\síva\Data aplikací\Skype
2008-02-24 07:55 --------- d-----w C:\Program Files\The KMPlayer
2008-02-24 06:55 --------- d-s---w C:\Program Files\VSO
2008-02-23 17:29 --------- d-s---w C:\Program Files\mpegable
2008-02-19 20:04 --------- d-----w C:\Documents and Settings\síva\Data aplikací\BearShare
2008-02-08 16:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
2008-01-29 19:54 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-01-29 19:54 286,720 ------w C:\WINDOWS\Setup1.exe
2007-11-08 16:56 20,128 ----a-w C:\Documents and Settings\síva\Data aplikací\GDIPFONTCACHEV1.DAT
2007-03-08 20:08 87,608 ----a-w C:\Documents and Settings\síva\Data aplikací\ezpinst.exe
2007-03-08 20:08 47,360 ----a-w C:\Documents and Settings\síva\Data aplikací\pcouffin.sys
2007-01-21 15:31 69 --sh--w C:\Program Files\Common Files\Desktop.ini
2005-07-29 14:24 472 --sha-r C:\WINDOWS\SmFrdWIgU2l2YWs\mAIOxqK0oZ5ZsqP.vbs
2005-09-19 15:16 56 --sh--r C:\WINDOWS\system32\C28E70D890.sys
2005-09-19 15:16 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
------- Sigcheck -------
2002-09-20 18:05 1852928 7f35b42175ddebebc9a86251ad5aad70 C:\WINDOWS\explorer.exe
2004-08-18 00:49 1032704 53114d57ab73a406ac7f602227781a99 C:\WINDOWS\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E49CE899-CD83-4841-8CC9-6E284D7978D0}"= "C:\Program Files\BearShare Applications\MediaBar\1.bin\BEARSMBR.DLL" [2006-08-23 22:35 233472]
[HKEY_CLASSES_ROOT\clsid\{e49ce899-cd83-4841-8cc9-6e284d7978d0}]
[HKEY_CLASSES_ROOT\TypeLib\{E49CE890-CD83-4841-8CC9-6E284D7978D0}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HomeAlarm"="C:\Program Files\Chameleon Clock\ChamClock.exe" [2007-07-31 14:29 637440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-07-15 11:42 4112384]
"nwiz"="nwiz.exe" [2004-07-15 11:42 843776 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-07-15 11:42 81920]
"CHotkey"="mHotkey.exe" [2001-10-15 17:42 471040 C:\WINDOWS\mHotkey.exe]
"mouseElf"="C:\PROGRA~1\SCROLL~1\MouseElf.EXE" [2005-02-25 09:02 184320]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"C-Media Mixer"="Mixer.exe" [2002-10-15 19:00 1818624 C:\WINDOWS\mixer.exe]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 13:36 229376]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-04-05 23:04 2957824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-20 18:05 13312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="" []
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{356B3A99-01D7-512D-113C-EBA850C10473}"= C:\DOCUME~1\SVA~1\LOCALS~1\Temp\servsys.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dbgmgr]
ifcmgr32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msormsxm]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2008-04-05 23:04]
R3 genmcmnUSB;USB Scroll Mouse Driver;C:\WINDOWS\System32\DRIVERS\gflmouhid.sys [2005-01-13 11:25]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\System32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys [2002-08-29 01:35]
S2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\System32\DRIVERS\nvtvsnd.sys [2003-04-09 10:47]
S3 ATICDSDr;ATICDSDr;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ATICDSDr.sys []
S3 hide_evr2;!!!!;C:\WINDOWS\hide_evr2.sys []
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-19 21:04:12
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"CHotkey"="mHotkey.exe"
.
Completion time: 2008-04-19 21:07:30
ComboFix-quarantined-files.txt 2008-04-19 19:06:58
Adresářů: 8, Volných bajtů: 17,613,541,376
Adresářů: 15, Volných bajtů: 17,622,859,776
Re: Prosím o pomoc - Vyskakovaci okna
Tak teď toto:
Opět vypněte veškeré spuštěné programy (webový prohlížeč, messenger, ...). Přesuňte Combofix na plochu (pokud ho tam ještě nemáte) - otevřete si poznámkový blok - do něj zkopírujte text z nasledujícího okna:
Text uložte jako CFScript.txt na plochu - po uložení uchopte vámi vytvořený soubor .txt levým tlačítkem myši a přesuňte jej nad ikonu ComboFixu - nad ikonou ComboFixu soubor .txt upusťte - spustí se ComboFix - a CF začne znova scanovat, nakonci scanování se pokusí CF smazat zadané soubory či něco jiného, co jsme mu zadali - po provedení akce se opět zobrazí okno poznámkového bloku s textem, který sem zkopírujte a vyčkejte prosím na další rady :)
+ pročistit CCleanerem, nový HJT a napsat, jak se chová pc.
Opět vypněte veškeré spuštěné programy (webový prohlížeč, messenger, ...). Přesuňte Combofix na plochu (pokud ho tam ještě nemáte) - otevřete si poznámkový blok - do něj zkopírujte text z nasledujícího okna:
Kód: Vybrat vše
File::
C:\WINDOWS\system32\C28E70D890.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\WINDOWS\SmFrdWIgU2l2YWs\mAIOxqK0oZ5ZsqP.vbs
C:\WINDOWS\system32\cfidurch.exe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E49CE899-CD83-4841-8CC9-6E284D7978D0}"=-
[-HKEY_CLASSES_ROOT\clsid\{e49ce899-cd83-4841-8cc9-6e284d7978d0}]
[-HKEY_CLASSES_ROOT\TypeLib\{E49CE890-CD83-4841-8CC9-6E284D7978D0}]
[-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dbgmgr]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msormsxm]
Driver::
hide_evr2Text uložte jako CFScript.txt na plochu - po uložení uchopte vámi vytvořený soubor .txt levým tlačítkem myši a přesuňte jej nad ikonu ComboFixu - nad ikonou ComboFixu soubor .txt upusťte - spustí se ComboFix - a CF začne znova scanovat, nakonci scanování se pokusí CF smazat zadané soubory či něco jiného, co jsme mu zadali - po provedení akce se opět zobrazí okno poznámkového bloku s textem, který sem zkopírujte a vyčkejte prosím na další rady :)
+ pročistit CCleanerem, nový HJT a napsat, jak se chová pc.
Re: Prosím o pomoc - Vyskakovaci okna
Jde to i takhle, viry.cz (SmitFraudFix http://www.viry.cz/forum/viewtopic.php?t=16475
Re: Prosím o pomoc - Vyskakovaci okna
Jistěže by to šlo jinak, tím SFF si zrovna nejsem moc jistý, nicméně když už tu je ten CF, tak bych pokračoval a nenutil uživatele stahovat zase další program.
Re: Prosím o pomoc - Vyskakovaci okna
omlouvam se, jen se mi to zda rychlejsi a na pochopeni snazsi 
Re: Prosím o pomoc - Vyskakovaci okna
Nevadí. Když budeš vědět, tak klidně pomáhej, budem jen rádi. Měj se.
Re: Prosím o pomoc - Vyskakovaci okna
PC zatim v Poradku + log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:49:06, on 19.4.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Free Desktop Clock\DesktopClock.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {DC59A0D4-0ED6-4A73-B356-1B977F2A7725} - (no file)
O3 - Toolbar: (no name) - {44d22a64-2399-4edf-8b32-f2c729c1e8a7} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {5F05A807-F90E-4A77-B290-279D0652C2A3} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\SCROLL~1\MouseElf.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Free Desktop Clock\DesktopClock.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] (User 'Default user')
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4465346981
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} - http://www.tbcode.com/ist/softwares/v4. ... cracks.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E403B650-EBCF-4B0F-92F5-F56B46E5CF66}: NameServer = 192.168.3.222,112.168.3.222
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:49:06, on 19.4.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Free Desktop Clock\DesktopClock.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {DC59A0D4-0ED6-4A73-B356-1B977F2A7725} - (no file)
O3 - Toolbar: (no name) - {44d22a64-2399-4edf-8b32-f2c729c1e8a7} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {5F05A807-F90E-4A77-B290-279D0652C2A3} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\SCROLL~1\MouseElf.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Free Desktop Clock\DesktopClock.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] (User 'Default user')
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4465346981
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} - http://www.tbcode.com/ist/softwares/v4. ... cracks.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E403B650-EBCF-4B0F-92F5-F56B46E5CF66}: NameServer = 192.168.3.222,112.168.3.222
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
Re: Prosím o pomoc - Vyskakovaci okna
No ještě mám několik připomínek k logu:
1.- Máš jen SP1, to nestačí. Doporučuji nainstalovat SP2 a všechny dostupné aktualizace pro tvůj počítač.
2.- Nevím ve spuštěných procesech běžet antivir. Zapni jeho rezidentní štít.
3.- Zbytečnosti fixni:
R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {DC59A0D4-0ED6-4A73-B356-1B977F2A7725} - (no file)
O3 - Toolbar: (no name) - {44d22a64-2399-4edf-8b32-f2c729c1e8a7} - (no file)
O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O3 - Toolbar: (no name) - {5F05A807-F90E-4A77-B290-279D0652C2A3} - (no file)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
+ použij T-Cleaner, smaže soubory/složky po CF atd.
Kdyby něco neváhej nác kontaktovat.
\\EDIT: Nenašel by se ještě log po tom přetahování CFScript.txt na ikonku CF? Aby tam náhodou něco nezůstalo.
1.- Máš jen SP1, to nestačí. Doporučuji nainstalovat SP2 a všechny dostupné aktualizace pro tvůj počítač.
2.- Nevím ve spuštěných procesech běžet antivir. Zapni jeho rezidentní štít.
3.- Zbytečnosti fixni:
R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {DC59A0D4-0ED6-4A73-B356-1B977F2A7725} - (no file)
O3 - Toolbar: (no name) - {44d22a64-2399-4edf-8b32-f2c729c1e8a7} - (no file)
O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O3 - Toolbar: (no name) - {5F05A807-F90E-4A77-B290-279D0652C2A3} - (no file)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
+ použij T-Cleaner, smaže soubory/složky po CF atd.
Kdyby něco neváhej nác kontaktovat.
\\EDIT: Nenašel by se ještě log po tom přetahování CFScript.txt na ikonku CF? Aby tam náhodou něco nezůstalo.
Re: Prosím o pomoc - Vyskakovaci okna
Prominte , ze se ozivam tak pozdeji, ted uz me pocitac funguje normalne, nic nevyskakuje a naistaloval jsme i SP 2. Takze moc diky
Re: Prosím o pomoc - Vyskakovaci okna
Ok, kdyby něco tak dejte vědět.
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 4 hosti