Prosím o kontrolu logu nutné

[Itea]

prosím o kontrolu.na ploše pořád nápis YOUR PRIVACY IS IN DANGER.pořád se mi otvíraji stranky s nejakejma fake antivirama at to stahnu, vedle času na lište napsano: VIRUS ALERT!!strašně zpomalenej PC..CPU 100% nonstop . pls moc help.nevim jak dal MWAV nic nesmazal..diks

Logfile of HijackThis v1.99.1
Scan saved at 14:42: VIRUS ALERT!, on 23.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rmctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\wincmd\TOTALCMD.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Prog\Security\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: QXK Olive - {7E1C93A1-907F-4F3F-955A-5B46BA08457D} - C:\WINDOWS\kgxmotapvqf.dll
O2 - BHO: Cole2k Media Toolbar Helper - {C672F4AB-780B-45C0-BAEC-91F455C86F8D} - C:\Program Files\Cole2k Media Toolbar\v3.2.0.0\Cole2k_Media_Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Cole2k Media Toolbar - {2D2DE234-AB9F-4345-9D17-94FA78BA37E3} - C:\Program Files\Cole2k Media Toolbar\v3.2.0.0\Cole2k_Media_Toolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: qndsfmao - {8925A538-F508-4A3E-8AF9-6C39E2D3AE7B} - C:\WINDOWS\qndsfmao.dll
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [bc6f63eb] rundll32.exe "C:\WINDOWS\system32\vavhhleo.dll",b
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - Startup: Zástupce - speedfan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O4 - Startup: Zástupce - TOTALCMD.lnk = C:\wincmd\TOTALCMD.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: kvxqmtre - {2A79AAE2-2F51-4394-B9DA-75F4374849FC} - C:\WINDOWS\kvxqmtre.dll
O21 - SSODL: evgratsm - {8DAD8161-D4AE-4218-88EF-4BF9FF8FE410} - C:\WINDOWS\evgratsm.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Eset HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

[Reklama]

[fredik]

Stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Itea]

tak sem to stahnul...spustil jsem, začlo to neco ukladat, mazat..restartoval se pocitac..ComboFix se spustil.ale nic to nedelalo porad tam bylo napsano : Preparing log Report.Do not run any programs atd...Potom porad vyskakovala tabulka Správce zakázal upravy registrůů..a nic

[fredik]

Zkus se mrknout jestli ten log nemáš tam kde bylo napsáno, případně pak zde: C:\ComboFix\ComboFix.txt

Jinak pokud máš ComboFix na ploše tak požij tento příkaz:
Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře:
"%userprofile%\Plocha\ComboFix.exe" /f3m a dej Ok.
- pak sem vlož log co se ti zobrazí.

[Itea]

tak je to tady:

((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))
.

2008-07-23 17:31 . 2008-07-23 17:31 <DIR> d-------- C:\WINDOWS\privacy_danger
2008-07-23 12:39 . 2008-07-23 12:40 5,419,064 --a------ C:\WINDOWS\REGBK16.ZIP
2008-07-23 12:11 . 2008-07-15 06:46 503,808 --a------ C:\WINDOWS\kgxmotapvqf.dll
2008-07-23 12:11 . 2008-07-15 06:46 401,408 --a------ C:\WINDOWS\kvxqmtre.dll
2008-07-23 12:11 . 2008-07-15 06:46 348,160 --a------ C:\WINDOWS\evgratsm.dll
2008-07-23 12:11 . 2008-07-15 06:46 167,936 --a------ C:\WINDOWS\agpqlrfm.exe
2008-07-23 12:11 . 2008-07-15 06:46 159,744 --a------ C:\WINDOWS\qndsfmao.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-23 17:31 --------- d-----w C:\Documents and Settings\Adam\Data aplikací\MegauploadToolbar
2008-07-23 15:52 --------- d-----w C:\Program Files\ICQToolbar
2008-07-23 13:37 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2008-07-23 11:17 --------- d-----w C:\Program Files\SpeedFan
2008-07-23 09:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-23 09:37 --------- d-----w C:\Documents and Settings\Adam\Data aplikací\Hamachi
2008-06-09 19:24 --------- d-----w C:\Documents and Settings\Vlada\Data aplikací\MEGAUPLOADTOOLBAR
2008-06-09 18:49 --------- d-----w C:\Documents and Settings\Vlada\Data aplikací\Skype
2008-06-09 12:19 --------- d-----w C:\Program Files\Sun
2008-06-09 12:18 --------- d-----w C:\Program Files\Java
2008-06-07 16:08 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\FLEXnet
2008-06-04 19:11 --------- d-----w C:\Program Files\ScreenShots
2008-06-01 18:53 --------- d-----w C:\Program Files\Bonjour
2008-06-01 18:29 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-06-01 18:28 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-01 13:44 --------- d-----w C:\Program Files\MP Software
2008-06-01 13:43 --------- d-----w C:\Program Files\Mandomartis
2008-06-01 12:26 --------- d-----w C:\Documents and Settings\Adam\Data aplikací\Nvu
2008-06-01 12:25 --------- d-----w C:\Program Files\Nvu
2008-06-01 11:55 --------- d-----w C:\Program Files\BlueVoda Website Builder
2008-06-01 11:54 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-06-01 11:47 --------- d-----w C:\Program Files\Web Studio
2008-06-01 11:43 --------- d-----w C:\Program Files\FFFF
2008-05-31 10:59 --------- d-----w C:\Program Files\VirtualDJ
2008-05-30 06:36 --------- d-----w C:\Documents and Settings\Mamka\Data aplikací\uTorrent
2008-05-28 14:18 5,106,697 ----a-w C:\WINDOWS\REGBK15.ZIP
2008-05-25 10:01 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-05-04 19:47 5,120,207 ----a-w C:\WINDOWS\REGBK14.ZIP
2007-04-16 19:32 3,118,878 ----a-w C:\Program Files\FTPORTX.EXE
.

((((((((((((((((((((((((((((( snapshot@2008-07-23_17.13.22.62 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-23 10:55:18 73,326 ----a-w C:\WINDOWS\system32\perfc005.dat
+ 2008-07-23 14:59:32 73,326 ----a-w C:\WINDOWS\system32\perfc005.dat
- 2008-07-23 10:55:18 62,286 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-07-23 14:59:32 62,286 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-07-23 10:55:18 397,976 ----a-w C:\WINDOWS\system32\perfh005.dat
+ 2008-07-23 14:59:32 397,976 ----a-w C:\WINDOWS\system32\perfh005.dat
- 2008-07-23 10:55:18 400,624 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-07-23 14:59:33 400,624 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E1C93A1-907F-4F3F-955A-5B46BA08457D}]
2008-07-15 06:46 503808 --a------ C:\WINDOWS\kgxmotapvqf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C672F4AB-780B-45C0-BAEC-91F455C86F8D}]
2008-01-06 20:09 798720 --a------ C:\Program Files\Cole2k Media Toolbar\v3.2.0.0\Cole2k_Media_Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2D2DE234-AB9F-4345-9D17-94FA78BA37E3}"= "C:\Program Files\Cole2k Media Toolbar\v3.2.0.0\Cole2k_Media_Toolbar.dll" [2008-01-06 20:09 798720]
"{8925A538-F508-4A3E-8AF9-6C39E2D3AE7B}"= "C:\WINDOWS\qndsfmao.dll" [2008-07-15 06:46 159744]

[HKEY_CLASSES_ROOT\clsid\{2d2de234-ab9f-4345-9d17-94fa78ba37e3}]

[HKEY_CLASSES_ROOT\clsid\{8925a538-f508-4a3e-8af9-6c39e2d3ae7b}]
[HKEY_CLASSES_ROOT\qndsfmao.1]
[HKEY_CLASSES_ROOT\TypeLib\{4CD31694-4DD4-491B-A20D-C4EA0FA3CC11}]
[HKEY_CLASSES_ROOT\qndsfmao]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2D2DE234-AB9F-4345-9D17-94FA78BA37E3}"= "C:\Program Files\Cole2k Media Toolbar\v3.2.0.0\Cole2k_Media_Toolbar.dll" [2008-01-06 20:09 798720]

[HKEY_CLASSES_ROOT\clsid\{2d2de234-ab9f-4345-9d17-94fa78ba37e3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QIP2005"="C:\Program Files\QIP\qip.exe" [2008-07-01 18:34 3256320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[fredik]

Ten log z Combofix jsi našel nebo jsi použil druhou variantu, protože ten log není celý?

Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: QXK Olive - {7E1C93A1-907F-4F3F-955A-5B46BA08457D} - C:\WINDOWS\kgxmotapvqf.dll
O3 - Toolbar: qndsfmao - {8925A538-F508-4A3E-8AF9-6C39E2D3AE7B} - C:\WINDOWS\qndsfmao.dll
O4 - HKLM\..\Run: [bc6f63eb] rundll32.exe "C:\WINDOWS\system32\vavhhleo.dll",b
O21 - SSODL: kvxqmtre - {2A79AAE2-2F51-4394-B9DA-75F4374849FC} - C:\WINDOWS\kvxqmtre.dll
O21 - SSODL: evgratsm - {8DAD8161-D4AE-4218-88EF-4BF9FF8FE410} - C:\WINDOWS\evgratsm.dll
po zaškrtnutí klikni na tlačítko Fix Checked

Stáhni si Avenger (by Swandog46) a spusť ho pod účtem administrátora.
- objeví se ti hláška kterou odklikni přes Ok
Vlož si tam tento celý skript označený zeleně:
Files to delete:
C:\WINDOWS\kgxmotapvqf.dll
C:\WINDOWS\kvxqmtre.dll
C:\WINDOWS\evgratsm.dll
C:\WINDOWS\agpqlrfm.exe
C:\WINDOWS\qndsfmao.dll
C:\WINDOWS\system32\vavhhleo.dll

Folders to delete:
C:\WINDOWS\privacy_danger
- označ si celý skript a zkopíruj do schránky
- pak si ho vlož do avengeru přes toto tlačítko
- skrip se ti vloží do prázdného okna pod nadpisem: Input script here:
- pak klikni na tlačítko Execute
Budeš dotázán na to jestli chceš provést skript tak zvol Ano
- po proběhnutí prvního kroku budeš dotázán na na restart počítače tak zvol znovu Ano

Vlož sem pak log z Avengeru a dej sem i nový log z ComboFix. Pokud by ti nevyběhl log tak použij druhou variantu co byla zmíněna.

[Itea]

tu druhou variantu..vse udelám

[Itea]

log z avengeru

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\WINDOWS\kgxmotapvqf.dll" not found!
Deletion of file "C:\WINDOWS\kgxmotapvqf.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\kvxqmtre.dll" deleted successfully.
File "C:\WINDOWS\evgratsm.dll" deleted successfully.
File "C:\WINDOWS\agpqlrfm.exe" deleted successfully.
File "C:\WINDOWS\qndsfmao.dll" deleted successfully.

Error: file "C:\WINDOWS\system32\vavhhleo.dll" not found!
Deletion of file "C:\WINDOWS\system32\vavhhleo.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Folder "C:\WINDOWS\privacy_danger" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[Itea]

a combofix..ale porad toho tam je nejak malo...zase sem musel druhou variantou

ComboFix 08-07-14.2 - Adam 2008-07-23 21:32:16.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.679 [GMT 2:00]
Running from: C:\Documents and Settings\Adam\Plocha\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Adam\Oblíbené položky\Error Cleaner.url
C:\Documents and Settings\Adam\Oblíbené položky\Privacy Protector.url
C:\Documents and Settings\Adam\Oblíbené položky\Spyware&Malware Protection.url
C:\Documents and Settings\Adam\Plocha\Error Cleaner.url
C:\Documents and Settings\Adam\Plocha\Privacy Protector.url
C:\Documents and Settings\Adam\Plocha\Spyware&Malware Protection.url
C:\Documents and Settings\Mamka\Oblíbené položky\Error Cleaner.url
C:\Documents and Settings\Mamka\Oblíbené položky\Privacy Protector.url
C:\Documents and Settings\Mamka\Oblíbené položky\Spyware&Malware Protection.url
C:\Documents and Settings\Mamka\Plocha\Error Cleaner.url
C:\Documents and Settings\Mamka\Plocha\Privacy Protector.url
C:\Documents and Settings\Mamka\Plocha\Spyware&Malware Protection.url
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com

.
((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))
.

2008-07-23 12:39 . 2008-07-23 12:40 5,419,064 --a------ C:\WINDOWS\REGBK16.ZIP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-23 15:52 --------- d-----w C:\Program Files\ICQToolbar
2008-07-23 11:17 --------- d-----w C:\Program Files\SpeedFan
2008-07-23 09:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-09 12:19 --------- d-----w C:\Program Files\Sun
2008-06-09 12:18 --------- d-----w C:\Program Files\Java
2008-06-04 19:11 --------- d-----w C:\Program Files\ScreenShots
2008-06-01 18:53 --------- d-----w C:\Program Files\Bonjour
2008-06-01 18:29 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-06-01 18:28 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-01 13:44 --------- d-----w C:\Program Files\MP Software
2008-06-01 13:43 --------- d-----w C:\Program Files\Mandomartis
2008-06-01 12:25 --------- d-----w C:\Program Files\Nvu
2008-06-01 11:55 --------- d-----w C:\Program Files\BlueVoda Website Builder
2008-06-01 11:54 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-06-01 11:47 --------- d-----w C:\Program Files\Web Studio
2008-06-01 11:43 --------- d-----w C:\Program Files\FFFF
2008-05-31 10:59 --------- d-----w C:\Program Files\VirtualDJ
2008-05-28 14:18 5,106,697 ----a-w C:\WINDOWS\REGBK15.ZIP
2008-05-04 19:47 5,120,207 ----a-w C:\WINDOWS\REGBK14.ZIP
2007-04-16 19:32 3,118,878 ----a-w C:\Program Files\FTPORTX.EXE
.

[fredik]

Stáhni si Deckard's System Scanner (DSS) a ulož si ho na plochu
- ukonči všechna aktivní okna a spusť ho
- potvrď licenční podmínky a postupuj podle pokynů
- začne prohlídka systému
- po ukončení kontroly program vytvoří dva logy a zobrazí je: main.txt a extra.txt, tak sem vlož obsah souboru/logu main.txt
- jinak jsou logy uloženy v adresáři: c:\Deckard\System Scanner\

[Itea]

provedeno...main.txt

Deckard's System Scanner v20071014.68
Run by Adam on 2008-07-23 21:49:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-07-23 19:49:56 UTC - RP3 - Deckard's System Scanner Restore Point
2: 2008-07-23 14:46:34 UTC - RP2 - ComboFix created restore point
1: 2008-07-23 14:40:56 UTC - RP1 - Kontrolní bod systému


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 1.52 GiB (less than 15%) free.


-- HijackThis (run as Adam.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 21:50, on 2008-07-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rmctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\wincmd\TOTALCMD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
D:\download\zatim\dss.exe
D:\Prog\Security\Adam.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Cole2k Media Toolbar Helper - {C672F4AB-780B-45C0-BAEC-91F455C86F8D} - C:\Program Files\Cole2k Media Toolbar\v3.2.0.0\Cole2k_Media_Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Cole2k Media Toolbar - {2D2DE234-AB9F-4345-9D17-94FA78BA37E3} - C:\Program Files\Cole2k Media Toolbar\v3.2.0.0\Cole2k_Media_Toolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: evgratsm - {3D2D9F5A-D6A5-4BAE-B672-51F5F86D78E0} - C:\WINDOWS\evgratsm.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Eset HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


-- HijackThis Fixed Entries (D:\Prog\Security\backups\) ------------------------

backup-20080723-212127-134 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20080723-212127-215 O2 - BHO: QXK Olive - {7E1C93A1-907F-4F3F-955A-5B46BA08457D} - C:\WINDOWS\kgxmotapvqf.dll
backup-20080723-212127-320 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20080723-212127-444 O3 - Toolbar: qndsfmao - {8925A538-F508-4A3E-8AF9-6C39E2D3AE7B} - C:\WINDOWS\qndsfmao.dll
backup-20080723-212127-499 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
backup-20080723-212127-625 O21 - SSODL: evgratsm - {8DAD8161-D4AE-4218-88EF-4BF9FF8FE410} - C:\WINDOWS\evgratsm.dll
backup-20080723-212127-711 O21 - SSODL: kvxqmtre - {2A79AAE2-2F51-4394-B9DA-75F4374849FC} - C:\WINDOWS\kvxqmtre.dll
backup-20080723-212127-715 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil(c)>
R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R1 meiudf - c:\windows\system32\drivers\meiudf.sys <Not Verified; Matsushita Electric Industrial Co.,Ltd.; >
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

S3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver>
S3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
S3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
S3 catchme - c:\combofix\catchme.sys (file missing)
S3 Devx - c:\windows\system32\drivers\devx.sys
S3 kvpndev (Kerio VPN adapter) - c:\windows\system32\drivers\kvpndrv.sys <Not Verified; Kerio Technologies; Kerio VPN driver>
S3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
S3 VtPr - c:\windows\system32\drivers\vtpr.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 DVD-RAM_Service - c:\windows\system32\dvdramsv.exe <Not Verified; Matsushita Electric Industrial Co., Ltd.; >

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: Řadič RAID
Device ID: PCI\VEN_105A&DEV_3373&SUBSYS_80F51043&REV_02\3&267A616A&0&40
Manufacturer:
Name: Řadič RAID
PNP Device ID: PCI\VEN_105A&DEV_3373&SUBSYS_80F51043&REV_02\3&267A616A&0&40
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Řadič RAID
Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_80ED1043&REV_80\3&267A616A&0&78
Manufacturer:
Name: Řadič RAID
PNP Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_80ED1043&REV_80\3&267A616A&0&78
Service:


-- Scheduled Tasks -------------------------------------------------------------

2007-11-07 13:50:42 356 --a------ C:\WINDOWS\Tasks\Pareto UNS.job
2007-01-13 23:02:55 298 --a------ C:\WINDOWS\Tasks\XoftSpy.job


-- Files created between 2008-06-23 and 2008-07-23 -----------------------------

2008-07-23 21:35:21 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-07-23 16:40:44 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-23 16:40:43 68096 --a------ C:\WINDOWS\zip.exe
2008-07-23 16:40:43 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-23 16:40:43 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-23 16:40:43 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-23 16:40:43 98816 --a------ C:\WINDOWS\sed.exe
2008-07-23 16:40:43 80412 --a------ C:\WINDOWS\grep.exe
2008-07-23 16:40:43 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >


-- Find3M Report ---------------------------------------------------------------

2008-07-23 21:12:23 0 d-------- C:\Documents and Settings\Adam\Data aplikací\MegauploadToolbar
2008-07-23 17:52:06 0 d-------- C:\Program Files\ICQToolbar
2008-07-23 16:59:32 397976 --a------ C:\WINDOWS\system32\perfh005.dat
2008-07-23 16:59:32 73326 --a------ C:\WINDOWS\system32\perfc005.dat
2008-07-23 13:17:56 0 d-------- C:\Program Files\SpeedFan
2008-07-23 11:53:54 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-23 11:37:32 0 d-------- C:\Documents and Settings\Adam\Data aplikací\Hamachi
2008-06-09 14:19:10 0 d-------- C:\Program Files\Sun
2008-06-09 14:18:32 0 d-------- C:\Program Files\Java
2008-06-04 21:11:38 0 d-------- C:\Program Files\ScreenShots
2008-06-01 21:59:26 0 d-------- C:\Documents and Settings\Adam\Data aplikací\Adobe
2008-06-01 20:53:09 0 d-------- C:\Program Files\Bonjour
2008-06-01 20:29:44 0 d-------- C:\Program Files\Common Files
2008-06-01 20:29:44 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-01 20:28:03 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-01 15:44:24 0 d-------- C:\Program Files\MP Software
2008-06-01 15:43:34 0 d-------- C:\Program Files\Mandomartis
2008-06-01 14:26:01 0 d-------- C:\Documents and Settings\Adam\Data aplikací\Nvu
2008-06-01 14:25:57 0 d-------- C:\Program Files\Nvu
2008-06-01 13:55:26 0 d-------- C:\Program Files\BlueVoda Website Builder
2008-06-01 13:54:17 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-06-01 13:47:27 0 d-------- C:\Program Files\Web Studio
2008-06-01 13:43:30 0 d-------- C:\Program Files\FFFF
2008-05-31 20:19:55 978 --a----c- C:\WINDOWS\eReg.dat
2008-05-31 12:59:13 0 d-------- C:\Program Files\VirtualDJ


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C672F4AB-780B-45C0-BAEC-91F455C86F8D}]
2008-01-06 20:09 798720 --a------ C:\Program Files\Cole2k Media Toolbar\v3.2.0.0\Cole2k_Media_Toolbar.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2D2DE234-AB9F-4345-9D17-94FA78BA37E3}"= C:\Program Files\Cole2k Media Toolbar\v3.2.0.0\Cole2k_Media_Toolbar.dll [2008-01-06 20:09 798720]

[-HKEY_CLASSES_ROOT\CLSID\{2D2DE234-AB9F-4345-9D17-94FA78BA37E3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\WINDOWS\System32\rmctrl.exe" [2003-03-18 19:01]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 21:10]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 22:09]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-14 18:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QIP2005"="C:\Program Files\QIP\qip.exe" [2008-07-01 18:34]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"evgratsm"= {3D2D9F5A-D6A5-4BAE-B672-51F5F86D78E0} - C:\WINDOWS\evgratsm.dll [ ]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4fee374e-8f67-11dc-8a9a-0011d8516088}]
AutoRun\command- F:\Autorun.exe




-- End of Deckard's System Scanner: finished at 2008-07-23 21:51:27 ------------

[fredik]

V HJT fixni ještě toto:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
O21 - SSODL: evgratsm - {3D2D9F5A-D6A5-4BAE-B672-51F5F86D78E0} - C:\WINDOWS\evgratsm.dll (file missing)

Doporučil bych ti aktualizovat Javu:
- Stáhni si poslední verzi Java Runtime Environment (JRE) 6 Update 7
- Posuň se dolů kde je napsáno Java Runtime Environment (JRE) 6 Update 7 a klikni na tlačítko Download
- Načte se ti nová stránka
- Pod nadpisem Select Platform and Language for your download:
* u položky Platform: vyber OS který používáš
* zatrhni možnost kde je napsáno: I agree to the Java SE Runtime Environment 6 License Agreement
* klikni na tlačítko Continue >>
- Načte se ti nová stránka
- Klikni na odkaz pro stažení pod položkou: Windows Offline Installation

a ulož si ho na disk

- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:

J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2

- Odinstaluj je přes tlačítko Změnit nebo odebrat nebo Odebrat
- Odinstaluj postupně po sobě případné všechny staré verze Javy
- Po skončení odinstalovaní restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u7-windows-i586-p.exe, který sis stáhl na začátku

Pro lepší zabezpečení bych ti doporučil doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu: Přehled osobních firewallů
Firewally zdarma:
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině + návod
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině (nepoužít jeho malware scaner, nebo přes něj odstranit co najde)

Používáš starší verzi HijackThis, pokud by sis někdy příště dával zkontrolovat log, tak si stáhni aktuální verzi zde a tu starou před použitím vymaž.

Máš ještě problémy? Mrkni se jestli se ti zobrazují disky, vedle hodin nemáš nápis VIRUS ALERT ...