Prosím o kontrolu logu

[Schiller]

Logfile of HijackThis v1.99.1
Scan saved at 11:50:34, on 27.2.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\PROGRA~1\CATCOM~1\QUICKH~1\ONLNSVC.EXE
C:\PROGRA~1\CATCOM~1\QUICKH~1\EMLPROXY.EXE
C:\Program Files\Cat Computer\Quick Heal Firewall Pro\qhfw.exe
C:\PROGRA~1\CATCOM~1\QUICKH~1\scanwscs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\TRIXX\TRIXX.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\CATCOM~1\QUICKH~1\EMLPROUI.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\CATCOM~1\QUICKH~1\UPSCHD.EXE
C:\PROGRA~1\CATCOM~1\QUICKH~1\SCANMSG.EXE
C:\PROGRA~1\CATCOM~1\QUICKH~1\OnlineNT.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\FirefoxPreloader\FirefoxPreloader.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\WinFast\WFTVFM\WFFM.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Michal\Plocha\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\tbu3\AOL_security_toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\tbu3\AOL_security_toolbar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TRIXX] "C:\Program Files\TRIXX\TRIXX.exe" -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [junk peak exit proc] C:\Documents and Settings\All Users.WINDOWS\Data aplikací\internetbikejunkpeak\Part mix.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "K:\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [Email Protection] C:\PROGRA~1\CATCOM~1\QUICKH~1\EMLPROUI.EXE
O4 - HKLM\..\Run: [Update Scheduler] C:\PROGRA~1\CATCOM~1\QUICKH~1\UPSCHD.EXE /CHECK
O4 - HKLM\..\Run: [On-Line Protection] C:\PROGRA~1\CATCOM~1\QUICKH~1\CATEYE.EXE
O4 - HKLM\..\Run: [Messenger] C:\PROGRA~1\CATCOM~1\QUICKH~1\SCANMSG.EXE
O4 - HKLM\..\Run: [Startup Scan] C:\PROGRA~1\CATCOM~1\QUICKH~1\sensor.exe /loadrun
O4 - HKLM\..\Run: [Quick Heal Firewall Pro] "C:\Program Files\Cat Computer\Quick Heal Firewall Pro\qhfw.exe" /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Startup Scan] C:\PROGRA~1\CATCOM~1\QUICKH~1\sensor.exe /check
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Firefox Preloader.lnk = C:\Program Files\FirefoxPreloader\FirefoxPreloader.exe
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1095279722
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1178375718
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9B5264D-92AA-476E-8F33-796709EA283B}: NameServer = 160.218.10.200 160.218.43.200
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL vb5dmspo.dll confbrw.dll brwstat.dll C:\PROGRA~1\CATCOM~1\QUICKH~2\wl_hook.dll
O20 - Winlogon Notify: slbipsch - C:\WINDOWS\system32\slbipsch.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NT Online Protection - Unknown owner - C:\PROGRA~1\CATCOM~1\QUICKH~1\ONLNSVC.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Quick Heal Mail Protection - Unknown owner - C:\PROGRA~1\CATCOM~1\QUICKH~1\EMLPROXY.EXE
O23 - Service: Quick Heal Firewall Service (QuickHealFirewall) - Agnitum Ltd. - C:\Program Files\Cat Computer\Quick Heal Firewall Pro\qhfw.exe
O23 - Service: Quick Heal Helper Service WSC (ScanWscS) - Unknown owner - C:\PROGRA~1\CATCOM~1\QUICKH~1\scanwscs.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

[Reklama]

[Damned]

Přes Přidat/odebrat programy odinstaluj MyWay . Pak v nouzáku spusť HJT a fixni toto:

R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: slbipsch - C:\WINDOWS\system32\slbipsch.dll (file missing) .

Potom, ještě v nouzáku najdi složkuMyWay, pravděpodobně bude v C:\Program Files\MyWay a celou jí vyhoď do koše. Vysypej koš, restartuj a znova pošli log z HJT

[Damned]

Pak najdi i tu knihovnu C:\Windows\system32\slbipsch.dll a taky jí vyhoď. Pokud nepůjde, stáhni si Avenger a postupuj podle návodu tady: http://www.viry.cz/forum/viewtopic.php?t=21484

[fredik]

Ten soubor nehledej a rovnou použij ten Avenger podle návodu na viry.cz/forum jak byl dán odkaz, je tam toho víc než ten jeden soubor.

Pak to ještě před novým logem z HJT projeď tímto:
Stáhni si Mwav Spusť ho proveď update a prohlídku spusť přes tlačítko Scan & Clean. Co najde to odstraní.

[Damned]

MWAV se stahuje z FTP a je free. Po skenu a odstranění ti nabídne restart tak ho schval, po restartu provede ještě jednou test. Pak udělej ještě jednou log HJT a vystav ho sem

[Schiller]

Logfile of HijackThis v1.99.1
Scan saved at 11:31:12, on 28.2.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\PROGRA~1\CATCOM~1\QUICKH~1\ONLNSVC.EXE
C:\PROGRA~1\CATCOM~1\QUICKH~1\EMLPROXY.EXE
C:\Program Files\Cat Computer\Quick Heal Firewall Pro\qhfw.exe
C:\PROGRA~1\CATCOM~1\QUICKH~1\scanwscs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\TRIXX\TRIXX.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\CATCOM~1\QUICKH~1\EMLPROUI.EXE
C:\PROGRA~1\CATCOM~1\QUICKH~1\UPSCHD.EXE
C:\PROGRA~1\CATCOM~1\QUICKH~1\SCANMSG.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\CATCOM~1\QUICKH~1\OnlineNT.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\uTorrent\utorrent.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\FirefoxPreloader\FirefoxPreloader.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Michal\Plocha\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\tbu3\AOL_security_toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\tbu3\AOL_security_toolbar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TRIXX] "C:\Program Files\TRIXX\TRIXX.exe" -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Email Protection] C:\PROGRA~1\CATCOM~1\QUICKH~1\EMLPROUI.EXE
O4 - HKLM\..\Run: [Update Scheduler] C:\PROGRA~1\CATCOM~1\QUICKH~1\UPSCHD.EXE /CHECK
O4 - HKLM\..\Run: [On-Line Protection] C:\PROGRA~1\CATCOM~1\QUICKH~1\CATEYE.EXE
O4 - HKLM\..\Run: [Messenger] C:\PROGRA~1\CATCOM~1\QUICKH~1\SCANMSG.EXE
O4 - HKLM\..\Run: [Startup Scan] C:\PROGRA~1\CATCOM~1\QUICKH~1\sensor.exe /loadrun
O4 - HKLM\..\Run: [Quick Heal Firewall Pro] "C:\Program Files\Cat Computer\Quick Heal Firewall Pro\qhfw.exe" /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [junk peak exit proc] C:\Documents and Settings\All Users.WINDOWS\Data aplikací\internetbikejunkpeak\managerthird.exe
O4 - HKLM\..\RunOnce: [Startup Scan] C:\PROGRA~1\CATCOM~1\QUICKH~1\sensor.exe /check
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [Greatheck] C:\DOCUME~1\Michal\DATAAP~1\TOOLWI~1\Bait play.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Firefox Preloader.lnk = C:\Program Files\FirefoxPreloader\FirefoxPreloader.exe
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1095279722
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1178375718
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9B5264D-92AA-476E-8F33-796709EA283B}: NameServer = 160.218.10.200 160.218.43.200
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NT Online Protection - Unknown owner - C:\PROGRA~1\CATCOM~1\QUICKH~1\ONLNSVC.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Quick Heal Mail Protection - Unknown owner - C:\PROGRA~1\CATCOM~1\QUICKH~1\EMLPROXY.EXE
O23 - Service: Quick Heal Firewall Service (QuickHealFirewall) - Agnitum Ltd. - C:\Program Files\Cat Computer\Quick Heal Firewall Pro\qhfw.exe
O23 - Service: Quick Heal Helper Service WSC (ScanWscS) - Unknown owner - C:\PROGRA~1\CATCOM~1\QUICKH~1\scanwscs.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

[fredik]

Otestuj ještě tyto dva soubory na VirusTotall, pro lepší nalezení si zapni zobrazení skrytých a systémových souborů:
C:\Documents and Settings\All Users.WINDOWS\Data aplikací\internetbikejunkpeak\managerthird.exe
C:\DOCUME~1\Michal\DATAAP~1\TOOLWI~1\Bait play.exe
a dej sem výsledky pak dořešíme i log z HJT.

[Schiller]

VirusTotal
VirusTotal is a free file analisys service that works using several antivirus engines.


Select file :

Distribute
SSL


Enter your email, choose the file to be scanned with multiple antivirus engines and click Send.
Menu:

* News Hot news in the virus/antivirus sector.
* Estadisticas Statistics of VirusTotal procesing.
* Virustotal More info about Virustotal.

STATUS: FINISHED
Complete scanning result of "managerthird.exe", received in VirusTotal at 02.28.2007, 23:56:48 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.38 02.28.2007 TR/Dldr.Swizzor.Gen
Authentium 4.93.8 02.28.2007 no virus found
Avast 4.7.936.0 02.28.2007 no virus found
AVG 7.5.0.447 02.28.2007 no virus found
BitDefender 7.2 02.28.2007 Trojan.FatObfus.Gen
CAT-QuickHeal 9.00 02.28.2007 no virus found
ClamAV devel-20060426 02.28.2007 no virus found
DrWeb 4.33 02.28.2007 no virus found
eSafe 7.0.14.0 02.28.2007 no virus found
eTrust-Vet 30.6.3443 02.28.2007 no virus found
Ewido 4.0 02.28.2007 no virus found
FileAdvisor 1 02.28.2007 no virus found
Fortinet 2.85.0.0 02.28.2007 suspicious
F-Prot 4.3.1.45 02.28.2007 no virus found
F-Secure 6.70.13030.0 02.28.2007 no virus found
Ikarus T3.1.1.3 02.28.2007 not-a-virus:AdWare.Win32.Lop.ag
Kaspersky 4.0.2.24 02.28.2007 no virus found
McAfee 4973 02.28.2007 no virus found
Microsoft 1.2204 02.28.2007 no virus found
NOD32v2 2085 02.28.2007 no virus found
Norman 5.80.02 02.28.2007 no virus found
Panda 9.0.0.4 02.28.2007 Adware/Lop
Prevx1 V2 03.01.2007 no virus found
Sophos 4.14.0 02.28.2007 no virus found
Sunbelt 2.2.907.0 02.24.2007 no virus found
Symantec 10 02.28.2007 no virus found
TheHacker 6.1.6.065 02.26.2007 no virus found
UNA 1.83 02.28.2007 no virus found
VBA32 3.11.2 02.28.2007 MalwareScope.Trojan-Downloader.Obfuscated.2
VirusBuster 4.3.19:9 02.28.2007 Adware.Lop.Gen

Aditional Information
File size: 531456 bytes
MD5: 9607a0576f60cde07a6f4ac75cee2d5c
SHA1: d839f43602860f8c2855ebe08e8614ed3f01608b
VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
> Go to: Home Contactar En Español
http://www.virustotal.com :: ©Hispasec Sistemas 2004-07:: e-mail info@virustotal.com

[fredik]

Pak sem dej ještě výsledek toho druhého souboru.
Použij podle návodu Nolop
a pak ještě udělej log z:
Stáhni si aplikaci LopFind - http://sweb.cz/Marinus/LopFind.bat
Spusť ji a vlož sem log, který se objeví. Oba sem pak vlož.

[Schiller]

VirusTotal
VirusTotal is a free file analisys service that works using several antivirus engines.


Select file :

Distribute
SSL


Enter your email, choose the file to be scanned with multiple antivirus engines and click Send.
Menu:

* News Hot news in the virus/antivirus sector.
* Estadisticas Statistics of VirusTotal procesing.
* Virustotal More info about Virustotal.

STATUS: FINISHED
Complete scanning result of "Bait_play.exe", received in VirusTotal at 03.01.2007, 00:23:24 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.38 02.28.2007 TR/Dldr.Swizzor.Gen
Authentium 4.93.8 02.28.2007 no virus found
Avast 4.7.936.0 02.28.2007 no virus found
AVG 7.5.0.447 02.28.2007 Downloader.Obfuskated
BitDefender 7.2 03.01.2007 Trojan.FatObfus.Gen
CAT-QuickHeal 9.00 02.28.2007 (Suspicious) - DNAScan
ClamAV devel-20060426 02.28.2007 no virus found
DrWeb 4.33 02.28.2007 no virus found
eSafe 7.0.14.0 02.28.2007 no virus found
eTrust-Vet 30.6.3443 02.28.2007 no virus found
Ewido 4.0 02.28.2007 no virus found
FileAdvisor 1 03.01.2007 no virus found
Fortinet 2.85.0.0 02.28.2007 suspicious
F-Prot 4.3.1.45 02.28.2007 no virus found
F-Secure 6.70.13030.0 02.28.2007 no virus found
Ikarus T3.1.1.3 02.28.2007 no virus found
Kaspersky 4.0.2.24 03.01.2007 no virus found
McAfee 4973 02.28.2007 no virus found
Microsoft 1.2204 02.28.2007 no virus found
NOD32v2 2085 02.28.2007 no virus found
Norman 5.80.02 02.28.2007 no virus found
Panda 9.0.0.4 02.28.2007 Adware/Lop
Prevx1 V2 03.01.2007 Adware.Lop.Downloader
Sophos 4.14.0 02.28.2007 no virus found
Sunbelt 2.2.907.0 02.24.2007 no virus found
Symantec 10 03.01.2007 no virus found
TheHacker 6.1.6.065 02.26.2007 no virus found
UNA 1.83 02.28.2007 no virus found
VBA32 3.11.2 02.28.2007 MalwareScope.Trojan-Downloader.Obfuscated.2
VirusBuster 4.3.19:9 02.28.2007 Adware.Lop.Gen

Aditional Information
File size: 411648 bytes
MD5: b09564c6848114e85d6e6aee5066eeb3
SHA1: 8c815acb4c2712fde7fbedb2f0be7b1d30d87cbf
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=ac2080007768
VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
> Go to: Home Contactar En Español
http://www.virustotal.com :: ©Hispasec Sistemas 2004-07:: e-mail info@virustotal.com

[Schiller]

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Michal\Plocha
[1.3.2007]
[1:00:42]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

******************************************

1) Výpis obsahů Application Data složek pro zjištění podezřelých adresářů:

Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je E476-ABAE.

Věpis adres ýe C:\Documents and Settings\All Users.WINDOWS\DATAAP~1

21.02.2007 15:54 <DIR> Adobe
24.12.2006 10:59 <DIR> internetbikejunkpeak
06.12.2006 10:58 <DIR> InstallShield
02.12.2006 13:08 <DIR> ashampoo
10.11.2006 23:46 <DIR> MSN6
19.10.2006 19:09 <DIR> Google
19.10.2006 17:08 <DIR> TuneUp Software
19.10.2006 16:06 <DIR> Apple Computer
17.10.2006 18:06 <DIR> Bluetooth
17.10.2006 17:25 <DIR> Ulead Systems
17.10.2006 17:07 <DIR> Windows Genuine Advantage
17.10.2006 16:29 <DIR> Spybot - Search & Destroy
17.10.2006 16:24 <DIR> Hewlett-Packard
17.10.2006 16:13 1302 hpzinstall.log
17.10.2006 16:12 <DIR> Ahead
17.10.2006 01:43 62 desktop.ini
17.10.2006 01:43 <DIR> Microsoft
17.10.2006 01:43 <DIR> .
17.10.2006 01:43 <DIR> ..
2 soubor…, 1364 bajt…
Adres ý…: 17, Volněch bajt…: 27850932224
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je E476-ABAE.

Věpis adres ýe C:\Documents and Settings\Michal\DATAAP~1

03.02.2007 01:47 <DIR> Media Player Classic
24.12.2006 11:17 <DIR> SuperTorrent
24.12.2006 10:57 <DIR> tool wipe bone
06.12.2006 11:05 <DIR> Real
02.12.2006 15:49 <DIR> LimeWire
02.12.2006 15:01 <DIR> Orbit
02.12.2006 13:09 <DIR> Ashampoo
30.11.2006 19:38 <DIR> AdobeUM
10.11.2006 23:46 <DIR> MSN6
31.10.2006 17:37 <DIR> uTorrent
24.10.2006 20:24 <DIR> Skype
23.10.2006 11:10 <DIR> Sun
22.10.2006 16:21 <DIR> Adobe
21.10.2006 18:29 <DIR> InterVideo
19.10.2006 19:11 <DIR> Google
19.10.2006 17:09 <DIR> TuneUp Software
19.10.2006 16:59 <DIR> Macromedia
19.10.2006 16:34 <DIR> Mozilla
19.10.2006 16:07 <DIR> Apple Computer
18.10.2006 14:45 <DIR> Lavasoft
17.10.2006 19:38 <DIR> ICQLite
17.10.2006 18:16 <DIR> Help
17.10.2006 15:59 <DIR> ATI
17.10.2006 14:52 <DIR> Ahead
17.10.2006 00:02 <DIR> Identities
17.10.2006 00:02 62 desktop.ini
17.10.2006 00:02 <DIR> Microsoft
17.10.2006 00:02 <DIR> ..
17.10.2006 00:02 <DIR> .
1 soubor…, 62 bajt…
Adres ý…: 28, Volněch bajt…: 27850932224
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je E476-ABAE.

Věpis adres ýe C:\Documents and Settings\Michal\DATAAP~1

03.02.2007 01:47 <DIR> Media Player Classic
24.12.2006 11:17 <DIR> SuperTorrent
24.12.2006 10:57 <DIR> tool wipe bone
06.12.2006 11:05 <DIR> Real
02.12.2006 15:49 <DIR> LimeWire
02.12.2006 15:01 <DIR> Orbit
02.12.2006 13:09 <DIR> Ashampoo
30.11.2006 19:38 <DIR> AdobeUM
10.11.2006 23:46 <DIR> MSN6
31.10.2006 17:37 <DIR> uTorrent
24.10.2006 20:24 <DIR> Skype
23.10.2006 11:10 <DIR> Sun
22.10.2006 16:21 <DIR> Adobe
21.10.2006 18:29 <DIR> InterVideo
19.10.2006 19:11 <DIR> Google
19.10.2006 17:09 <DIR> TuneUp Software
19.10.2006 16:59 <DIR> Macromedia
19.10.2006 16:34 <DIR> Mozilla
19.10.2006 16:07 <DIR> Apple Computer
18.10.2006 14:45 <DIR> Lavasoft
17.10.2006 19:38 <DIR> ICQLite
17.10.2006 18:16 <DIR> Help
17.10.2006 15:59 <DIR> ATI
17.10.2006 14:52 <DIR> Ahead
17.10.2006 00:02 <DIR> Identities
17.10.2006 00:02 62 desktop.ini
17.10.2006 00:02 <DIR> Microsoft
17.10.2006 00:02 <DIR> ..
17.10.2006 00:02 <DIR> .
1 soubor…, 62 bajt…
Adres ý…: 28, Volněch bajt…: 27850928128
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je E476-ABAE.

Věpis adres ýe C:\Documents and Settings\Default User\DATAAP~1

09.08.2006 17:37 62 desktop.ini
09.08.2006 17:37 <DIR> ..
09.08.2006 17:37 <DIR> Microsoft
09.08.2006 17:37 <DIR> .
1 soubor…, 62 bajt…
Adres ý…: 3, Volněch bajt…: 27850928128
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je E476-ABAE.

Věpis adres ýe C:\Documents and Settings\LocalService\DATAAP~1

09.08.2006 15:52 <DIR> ..
09.08.2006 15:52 <DIR> Microsoft
09.08.2006 15:52 <DIR> .
0 soubor…, 0 bajt…
Adres ý…: 3, Volněch bajt…: 27850928128
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je E476-ABAE.

Věpis adres ýe C:\Documents and Settings\NetworkService\DATAAP~1

09.08.2006 15:52 <DIR> ..
09.08.2006 15:52 <DIR> Microsoft
09.08.2006 15:52 <DIR> .
0 soubor…, 0 bajt…
Adres ý…: 3, Volněch bajt…: 27850928128

******************************************

2) Vyhledávání a odstranění podezřelých .job souborů:

a) Soubory přítomné v C:\WINDOWS\tasks\ adresáři:

Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je E476-ABAE.

Věpis adres ýe C:\WINDOWS\Tasks

19.10.2006 17:10 392 1-Click Maintenance.job
19.10.2006 16:03 284 AppleSoftwareUpdate.job
16.10.2006 23:56 6 SA.DAT
16.10.2006 23:53 65 desktop.ini
16.10.2006 23:53 <DIR> ..
16.10.2006 23:53 <DIR> .
4 soubor…, 747 bajt…
Adres ý…: 2, Volněch bajt…: 27˙850˙928˙128

––––––––––––––––––––––––––––––––––––––––––

b) Nalezené a odstraněné nežádoucí soubory:


––––––––––––––––––––––––––––––––––––––––––

c) Soubory přítomné v adresáři po vymazání:

Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je E476-ABAE.

Věpis adres ýe C:\WINDOWS\Tasks

19.10.2006 17:10 392 1-Click Maintenance.job
19.10.2006 16:03 284 AppleSoftwareUpdate.job
16.10.2006 23:56 6 SA.DAT
16.10.2006 23:53 65 desktop.ini
16.10.2006 23:53 <DIR> ..
16.10.2006 23:53 <DIR> .
4 soubor…, 747 bajt…
Adres ý…: 2, Volněch bajt…: 27˙850˙928˙128

******************************************

3) Vyhledávání podvodných programů ve složce Program files:


Adresář C:\Program Files\Adv Nepřítomen !

Adresář C:\Program Files\Adverts Nepřítomen !

Adresář C:\Program Files\BitGrabber Nepřítomen !

Adresář C:\Program Files\BitRoll Nepřítomen !

Adresář C:\Program Files\C2Media Nepřítomen !

Adresář C:\Program Files\Download Plugin Nepřítomen !

Adresář C:\Program Files\Messenger Plus! 3 Nepřítomen !

Adresář C:\Program Files\NetPumper Nepřítomen !

Adresář C:\Program Files\Proxy download Nepřítomen !

Adresář C:\Program Files\SuperTorrent Nepřítomen !

Adresář C:\Program Files\Torrent101 Nepřítomen !

[fredik]

Stáhni si Avengera spusť ho pod účtem administrátora.
Zvol možnost - Input script manually a klikni na ikonku lupy vyskočí prázdné okno kam zkopíruj tento tučný text:
Folders to delete:
C:\Documents and Settings\All Users.WINDOWS\Data aplikací\internetbikejunkpeak
C:\DOCUME~1\Michal\DATAAP~1\TOOLWI~1
C:\Documents and Settings\Michal\DATAAP~1\SuperTorrent


Poté klikni na Done.
Pak klikni na ikonku semafory.
Vyskočí ti hláška kde odklikni Yes. PC se restartuje po restartu by ti měl "vyskočit" výpis z Avengeru tak ho sem zkopíruj + udělej nový log z LopFind + HJT