Samovolně se spouštěcí instalace Vyřešeno

[MaxDamageCZ]

CF:


ComboFix 09-10-20.03 - Marek 21.10.2009 19:41.20.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.476 [GMT 2:00]
Spuštěný z: c:\documents and settings\Marek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Marek\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FILE ::
"c:\documents and settings\marek\plocha\mwav keygen - x-core.zip"
"c:\program files\rockstar games\gta san andreas\data\decision\craig\crack1.ped"
"c:\program files\superantispyware\superantispyware.professional.v3.9.0.1008-heritage\crack\superantispyware.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Marek\DoctorWeb
c:\documents and settings\Marek\DoctorWeb\CureIt.log
c:\documents and settings\marek\plocha\mwav keygen - x-core.zip
c:\progra~1\Crawler
c:\progra~1\Crawler\Toolbar\adrkeys.dat
c:\progra~1\Crawler\Toolbar\common_ff.dat
c:\progra~1\Crawler\Toolbar\confirm.dat
c:\progra~1\Crawler\Toolbar\ctbcomm.dll
c:\progra~1\Crawler\Toolbar\ctbr.dll
c:\progra~1\Crawler\Toolbar\CTipsDef.dll
c:\progra~1\Crawler\Toolbar\CToolbar.exe
c:\progra~1\Crawler\Toolbar\CUpdate.exe
c:\progra~1\Crawler\Toolbar\firefox\components\xcomm.dll
c:\progra~1\Crawler\Toolbar\firefox\components\xplugin.xpt
c:\progra~1\Crawler\Toolbar\firefox\components\xshared.dll
c:\progra~1\Crawler\Toolbar\firefox\components\xshared.xpt
c:\progra~1\Crawler\Toolbar\firefox\components\xsupport.dll
c:\progra~1\Crawler\Toolbar\firefox\components\xsupport.xpt
c:\progra~1\Crawler\Toolbar\firefox\components\xwsg.dll
c:\progra~1\Crawler\Toolbar\firefox\chrome.manifest
c:\progra~1\Crawler\Toolbar\firefox\chrome\common.jar
c:\progra~1\Crawler\Toolbar\firefox\chrome\stwsg.jar
c:\progra~1\Crawler\Toolbar\firefox\install.ini
c:\progra~1\Crawler\Toolbar\firefox\install.rdf
c:\progra~1\Crawler\Toolbar\firefox\stwsg_ff.ini
c:\progra~1\Crawler\Toolbar\Languages\STWSG_CS.cab
c:\progra~1\Crawler\Toolbar\Languages\STWSG_DE.cab
c:\progra~1\Crawler\Toolbar\Languages\STWSG_EN.cab
c:\progra~1\Crawler\Toolbar\Languages\STWSG_ES.cab
c:\progra~1\Crawler\Toolbar\Languages\STWSG_FF.cab
c:\progra~1\Crawler\Toolbar\Languages\STWSG_FR.cab
c:\progra~1\Crawler\Toolbar\Languages\STWSG_IT.cab
c:\progra~1\Crawler\Toolbar\Languages\STWSG_NL.cab
c:\progra~1\Crawler\Toolbar\Languages\STWSG_PT-BR.cab
c:\progra~1\Crawler\Toolbar\Languages\STWSG_PT.cab
c:\progra~1\Crawler\Toolbar\Languages\TBR5_CS.cab
c:\progra~1\Crawler\Toolbar\Languages\TBR5_DE.cab
c:\progra~1\Crawler\Toolbar\Languages\TBR5_EN.cab
c:\progra~1\Crawler\Toolbar\Languages\TBR5_ES.cab
c:\progra~1\Crawler\Toolbar\Languages\TBR5_FR.cab
c:\progra~1\Crawler\Toolbar\Languages\TBR5_IT.cab
c:\progra~1\Crawler\Toolbar\Languages\TBR5_NL.cab
c:\progra~1\Crawler\Toolbar\Languages\TBR5_PL.cab
c:\progra~1\Crawler\Toolbar\Languages\TBR5_PT-BR.cab
c:\progra~1\Crawler\Toolbar\Languages\TBR5_PT.cab
c:\progra~1\Crawler\Toolbar\Languages\TBR5_RU.cab
c:\progra~1\Crawler\Toolbar\lookfor.dat
c:\progra~1\Crawler\Toolbar\majorse.dat
c:\progra~1\Crawler\Toolbar\rootmenu.dat
c:\progra~1\Crawler\Toolbar\services.dat
c:\progra~1\Crawler\Toolbar\stwsg_ff.dat
c:\progra~1\Crawler\Toolbar\STWSGLanguageAct\info.ini
c:\progra~1\Crawler\Toolbar\STWSGLanguageAct\language.ini
c:\progra~1\Crawler\Toolbar\TBR5LanguageAct\info.ini
c:\progra~1\Crawler\Toolbar\TBR5LanguageAct\language.ini
c:\progra~1\Crawler\Toolbar\Update\domains.cab
c:\progra~1\Crawler\Toolbar\WebSecurityGuard.dll
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_000.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_000_diff.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_001.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_001_diff.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_002.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_002_diff.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_003.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_003_diff.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_004.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_004_diff.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_005.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_005_diff.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_006.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_006_diff.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_007.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_007_diff.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_008.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_008_diff.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_009.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_009_diff.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_010.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_010_diff.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_011.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_011_diff.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_012.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_012_diff.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_013.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_013_diff.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_014.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_014_diff.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_015.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_015_diff.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_016.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_016_diff.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_017.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_017_diff.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_018.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_018_diff.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_019.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_019_diff.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_020.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_020_diff.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_021.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_021_diff.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_022.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_022_diff.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_023.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_023_diff.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_024.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_024_diff.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_025.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_025_diff.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_026.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_026_diff.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_027.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_027_diff.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_028.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_028_diff.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_029.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_029_diff.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_030.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_030_diff.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_031.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_031_diff.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_032.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_032_diff.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_033.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_033_diff.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_034.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_034_diff.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_035.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_035_diff.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_036.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\domains_036_diff.dat
c:\progra~1\Crawler\Toolbar\WSGData\domains\index.dat
c:\progra~1\Crawler\Toolbar\WSGData\g_S-1-5-21-1409082233-220523388-1801674531-1004.dat
c:\progra~1\Crawler\Toolbar\WSGData\g_S-1-5-21-1409082233-220523388-1801674531-1006.dat
c:\progra~1\Crawler\Toolbar\WSGData\g_S-1-5-21-1409082233-220523388-1801674531-1009.dat
c:\progra~1\Crawler\Toolbar\WSGData\ud_S-1-5-21-1409082233-220523388-1801674531-1004.dat
c:\progra~1\Crawler\Toolbar\WSGData\ud_S-1-5-21-1409082233-220523388-1801674531-1006.dat
c:\progra~1\Crawler\Toolbar\WSGData\w_S-1-5-21-1409082233-220523388-1801674531-1004.dat
c:\progra~1\Crawler\Toolbar\WSGData\w_S-1-5-21-1409082233-220523388-1801674531-1006.dat
c:\progra~1\Crawler\Toolbar\WSGData\w_S-1-5-21-1409082233-220523388-1801674531-1009.dat
c:\progra~1\Crawler\Toolbar\WSGData\wfilter.dat
c:\program files\Alwil Software
c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\AskSplash.exe
c:\program files\AskBarDis\bar\bin\AskTBApp.exe
c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Cache\00604B3E
c:\program files\AskBarDis\bar\Cache\00605272
c:\program files\AskBarDis\bar\Cache\0060565A
c:\program files\AskBarDis\bar\Cache\0063B370
c:\program files\AskBarDis\bar\Cache\files.ini
c:\program files\AskBarDis\bar\History\search
c:\program files\AskBarDis\bar\Settings\AskLogo.ico
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\bar\Settings\prevCfg2.htm
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe
c:\program files\AskBarDis\zonealarm.ico
c:\program files\Comodo\HopSurfToolbar\hopsurfext_ff3_5\components\hopsurf.dll
c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
c:\program files\Lavasoft
c:\program files\rockstar games\gta san andreas\data\decision\craig\crack1.ped
c:\program files\Spybot - Search & Destroy
c:\program files\Spybot - Search & Destroy\advcheck.dll
c:\program files\Spybot - Search & Destroy\Help\Cesky.Resident.chm
c:\program files\Sunbelt Software
c:\program files\Sunbelt Software\Personal Firewall\Config\charts.dat
c:\program files\Sunbelt Software\Personal Firewall\Config\IDSRules\attack-responses.rlk
c:\program files\Sunbelt Software\Personal Firewall\Config\IDSRules\backdoor.rlk
c:\program files\Sunbelt Software\Personal Firewall\Config\IDSRules\bad-traffic.rlk
c:\program files\Sunbelt Software\Personal Firewall\Config\IDSRules\ddos.rlk
c:\program files\Sunbelt Software\Personal Firewall\Config\IDSRules\dos.rlk
c:\program files\Sunbelt Software\Personal Firewall\Config\IDSRules\icmp.rlk
c:\program files\Sunbelt Software\Personal Firewall\Config\IDSRules\misc.rlk
c:\program files\Sunbelt Software\Personal Firewall\Config\IDSRules\netbios.rlk
c:\program files\Sunbelt Software\Personal Firewall\Config\IDSRules\rules.idx
c:\program files\Sunbelt Software\Personal Firewall\Config\IDSRules\scan.rlk
c:\program files\Sunbelt Software\Personal Firewall\Config\IDSRules\sunbelt.rlk
c:\program files\Sunbelt Software\Personal Firewall\Config\spf.cfg
c:\program files\Sunbelt Software\Personal Firewall\Config\spf.cfg.bak
c:\program files\Sunbelt Software\Personal Firewall\Config\update.cfg
c:\program files\Sunbelt Software\Personal Firewall\Logs\debug.log.idx
c:\program files\Sunbelt Software\Personal Firewall\Logs\error.log.idx
c:\program files\Sunbelt Software\Personal Firewall\Logs\hips.log.idx
c:\program files\Sunbelt Software\Personal Firewall\Logs\ids.log.idx
c:\program files\Sunbelt Software\Personal Firewall\Logs\network.log.idx
c:\program files\Sunbelt Software\Personal Firewall\Logs\SbFw.etl
c:\program files\Sunbelt Software\Personal Firewall\Logs\SbFw.etl.001
c:\program files\Sunbelt Software\Personal Firewall\Logs\SbFw.etl.002
c:\program files\Sunbelt Software\Personal Firewall\Logs\SbFw.etl.003
c:\program files\Sunbelt Software\Personal Firewall\Logs\SbFw.etl.004
c:\program files\Sunbelt Software\Personal Firewall\Logs\SbFw.etl.005
c:\program files\Sunbelt Software\Personal Firewall\Logs\SbFwIm.etl
c:\program files\Sunbelt Software\Personal Firewall\Logs\SbFwIm.etl.001
c:\program files\Sunbelt Software\Personal Firewall\Logs\SbFwIm.etl.002
c:\program files\Sunbelt Software\Personal Firewall\Logs\SbFwIm.etl.003
c:\program files\Sunbelt Software\Personal Firewall\Logs\SbFwIm.etl.004
c:\program files\Sunbelt Software\Personal Firewall\Logs\SbFwIm.etl.005
c:\program files\Sunbelt Software\Personal Firewall\Logs\sbhips.log
c:\program files\Sunbelt Software\Personal Firewall\Logs\system.log
c:\program files\Sunbelt Software\Personal Firewall\Logs\system.log.idx
c:\program files\Sunbelt Software\Personal Firewall\Logs\warning.log.idx
c:\program files\Sunbelt Software\Personal Firewall\Logs\web.log.idx
c:\program files\superantispyware\superantispyware.professional.v3.9.0.1008-heritage\crack\superantispyware.exe
c:\program files\warcraft iii\crack
c:\program files\warcraft iii\crack\rzr-wc3.nfo
c:\program files\warcraft iii\crack\War3.exe
c:\program files\warcraft iii\crack\WorldEdit.exe
c:\program files\Zone Labs
c:\program files\Zone Labs\ZoneAlarm\cpes_clean.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASKUPGRADE
-------\Legacy_BACKWEB_PLUG-IN_-_7681197
-------\Service_ASKUpgrade
-------\Service_BackWeb Plug-in - 7681197


((((((((((((((((((((((((( Soubory vytvořené od 2009-09-21 do 2009-10-21 )))))))))))))))))))))))))))))))
.

2009-10-20 18:53 . 2009-10-20 18:53 -------- dc----w- c:\documents and settings\MaxDamage - uživatel
2009-10-20 14:53 . 2009-10-20 14:53 -------- d--h--w- c:\windows\PIF
2009-10-19 17:20 . 2009-10-19 17:31 -------- d-----w- c:\program files\HTV
2009-10-19 15:37 . 2009-10-19 15:37 -------- d---a-w- c:\windows\rundll16.exe
2009-10-19 15:37 . 2009-10-19 15:37 -------- d---a-w- c:\windows\logo1_.exe
2009-10-18 19:00 . 2009-10-20 18:53 -------- d-----w- c:\program files\COMODO
2009-10-18 07:35 . 2009-10-18 07:35 -------- d---a-w- c:\windows\VDLL.DLL
2009-10-18 07:35 . 2009-10-18 07:35 -------- d---a-w- c:\windows\system32\runouce.exe
2009-10-18 07:35 . 2009-10-18 07:35 -------- d---a-w- c:\windows\RUNDL132.EXE
2009-10-18 07:35 . 2009-10-18 07:35 -------- d---a-w- c:\windows\logo_1.exe
2009-10-18 07:33 . 2009-10-18 07:33 626688 ----a-w- c:\windows\system32\msvcr80.dll
2009-10-18 07:33 . 2009-10-18 07:33 548864 ----a-w- c:\windows\system32\msvcp80.dll
2009-10-18 07:33 . 2009-10-18 07:33 28672 ----a-w- c:\windows\system32\eEmpty.exe
2009-10-18 07:33 . 2008-04-14 03:22 137216 ----a-w- c:\windows\system32\T.COM
2009-10-18 07:33 . 2008-04-14 03:22 147968 ----a-w- c:\windows\R.COM
2009-10-18 07:33 . 2009-10-18 07:33 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-10-17 18:54 . 2009-10-17 18:54 27656 ----a-w- c:\windows\system32\drivers\pxsec.sys
2009-10-17 18:54 . 2009-10-17 18:54 22024 ----a-w- c:\windows\system32\drivers\pxscan.sys
2009-10-17 18:54 . 2009-10-17 18:54 -------- d-----w- c:\program files\Prevx
2009-10-17 17:22 . 2009-10-17 17:22 -------- d-----w- c:\program files\Conduit
2009-10-17 17:22 . 2009-10-17 19:28 -------- d-----w- c:\program files\free-downloads.net
2009-10-11 17:11 . 2009-10-11 17:11 -------- d-----w- c:\program files\Opera
2009-10-11 16:39 . 2001-08-17 20:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2009-10-11 16:39 . 2004-08-03 20:32 10880 -c--a-w- c:\windows\system32\dllcache\admjoy.sys
2009-10-11 16:39 . 2001-08-17 18:11 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys
2009-10-11 16:39 . 2001-08-17 18:19 747392 -c--a-w- c:\windows\system32\dllcache\adm8830.sys
2009-10-11 16:39 . 2001-08-17 18:19 553984 -c--a-w- c:\windows\system32\dllcache\adm8820.sys
2009-10-11 16:39 . 2001-08-17 18:19 584448 -c--a-w- c:\windows\system32\dllcache\adm8810.sys
2009-10-11 16:37 . 2001-10-24 10:24 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-10-10 16:29 . 2009-10-10 16:29 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-10 11:03 . 2009-10-10 11:04 -------- dc----w- C:\iPod Photo Cache
2009-10-05 17:22 . 2009-10-05 17:22 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-10-05 17:21 . 2009-10-12 13:47 -------- d-----w- c:\windows\Internet Logs
2009-10-05 17:11 . 2009-10-10 16:14 -------- d-----w- c:\program files\JockerSoft
2009-10-05 15:14 . 2009-10-05 15:29 -------- d-----w- c:\program files\Vuze
2009-10-05 15:04 . 2009-10-10 16:13 -------- d-----w- c:\program files\BitLord
2009-10-04 17:50 . 2009-10-04 17:50 -------- d-----w- c:\program files\wxDownload Fast
2009-10-04 17:33 . 2009-10-04 17:33 -------- dc----w- C:\Downloads
2009-10-04 16:15 . 2009-10-11 13:26 -------- d-----w- c:\program files\Star Downloader
2009-10-02 15:51 . 2009-10-02 15:51 -------- d-----w- c:\program files\Avanquest update
2009-10-02 09:33 . 2009-10-02 09:33 -------- d-----w- c:\program files\Total Video Converter
2009-10-02 05:37 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-10-01 10:53 . 2009-10-19 16:44 -------- d-----w- c:\program files\IObit
2009-10-01 10:52 . 2009-10-01 10:52 65928 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-30 11:59 . 2009-09-30 11:59 -------- d-----w- c:\program files\iPod
2009-09-30 11:58 . 2009-09-30 12:02 -------- d-----w- c:\program files\iTunes
2009-09-30 11:24 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-30 11:24 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-09-30 06:41 . 2009-09-30 06:41 -------- d-----w- c:\program files\QuickTime
2009-09-30 06:40 . 2009-09-30 06:40 -------- d-----w- c:\program files\Apple Software Update
2009-09-30 06:39 . 2009-08-28 17:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-09-30 06:39 . 2009-08-28 17:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-09-30 06:39 . 2009-09-30 11:59 -------- d-----w- c:\program files\Common Files\Apple
2009-09-28 16:59 . 2009-09-28 16:59 640 -c--a-w- C:\settings.dat
2009-09-26 19:18 . 2009-09-26 19:18 4484 ----a-w- c:\windows\system32\drivers\cpuidlep.sys
2009-09-26 17:59 . 1996-04-03 19:33 5248 ----a-w- c:\windows\system32\drivers\giveio.sys
2009-09-25 12:11 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-25 12:11 . 2009-09-25 12:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-25 12:11 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-23 14:23 . 2009-09-25 12:35 -------- d-----w- c:\windows\system32\Adobe
2009-09-23 14:02 . 2009-09-23 14:02 -------- d-----w- c:\program files\Warp

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-18 18:22 . 2004-08-18 12:00 90996 ----a-w- c:\windows\system32\perfc005.dat
2009-10-18 18:22 . 2004-08-18 12:00 457400 ----a-w- c:\windows\system32\perfh005.dat
2009-10-18 10:48 . 2006-12-16 12:12 -------- d-----w- c:\program files\EA SPORTS
2009-10-18 07:27 . 2009-09-19 09:33 -------- d-----w- c:\program files\ESET
2009-10-17 17:44 . 2009-07-30 11:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-12 12:41 . 2008-06-02 12:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-04 17:40 . 2009-09-01 16:33 -------- d-----w- c:\program files\Bonjour
2009-10-02 15:51 . 2006-07-04 06:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-02 09:02 . 2006-08-25 09:21 -------- d-----w- c:\program files\Sony Ericsson
2009-10-01 11:27 . 2006-09-10 10:19 -------- d-----w- c:\program files\VDMSound
2009-10-01 11:21 . 2006-11-08 13:23 -------- d-----w- c:\program files\Nvu
2009-10-01 11:21 . 2009-07-28 08:44 -------- d-----w- c:\program files\Trend Micro
2009-10-01 11:21 . 2009-06-13 15:47 -------- d-----w- c:\program files\World of Warcraft
2009-10-01 11:21 . 2009-05-06 17:54 -------- d-----w- c:\program files\Stykz
2009-10-01 11:21 . 2009-05-06 16:03 -------- d-----w- c:\program files\VirtualDJ
2009-10-01 11:21 . 2008-02-03 17:51 -------- d-----w- c:\program files\Toribash-3.1
2009-10-01 11:21 . 2007-06-19 17:21 -------- d-----w- c:\program files\RADVideo
2009-10-01 11:21 . 2007-01-09 19:27 -------- d-----w- c:\program files\Video DVD Maker FREE
2009-10-01 11:21 . 2006-12-31 18:52 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-09-19 15:31 . 2009-09-19 15:30 -------- d-----w- c:\program files\Security Task Manager
2009-09-18 17:23 . 2009-09-18 17:23 12 ----a-w- c:\documents and settings\Marek\USERDATA.DAT
2009-09-12 16:03 . 2009-09-12 15:56 -------- d-----w- c:\program files\ICQ6.5
2009-09-12 15:57 . 2008-05-29 15:58 -------- d-----w- c:\program files\ICQ6
2009-09-11 14:19 . 2004-08-18 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:05 . 2004-08-18 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-02 09:26 . 2008-11-06 15:38 -------- d-----w- c:\program files\NextUp Talker
2009-09-01 16:54 . 2006-07-10 07:04 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-01 16:43 . 2009-09-01 16:41 -------- d-----w- c:\program files\Common Files\Jasc Software Inc
2009-09-01 16:41 . 2009-09-01 16:40 -------- d-----w- c:\program files\Jasc Software Inc
2009-09-01 16:05 . 2009-09-01 16:05 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-09-01 14:34 . 2009-09-01 14:34 160285 ----a-w- c:\windows\Sqirlz Morph Uninstaller.exe
2009-09-01 14:34 . 2009-09-01 14:34 -------- d-----w- c:\program files\Sqirlz Morph
2009-08-31 13:54 . 2009-04-13 16:45 -------- d-----w- c:\program files\Free Power Word to Pdf Converter
2009-08-31 13:54 . 2009-04-13 16:34 -------- d-----w- c:\program files\Free PDF to Word Doc Converter
2009-08-31 13:39 . 2006-08-25 09:21 -------- d-----w- c:\program files\Common Files\Teleca Shared
2009-08-31 13:37 . 2008-11-05 19:11 -------- d-----w- c:\program files\Text to Speech Maker
2009-08-31 13:23 . 2009-06-30 11:44 -------- d-----w- c:\program files\MumboJumbo
2009-08-31 13:23 . 2009-02-24 13:08 -------- d-----w- c:\program files\Wanadoo Edition
2009-08-31 13:13 . 2009-08-03 15:13 -------- d-----w- c:\program files\Actual Drawing
2009-08-31 13:13 . 2009-05-06 16:55 -------- d-----w- c:\program files\Acoustica Mixcraft
2009-08-29 07:58 . 2004-08-18 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:02 . 2004-08-18 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-22 18:03 . 2007-05-07 10:42 -------- d-----w- c:\program files\Rockstar Games
2009-08-06 17:24 . 2006-07-03 14:57 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2006-07-03 14:57 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2006-07-04 06:38 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2006-07-03 14:57 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2006-07-03 14:57 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2004-08-18 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2006-07-03 14:57 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2008-06-01 13:30 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 17:23 . 2006-07-03 14:57 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-18 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 20:59 . 2004-08-18 12:00 2191360 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:52 . 2009-08-04 17:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 17:29 . 2004-08-17 15:45 2068224 ------w- c:\windows\system32\ntkrnlpa.exe
2009-07-28 15:30 . 2009-07-28 15:30 118842 ------r- c:\windows\bwUnin-6.3.2.116-7681197L.exe
2009-07-27 15:10 . 2006-07-05 17:26 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-25 03:23 . 2009-08-04 11:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2004-08-23 21:38 . 2004-08-23 21:38 3371 ----a-w- c:\program files\!!!readme.txt
2004-08-23 19:08 . 2004-08-23 19:08 83968 -c--a-w- c:\program files\NB_NB_2_12_37.xls
.

((((((((((((((((((((((((((((( SnapShot@2009-10-20_19.18.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-21 17:54 . 2009-10-21 17:54 16384 c:\windows\temp\Perflib_Perfdata_7e8.dat
+ 2009-10-21 17:54 . 2009-10-21 17:54 16384 c:\windows\temp\Perflib_Perfdata_210.dat
+ 2009-10-21 17:31 . 2009-10-21 17:31 3940352 c:\windows\Installer\3bc0de.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-17 2000112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"c:\\Program Files\\Electronic Arts\\Need For Speed III\\nfs3.exe"=
"c:\\Program Files\\Sierra\\SWAT 4\\Content\\System\\Swat4.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Illusion Softworks\\Hidden & Dangerous 2\\hd2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Sierra\\CoolPool\\coolpool.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Documents and Settings\\Marek\\Local Settings\\Data aplikací\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\keyclone\\keyclone.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.1-to-3.0.2-enGB-Win-Update-downloader.exe"=
"c:\\Documents and Settings\\Marek\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Marek\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Marek\\Plocha\\utorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2869:TCP"= 2869:TCP:@xpsp2res.dll,-22008
"11001:TCP"= 11001:TCP:H&D2 port 11001
"11001:UDP"= 11001:UDP:H&D2 port 11001
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"12001:UDP"= 12001:UDP:SMART WebServer Handshake Multicast Port
"6112:TCP"= 6112:TCP:Blizzard Downloader

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [17.10.2009 20:54 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [17.10.2009 20:54 27656]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [3.2.2009 17:39 63096]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 15:49 94360]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [15.9.2009 11:42 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15.9.2009 11:42 74480]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15.9.2009 11:42 7408]
S2 gupdate1ca18e6298cdd6;Google Update Service (gupdate1ca18e6298cdd6);c:\program files\Google\Update\GoogleUpdate.exe [9.8.2009 13:39 133104]
S3 axskbus;axskbus;c:\windows\system32\DRIVERS\axskbus.sys --> c:\windows\system32\DRIVERS\axskbus.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [20.2.2008 20:49 13352]
S3 M1000Srv;M5603C USB2.0 Camera Driver;c:\windows\system32\Drivers\M1000KNT.sys --> c:\windows\system32\Drivers\M1000KNT.sys [?]
S4 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [17.10.2009 20:54 4368952]
S4 SMART Web Server;SMART Web Server;c:\program files\SMART Technologies Inc\SMART Board Software\WebServer.exe [19.4.2007 7:42 759312]
.
Obsah adresáře 'Naplánované úlohy'

2009-10-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-09 11:38]

2009-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-09 11:38]

2009-10-21 c:\windows\Tasks\User_Feed_Synchronization-{CB8F93AA-F0A1-41BE-9268-229B640A54CD}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

2009-10-21 c:\windows\Tasks\User_Feed_Synchronization-{D8C6849B-BD9A-4B92-970F-E7635BC45510}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\j2ggv3xx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - http://www.google.cz
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe
AddRemove-CToolbar_UNINSTALL - c:\progra~1\Crawler\Toolbar\CToolbar.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-21 19:55
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1409082233-220523388-1801674531-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:df,62,2c,55,b4,92,8c,81,8f,81,d7,2e,f6,2f,99,2a,af,76,f8,bb,39,8e,53,
3b,98,84,f3,a1,74,26,e8,39,f4,22,d8,75,d3,12,9d,76,c2,c3,f8,38,95,43,4a,2c,\
"??"=hex:a9,1b,d4,2d,84,8a,c8,cc,72,9b,3f,aa,56,b9,ca,9f
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2716)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\combofix\CF9675.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Celkový čas: 2009-10-21 20:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-10-21 18:00
ComboFix2.txt 2009-10-20 19:24
ComboFix3.txt 2009-10-17 20:18

Před spuštěním: Volných bajtů: 119 717 453 824
Po spuštění: Volných bajtů: 119 620 452 352

- - End Of File - - 2997B25A9D86841BA56773C580002534




Jinak java a reader taky installnuty

[Reklama]

[MaxDamageCZ]

Chování pc zatím docela normální

[pitimir]

To rad pocujem.

1) Docistime to:

• Odinstaluj Combofix:
  Start -> Spustit -> (napis) combofix /uninstall

• Pouzi T-Cleaner (ak by ho antivirus hlasil ako smejda, nic sa netreba bat, ide len o paranoju AV programu).

• Precisti PC CCleanerom (vratane registrov).

• Pouzi TFC (spust program a klikni na "Start". Pozor, PC moze byt restartovane).

2) Vloz log z HJT.

V pripade nezrovnalosti sa >>tu<< nachadza navod.

[MaxDamageCZ]

Vše hotovo, zde nový log HJT.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:23:06 odp., on 22.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Marek\Plocha\Moje soubory\Složka nejvyšší nouze\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
O3 - Toolbar: HopSurf toolbar - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate1ca18e6298cdd6) (gupdate1ca18e6298cdd6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Služba SMART Board (SMART Board Service) - SMART Technologies Inc. - C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 4436 bytes

[pitimir]

Fixni v HJT (zasrktni stvorcek pri danom riadku a stlac "Fix Checked"):

Kód: Vybrat vše

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

Doinstaluj firewall a hod mi potom este jeden log zo SecurityChceck.

[MaxDamageCZ]

Firewall doinstaluju co nejdřív, asi si koupím Eset Smart security. Zde log z SCH


Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
ESET NOD32 Antivirus
Prevx 3.0
``````````````````````````````
Anti-malware/Other Utilities Check:
SUPERAntiSpyware Free Edition
HijackThis 2.0.2
CCleaner (remove only)
Java(TM) 6 Update 15
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 5
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 9.2
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

[pitimir]

JavaRa neodpalila stare verzie Javy (zjavne nie cele) - ked pozries do navodu este raz, najdes tam P.S.:, ktore je urcene na tento pripad. Sprav pokyny podla neho a malo by to byt uplne vsetko :)

Btw, ked budes mat ESS, nezabudni, ze ide o balik (obsahujuci AV+AS+FW).

[MaxDamageCZ]

ok jdu na to... jo vím, co je ESS dík

[pitimir]

Len pripominam, aby sa nestalo, ze tam budes mat 3 AV a 5 FW

[MaxDamageCZ]

jo..

takhle vypadá nový log z security check.. furt zastaralá java, já už nevím co dělat, dělám JavaRa, přímo přes ovládací panely, stáhnout soubor javy.. nejde



Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
ESET NOD32 Antivirus
Prevx 3.0
``````````````````````````````
Anti-malware/Other Utilities Check:
SUPERAntiSpyware Free Edition
HijackThis 2.0.2
CCleaner (remove only)
Java Platform, Enterprise Edition 5 SDK
Java(TM) 6 Update 15
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 5
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 9.2
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

[pitimir]

Citujem spominane P.S.: z navodu:

P.S.: Moze sa stat, ze sa stare verzie Javy nepodari odstrelit (sice ide o vynimocnu situaciu, ale aj tak, stava sa to). Vtedy je najlepsie odstrelit vsetky zbytky pomocou programu Revo Uninstaller (stahuj tu).

[MaxDamageCZ]

Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
ESET NOD32 Antivirus
Prevx 3.0
``````````````````````````````
Anti-malware/Other Utilities Check:
SUPERAntiSpyware Free Edition
HijackThis 2.0.2
CCleaner (remove only)
Java Platform, Enterprise Edition 5 SDK
Java(TM) 6 Update 16
Adobe Flash Player 10
Adobe Reader 9.2
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````



Super podařilo se...je ještě třeba něco udělat, nebo je to vše?