Prosím o kontrolu logu. Nějaké nechtěné breberky.

RuleZZZ · Příspěvekod **RuleZZZ** » 18 bře 2009 21:39

Stále nějaký trojánek pořád se opakující, jehož název si nepamatuji, stále padá explorer.exe a při posledním pádu zmizeli kamsi i kodeky na mp3, takže nebylo možné si pustit hudbu až do restartu. Je to už téměř tříletý staroušek, který sloužil téměř bez chybičky, ale posledních pár dní zřejmě dosluhuje i hardwarově. I tak bych byl rád, kdyby ještě chvíli vydržel.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:20:43, on 18.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Genius\ioCentre\gTaskBar.exe
C:\Program Files\NetSoftware\NetSoftware.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gAutoPan.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Genius\ioCentre\gZoom.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Genius\ioCentre\gMGlass.exe
C:\Program Files\QuickTime\qttask.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\QIP Infium\infium.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: FieryAds advertising module v1.5.0 - {CF272101-7F6E-4CF2-9453-B4C5D2FC32C0} - C:\PROGRA~1\FieryAds\FieryAds.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [NetSoftware] "C:\Program Files\NetSoftware\Starter.exe" /path="C:\Program Files\NetSoftware"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP Infium\infium.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} (GWebInstallControl Object) - http://recruit.netmonitor.cz/WebInstaller.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7323948859
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://www.dkteplice.cz/MSSurVid.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/online/online2/be ... der_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{42F8239E-AB63-4474-87F7-9CCEB0C253E2}: Domain = din.cz
O17 - HKLM\System\CCS\Services\Tcpip\..\{42F8239E-AB63-4474-87F7-9CCEB0C253E2}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = din.cz
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = din.cz
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = din.cz
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = din.cz
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - Unknown owner - C:\WINDOWS\ATKKBService.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O24 - Desktop Component 0: (no name) - http://forum.grafika.cz/file.php?51,file=543521

--
End of file - 11272 bytes

Reklama

Příspěvekod **jaro3** » 19 bře 2009 08:08

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

RuleZZZ · Příspěvekod **RuleZZZ** » 21 bře 2009 09:51

Malwarebytes' Anti-Malware 1.34
Verze databáze: 1880
Windows 5.1.2600 Service Pack 3

21.3.2009 9:43:04
mbam-log-2009-03-21 (09-42-52).txt

Typ skenu: Rychlý sken
Objektu skenováno: 76326
Uplynulý cas: 10 minute(s), 35 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 13
Infikované hodnoty registru: 1
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ce7c3cf0-4b15-11d1-abed-709549c10000} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> No action taken.

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> No action taken.

Příspěvekod **jaro3** » 21 bře 2009 11:56

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

Vypni rez. ochranu u Avastu.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

RuleZZZ · Příspěvekod **RuleZZZ** » 25 bře 2009 20:59

Malwarebytes' Anti-Malware 1.34
Verze databáze: 1880
Windows 5.1.2600 Service Pack 3

25.3.2009 20:51:48
mbam-log-2009-03-25 (20-51-48).txt

Typ skenu: Rychlý sken
Objektu skenováno: 73215
Uplynulý cas: 10 minute(s), 32 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 13
Infikované hodnoty registru: 1
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ce7c3cf0-4b15-11d1-abed-709549c10000} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

RuleZZZ · Příspěvekod **RuleZZZ** » 25 bře 2009 21:15

ComboFix 09-03-23.01 - K 2009-03-25 20:58:15.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.511.179 [GMT 1:00]
Spuštěný z: c:\documents and settings\K\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090325-0] *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\K\Data aplikací\inst.exe
c:\progra~1\FieryAds\FieryAds.dll
c:\windows\system32\NCTWMAFile2.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-25 do 2009-03-25 )))))))))))))))))))))))))))))))
.

2016-08-29 21:04 . 2007-08-04 22:32 600 --a------ c:\windows\Rtcw.INI
2016-08-29 20:55 . 2006-11-11 12:38 297 --a------ c:\windows\SIERRA.INI
2016-08-29 20:53 . 2016-08-29 20:53 684 --a------ c:\windows\Sof.INI
2016-08-24 22:52 . 2007-03-08 00:51 43,528 --------- c:\windows\system32\drivers\PxHelp20.sys
2016-08-24 22:52 . 2006-05-19 22:16 2,560 --------- c:\windows\system32\drivers\cdralw2k.sys
2016-08-24 22:52 . 2006-05-19 22:16 2,432 --------- c:\windows\system32\drivers\cdr4_xp.sys
2009-03-21 09:30 . 2009-03-21 09:30 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-21 09:30 . 2009-03-21 09:30 <DIR> d-------- c:\documents and settings\K\Data aplikací\Malwarebytes
2009-03-21 09:30 . 2009-03-21 09:30 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-03-21 09:30 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-21 09:30 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-14 13:00 . 2009-03-14 13:00 <DIR> d-------- c:\program files\Audio Editor Gold
2009-03-14 13:00 . 2005-03-29 06:57 1,852,416 --a------ c:\windows\system32\NCTAudioDesign2.dll
2009-03-14 13:00 . 2003-03-20 02:03 544,768 --a------ c:\windows\system32\msvcr71d.dll
2009-03-14 13:00 . 2005-03-29 06:56 457,728 --a------ c:\windows\system32\NCTAudioDisplay2.dll
2009-03-14 12:25 . 2002-07-19 11:48 157,696 --a------ c:\windows\system32\OggEnc.exe
2009-03-14 12:25 . 2005-11-05 18:34 145,408 --a------ c:\windows\system32\Lame.exe
2009-03-14 12:16 . 2009-03-25 20:59 <DIR> d-------- c:\program files\FieryAds
2009-03-14 12:16 . 2009-03-14 12:25 <DIR> d-------- c:\program files\Dexster
2009-03-14 12:16 . 2009-03-14 12:16 30,208 --a------ c:\windows\system32\borlndmm.dll
2009-03-14 12:16 . 2009-03-25 20:38 826 --a------ c:\documents and settings\K\Data aplikací\fieryads.dat
2009-03-14 12:10 . 2009-03-14 12:10 0 --ah----- c:\windows\97017116

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-08-29 18:27 --------- d-----w c:\program files\DVD Shrink
2009-03-25 18:38 --------- d-----w c:\program files\QIP Infium
2009-03-25 18:35 --------- d-----w c:\program files\NetSoftware
2009-03-24 06:35 --------- d-----w c:\documents and settings\K\Data aplikací\uTorrent
2009-03-23 21:42 --------- d-----w c:\program files\Winamp
2009-03-15 10:57 --------- d-----w c:\program files\mIRC
2009-03-09 22:21 --------- d-----w c:\program files\Lx_cats
2009-03-08 18:51 --------- d-----w c:\program files\ICQ6.5
2009-02-27 13:01 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-24 15:56 --------- d-----w c:\program files\Abbyy FineReader 6.0 Sprint
2009-02-24 15:23 --------- d-----w c:\program files\KeyTweak
2009-02-24 15:21 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-24 15:21 --------- d-----w c:\program files\RandyRants.com
2009-02-22 14:41 --------- d-----w c:\program files\uTorrent
2009-02-19 16:50 --------- d-----w c:\program files\QIP
2009-02-17 22:08 --------- d-----w c:\documents and settings\K\Data aplikací\ICQ
2009-02-09 14:07 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 14:07 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-01 15:00 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-02-01 10:28 --------- d-----w c:\program files\id Software
2009-01-30 18:10 --------- d-----w c:\program files\Maxthon
2009-01-30 18:09 --------- d-----w c:\program files\Maxthon2
2009-01-30 17:42 --------- d-----w c:\documents and settings\K\Data aplikací\MxBoost
2009-01-29 17:03 --------- d-----w c:\program files\UnrealTournament
2009-01-28 15:54 603,904 ----a-w c:\windows\system32\TUProgSt.exe
2009-01-28 15:54 --------- d-----w c:\program files\TuneUp Utilities 2009
2009-01-28 15:53 360,192 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-01-28 15:14 --------- d-----w c:\documents and settings\All Users\Data aplikací\TuneUp Software
2009-01-28 15:13 --------- d-sh--w c:\documents and settings\All Users\Data aplikací\{55A29068-F2CE-456C-9148-C869879E2357}
2009-01-26 23:32 --------- d-----w c:\documents and settings\K\Data aplikací\Skype
2009-01-26 23:06 --------- d-----w c:\documents and settings\K\Data aplikací\skypePM
2009-01-26 21:45 --------- d-----w c:\documents and settings\K\Data aplikací\TeamViewer
2009-01-25 17:21 --------- d-----w c:\program files\Midway Home Entertainment
2009-01-25 00:02 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-25 00:02 --------- d-----w c:\program files\AGEIA Technologies
2009-01-16 20:30 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-01-07 10:28 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-10-30 21:53 47,360 ----a-w c:\documents and settings\K\Data aplikací\pcouffin.sys
2008-10-27 09:38 95,056 ----a-w c:\program files\DSETUP.dll
2008-10-27 09:37 1,692,496 ----a-w c:\program files\dsetup32.dll
2008-10-27 09:36 526,160 ----a-w c:\program files\DXSETUP.exe
2007-03-16 16:21 80,986,796 ----a-w c:\documents and settings\K\Plocha.zip
2007-03-02 08:10 5,950,245 ----a-w c:\documents and settings\K\Dokumenty.zip
2006-12-17 18:38 13 ---h--w c:\documents and settings\All Users\Data aplikací\ÝĂÄ›Ň3113›.sys
2004-10-01 13:00 40,960 ----a-w c:\program files\Uninstall_CDS.exe
2007-09-05 13:43 61,440 ----a-w c:\program files\mozilla firefox\components\gemgecko.dll
2008-11-30 01:55 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-11-30 01:55 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-11-30 01:55 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-11-30 01:55 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-11-30 01:55 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2007-03-02 06:14 56 --sh--r c:\windows\system32\220E861322.sys
2007-05-13 18:47 168 --sh--r c:\windows\system32\2213860E22.sys
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2008-05-20 20:36 8,406 --sha-w c:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-08-03 22:07 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080420080805\index.dat
2008-08-03 22:07 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"CursorFX"="c:\program files\Stardock\CursorFX\CursorFX.exe" [2008-07-07 416768]
"Infium"="c:\program files\QIP Infium\infium.exe" [2009-03-25 5245440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2005-07-21 200704]
"EzPrint"="c:\program files\Lexmark 2300 Series\ezprint.exe" [2005-08-01 94208]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" [2007-05-07 94208]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2006-12-08 241664]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-01-28 282624]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-05-05 c:\windows\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2009-01-15 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"e:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Maxthon\\Maxthon.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\K\\Plocha\\Games\\bulanci.exe"=
"c:\\mIRC\\mirc.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\jardajuklis\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\\Program Files\\BitLord\\Downloads\\Quake 3 Arena Full\\QUAKE3.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\UnrealTournament\\System\\UnrealTournament.exe"=
"c:\\Documents and Settings\\K\\Dokumenty\\Strong DC++\\StrongDC.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"e:\\Program Files\\Ubisoft\\Prince of Persia\\Prince of Persia.exe"=
"e:\\Program Files\\Ubisoft\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"c:\\Documents and Settings\\K\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Documents and Settings\\K\\Plocha\\Zástupci programů\\TeamViewer.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-04 114768]
R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2007-01-13 3026]
R1 prodrv03;Star Force copy protection driver v3;c:\windows\system32\drivers\prodrv03.sys [2007-03-13 115968]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-04 20560]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-01-28 603904]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [2008-03-04 14848]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [2008-03-04 9984]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-18 69120]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [2008-03-04 17408]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [2006-12-24 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [2006-12-24 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [2006-12-24 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [2006-12-24 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [2006-12-24 83344]
S3 z520bus;Sony Ericsson 520 driver (WDM);c:\windows\system32\drivers\z520bus.sys [2006-12-24 57648]
S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;c:\windows\system32\drivers\z520mdfl.sys [2006-12-24 8336]
S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;c:\windows\system32\drivers\z520mdm.sys [2006-12-24 93488]
S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;c:\windows\system32\drivers\z520mgmt.sys [2006-12-24 84928]
S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\z520obex.sys [2006-12-24 82864]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2009-03-01 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-07 08:42]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKU-Default-Run-adirka - c:\windows\system32\adirka.exe
HKU-Default-RunOnce-ICQ Lite - c:\program files\ICQLite\ICQLite.exe
Notify-AtiExtEvent - (no file)

.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
Trusted Zone: highlevel.wz.cz
TCP: {42F8239E-AB63-4474-87F7-9CCEB0C253E2} = 192.168.2.1
DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} - hxxp://recruit.netmonitor.cz/WebInstaller.dll
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-25 21:00:45
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2009-03-25 21:04:47
ComboFix-quarantined-files.txt 2009-03-25 20:04:17

Před spuštěním: Volných bajtů: 23 929 040 896
Po spuštění: Volných bajtů: 24,142,372,864

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /TUTag=TAVHYN /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=TAVHYN-BAK

219 --- E O F --- 2009-03-15 14:03:51

Příspěvekod **jaro3** » 25 bře 2009 21:54

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

DirLook::
c:\program files\FieryAds
c:\windows\97017116

File::
c:\documents and settings\K\Data aplikací\fieryads.dat
c:\documents and settings\All Users\Data aplikací\ÝĂÄ›Ň3113›.sys
c:\windows\system32\220E861322.sys
c:\windows\system32\2213860E22.sys
c:\windows\system32\flvDX.dll
c:\windows\system32\KGyGaAvL.sys
c:\windows\system32\msfDX.dll

Driver::
ÝĂÄ›Ň3113›
220E861322
2213860E22

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Zítra..

RuleZZZ · Příspěvekod **RuleZZZ** » 26 bře 2009 06:57

ComboFix 09-03-25.02 - K 2009-03-26 6:16:55.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.511.202 [GMT 1:00]
Spuštěný z: c:\documents and settings\K\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\K\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090325-0] *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení

FILE ::
c:\documents and settings\All Users\Data aplikací\ÝĂÄ›Ň3113›.sys
c:\documents and settings\K\Data aplikací\fieryads.dat
c:\windows\system32\220E861322.sys
c:\windows\system32\2213860E22.sys
c:\windows\system32\flvDX.dll
c:\windows\system32\KGyGaAvL.sys
c:\windows\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\ÝĂÄ›Ň3113›.sys
c:\documents and settings\K\Data aplikací\fieryads.dat
c:\windows\system32\220E861322.sys
c:\windows\system32\2213860E22.sys
c:\windows\system32\flvDX.dll
c:\windows\system32\KGyGaAvL.sys
c:\windows\system32\msfDX.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-26 do 2009-03-26 )))))))))))))))))))))))))))))))
.

2016-08-29 21:04 . 2007-08-04 22:32 600 --a------ c:\windows\Rtcw.INI
2016-08-29 20:55 . 2006-11-11 12:38 297 --a------ c:\windows\SIERRA.INI
2016-08-29 20:53 . 2016-08-29 20:53 684 --a------ c:\windows\Sof.INI
2016-08-24 22:52 . 2007-03-08 00:51 43,528 --------- c:\windows\system32\drivers\PxHelp20.sys
2016-08-24 22:52 . 2006-05-19 22:16 2,560 --------- c:\windows\system32\drivers\cdralw2k.sys
2016-08-24 22:52 . 2006-05-19 22:16 2,432 --------- c:\windows\system32\drivers\cdr4_xp.sys
2009-03-21 09:30 . 2009-03-21 09:30 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-21 09:30 . 2009-03-21 09:30 <DIR> d-------- c:\documents and settings\K\Data aplikací\Malwarebytes
2009-03-21 09:30 . 2009-03-21 09:30 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-03-21 09:30 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-21 09:30 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-14 13:00 . 2009-03-14 13:00 <DIR> d-------- c:\program files\Audio Editor Gold
2009-03-14 13:00 . 2005-03-29 06:57 1,852,416 --a------ c:\windows\system32\NCTAudioDesign2.dll
2009-03-14 13:00 . 2003-03-20 02:03 544,768 --a------ c:\windows\system32\msvcr71d.dll
2009-03-14 13:00 . 2005-03-29 06:56 457,728 --a------ c:\windows\system32\NCTAudioDisplay2.dll
2009-03-14 12:25 . 2002-07-19 11:48 157,696 --a------ c:\windows\system32\OggEnc.exe
2009-03-14 12:25 . 2005-11-05 18:34 145,408 --a------ c:\windows\system32\Lame.exe
2009-03-14 12:16 . 2009-03-25 20:59 <DIR> d-------- c:\program files\FieryAds
2009-03-14 12:16 . 2009-03-14 12:25 <DIR> d-------- c:\program files\Dexster
2009-03-14 12:16 . 2009-03-14 12:16 30,208 --a------ c:\windows\system32\borlndmm.dll
2009-03-14 12:10 . 2009-03-14 12:10 0 --ah----- c:\windows\97017116

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-08-29 18:27 --------- d-----w c:\program files\DVD Shrink
2009-03-25 18:38 --------- d-----w c:\program files\QIP Infium
2009-03-25 18:35 --------- d-----w c:\program files\NetSoftware
2009-03-24 06:35 --------- d-----w c:\documents and settings\K\Data aplikací\uTorrent
2009-03-23 21:42 --------- d-----w c:\program files\Winamp
2009-03-15 10:57 --------- d-----w c:\program files\mIRC
2009-03-09 22:21 --------- d-----w c:\program files\Lx_cats
2009-03-08 18:51 --------- d-----w c:\program files\ICQ6.5
2009-02-27 13:01 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-24 15:56 --------- d-----w c:\program files\Abbyy FineReader 6.0 Sprint
2009-02-24 15:23 --------- d-----w c:\program files\KeyTweak
2009-02-24 15:21 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-24 15:21 --------- d-----w c:\program files\RandyRants.com
2009-02-22 14:41 --------- d-----w c:\program files\uTorrent
2009-02-19 16:50 --------- d-----w c:\program files\QIP
2009-02-17 22:08 --------- d-----w c:\documents and settings\K\Data aplikací\ICQ
2009-02-09 14:07 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 14:07 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-01 15:00 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-02-01 10:28 --------- d-----w c:\program files\id Software
2009-01-30 18:10 --------- d-----w c:\program files\Maxthon
2009-01-30 18:09 --------- d-----w c:\program files\Maxthon2
2009-01-30 17:42 --------- d-----w c:\documents and settings\K\Data aplikací\MxBoost
2009-01-29 17:03 --------- d-----w c:\program files\UnrealTournament
2009-01-28 15:54 603,904 ----a-w c:\windows\system32\TUProgSt.exe
2009-01-28 15:54 --------- d-----w c:\program files\TuneUp Utilities 2009
2009-01-28 15:53 360,192 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-01-28 15:14 --------- d-----w c:\documents and settings\All Users\Data aplikací\TuneUp Software
2009-01-28 15:13 --------- d-sh--w c:\documents and settings\All Users\Data aplikací\{55A29068-F2CE-456C-9148-C869879E2357}
2009-01-26 23:32 --------- d-----w c:\documents and settings\K\Data aplikací\Skype
2009-01-26 23:06 --------- d-----w c:\documents and settings\K\Data aplikací\skypePM
2009-01-26 21:45 --------- d-----w c:\documents and settings\K\Data aplikací\TeamViewer
2009-01-16 20:30 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-01-07 10:28 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-10-30 21:53 47,360 ----a-w c:\documents and settings\K\Data aplikací\pcouffin.sys
2008-10-27 09:38 95,056 ----a-w c:\program files\DSETUP.dll
2008-10-27 09:37 1,692,496 ----a-w c:\program files\dsetup32.dll
2008-10-27 09:36 526,160 ----a-w c:\program files\DXSETUP.exe
2007-03-16 16:21 80,986,796 ----a-w c:\documents and settings\K\Plocha.zip
2007-03-02 08:10 5,950,245 ----a-w c:\documents and settings\K\Dokumenty.zip
2004-10-01 13:00 40,960 ----a-w c:\program files\Uninstall_CDS.exe
2007-09-05 13:43 61,440 ----a-w c:\program files\mozilla firefox\components\gemgecko.dll
2008-11-30 01:55 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-11-30 01:55 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-11-30 01:55 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-11-30 01:55 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-11-30 01:55 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-08-03 22:07 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080420080805\index.dat
2008-08-03 22:07 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\program files\FieryAds ----

2009-03-25 20:38 431616 --a------ c:\program files\FieryAds\Updates\clupdate.dll
2009-03-14 12:16 709632 --a------ c:\program files\FieryAds\FieryAdsUninstall.exe

---- Directory of c:\windows\97017116 ----

c:\windows\97017116\

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"CursorFX"="c:\program files\Stardock\CursorFX\CursorFX.exe" [2008-07-07 416768]
"Infium"="c:\program files\QIP Infium\infium.exe" [2009-03-25 5245440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2005-07-21 200704]
"EzPrint"="c:\program files\Lexmark 2300 Series\ezprint.exe" [2005-08-01 94208]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" [2007-05-07 94208]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2006-12-08 241664]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-01-28 282624]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-05-05 c:\windows\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2009-01-15 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"e:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Maxthon\\Maxthon.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\K\\Plocha\\Games\\bulanci.exe"=
"c:\\mIRC\\mirc.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\jardajuklis\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\\Program Files\\BitLord\\Downloads\\Quake 3 Arena Full\\QUAKE3.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\UnrealTournament\\System\\UnrealTournament.exe"=
"c:\\Documents and Settings\\K\\Dokumenty\\Strong DC++\\StrongDC.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"e:\\Program Files\\Ubisoft\\Prince of Persia\\Prince of Persia.exe"=
"e:\\Program Files\\Ubisoft\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"c:\\Documents and Settings\\K\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Documents and Settings\\K\\Plocha\\Zástupci programů\\TeamViewer.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-04 114768]
R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2007-01-13 3026]
R1 prodrv03;Star Force copy protection driver v3;c:\windows\system32\drivers\prodrv03.sys [2007-03-13 115968]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-04 20560]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-01-28 603904]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [2008-03-04 14848]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [2008-03-04 9984]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-18 69120]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [2008-03-04 17408]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [2006-12-24 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [2006-12-24 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [2006-12-24 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [2006-12-24 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [2006-12-24 83344]
S3 z520bus;Sony Ericsson 520 driver (WDM);c:\windows\system32\drivers\z520bus.sys [2006-12-24 57648]
S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;c:\windows\system32\drivers\z520mdfl.sys [2006-12-24 8336]
S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;c:\windows\system32\drivers\z520mdm.sys [2006-12-24 93488]
S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;c:\windows\system32\drivers\z520mgmt.sys [2006-12-24 84928]
S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\z520obex.sys [2006-12-24 82864]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2009-03-01 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-07 08:42]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
Trusted Zone: highlevel.wz.cz
TCP: {42F8239E-AB63-4474-87F7-9CCEB0C253E2} = 192.168.2.1
DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} - hxxp://recruit.netmonitor.cz/WebInstaller.dll
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-26 06:20:02
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2009-03-26 6:23:23
ComboFix-quarantined-files.txt 2009-03-26 05:22:31
ComboFix2.txt 2009-03-25 20:04:49

Před spuštěním: Volných bajtů: 24 120 492 032
Po spuštění: Volných bajtů: 24,109,400,064

217 --- E O F --- 2009-03-15 14:03:51

RuleZZZ · Příspěvekod **RuleZZZ** » 26 bře 2009 06:59

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:51:44, on 26.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\NetSoftware\NetSoftware.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [NetSoftware] "C:\Program Files\NetSoftware\Starter.exe" /path="C:\Program Files\NetSoftware"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP Infium\infium.exe" /autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} (GWebInstallControl Object) - http://recruit.netmonitor.cz/WebInstaller.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7323948859
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://www.dkteplice.cz/MSSurVid.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{42F8239E-AB63-4474-87F7-9CCEB0C253E2}: Domain = din.cz
O17 - HKLM\System\CCS\Services\Tcpip\..\{42F8239E-AB63-4474-87F7-9CCEB0C253E2}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = din.cz
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = din.cz
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = din.cz
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = din.cz
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - Unknown owner - C:\WINDOWS\ATKKBService.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O24 - Desktop Component 0: (no name) - http://forum.grafika.cz/file.php?51,file=543521

--
End of file - 10038 bytes

Příspěvekod **jaro3** » 26 bře 2009 09:10

Odinstaluj, smaž složky:
c:\program files\FieryAds
c:\windows\97017116

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

O4 - HKLM\..\Run: [QuickTime Task] &quot;C:\Program Files\QuickTime\qttask.exe&quot; -atboottime
O16 - DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} (GWebInstallControl Object) - http://recruit.netmonitor.cz/WebInstaller.dll    
O24 - Desktop Component 0: (no name) - http://forum.grafika.cz/file.php?51,file=543521

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Vše.

RuleZZZ · Příspěvekod **RuleZZZ** » 26 bře 2009 13:43

Výborně. Díky moc. :smile:

Vážím si tvé práce :bigups:

Prosím o kontrolu logu. Nějaké nechtěné breberky. Vyřešeno

Prosím o kontrolu logu. Nějaké nechtěné breberky.

Re: Prosím o kontrolu logu. Nějaké nechtěné breberky.

Re: Prosím o kontrolu logu. Nějaké nechtěné breberky.

Re: Prosím o kontrolu logu. Nějaké nechtěné breberky.

Re: Prosím o kontrolu logu. Nějaké nechtěné breberky.

Re: Prosím o kontrolu logu. Nějaké nechtěné breberky.

Re: Prosím o kontrolu logu. Nějaké nechtěné breberky.

Re: Prosím o kontrolu logu. Nějaké nechtěné breberky.

Re: Prosím o kontrolu logu. Nějaké nechtěné breberky.

Re: Prosím o kontrolu logu. Nějaké nechtěné breberky.

Re: Prosím o kontrolu logu. Nějaké nechtěné breberky. Vyřešeno

Kdo je online