Kontrola logu po 12 trojanech Vyřešeno

[onewinger]

Omlouvám se za zpoždění včera jsem se už ktomu nedostal.



ComboFix 09-03-30.04 - Petr 2009-04-01 10:04:54.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.511.307 [GMT 2:00]
Spuštěný z: c:\documents and settings\Petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Petr\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
C:\32788R22FWJFW.0.tmp
C:\32788R22FWJFW.1.tmp
c:\windows\iun6002.exe
c:\windows\system32\drivers\b41c9e6.sys
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\iun6002.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-01 do 2009-04-01 )))))))))))))))))))))))))))))))
.

2009-03-31 18:48 . 2009-03-31 18:51 <DIR> d-------- C:\32788R22FWJFW.1.tmp
2009-03-31 18:43 . 2009-03-31 18:48 <DIR> d-------- C:\32788R22FWJFW.0.tmp
2009-03-29 19:09 . 2009-03-18 18:34 <DIR> d-------- c:\documents and settings\Administrator\Plocha
2009-03-29 19:09 . 2009-03-18 18:34 <DIR> d--h----- c:\documents and settings\Administrator\Okolní tiskárny
2009-03-29 19:09 . 2009-03-18 18:34 <DIR> d--h----- c:\documents and settings\Administrator\Okolní síť
2009-03-29 19:09 . 2009-03-18 18:34 <DIR> d-------- c:\documents and settings\Administrator\Oblíbené položky
2009-03-29 19:09 . 2009-03-18 17:42 <DIR> d--h----- c:\documents and settings\Administrator\Šablony
2009-03-29 19:09 . 2009-03-18 18:34 <DIR> dr------- c:\documents and settings\Administrator\Nabídka Start
2009-03-29 19:09 . 2009-03-18 18:34 <DIR> d-------- c:\documents and settings\Administrator\Dokumenty
2009-03-29 19:09 . 2009-03-18 18:34 <DIR> dr-h----- c:\documents and settings\Administrator\Data aplikací
2009-03-29 19:09 . 2009-03-29 19:09 <DIR> d-------- c:\documents and settings\Administrator
2009-03-29 15:41 . 2009-03-29 15:41 0 --a------ C:\23990098.$$$
2009-03-29 15:32 . 2009-03-29 20:58 28 --a------ c:\windows\Lic.xxx
2009-03-29 15:31 . 2009-03-29 15:31 <DIR> d-------- c:\program files\Common Files\MicroWorld
2009-03-29 15:31 . 2009-03-29 15:31 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\MicroWorld
2009-03-29 15:31 . 2009-03-29 15:31 626,688 --a------ c:\windows\system32\msvcr80.dll
2009-03-29 15:31 . 2009-03-29 15:31 548,864 --a------ c:\windows\system32\msvcp80.dll
2009-03-29 15:31 . 2008-04-14 08:52 147,968 --a------ c:\windows\R.COM
2009-03-29 15:31 . 2008-04-14 08:52 137,216 --a------ c:\windows\system32\T.COM
2009-03-29 15:31 . 2009-03-29 15:31 28,672 --a------ c:\windows\system32\eEmpty.exe
2009-03-29 15:31 . 2005-09-22 23:22 522 --a------ c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-03-29 15:17 . 2009-03-29 15:21 <DIR> d-a------ c:\documents and settings\All Users\Data aplikací\TEMP
2009-03-29 15:15 . 2009-03-29 15:20 <DIR> d-------- c:\program files\SpywareBlaster
2009-03-29 14:41 . 2009-03-29 14:41 <DIR> d-------- c:\program files\Trend Micro
2009-03-29 12:29 . 2009-03-29 12:29 <DIR> d-------- c:\program files\Microsoft Games
2009-03-29 12:15 . 2009-03-29 12:20 2,876 --a------ c:\windows\WTRAN32.INI
2009-03-29 12:14 . 2009-03-29 12:17 <DIR> d-------- c:\program files\TRANSLAT
2009-03-29 11:54 . 2009-03-29 11:54 <DIR> d--hs---- c:\documents and settings\Petr\PrivacIE
2009-03-29 11:53 . 2009-03-29 11:53 <DIR> d--hs---- c:\documents and settings\Petr\IETldCache
2009-03-29 11:47 . 2009-03-29 11:49 <DIR> d--h-c--- c:\windows\ie8
2009-03-29 00:51 . 2009-03-29 22:02 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\_comodo_
2009-03-29 00:10 . 2009-03-29 00:10 <DIR> d-------- c:\program files\AskSearch
2009-03-29 00:10 . 2009-03-29 00:10 249,592 --a------ c:\windows\system32\cssdll32.dll
2009-03-29 00:09 . 2009-04-01 10:08 <DIR> d-------- c:\program files\COMODO
2009-03-28 22:06 . 2009-03-28 22:06 0 --ahs---- C:\khq
2009-03-28 21:59 . 2009-03-28 21:59 <DIR> d-------- C:\Logs
2009-03-27 20:46 . 2009-03-27 20:46 <DIR> d-------- c:\documents and settings\Petr\WINDOWS
2009-03-27 20:46 . 1997-06-02 12:32 314,880 --a------ c:\windows\IsUninst.exe
2009-03-27 08:27 . 2009-03-27 08:27 <DIR> d-------- c:\windows\system32\LogFiles
2009-03-26 15:58 . 2008-04-14 01:17 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-03-26 15:58 . 2008-04-14 01:17 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2009-03-26 15:58 . 2009-03-26 15:58 511 --a------ c:\windows\eReg.dat
2009-03-25 18:13 . 2009-03-25 18:14 <DIR> d-------- c:\program files\TotalCMD
2009-03-25 18:13 . 2009-03-29 15:19 2,231 --a------ c:\windows\wincmd.ini
2009-03-25 18:13 . 2008-08-08 08:04 545 --a------ c:\windows\UC.PIF
2009-03-25 18:13 . 2008-08-08 08:04 545 --a------ c:\windows\RAR.PIF
2009-03-25 18:13 . 2008-08-08 08:04 545 --a------ c:\windows\PKZIP.PIF
2009-03-25 18:13 . 2008-08-08 08:04 545 --a------ c:\windows\PKUNZIP.PIF
2009-03-25 18:13 . 2008-08-08 08:04 545 --a------ c:\windows\NOCLOSE.PIF
2009-03-25 18:13 . 2008-08-08 08:04 545 --a------ c:\windows\LHA.PIF
2009-03-25 18:13 . 2008-08-08 08:04 545 --a------ c:\windows\ARJ.PIF
2009-03-25 15:12 . 2009-03-25 15:12 <DIR> d-------- c:\documents and settings\Petr\Data aplikací\Apple Computer
2009-03-25 15:06 . 2009-03-25 15:07 <DIR> d-------- c:\program files\QuickTime
2009-03-25 15:06 . 2009-03-25 15:06 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Apple Computer
2009-03-25 15:05 . 2009-03-25 15:05 <DIR> d-------- c:\program files\Apple Software Update
2009-03-25 15:05 . 2009-03-25 15:05 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Apple
2009-03-23 22:15 . 2006-11-30 16:14 97,088 -ra------ c:\windows\system32\drivers\se45mdm.sys
2009-03-23 22:15 . 2006-11-30 16:14 9,360 -ra------ c:\windows\system32\drivers\se45mdfl.sys
2009-03-23 22:15 . 2006-11-30 16:13 6,240 -ra------ c:\windows\system32\drivers\se45cmnt.sys
2009-03-23 22:15 . 2006-11-30 16:13 6,240 -ra------ c:\windows\system32\drivers\se45cm.sys
2009-03-23 19:58 . 2009-03-23 19:59 <DIR> d-------- c:\documents and settings\Petr\Data aplikací\Zoner
2009-03-23 19:56 . 2009-03-23 19:56 <DIR> d-------- c:\program files\Zoner
2009-03-23 19:47 . 2009-03-23 19:47 <DIR> d-------- c:\documents and settings\Guest\Data aplikací\Sony Ericsson
2009-03-23 19:46 . 2009-03-23 19:48 <DIR> d-------- c:\documents and settings\Guest\Plocha
2009-03-23 19:46 . 2009-03-18 18:34 <DIR> d--h----- c:\documents and settings\Guest\Okolní tiskárny
2009-03-23 19:46 . 2009-03-18 18:34 <DIR> d--h----- c:\documents and settings\Guest\Okolní síť
2009-03-23 19:46 . 2009-03-23 19:47 <DIR> dr------- c:\documents and settings\Guest\Oblíbené položky
2009-03-23 19:46 . 2009-03-18 17:42 <DIR> d--h----- c:\documents and settings\Guest\Šablony
2009-03-23 19:46 . 2009-03-18 18:34 <DIR> dr------- c:\documents and settings\Guest\Nabídka Start
2009-03-23 19:46 . 2009-03-23 19:47 <DIR> dr------- c:\documents and settings\Guest\Dokumenty
2009-03-23 19:46 . 2009-03-24 19:11 <DIR> dr-h----- c:\documents and settings\Guest\Data aplikací
2009-03-23 19:46 . 2009-03-23 19:48 <DIR> d-------- c:\documents and settings\Guest
2009-03-23 18:59 . 2009-03-29 12:22 69 --a------ c:\windows\NeroDigital.ini
2009-03-23 17:55 . 2006-11-30 16:13 61,536 -ra------ c:\windows\system32\drivers\se45bus.sys
2009-03-23 17:55 . 2008-04-14 01:15 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-03-23 17:55 . 2008-04-14 01:15 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2009-03-23 17:55 . 2006-11-30 16:14 5,872 -ra------ c:\windows\system32\drivers\se45whnt.sys
2009-03-23 17:55 . 2006-11-30 16:14 5,872 -ra------ c:\windows\system32\drivers\se45wh.sys
2009-03-23 17:40 . 2009-03-23 17:40 <DIR> d-------- c:\program files\RocketDock
2009-03-23 17:32 . 2009-03-25 08:26 <DIR> d-------- c:\documents and settings\Petr\Data aplikací\skypePM
2009-03-23 17:32 . 2009-03-23 17:32 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-03-23 17:31 . 2009-03-23 17:31 <DIR> dr------- c:\program files\Skype
2009-03-23 17:31 . 2009-03-23 17:31 <DIR> d-------- c:\program files\Common Files\Skype
2009-03-23 17:31 . 2009-03-25 08:30 <DIR> d-------- c:\documents and settings\Petr\Data aplikací\Skype
2009-03-23 17:30 . 2009-03-23 17:31 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Skype
2009-03-23 17:28 . 2009-03-25 21:30 <DIR> d-------- c:\documents and settings\Petr\Data aplikací\Ahead
2009-03-23 17:21 . 2009-03-23 17:21 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Nero
2009-03-23 17:20 . 2009-03-23 17:20 <DIR> d-------- c:\program files\Nero
2009-03-23 17:20 . 2009-03-23 17:30 <DIR> d-------- c:\program files\Common Files\Ahead
2009-03-23 17:15 . 2008-04-14 08:51 52,224 --a------ c:\windows\system32\MsPMSNSv.dll
2009-03-23 17:13 . 2008-04-14 08:53 299,520 --a------ c:\windows\system32\drmclien.dll
2009-03-23 17:13 . 2008-04-14 08:51 87,040 --a------ c:\windows\system32\drmstor.dll
2009-03-23 17:09 . 2008-04-14 08:51 25,088 --a------ c:\windows\system32\shfolder.dll
2009-03-23 16:51 . 2009-03-23 16:51 <DIR> d-------- c:\program files\Common Files\CANON
2009-03-23 16:29 . 2009-03-23 16:29 <DIR> d--h----- c:\windows\system32\CanonIJ Uninstaller Information
2009-03-23 16:29 . 2009-03-23 16:29 <DIR> d--h----- c:\documents and settings\All Users\Data aplikací\CanonBJ
2009-03-23 16:29 . 1998-11-13 13:58 307,200 --a------ c:\windows\IsUn0405.exe
2009-03-23 16:29 . 2006-09-13 07:00 197,632 --a------ c:\windows\system32\CNMLM86.DLL
2009-03-23 16:28 . 2009-03-23 16:28 <DIR> d--h----- c:\program files\CanonBJ
2009-03-23 16:27 . 2009-03-23 16:30 <DIR> d-------- c:\program files\Canon
2009-03-23 16:23 . 2009-03-23 16:23 <DIR> d-------- c:\program files\Trust
2009-03-23 16:23 . 2007-02-13 08:42 14,848 --a------ c:\windows\system32\drivers\KMWDFilter.SYS
2009-03-23 16:21 . 2009-03-23 16:21 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\{3E318E90-4BE6-4440-A0EE-2EAF8419199C}
2009-03-23 16:10 . 2009-03-23 16:10 <DIR> d-------- c:\documents and settings\Petr\Data aplikací\Sony Ericsson
2009-03-23 16:04 . 2009-03-23 16:09 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-03-23 16:04 . 2009-03-23 16:04 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Sony Ericsson
2009-03-23 16:03 . 2009-03-23 16:03 <DIR> d-------- c:\program files\Sony Ericsson
2009-03-23 16:03 . 2009-03-23 16:04 <DIR> d-------- c:\program files\Common Files\Teleca Shared
2009-03-23 16:03 . 2009-03-23 16:04 <DIR> d-------- c:\program files\Common Files\Sony Ericsson Shared
2009-03-23 16:03 . 2009-03-23 16:04 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Teleca
2009-03-23 16:02 . 2009-03-23 16:02 <DIR> d-------- c:\windows\Downloaded Installations
2009-03-23 16:02 . 2009-03-28 23:59 <DIR> d-------- c:\program files\Common Files\InstallShield
2009-03-23 16:00 . 2009-03-23 16:00 54,156 --ah----- c:\windows\QTFont.qfn
2009-03-23 16:00 . 2009-03-23 16:00 1,409 --a------ c:\windows\QTFont.for
2009-03-23 15:55 . 2009-03-23 18:16 <DIR> d-------- c:\program files\Any Video Converter
2009-03-23 15:55 . 2009-03-23 18:16 <DIR> d-------- c:\documents and settings\Petr\Data aplikací\Any Video Converter
2009-03-23 15:33 . 2009-03-23 15:33 0 --a------ c:\windows\nsreg.dat
2009-03-19 21:19 . 2009-03-19 21:19 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-03-19 21:14 . 2009-03-19 21:14 <DIR> d-------- c:\documents and settings\Petr\Data aplikací\DAEMON Tools Lite
2009-03-19 21:12 . 2009-03-23 18:22 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\McAfee.com
2009-03-19 20:35 . 2008-04-14 08:51 21,504 --a------ c:\windows\system32\hidserv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-28 22:00 --------- d-----w c:\program files\QIP
2009-03-24 14:48 --------- d-----w c:\program files\ICQ6.5
2009-03-23 16:19 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-23 15:11 --------- d-----w c:\documents and settings\Petr\Data aplikací\ICQ
2009-03-18 16:47 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-03-18 16:44 --------- d-----w c:\program files\Microsoft Works
2009-03-18 16:43 --------- d-----w c:\program files\MSBuild
2009-03-18 16:03 --------- d-----w c:\program files\C-Media
2009-03-18 15:48 --------- d-----w c:\program files\microsoft frontpage
2001-11-23 04:08 712,704 ----a-r c:\windows\inf\OTHER\AUDIO3D.DLL
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"WireLessMouse"="c:\program files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe" [2007-03-06 212992]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO SafeSurf]
--a------ 2009-03-29 00:10 278264 c:\program files\COMODO\SafeSurf\cssurf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2009-03-01 12:59 172792 c:\program files\ICQ6.5\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2009-03-16 19:47 24095528 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2006-11-24 02:06 487424 c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
-ra------ 2002-07-12 10:33 1581056 c:\windows\mixer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60b49e34-c7cc-11d0-8953-00a0c90347ff}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\dzrfm8ma.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-01 10:09:22
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\wscntfy.exe
c:\program files\Trust\Trust R-series Mouse And Keyboard\MouseDrv.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Celkový čas: 2009-04-01 10:12:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-04-01 08:12:18
ComboFix2.txt 2009-03-31 17:06:30

Před spuštěním: Volných bajtů: 33 184 149 504
Po spuštění: Volných bajtů: 33,173,647,360

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
228

[Reklama]

[onewinger]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:48, on 1.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Trust\Trust R-series Mouse And Keyboard\MouseDrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 4878 bytes

[jaro3]

Odinstaluj:
c:\program files\SpywareBlaster
máš tam zbytky po McAfee
Manuálně smaž tyto složky po Combofixu:
C:\32788R22FWJFW.1.tmp
C:\32788R22FWJFW.0.tmp

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Je to vše, nebo budeme muset zítra odstřelit ten McAfee..

Edit : dokonce tam máš ještě složku c:\program files\AskSearch - myslím , že patří k Norton Internet Security 2009
zkus jí manuálně smazat..

[onewinger]

Takže potom to by měl být PC už úplně čistý? Ptám se protože když připojím zavirovaný PC k internetu můj poskytovatel mi net zablokuje a spustího až na moje požádání.

Nyní sem na NTB

[jaro3]

Zavirovaný by již být neměl. Zkus nastavit připojení znovu podle poskytovatele.
Nebo zkusit opravit:
Stáhni si Dial-a-fix
Explorer/IE/OE/shell/WMP - Pokusí se o opravu Internet Exploreru, Outlook Expressu, Windows Media Playeru atd.
Klikni na kladívko-další možnosti:
FlushDNS - Resetuje DNS cache.
Repair/reinstall IE - Reinstaluje Internet Explorer (případná potřeba instalačního media Windows).
Reset networking interfaces - Opraví winsock a síťové nastavení.
Dej zatržítko na službu a potom klikni na GO.
Nerozumím , proč Tě poskytovatel nechce připojit, špatné jméno , heslo?
Špatná MAC adresa?

[onewinger]

Takže PC jede už pár dní bez problému. Antivir nic nenachází a poskytovatel mi zatím s internetem nezatl tipec.


Dík Jaro, skvělá práce !