Prosím o kontrolu Logu. Vyřešeno

[bledulka]

Co dělá Mozilla?

[Reklama]

[j.o.s.i.f.e.k]

Pořád mi před spouštěním skáče jesli chci nainstalovat ocq toolbar a pak ještě neco...Jinak se to dá :)

[jaro3]

Stáhni si GooredFix
http://jpshortstuff.247fixes.com/GooredFix.exe

a ulož si ho na plochu.Poklepej na něj .
Objeví se hláška ,dej YES
Otevře se log , zkopíruj sem celý jeho obsah ( jinak ho najdeš na své ploše pod názvem Goored.txt).

Spusť znovu Combofix a vlož sem z něj log.

Stáhni si windatfindbat of Karl83

Rozbal do složky, otevři jí poklepej na ní (ve vistě a win7 spusť jako správce). Otevře se okno DOS a posléze se objeví log.Jinak je pod názvem dirdat.txt v C:\ . Vlož sem prosím obsah toho logu, můžeš vybrat jen ty za poslední 3 měsíce.

[j.o.s.i.f.e.k]

GooredFix by jpshortstuff (08.01.10.1)
Log created at 09:56 on 01/07/2010 (Josef)
Firefox version 3.6.6 (cs)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [07:02 29/06/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [20:51 06/08/2009]
"Cetrumcz@igeared"="C:\Program Files\CentrumczToolbar\Firefox\Cetrumcz@igeared" [15:03 26/04/2010]

-=E.O.F=-


ComboFix 10-06-30.03 - Josef 01.07.2010 10:06:12.8.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.447.84 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\Josef\Dokumenty\Stažené soubory\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100630-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-06-01 do 2010-07-01 )))))))))))))))))))))))))))))))
.

2010-06-29 18:28:36 . 2010-06-29 18:29:02 -------- d-----w- C:\rsit
2010-06-29 06:49:57 . 2010-06-29 06:49:57 -------- d-----w- C:\Program Files\VS Revo Group
2010-06-28 13:24:22 . 2010-06-28 13:24:26 -------- d-----w- C:\Program Files\CCleaner
2010-06-12 20:26:49 . 2010-06-12 20:26:56 -------- d-----w- C:\WINDOWS\system32\Samsung_USB_Drivers
2010-06-12 20:26:48 . 2010-06-12 20:26:48 -------- d-----w- C:\Program Files\DIFX
2010-06-12 20:26:44 . 2010-06-12 20:26:47 -------- dc----w- C:\WINDOWS\system32\DRVSTORE
2010-06-12 20:26:40 . 2009-03-31 07:39:36 36608 ----a-w- C:\WINDOWS\system32\FsUsbExDisk.Sys
2010-06-12 20:26:40 . 2009-03-31 07:39:36 233472 ----a-w- C:\WINDOWS\system32\FsUsbExService.Exe
2010-06-12 20:26:40 . 2009-03-31 07:39:36 110592 ----a-w- C:\WINDOWS\system32\FsUsbExDevice.Dll
2010-06-12 20:25:59 . 2010-06-12 20:25:59 -------- d-----w- C:\Program Files\MarkAny
2010-06-12 20:25:56 . 2010-06-12 20:25:56 -------- d-----w- C:\Program Files\PC Connectivity Solution
2010-06-12 20:25:15 . 2010-06-12 20:25:15 -------- d-----w- C:\Program Files\Samsung
2010-06-04 07:57:26 . 2010-06-10 13:46:31 -------- d-----w- C:\Program Files\ICQ7.1

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-29 18:28:58 . 2009-11-10 13:20:43 -------- d-----w- C:\Program Files\Trend Micro
2010-06-29 17:57:41 . 2010-04-26 15:03:04 -------- d-----w- C:\Program Files\CentrumczToolbar
2010-06-28 13:35:29 . 2009-08-11 16:16:36 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-06-23 15:02:38 . 2006-03-02 12:00:00 437062 ----a-w- C:\WINDOWS\system32\perfh005.dat
2010-06-23 15:02:37 . 2006-03-02 12:00:00 82462 ----a-w- C:\WINDOWS\system32\perfc005.dat
2010-06-20 17:27:16 . 2010-04-09 14:27:40 664 ----a-w- C:\WINDOWS\system32\d3d9caps.dat
2010-06-12 20:26:08 . 2008-09-17 16:54:06 -------- d--h--w- C:\Program Files\InstallShield Installation Information
2010-06-11 17:48:25 . 2008-10-13 10:12:47 -------- d-----w- C:\Program Files\Common Files\Adobe
2010-05-20 08:45:43 . 2008-12-20 19:31:41 -------- d-----w- C:\Program Files\Windows Media Connect 2
2010-05-04 17:18:43 . 2006-03-02 12:00:00 832512 ----a-w- C:\WINDOWS\system32\wininet.dll
2010-05-04 17:18:37 . 2006-03-02 12:00:00 78336 ----a-w- C:\WINDOWS\system32\ieencode.dll
2010-05-04 17:18:35 . 2006-03-02 12:00:00 17408 ------w- C:\WINDOWS\system32\corpol.dll
2010-05-02 08:09:42 . 2006-03-02 12:00:00 1851264 ----a-w- C:\WINDOWS\system32\win32k.sys
2010-04-29 13:39:38 . 2009-08-11 16:16:38 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39:26 . 2009-08-11 16:16:36 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2010-04-26 15:05:33 . 2010-04-26 15:05:33 0 ----a-w- C:\WINDOWS\nsreg.dat
2010-04-20 05:32:05 . 2006-03-02 12:00:00 285696 ----a-w- C:\WINDOWS\system32\atmfd.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="C:\Program Files\ICQ7.1\ICQ.exe" [2010-06-08 11:39:01 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 23:51:40 81000]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-16 07:35:00 7630848]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 05:42:51 36272]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-08 04:42:09 176128]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12:54 49152]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2010-03-17 19:53:36 421888]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 18:17:47 952768]

C:\Documents and Settings\Josef\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
2008-06-20 13:58:38 2887680 ----a-w- C:\Program Files\WinFast\WFDTV\WFWIZ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
2008-06-20 13:49:54 90112 ----a-w- C:\Program Files\WinFast\WFDTV\DTVSchdl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\ICQ6.5\\ICQ.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\ICQ7.1\\ICQ.exe"=
"C:\\Program Files\\ICQ7.1\\aolload.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [17.9.2008 20:39:13 114768]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [17.9.2008 20:39:13 20560]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [12.6.2010 22:26:40 233472]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [12.6.2010 22:26:40 36608]
S4 TomTomHOMEService;TomTomHOMEService;C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [3.6.2009 14:46:36 92008]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-07-01 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 07:09:12 . 2008-06-20 07:09:12]

2010-05-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34:12 . 2008-07-30 10:34:12]
.
.
------- Doplňkový sken -------
.
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
Handler: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
FF - ProfilePath - C:\Documents and Settings\Josef\Data aplikací\Mozilla\Firefox\Profiles\8wvyuv8a.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://search.centrum.cz/index.php?tool ... m-1.0.0&q=
FF - prefs.js: network.proxy.type - 2
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
AddRemove-QIP 2005 - C:\Program Files\QIP\unins000.exe


Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je FC15-0E9F.

Výpis adresáře C:\

01.07.2010 10:20 0 dirdat.txt
01.07.2010 10:13 754 974 720 pagefile.sys
05.10.2009 18:05 529 TCleaner.txt
11.08.2009 19:12 281 boot.ini
11.05.2009 13:42 211 Boot.bak
30.10.2008 18:08 250 576 ntldr
17.09.2008 18:38 0 MSDOS.SYS
17.09.2008 18:38 0 IO.SYS
17.09.2008 18:38 0 CONFIG.SYS
02.03.2006 14:00 4 952 Bootfont.bin
02.03.2006 14:00 47 564 NTDETECT.COM
03.08.2004 23:00 261 312 cmldr
12 souborů, 755 540 145 bajtů
Adresářů: 0, Volných bajtů: 147 791 036 416
Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je FC15-0E9F.

Výpis adresáře C:\WINDOWS\system32

01.07.2010 10:13 81 191 nvapps.xml
28.06.2010 22:09 151 584 FNTCACHE.DAT
27.06.2010 10:28 13 646 wpa.dbl
23.06.2010 17:02 440 684 perfh009.dat
23.06.2010 17:02 71 002 perfc009.dat
23.06.2010 17:02 437 062 perfh005.dat
23.06.2010 17:02 82 462 perfc005.dat
23.06.2010 17:02 1 045 986 PerfStringBackup.INI
20.06.2010 19:27 664 d3d9caps.dat
28.05.2010 21:37 32 472 008 MRT.exe
27.05.2010 14:46 449 188 TZLog.log
20.05.2010 10:51 16 832 amcompat.tlb
20.05.2010 10:51 23 392 nscompat.tlb
04.05.2010 19:18 233 472 webcheck.dll
04.05.2010 19:18 832 512 wininet.dll
04.05.2010 19:18 193 024 msrating.dll
04.05.2010 19:18 671 232 mstime.dll
04.05.2010 19:18 477 696 mshtmled.dll
04.05.2010 19:18 105 984 url.dll
04.05.2010 19:18 1 168 384 urlmon.dll
04.05.2010 19:18 44 544 pngfilt.dll
04.05.2010 19:18 102 912 occache.dll
04.05.2010 19:18 3 600 384 mshtml.dll
04.05.2010 19:18 52 224 msfeedsbs.dll
04.05.2010 19:18 1 830 912 inetcpl.cpl
04.05.2010 19:18 27 648 jsproxy.dll
04.05.2010 19:18 459 264 msfeeds.dll
04.05.2010 19:18 192 512 iepeers.dll
04.05.2010 19:18 6 067 200 ieframe.dll
04.05.2010 19:18 44 544 iernonce.dll
04.05.2010 19:18 268 288 iertutil.dll
04.05.2010 19:18 78 336 ieencode.dll
04.05.2010 19:18 385 024 iedkcs32.dll
04.05.2010 19:18 133 120 extmgr.dll
04.05.2010 19:18 153 088 ieakeng.dll
04.05.2010 19:18 214 528 dxtrans.dll
04.05.2010 19:18 347 136 dxtmsft.dll
04.05.2010 19:18 380 928 ieapfltr.dll
04.05.2010 19:18 63 488 icardie.dll
04.05.2010 19:18 230 400 ieaksie.dll
04.05.2010 19:18 124 928 advpack.dll
04.05.2010 19:18 17 408 corpol.dll
04.05.2010 14:40 389 120 html.iec
04.05.2010 14:39 70 656 ie4uinit.exe
04.05.2010 14:39 13 824 ieudinit.exe
02.05.2010 10:09 1 851 264 win32k.sys
21.04.2010 15:28 46 080 tzchange.exe
20.04.2010 07:32 285 696 atmfd.dll
16.04.2010 13:43 161 792 ieakui.dll
08.04.2010 14:03 2 113 536 WMVCore.dll
31.03.2010 00:16 99 176 PresentationHostProxy.dll
31.03.2010 00:10 295 264 PresentationHost.exe
19.03.2010 18:05 4 874 240 wmp.dll
17.03.2010 21:53 69 632 QuickTime.qts
17.03.2010 21:53 94 208 QuickTimeVR.qtx
09.03.2010 13:11 430 080 vbscript.dll
05.03.2010 16:42 65 536 asycfilt.dll
23.02.2010 00:09 1 024 000 ieframe.dll.mui
17.02.2010 14:09 2 192 128 ntoskrnl.exe
16.02.2010 21:09 2 068 992 ntkrnlpa.exe
12.02.2010 12:03 293 376 browserchoice.exe
12.02.2010 06:35 100 864 6to4svc.dll
05.02.2010 20:27 1 294 336 quartz.dll
29.01.2010 17:01 691 712 inetcomm.dll
29.01.2010 16:45 143 422 l3codecx.ax

[jaro3]

Ještě chybí výpis adresáře:
C:\Users\jméno\AppData\Local\Temp

Odinstaluj:
CentrumczToolbar

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
C:\WINDOWS\system32\d3d9caps.dat
C:\WINDOWS\system32\amcompat.tlb
C:\WINDOWS\system32\nscompat.tlb

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000

DDS::
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
Handler: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} - C:\Program Files\CentrumczToolbar\IEToolbar.dll

Firefox::
FF - ProfilePath - C:\Documents and Settings\Josef\Data aplikací\Mozilla\Firefox\Profiles\8wvyuv8a.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.centrum.cz/index.php?tool ... m-1.0.0&q=

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[j.o.s.i.f.e.k]

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Combofix.txt: trouvé !
C:\Combofix: trouvé !
C:\Documents and Settings\Josef\Dokumenty\HijackThis.exe: trouvé !
C:\Documents and Settings\Josef\Dokumenty\hijackthis.log: trouvé !

---------------------------------
--> Suppression:

C:\Documents and Settings\Josef\Dokumenty\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\Documents and Settings\Josef\Dokumenty\hijackthis.log: supprimé !
C:\Combofix: supprimé !

A dva logy... akorad ten z combofixu se mě nejak nezda...

ComboFix 10-06-30.03 - Josef 01.07.2010 20:00:00.9.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.447.232 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\Josef\Dokumenty\Stažené soubory\ComboFix.exe
Použité ovládací přepínače :: C:\Documents and Settings\Josef\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100701-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

a z hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:16:28, on 1.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ICQ7.1\ICQ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: CentrumczToolbar BHO - {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CentrumczToolbar BHO - {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
O3 - Toolbar: Centrum.cz Toolbar - {D5D47440-0750-463D-BAEF-A47D02414806} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (file missing) (HKCU)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5115 bytes

[jaro3]

Odinstaluj:
CentrumczToolbar

Proveď ten script v Combofixu ještě jednou.

[j.o.s.i.f.e.k]

ALE já mam centrum toolbar odinstaloval...zkousel sem to znova ale ten log zase... A pokazde se mi to v tom combofixu zresetuje :(

[bledulka]

Tak to smažeme jinak

Stáhni OTL
http://oldtimer.geekstogo.com/OTL.exe

Spusť OTL
-do bílého okna dole zkopíruj:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

:files
C:\WINDOWS\system32\d3d9caps.dat
C:\WINDOWS\system32\amcompat.tlb
C:\WINDOWS\system32\nscompat.tlb

:reg
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000

:COMMANDS
[emptytemp]
[EMPTYFLASH]
[reboot]


-klikni na tlačítko opravit.
-log vlož zde

[j.o.s.i.f.e.k]

Ja mam na ty logy nejakou smulu... Chtelo to po mě zase restart a pak sem nasel log ale zase pouze nejaky kratky... jestli je to teda on...:(
// spotlight=ps_2_0
// Code from MPC

sampler s0 : register(s0);
float4 p0 : register(c0);

#define width (p0[0])
#define height (p0[1])
#define counter (p0[2])
#define clock (p0[3])

#define PI acos(-1)

float4 main(float2 tex : TEXCOORD0) : COLOR
{
float4 c0 = tex2D(s0, tex);
float3 lightsrc = float3(sin(clock*3.1415/1.5)/2+0.5,cos(clock*3.1415)/2+0.5,1);
float3 light = normalize(lightsrc - float3(tex.x,tex.y,0));
c0 *= pow(dot(light, float3(0,0,1)), 50);

return c0;
}

[bledulka]

Není to on, ale nevadí, na disku C ve složce OTL ho nemáš?

[j.o.s.i.f.e.k]

Asi jo. Promin... Na mě musis pomalu :))

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
========== FILES ==========
C:\WINDOWS\system32\d3d9caps.dat moved successfully.
C:\WINDOWS\system32\amcompat.tlb moved successfully.
C:\WINDOWS\system32\nscompat.tlb moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\software\microsoft\security center\\"AntiVirusOverride"|dword:00000000 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Josef
->Temp folder emptied: 684765 bytes
->Temporary Internet Files folder emptied: 1144779 bytes
->Java cache emptied: 12118713 bytes
->FireFox cache emptied: 56368271 bytes
->Flash cache emptied: 4160 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2259318 bytes
%systemroot%\System32 .tmp files removed: 4532168 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32768 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 74,00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: Josef
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.7.0 log created on 07012010_212352