file:///WINDOWS/privacy_danger/index.htm nebyl nalezen. Vyřešeno

[Flipo]

Mislim ze prebehlo vsetko ok.... avsak neustale( este som to tu nespominal) pri stare kompu mi vsetko nabehne as na plochu na nej nabehne iba spodna lista so startom ostatne ikonki plochi nabehnu as po cca po dvoch minutach.... A ak bi sa nasiel trosku cas tak visvetlit hlavne preco som tam mal file:///WINDOWS/privacy_danger/index.htm nebyl nalezen. a ako tobolo odctranene? Velmi pekne dakujem...


ComboFix 09-03-25.03 - Administrator 2009-03-26 13:16:41.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.503.170 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: Platinum 2007 *On-access scanning enabled* (Updated)
FW: Platinum 2007 Personal Firewall *disabled*
* Vytvořen nový Bod Obnovení

FILE ::
c:\program files\Common Files\Symantec Shared\ccApp.exe
c:\windows\PAVSHRB.INI
c:\windows\system32\DRIVERS\COMFiltr.sys
c:\windows\system32\drivers\fidbox.dat
c:\windows\system32\drivers\fidbox2.dat
c:\windows\system32\DRIVERS\PavProc.sys
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Panda Software
c:\program files\Common Files\Panda Software\PavShld\PavPrSrv.exe
c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\ccAlert.dll
c:\program files\Common Files\Symantec Shared\ccApp.exe
c:\program files\Common Files\Symantec Shared\CCDEC.DLL
c:\program files\Common Files\Symantec Shared\ccEmlPxy.dll
c:\program files\Common Files\Symantec Shared\ccErrDsp.dll
c:\program files\Common Files\Symantec Shared\ccEvtCli.dll
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtPlg.dll
c:\program files\Common Files\Symantec Shared\ccInst.dll
c:\program files\Common Files\Symantec Shared\CCL30.DLL
c:\program files\Common Files\Symantec Shared\ccL60.dll
c:\program files\Common Files\Symantec Shared\ccL60U.dll
c:\program files\Common Files\Symantec Shared\ccLgView.exe
c:\program files\Common Files\Symantec Shared\CCLOGIN.DLL
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
c:\program files\Common Files\Symantec Shared\ccProd.dll
c:\program files\Common Files\Symantec Shared\ccProSub.dll
c:\program files\Common Files\Symantec Shared\CCPWD.DLL
c:\program files\Common Files\Symantec Shared\CCPWDSVC.EXE
c:\program files\Common Files\Symantec Shared\CCSCAN.DLL
c:\program files\Common Files\Symantec Shared\ccSet.dll
c:\program files\Common Files\Symantec Shared\ccSetEvt.dll
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccSetPlg.dll
c:\program files\Common Files\Symantec Shared\ccSvc.dll
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\ccVrTrst.dll
c:\program files\Common Files\Symantec Shared\ccWebWnd.dll
c:\program files\Common Files\Symantec Shared\COH\EraserAHS.log
c:\program files\Common Files\Symantec Shared\COH\EraserAHS.tlg
c:\program files\Common Files\Symantec Shared\Decomposers\DEC2.DLL
c:\program files\Common Files\Symantec Shared\Decomposers\DEC2AMG.DLL
c:\program files\Common Files\Symantec Shared\Decomposers\DEC2ARJ.DLL
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2BZIP.dll
c:\program files\Common Files\Symantec Shared\Decomposers\DEC2CAB.DLL
c:\program files\Common Files\Symantec Shared\Decomposers\DEC2GZIP.DLL
c:\program files\Common Files\Symantec Shared\Decomposers\DEC2ID.DLL
c:\program files\Common Files\Symantec Shared\Decomposers\DEC2LHA.DLL
c:\program files\Common Files\Symantec Shared\Decomposers\DEC2LZ.DLL
c:\program files\Common Files\Symantec Shared\Decomposers\DEC2RAR.DLL
c:\program files\Common Files\Symantec Shared\Decomposers\DEC2RTF.DLL
c:\program files\Common Files\Symantec Shared\Decomposers\DEC2SS.DLL
c:\program files\Common Files\Symantec Shared\Decomposers\DEC2TAR.DLL
c:\program files\Common Files\Symantec Shared\Decomposers\DEC2TEXT.DLL
c:\program files\Common Files\Symantec Shared\Decomposers\DEC2TNEF.DLL
c:\program files\Common Files\Symantec Shared\Decomposers\DEC2ZIP.DLL
c:\program files\Common Files\Symantec Shared\Decomposers\DECSDK.DLL
c:\program files\Common Files\Symantec Shared\DefUtDCD.dll
c:\program files\Common Files\Symantec Shared\ecmldr32.DLL
c:\program files\Common Files\Symantec Shared\Help\CCLGVIEW.CHM
c:\program files\Common Files\Symantec Shared\IraLsClt.dll
c:\program files\Common Files\Symantec Shared\LiveReg\Catalog.LiveSubscribe
c:\program files\Common Files\Symantec Shared\LiveReg\Defaults.lvr
c:\program files\Common Files\Symantec Shared\LiveReg\iraDefA2.dll
c:\program files\Common Files\Symantec Shared\LiveReg\IraLrShl.exe
c:\program files\Common Files\Symantec Shared\LiveReg\IraLsCl2.dll
c:\program files\Common Files\Symantec Shared\LiveReg\iraLSUI.dll
c:\program files\Common Files\Symantec Shared\LiveReg\IraVcLc3.dll
c:\program files\Common Files\Symantec Shared\LiveReg\IraVcObj.dll
c:\program files\Common Files\Symantec Shared\LiveReg\LRCtrl.dll
c:\program files\Common Files\Symantec Shared\LiveReg\LRRes.dll
c:\program files\Common Files\Symantec Shared\LiveReg\LSCtrl.dll
c:\program files\Common Files\Symantec Shared\LiveReg\LSPlugin.dll
c:\program files\Common Files\Symantec Shared\LiveReg\LSSupCtl.dll
c:\program files\Common Files\Symantec Shared\LiveReg\symcsub.exe
c:\program files\Common Files\Symantec Shared\LiveReg\VcClnUp.exe
c:\program files\Common Files\Symantec Shared\LiveReg\VcSetup.exe
c:\program files\Common Files\Symantec Shared\NMain.exe
c:\program files\Common Files\Symantec Shared\rcAlert.dll
c:\program files\Common Files\Symantec Shared\rcApp.dll
c:\program files\Common Files\Symantec Shared\rcEmlPxy.dll
c:\program files\Common Files\Symantec Shared\rcErrDsp.dll
c:\program files\Common Files\Symantec Shared\rcLgView.dll
c:\program files\Common Files\Symantec Shared\rcSvcHst.dll
c:\program files\Common Files\Symantec Shared\Script Blocking\SBServ.exe
c:\program files\Common Files\Symantec Shared\Script Blocking\ScrAuth.dll
c:\program files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll
c:\program files\Common Files\Symantec Shared\Script Blocking\ScrTrust.dll
c:\program files\Common Files\Symantec Shared\Security Center\SSCOpts.dat
c:\program files\Common Files\Symantec Shared\Security Center\SymSCWb.dll
c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
c:\program files\Common Files\Symantec Shared\Security Center\WSCHlpr.dll
c:\program files\Common Files\Symantec Shared\SEVINST.EXE
c:\program files\Common Files\Symantec Shared\SPManifests\SYMEVNT.GRD
c:\program files\Common Files\Symantec Shared\SPManifests\SYMEVNT.SIG
c:\program files\Common Files\Symantec Shared\SPManifests\SYMEVNT.SPM
c:\program files\Common Files\Symantec Shared\SymcData\nco1.0defs\concat-webauth.sql.bin
c:\program files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_2_0_11\{830D8CBD-C668-49e2-A969-C2C2106332E0}.exe
c:\program files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_2_0_11\{830D8CBD-C668-49e2-A969-C2C2106332E0}.loc
c:\program files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_2_0_11\ccL60U.dll
c:\program files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_2_0_11\msvcp71.dll
c:\program files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_2_0_11\msvcr71.dll
c:\program files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_2_0_11\NAV\Parent\NORTON\App\isRes.dll
c:\program files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_2_0_11\Support\Reporter\Reporter.exe
c:\program files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_2_0_11\Support\Reporter\Reporter.loc
c:\program files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_2_0_11\SymHTML.dll
c:\program files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_2_0_11\SymTheme.dll
c:\program files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe
c:\windows\system32\drivers\fidbox.dat
c:\windows\system32\drivers\fidbox2.dat

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_COMFILTR
-------\Legacy_PAVPROC
-------\Legacy_SHLDDRV
-------\Service_ComFiltr


((((((((((((((((((((((((( Soubory vytvořené od 2009-02-26 do 2009-03-26 )))))))))))))))))))))))))))))))
.

2009-03-25 13:07 . 2009-03-25 13:07 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-25 13:07 . 2009-03-25 13:07 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-03-25 13:07 . 2009-03-25 13:07 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2009-03-25 13:07 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-25 13:07 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-25 02:06 . 2009-03-25 02:06 <DIR> d-------- c:\program files\CCleaner
2009-03-23 23:02 . 2009-03-23 23:02 <DIR> d-------- c:\program files\Trend Micro
2009-03-16 19:53 . 2009-03-16 19:53 <DIR> d-------- c:\windows\system32\cs
2009-03-16 19:53 . 2009-03-16 19:53 <DIR> d-------- c:\windows\system32\bits
2009-03-16 19:53 . 2009-03-16 19:53 <DIR> d-------- c:\windows\l2schemas
2009-03-16 19:50 . 2009-03-16 19:53 <DIR> d-------- c:\windows\ServicePackFiles
2009-03-16 15:49 . 2008-12-21 00:03 6,066,688 --------- c:\windows\system32\dllcache\ieframe.dll
2009-03-16 15:49 . 2007-04-17 10:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat
2009-03-16 15:49 . 2007-03-08 06:09 1,024,000 --------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-16 15:49 . 2008-12-21 00:03 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll
2009-03-16 15:49 . 2008-12-21 00:03 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-16 15:49 . 2008-12-21 00:03 267,776 --------- c:\windows\system32\dllcache\iertutil.dll
2009-03-16 15:49 . 2008-12-21 00:03 63,488 --------- c:\windows\system32\dllcache\icardie.dll
2009-03-16 15:49 . 2008-12-21 00:03 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-16 15:49 . 2008-12-19 10:10 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe
2009-03-16 15:48 . 2009-03-16 19:53 <DIR> d-------- c:\windows\system32\cs-cz

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-26 12:30 4,672 ----a-w c:\windows\ultima_prog2.bin
2009-03-26 11:25 --------- d-----w c:\documents and settings\Administrator\Data aplikací\skypePM
2009-03-26 02:14 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Skype
2009-02-13 23:05 --------- d-----w c:\program files\Digital TV
2009-01-28 21:57 --------- d-----w c:\program files\PorDVD
2009-01-28 20:58 --------- d-----w c:\documents and settings\All Users\Data aplikací\Lavasoft
2009-01-28 20:57 --------- d-----w c:\program files\Lavasoft
2009-01-28 20:54 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-28 20:53 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Lavasoft
2009-01-28 19:52 --------- d-----w c:\program files\ESET
.

((((((((((((((((((((((((((((( SnapShot@2009-03-25_19.57.49,21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"EPSON Stylus DX4400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2007-01-05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-25 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-25 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-25 114688]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2005-04-08 73728]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-04-27 122941]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 729178]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-09-07 213054]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-03-09 184320]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2004-12-20 33792]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-08 155648]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"Teleport Scheduler"="c:\program files\Teleport Pro\scheduler.exe" [2007-09-20 327680]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2007-01-05 204288]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-03-29 569405]
Digital TV.lnk - c:\program files\Digital TV\Digital TV\dvbapp.exe [2009-02-14 2686976]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2006-04-13 184320]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-04-15 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.sl_anet"= c:\progra~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.3ivx"= c:\progra~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv0"= c:\progra~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv1"= c:\progra~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv2"= c:\progra~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3ivd"= c:\progra~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"msacm.msaudio1"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ lsdelete

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\DC++\\StrongDC.exe"=
"c:\\GAMES\\MOHAA\\MOHAA.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2004-08-18 14336]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2004-05-03 80384]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-18 69120]
S3 bodrive;bodrive;\??\c:\windows\system32\bodrive.sys --> c:\windows\system32\bodrive.sys [?]
S3 DIBLOAD2;Digital TV firmware loader(Type 2);c:\windows\system32\drivers\dgtvload2.sys [2006-08-08 17123]
S3 FBIKB_NT;FBIKB_NT;\??\c:\windows\system32\Drivers\FBIKB_NT.Sys --> c:\windows\system32\Drivers\FBIKB_NT.Sys [?]
S3 MODUSB;Digital TV DVB-T USB adapter driver;c:\windows\system32\drivers\dgtvcap.sys [2006-08-08 16312]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [2008-11-19 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [2008-11-19 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [2008-11-19 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [2008-11-19 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [2008-11-19 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [2008-11-19 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [2008-11-19 110120]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [2007-03-27 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [2007-03-27 85696]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {27A66402-3FE3-4AE5-A880-B0038F593D13} = 193.93.72.10,193.93.72.1
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.sk/Genoogle/Compo ... eQuery.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\5ljl69pm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.zoznam.sk/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-26 13:31:14
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????4?8?0?2??????? ???B???????????????B? ??????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-396932159-2242748026-3319281833-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-396932159-2242748026-3319281833-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b3,c0,8d,c9,7e,67,f9,ae,6a,aa,c8,98,81,36,46,be,ba,2b,7b,d7,71,02,1d,
26,9e,a0,e8,7e,ef,cc,36,51,5f,db,8a,92,84,cb,22,12,18,42,7f,ef,8f,33,97,96,\
"??"=hex:d5,b7,44,35,0b,3c,7c,74,d2,94,ac,7b,3f,10,31,3c
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\scardsvr.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\WinZip\WZQKPICK.EXE
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\HPQ\Shared\hpqwmi.exe
c:\windows\system32\wscntfy.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Celkový čas: 2009-03-26 13:34:22 - počítač byl restartován [Administrator]
ComboFix-quarantined-files.txt 2009-03-26 12:34:18
ComboFix2.txt 2009-03-25 18:59:01

Před spuštěním: Volných bajtů: 13 108 084 736
Po spuštění: Volných bajtů: 13,006,831,616

311 --- E O F --- 2009-03-18 00:25:35



TU JE TEN S HJT:..........


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:41:08, on 26. 3. 2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Teleport Pro\scheduler.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Teleport Scheduler] "C:\Program Files\Teleport Pro\scheduler.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SB4.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital TV.lnk = C:\Program Files\Digital TV\Digital TV\dvbapp.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.sk/Genoogle/Compo ... eQuery.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{27A66402-3FE3-4AE5-A880-B0038F593D13}: NameServer = 193.93.72.10,193.93.72.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{27A66402-3FE3-4AE5-A880-B0038F593D13}: NameServer = 193.93.72.10,193.93.72.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O24 - Desktop Component 0: (no name) - http://www.sedem30.net/components/speci ... eckbox.gif

--
End of file - 9711 bytes

[Reklama]

[jaro3]

Je to nákaza, na vysvětlování jednotlivých nákaz nejsem profesionál ani na to zde nemám čas..

START-spustit-napiš= cmd.exe -dej OK- v dosovém okně vlož myší toto(celý text zkopírovaný)na blikající kurzor :
sc stop ccSvcHst
sc delete ccSvcHst
sc stop SBServ
sc delete SBServ
exit

Restart PC.
*****************************************************************************************************************************************
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.sk/Genoogle/Compo ... eQuery.dll
O24 - Desktop Component 0: (no name) - http://www.sedem30.net/components/speci ... eckbox.gif

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Aktualizuj javu:
Java SE Runtime Environment 6u12
Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u12-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.

Stáhni si free antivir- Avast, Avira, AVG.
Pokud nejsou problémy , je to vše.

[drazor]

Tohodle šmejda jsem měl taky a šel poměrně snadno odinstalovat,bylo to ale před rokem a je možné že se ten šmejd zdokonalil.Tady je névod,vyzkoušej to a uvidíš jestli se to povede.

http://www.antivirovecentrum.cz/clanky/ ... lware.aspx

[Flipo]

Tak vsetko mam za sebou problemi zmizli ale ostalo to ze tie ikonki plochi sa startuju cca 2minuti po nabehnuti panelu start.... a ked zapinam pocitac tak tam us nieje ta modra windovsacka plocha ale je to uplne cierne..... ale velmi dakujem za pomoc vazimsito a prajem pekni den ci noc