Prosím o pomoc! Warezov, Trojan-gen,Adware-gen, posílám log

[Elisa]

Prosím, pomozte mi někdo. Avast hlásí viry. Infik. soubory jsem přesunula do truhly.
Co dál. Prosím "polopatě", nejsem zrovna tech. typ.
Posílám log a předem moc děkuji!


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:12:06, on 18.5.2007
Platform: Windows XP (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\tgt86.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Creata Mail\JMSrvr.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Antiviry\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe
F:\Antiviry\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Creata Mail - {9FEA5BDA-695A-417B-AA31-B54A06570053} - C:\Program Files\Creata Mail\AgOutlookAddIn.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [xxndiag] C:\WINDOWS\tgt86.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creata Mail] C:\Program Files\Creata Mail\JMSrvr.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [4 Upload] C:\DOCUME~1\Blanka\DATAAP~1\Drv16\Does program.exe
O4 - HKCU\..\Run: [RemoveIT Pro XT] F:\Antiviry\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1390067357-1275210071-839522115-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1390067357-1275210071-839522115-1003\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide (User '?')
O4 - HKUS\S-1-5-21-1390067357-1275210071-839522115-1003\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe (User '?')
O4 - HKUS\S-1-5-21-1390067357-1275210071-839522115-1003\..\Run: [4 Upload] C:\DOCUME~1\Blanka\DATAAP~1\Drv16\Does program.exe (User '?')
O4 - HKUS\S-1-5-21-1390067357-1275210071-839522115-1003\..\Run: [RemoveIT Pro XT] F:\Antiviry\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZNfox000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Creata Mail - {855159E3-55D5-4a9b-BFC3-0813D7C8E141} - C:\Program Files\Creata Mail\AgOutlookAddIn.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL confxxn.dll rdpclicw.dll e1.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 8316 bytes

[Reklama]

[fredik]

Postupuj podle tohoto návodu s Avengerem. Postup opakuj alespoň 2x za sebou pak sem dej nový log z HJT na kontrolu.

[Elisa]

Tak tohle je nový log...


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:57:46, on 18.5.2007
Platform: Windows XP (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\tgt86.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\systskwm.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creata Mail\JMSrvr.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\CursorXP\CursorXP.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Antiviry\HiJackThis_v2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Creata Mail - {9FEA5BDA-695A-417B-AA31-B54A06570053} - C:\Program Files\Creata Mail\AgOutlookAddIn.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [xxndiag] C:\WINDOWS\tgt86.exe
O4 - HKLM\..\Run: [systskwm] C:\WINDOWS\System32\systskwm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creata Mail] C:\Program Files\Creata Mail\JMSrvr.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [4 Upload] C:\DOCUME~1\Blanka\DATAAP~1\Drv16\Does program.exe
O4 - HKCU\..\Run: [RemoveIT Pro XT] F:\Antiviry\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1390067357-1275210071-839522115-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1390067357-1275210071-839522115-1003\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide (User '?')
O4 - HKUS\S-1-5-21-1390067357-1275210071-839522115-1003\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe (User '?')
O4 - HKUS\S-1-5-21-1390067357-1275210071-839522115-1003\..\Run: [4 Upload] C:\DOCUME~1\Blanka\DATAAP~1\Drv16\Does program.exe (User '?')
O4 - HKUS\S-1-5-21-1390067357-1275210071-839522115-1003\..\Run: [RemoveIT Pro XT] F:\Antiviry\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZNfox000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Creata Mail - {855159E3-55D5-4a9b-BFC3-0813D7C8E141} - C:\Program Files\Creata Mail\AgOutlookAddIn.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - AppInit_DLLs: confxxn.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 8257 bytes

[fredik]

Odinstaluj přes Přidat nebo odebrat programy: RemoveIT Pro XT (není to program s dobrou pověstí, měl časté falešné poplachy, současně době už nepatří mezi Podovodné programy ale i tak bych ti doporučil sáhnou po nějakém jiném osvědčeném progamu.)

Žes použila stration remover

Ukonči v TaskManageru (zmáčkni zároveň klávesy ctrl+alt+delete) otevře se ti okno a v něm se přepni na záložku Procesy a v ní ukonči:
tgt86.exe
systskwm.exe

Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [xxndiag] C:\WINDOWS\tgt86.exe
O4 - HKLM\..\Run: [systskwm] C:\WINDOWS\System32\systskwm.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZNfox000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
po zaškrtnutí klikni na tlačítko Fix Checked

Tyto dva soubory otestuj na VirusTotall a dej sem výsledky.
C:\WINDOWS\System32\systskwm.exe
C:\WINDOWS\System32\confxxn.dll
ty by měli patřit k warezovu, tak uvidíme. Pak to odstraníme všechno jedním tahem.

Stáhni si, vybal a spusť LopFind
- Po jeho spuštění se Ti během chvíle zobrazí textový dokument, jinak také uložený na disku pod umístěním C:\lop.txt, zkopíruj sem prosím celý jeho obsah.

Dej sem pak výsledky + log co jsem chtěl.

[Elisa]

Tohle jsem bohužel nenašla, ať jsem se snažila sebevíc.
C:\WINDOWS\System32\systskwm.exe

O4 - HKLM\..\Run: [xxndiag] C:\WINDOWS\tgt86.exe
O4 - HKLM\..\Run: [systskwm] C:\WINDOWS\System32\systskwm.exe
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm


Complete scanning result of "confxxn.dll", received in VirusTotal at 05.18.2007, 21:57:04 (CET).
Antivirus Version Update Result
AhnLab-V3 2007.5.16.1 05.18.2007 Win32/Stration.worm.53248.Y
AntiVir 7.4.0.23 05.18.2007 WORM/Stration.Gen
Authentium 4.93.8 05.18.2007 no virus found
Avast 4.7.997.0 05.18.2007 no virus found
AVG 7.5.0.467 05.18.2007 Generic4.KVQ
BitDefender 7.2 05.18.2007 Win32.Stration.DAO
CAT-QuickHeal 9.00 05.18.2007 no virus found
ClamAV devel-20070416 05.18.2007 no virus found
DrWeb 4.33 05.18.2007 no virus found
eSafe 7.0.15.0 05.17.2007 no virus found
eTrust-Vet 30.7.3643 05.18.2007 no virus found
Ewido 4.0 05.18.2007 Trojan.Small
FileAdvisor 1 05.18.2007 no virus found
Fortinet 2.85.0.0 05.18.2007 Possible_Strat.6
F-Prot 4.3.2.48 05.18.2007 no virus found
F-Secure 6.70.13030.0 05.18.2007 Email-Worm.Win32.Warezov.hd
Ikarus T3.1.1.7 05.18.2007 MalwareScope.Worm.Warezov.1
Kaspersky 4.0.2.24 05.18.2007 Email-Worm.Win32.Warezov.hd
McAfee 5034 05.18.2007 no virus found
Microsoft 1.2503 05.18.2007 Trojan:Win32/Stration.A!dll
NOD32v2 2277 05.18.2007 Win32/Stration.ZH
Norman 5.80.02 05.18.2007 no virus found
Panda 9.0.0.4 05.18.2007 W32/Spamta.XN.worm
Prevx1 V2 05.18.2007 no virus found
Sophos 4.17.0 05.18.2007 no virus found
Sunbelt 2.2.907.0 05.17.2007 no virus found
Symantec 10 05.18.2007 no virus found
TheHacker 6.1.6.118 05.18.2007 W32/Warezov.hd
VBA32 3.12.0 05.18.2007 MalwareScope.Worm.Warezov.1
VirusBuster 4.3.7:9 05.18.2007 no virus found
Webwasher-Gateway 6.0.1 05.18.2007 Worm.Stration.Gen
Aditional Information
File size: 53248 bytes
MD5: 92e1ebead275f063888fe7a333f3b731
SHA1: 5a8ca944773f58b724346efe813d100dd0a9905e



******************************************
******************************************

1) Výpis obsahů Application Data složek pro zjištění podezřelých adresářů:

Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 0899-B237.

Věpis adres ýe C:\Documents and Settings\Administrator\DATAAP~1

10.01.2006 15:29 <DIR> ATI
10.01.2006 15:29 <DIR> Identities
10.01.2006 15:29 62 desktop.ini
10.01.2006 15:29 <DIR> ..
10.01.2006 15:29 <DIR> Microsoft
10.01.2006 15:29 <DIR> .
1 soubor…, 62 bajt…
Adres ý…: 5, Volněch bajt…: 760029184
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 0899-B237.

Věpis adres ýe C:\Documents and Settings\All Users\DATAAP~1

24.12.2006 21:17 <DIR> TestListGrimMpeg
17.12.2006 21:49 <DIR> MSN6
20.10.2006 11:29 <DIR> Spybot - Search & Destroy
06.02.2006 21:56 <DIR> NFS Underground
18.01.2006 15:31 <DIR> Sony
09.01.2006 14:42 <DIR> DVD Shrink
08.01.2006 20:34 <DIR> Sony Ericsson
06.11.2005 20:26 <DIR> ACD Systems
06.11.2005 15:59 <DIR> Apple Computer
01.01.2005 02:17 62 desktop.ini
01.01.2005 02:17 <DIR> Microsoft
01.01.2005 02:17 <DIR> .
01.01.2005 02:17 <DIR> ..
1 soubor…, 62 bajt…
Adres ý…: 12, Volněch bajt…: 759963648
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 0899-B237.

Věpis adres ýe C:\Documents and Settings\Blanka\DATAAP~1

24.12.2006 21:16 <DIR> Drv16
17.12.2006 21:49 <DIR> MSN6
15.12.2006 20:30 <DIR> FunWebProducts
10.11.2006 19:25 <DIR> ICQ Toolbar
26.07.2006 13:41 <DIR> ICQ
25.07.2006 19:56 <DIR> ICQLite
09.02.2006 16:44 <DIR> Sun
06.02.2006 17:11 <DIR> Google
20.01.2006 20:02 <DIR> Ahead
18.01.2006 15:37 <DIR> Publish Providers
10.01.2006 16:07 789 XPepius.ini
09.01.2006 22:40 <DIR> ExportTool
09.01.2006 10:18 <DIR> Help
04.01.2006 18:35 <DIR> Sony
25.12.2005 00:04 <DIR> Adobe
25.12.2005 00:04 <DIR> InterTrust
25.11.2005 23:35 <DIR> Macromedia
13.11.2005 16:53 19960 GDIPFONTCACHEV1.DAT
06.11.2005 20:26 <DIR> ACD Systems
06.11.2005 16:25 <DIR> Talkback
06.11.2005 16:25 <DIR> Thunderbird
06.11.2005 16:14 <DIR> Lavasoft
06.11.2005 15:48 <DIR> Mozilla
06.11.2005 15:43 <DIR> InterVideo
06.11.2005 14:32 <DIR> ATI
06.11.2005 14:04 <DIR> Identities
06.11.2005 14:03 62 desktop.ini
06.11.2005 14:03 <DIR> Microsoft
06.11.2005 14:03 <DIR> .
06.11.2005 14:03 <DIR> ..
3 soubor…, 20811 bajt…
Adres ý…: 27, Volněch bajt…: 759963648
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 0899-B237.

Věpis adres ýe C:\Documents and Settings\Nikolka\DATAAP~1

28.08.2006 10:50 <DIR> InterVideo
01.08.2006 11:27 <DIR> Sun
31.07.2006 20:50 <DIR> Adobe
31.07.2006 20:15 <DIR> ICQLite
31.07.2006 19:28 <DIR> Talkback
31.07.2006 19:28 <DIR> Thunderbird
31.07.2006 17:26 <DIR> Google
31.07.2006 16:41 <DIR> Macromedia
31.07.2006 16:18 <DIR> Mozilla
31.07.2006 14:41 <DIR> ATI
31.07.2006 14:41 <DIR> Identities
31.07.2006 14:41 62 desktop.ini
31.07.2006 14:41 <DIR> ..
31.07.2006 14:41 <DIR> .
31.07.2006 14:41 <DIR> Microsoft
1 soubor…, 62 bajt…
Adres ý…: 14, Volněch bajt…: 759963648
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 0899-B237.

Věpis adres ýe C:\Documents and Settings\Default User\DATAAP~1

01.01.2005 02:17 62 desktop.ini
01.01.2005 02:17 <DIR> ..
01.01.2005 02:17 <DIR> Microsoft
01.01.2005 02:17 <DIR> .
1 soubor…, 62 bajt…
Adres ý…: 3, Volněch bajt…: 760025088
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 0899-B237.

Věpis adres ýe C:\Documents and Settings\LocalService\DATAAP~1

06.11.2005 14:03 <DIR> ..
06.11.2005 14:03 <DIR> Microsoft
06.11.2005 14:03 <DIR> .
0 soubor…, 0 bajt…
Adres ý…: 3, Volněch bajt…: 760025088
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 0899-B237.

Věpis adres ýe C:\Documents and Settings\NetworkService\DATAAP~1

06.11.2005 14:03 <DIR> ..
06.11.2005 14:03 <DIR> Microsoft
06.11.2005 14:03 <DIR> .
0 soubor…, 0 bajt…
Adres ý…: 3, Volněch bajt…: 760025088

******************************************

2) Vyhledávání a odstranění podezřelých .job souborů:

a) Soubory přítomné v C:\WINDOWS\tasks\ adresáři:

Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 0899-B237.

Věpis adres ýe C:\WINDOWS\Tasks

30.04.2007 19:00 258 999A087DBC79BD49.job
06.11.2005 13:58 6 SA.DAT
06.11.2005 13:56 65 desktop.ini
06.11.2005 13:56 <DIR> ..
06.11.2005 13:56 <DIR> .
3 soubor…, 329 bajt…
Adres ý…: 2, Volněch bajt…: 760˙025˙088

––––––––––––––––––––––––––––––––––––––––––

b) Zjišťování vlastností přítomných .job souborů:

––––––––––––––––––––––––––––––––––––––––––

c) Nalezené a odstraněné nežádoucí soubory:


––––––––––––––––––––––––––––––––––––––––––

d) Soubory přítomné v adresáři po vymazání:

Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 0899-B237.

Věpis adres ýe C:\WINDOWS\Tasks

30.04.2007 19:00 258 999A087DBC79BD49.job
06.11.2005 13:58 6 SA.DAT
06.11.2005 13:56 65 desktop.ini
06.11.2005 13:56 <DIR> ..
06.11.2005 13:56 <DIR> .
3 soubor…, 329 bajt…
Adres ý…: 2, Volněch bajt…: 760˙025˙088

******************************************

3) Vyhledávání podvodných programů ve složce Program files:


Adresář C:\Program Files\Adv Nepřítomen !

Adresář C:\Program Files\Adverts Nepřítomen !

Adresář C:\Program Files\BitDownload Nepřítomen !

Adresář C:\Program Files\BitGrabber Nepřítomen !

Adresář C:\Program Files\BitRoll Nepřítomen !

Adresář C:\Program Files\C2Media Nepřítomen !

Adresář C:\Program Files\Download Plugin Nepřítomen !

Adresář C:\Program Files\Messenger Plus! 3 Nepřítomen !

Adresář C:\Program Files\NetPumper Nepřítomen !

Adresář C:\Program Files\Proxy download Nepřítomen !

Adresář C:\Program Files\SuperTorrent Přítomen !

Adresář C:\Program Files\Torrent101 Nepřítomen !

Adresář C:\Program Files\TorrentQ Nepřítomen !





Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22:38:16, on 18.5.2007
Platform: Windows XP (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creata Mail\JMSrvr.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\cidaemon.exe
F:\Antiviry\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Creata Mail - {9FEA5BDA-695A-417B-AA31-B54A06570053} - C:\Program Files\Creata Mail\AgOutlookAddIn.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creata Mail] C:\Program Files\Creata Mail\JMSrvr.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [4 Upload] C:\DOCUME~1\Blanka\DATAAP~1\Drv16\Does program.exe
O4 - HKCU\..\Run: [RemoveIT Pro XT] F:\Antiviry\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1390067357-1275210071-839522115-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1390067357-1275210071-839522115-1003\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide (User '?')
O4 - HKUS\S-1-5-21-1390067357-1275210071-839522115-1003\..\Run: [4 Upload] C:\DOCUME~1\Blanka\DATAAP~1\Drv16\Does program.exe (User '?')
O4 - HKUS\S-1-5-21-1390067357-1275210071-839522115-1003\..\Run: [RemoveIT Pro XT] F:\Antiviry\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Creata Mail - {855159E3-55D5-4a9b-BFC3-0813D7C8E141} - C:\Program Files\Creata Mail\AgOutlookAddIn.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - AppInit_DLLs: confxxn.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 7261 bytes

[fredik]

Zkus přímo na Virustotal do toho okénka zkopírovat tento tučně označený text:
C:\WINDOWS\System32\systskwm.exe
a dej pak Send a zkopíruj sem případný výsledek. Já sem to tam zapomněl dopsat, že pro nalezení daného souboru je lepší si zapnout zobrazení skrytých souborů.

Zapni zobrazování skrytých souborů přes Ovládací panely -> Možnosti složky -> karta Zobrazení. Tam zaklikni možnost Zobrazovat skryté soubory a složky. Pak dej Ok.

Za chvíli sem dopíšu další postup.

[Elisa]

Bohužel se mi po zadání souboru do Virustotal objevilo tohle:
0 bytes size received / Se ha recibido un archivo vacio

Předtím jsem zapnula Zobrazovat skryté soubory a složky.

[fredik]

Odinstaluj přes Přidat nebo odebrat programy: SuperTorrent

Stáhni si a spusť pod účtem administrátora Avenger
- Zvol možnost Input script manually a klikni na ikonku lupy
- Do nového prázdného okna zkopíruj celý tento text označený modře:

Files to delete:
%windir%\system32\confxxn.dll

Folders to delete:
"C:\Documents and Settings\Blanka\DATAAP~1\Drv16"
"C:\Program Files\SuperTorrent"

Registry values to replace with dummy:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

- Poté klikni na Done
- Klikni na ikonu semaforu ke spuštění programu, nakonec klikni na OK a tvůj počítač se restartuje

Vlož sem log z Avengeru, který vyběhne po restartu.

Pak projeď z Pc tímto: Mwav
Stáhni si ho, proveď update a spusť prohlídku přes tlačítko Scan & Clean (nesmíš mít zatrhnutou volbu Scan Only). Pokud ještě něco najde tak to sám odstraní. Po skončení prohlídky bude chtít možná restart tak ho povol. Dej sem pak pro jistotu log ze spodního okna (Virus Log Information).

[Elisa]

No, zatím posílám log.
V okně Virus log information mi jich naběhlo cca 250 a tak se s tím peru, ale na oči už nevidím.

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\jnalertd

*******************

Script file located at: \??\C:\Documents and Settings\dycktrao.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\confxxn.dll deleted successfully.
Folder C:\Documents and Settings\Blanka\DATAAP~1\Drv16 deleted successfully.


Folder C:\Program Files\SuperTorrent not found!
Deletion of folder C:\Program Files\SuperTorrent failed!

Could not process line:
C:\Program Files\SuperTorrent
Status: 0xc0000034

Registry value HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.

[Elisa]

Posílám Virus log information. Hrůza.
Po opravách jsem to projela znovu všechno Mwavem a je to nádhera! Úplně čisté.
Snad to mohu považovat za konečnou.
Moc a moc děkuji za pomoc, byla jsem z toho úplně bezradná.

Object "funwebproducts Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "conducent flexpak Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "downloader-ak Trojan-Downloader" found in File System! Action Taken: Entries Removed.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "funwebproducts Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "zlob Trojan-Downloader" found in File System! Action Taken: Entries Removed.
Object "savenow Adware" found in File System! Action Taken: Entries Removed.
Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: Entries Removed.
Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: Entries Removed.
Entry "HKCR\GoogleDesktop.ContentItemHelper" refers to invalid object "{E622966D-28A0-43C2-A5B8-0CAF622A6711}". Action Taken: Entries Removed.
Entry "HKCR\GoogleDesktop.DetailsViewHelper" refers to invalid object "{FACE4234-6A8F-48AB-898A-237F6529C70E}". Action Taken: Entries Removed.
Entry "HKCR\GoogleTalk.TalkFriend" refers to invalid object "{A8F086C3-2497-4229-82FE-586F2D326F95}". Action Taken: Entries Removed.
Entry "HKCR\ICQPhone.SipxPhoneManager" refers to invalid object "{82308D15-1A2C-416A-A5BE-21DAF85DDB75}". Action Taken: Entries Removed.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: Entries Removed.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: Entries Removed.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: Entries Removed.
Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: Entries Removed.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: Entries Removed.
Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\MSXML3A.DLL". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\DIMM.DLL". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\KPCMS\CMSCP\CP01". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "E:\HRY". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "E:\HRY\CTP2". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "E:\HRY\CTP2\uninstall". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "E:\HRY\Call To Power 2". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "E:\HRY\Call To Power 2\uninstall". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\pxwma.dll". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOCUME~1\Blanka\LOCALS~1\Temp\_ISTMP2.DIR\_ISTMP0.DIR\FileGrp\Msvcrt10.dll". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\MSI\Common\Bin\WinCinemaMgr.exe". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-deu.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-jpn.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Deu.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart_deu.chm". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart_jpn.chm". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Jpn.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\arrow.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\auto.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\bang.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\bars.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\coffee_house_16.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\dining.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\dining_16.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\dot.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\four-dollars.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\highway_16.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\high_res_places.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\large_traffic_count_16.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\metacarta.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\metacartahl.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\misc-dining.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\note.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\palette-2.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\palette-3.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\palette-4.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\palette-5.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\parks.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\premium_lock.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\premium_locked.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\premium_star.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\recreation.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\school_16.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\streamed_layer.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\streamed_layers.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\terrain_16.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\three-dollars.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\transportation.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\webcam_16.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\de.locale\compasstop.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\de.locale\license.txt". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\de.locale\ring_active.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\de.locale\ring_hover.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\de.locale\ring_norm.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\de.locale\ring_n_active.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\de.locale\ring_n_hover.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\en.locale\compasstop.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\en.locale\license.txt". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\en.locale\ring_active.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\en.locale\ring_hover.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\en.locale\ring_norm.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\en.locale\ring_n_active.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\en.locale\ring_n_hover.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\es.locale\compasstop.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\es.locale\license.txt". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\es.locale\ring_active.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\es.locale\ring_hover.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\es.locale\ring_norm.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\es.locale\ring_n_active.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\es.locale\ring_n_hover.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\fr.locale\compasstop.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\fr.locale\license.txt". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\fr.locale\ring_active.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\fr.locale\ring_hover.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\fr.locale\ring_norm.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\fr.locale\ring_n_active.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\fr.locale\ring_n_hover.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\it.locale\compasstop.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\it.locale\license.txt". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\it.locale\ring_active.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\it.locale\ring_hover.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\it.locale\ring_norm.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\it.locale\ring_n_active.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\it.locale\ring_n_hover.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\ja.locale\compasstop.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\ja.locale\license.txt". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\ja.locale\licensepro.txt". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\ja.locale\ring_active.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\ja.locale\ring_hover.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\ja.locale\ring_norm.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\ja.locale\ring_n_active.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Google\Google Earth\res\ja.locale\ring_n_hover.png". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Nabídka Start\Programy\ATI Catalyst Control Center\Upřesnění\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Nabídka Start\Programy\ATI Catalyst Control Center\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "E:\HRY\PUSHER\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Nabídka Start\Programy\JoWooD\Pusher\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Nabídka Start\Programy\JoWooD\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Nabídka Start\Programy\Infogrames\Le Mans 24 Hours\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Nabídka Start\Programy\Infogrames\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Sony\DVD Architect 3.0\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Nabídka Start\Programy\UBISOFT\Prince of Persia The Sands of Time\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Nabídka Start\Programy\UBISOFT\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Sony\Shared Plug-Ins\Audio\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\DOCUME~1\Blanka\LOCALS~1\Temp\SqlSetup\Temp\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\DOCUME~1\Blanka\LOCALS~1\Temp\SqlSetup\". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".7z". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ART". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".autoreg". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".awl". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".b". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".BW". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cnt". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dar". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dbk". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".DCX". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".DJV". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".DJVU". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dso". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dtd". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".hdr". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ICN". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".iconset". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".IFF". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".IFO". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ifr". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ILBM". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".INTA". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".IW4". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jad". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".JIF". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".KDC". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".kfg". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".L!C". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".LBM". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".LDF". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".LKO". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lrc". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".LWF". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".medialib". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".part". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".PBM". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pf". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".PGM". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".PIX". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".PPM". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".properties". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pub". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ram". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".RAS". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rdf". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".RGB". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".RGBA". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rll". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rm". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".RSB". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sav". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sd4". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".set". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".SGI". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".skn". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".SV4". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".taz". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tmp". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".torrent". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".veg". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".wa~". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".X32". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".XIF". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".xpi". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".XPM". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".xpt". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".zoo". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ACDSee". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Ad-aware 6 Professional". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Adobe Photoshop 5.0 CZ". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (1.0.6)". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (1.0.7)". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MyWebSearch bar Uninstall". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "NOD32". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Rollcage". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{41B9A86B-390C-49AC-B900-F68420867D99}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{46FA9E9F-1B0F-4C6C-8F6D-F2365EDEA2B2}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{60E5B847-2353-4AE3-829E-685937EDDC40}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{626F32D6-007C-41D5-8157-9509AB1428BE}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{9AA761E6-CA51-4FF2-A552-D51638BF0595}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{A990EAA7-8941-4621-BC27-4F16261D3180}". Action Taken: Entries Removed.
File C:\WINDOWS\tgt86.exe//PE_Patch//UPack infected by "Email-Worm.Win32.Warezov.md" Virus! Action Taken: File Deleted.
File C:\WINDOWS\System32\mdt2ipmo.exe infected by "Email-Worm.Win32.Warezov.mx" Virus! Action Taken: File Deleted.
File C:\WINDOWS\System32\msreh323.exe//PE_Patch//UPack infected by "Email-Worm.Win32.Warezov.mx" Virus! Action Taken: File Deleted.
File C:\WINDOWS\System32\xxnperf.exe infected by "Email-Worm.Win32.Warezov.mg" Virus! Action Taken: File Deleted.
File C:\WINDOWS\System32\xxnprf32.dll infected by "Email-Worm.Win32.Warezov.mg" Virus! Action Taken: File Deleted.
File C:\DOCUME~1\Blanka\LOCALS~1\Temp\2de1b65d.exe infected by "Trojan.Win32.Obfuscated.en" Virus! Action Taken: File Deleted.
File C:\DOCUME~1\Blanka\LOCALS~1\Temp\staE1D.exe infected by "Trojan.Win32.Obfuscated.en" Virus! Action Taken: File Deleted.
File C:\DOCUME~1\Blanka\LOCALS~1\Temp\staF0D.exe infected by "Trojan.Win32.Obfuscated.en" Virus! Action Taken: File Deleted.
File F:\AUTORUN.INF infected by "Fujack" Virus! Action Taken: Deleted.

[fredik]

V HJT ještě fixnti tyto položky:
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [4 Upload] C:\DOCUME~1\Blanka\DATAAP~1\Drv16\Does program.exe
O4 - HKCU\..\Run: [RemoveIT Pro XT] F:\Antiviry\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe
O4 - HKUS\S-1-5-21-1390067357-1275210071-839522115-1003\..\Run: [4 Upload] C:\DOCUME~1\Blanka\DATAAP~1\Drv16\Does program.exe (User '?')
O4 - HKUS\S-1-5-21-1390067357-1275210071-839522115-1003\..\Run: [RemoveIT Pro XT] F:\Antiviry\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe (User '?')

Můžeš sem dát pro kontrolu nový log z HJT, ale už by to měl být v pořádku.

Většina těch položek v logu z Mwav byly chybné záznamy v registrech, ale i pár infikovaných souborů odstranil.

Stáhni si a pročisti Pc CCleaner

Pc by už mělo být v pořádku, ale zkus ho projet Avastem a případně pokud by někde zahlásil virus, tak řekni kde. Když to bude v pořádku tak si pro lepší zabezpečení doinstaluj Service Pack 2 pro Windows Xp, odkaz na stažení najdeš zde: Windows XP SP2 Czech (případně si musíš zvolit patřičnou jazykovou verzi podle toho jaké máš Windows).

//Doplněno:
Ještě než přistoupíš k instalaci SP2, případně to celém uzavřeme, tak sem prosím tě dej nový log z Lopfind.

[Elisa]

Hezký den.
Vnoci jsem to nechala projet Avastem a našel Win32:Warezov-BWR[Wrm] v
C:\Program Files\Alwil Software\Avast4\Data\moved\e1.dll.vir

Dalších 1000 souborů nelze otestovat z důvodu, že archiv je chráněn heslem (většina),
u dvou se objevilo-dekompresní bomba a u jednoho bylo, že na zvolený soubor nebo zařízení nelze ukazatel souboru nastavit.
Nevím, co dělat se soubory v truhle. Ponechat je tam?


Nenašla jsem tohle:
O4 - HKCU\..\Run: [4 Upload] C:\DOCUME~1\Blanka\DATAAP~1\Drv16\Does program.exe

O4 - HKCU\..\Run: [RemoveIT Pro XT] F:\Antiviry\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe

O4 - HKUS\S-1-5-21-1390067357-1275210071-839522115-1003\..\Run: [4 Upload] C:\DOCUME~1\Blanka\DATAAP~1\Drv16\Does program.exe (User '?')

O4 - HKUS\S-1-5-21-1390067357-1275210071-839522115-1003\..\Run: [RemoveIT Pro XT] F:\Antiviry\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe (User '?')

Odinstalovala jsem tedy RemoveIT Pro XT, který jsem předtím nenašla, byl nazván trochu jinak-RemoveIT Pro v4(Trial).


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:34:36, on 19.5.2007
Platform: Windows XP (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Creata Mail\JMSrvr.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
F:\Antiviry\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Creata Mail - {9FEA5BDA-695A-417B-AA31-B54A06570053} - C:\Program Files\Creata Mail\AgOutlookAddIn.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\RunOnce: [mwavscan] "C:\DOCUME~1\Blanka\LOCALS~1\Temp\mexe.com" /s /AUTORUNBOOT
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creata Mail] C:\Program Files\Creata Mail\JMSrvr.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1390067357-1275210071-839522115-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1390067357-1275210071-839522115-1003\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Creata Mail - {855159E3-55D5-4a9b-BFC3-0813D7C8E141} - C:\Program Files\Creata Mail\AgOutlookAddIn.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 6825 bytes


Ráda bych SP2, ale dá se stáhnout asi jen u leg. WIN XP. Nikdy mi nešel nainstalovat.
Avast nyní nenašel Warezova, tak je to snad čisté, jen mi zase nahlásit, že některé soubory se nedají otestovat.
Snad poslední log:

******************************************

1) Výpis obsahů Application Data složek pro zjištění podezřelých adresářů:

Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 0899-B237.

Věpis adres ýe C:\Documents and Settings\Administrator\DATAAP~1

10.01.2006 15:29 <DIR> ATI
10.01.2006 15:29 <DIR> Identities
10.01.2006 15:29 62 desktop.ini
10.01.2006 15:29 <DIR> ..
10.01.2006 15:29 <DIR> Microsoft
10.01.2006 15:29 <DIR> .
1 soubor…, 62 bajt…
Adres ý…: 5, Volněch bajt…: 987176960
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 0899-B237.

Věpis adres ýe C:\Documents and Settings\All Users\DATAAP~1

24.12.2006 21:17 <DIR> TestListGrimMpeg
17.12.2006 21:49 <DIR> MSN6
20.10.2006 11:29 <DIR> Spybot - Search & Destroy
06.02.2006 21:56 <DIR> NFS Underground
18.01.2006 15:31 <DIR> Sony
09.01.2006 14:42 <DIR> DVD Shrink
08.01.2006 20:34 <DIR> Sony Ericsson
06.11.2005 20:26 <DIR> ACD Systems
06.11.2005 15:59 <DIR> Apple Computer
01.01.2005 02:17 62 desktop.ini
01.01.2005 02:17 <DIR> Microsoft
01.01.2005 02:17 <DIR> .
01.01.2005 02:17 <DIR> ..
1 soubor…, 62 bajt…
Adres ý…: 12, Volněch bajt…: 987111424
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 0899-B237.

Věpis adres ýe C:\Documents and Settings\Blanka\DATAAP~1

17.12.2006 21:49 <DIR> MSN6
10.11.2006 19:25 <DIR> ICQ Toolbar
26.07.2006 13:41 <DIR> ICQ
25.07.2006 19:56 <DIR> ICQLite
09.02.2006 16:44 <DIR> Sun
06.02.2006 17:11 <DIR> Google
20.01.2006 20:02 <DIR> Ahead
18.01.2006 15:37 <DIR> Publish Providers
10.01.2006 16:07 789 XPepius.ini
09.01.2006 22:40 <DIR> ExportTool
09.01.2006 10:18 <DIR> Help
04.01.2006 18:35 <DIR> Sony
25.12.2005 00:04 <DIR> Adobe
25.12.2005 00:04 <DIR> InterTrust
25.11.2005 23:35 <DIR> Macromedia
13.11.2005 16:53 19960 GDIPFONTCACHEV1.DAT
06.11.2005 20:26 <DIR> ACD Systems
06.11.2005 16:25 <DIR> Talkback
06.11.2005 16:25 <DIR> Thunderbird
06.11.2005 16:14 <DIR> Lavasoft
06.11.2005 15:48 <DIR> Mozilla
06.11.2005 15:43 <DIR> InterVideo
06.11.2005 14:32 <DIR> ATI
06.11.2005 14:04 <DIR> Identities
06.11.2005 14:03 62 desktop.ini
06.11.2005 14:03 <DIR> ..
06.11.2005 14:03 <DIR> .
06.11.2005 14:03 <DIR> Microsoft
3 soubor…, 20811 bajt…
Adres ý…: 25, Volněch bajt…: 987111424
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 0899-B237.

Věpis adres ýe C:\Documents and Settings\Nikolka\DATAAP~1

28.08.2006 10:50 <DIR> InterVideo
01.08.2006 11:27 <DIR> Sun
31.07.2006 20:50 <DIR> Adobe
31.07.2006 20:15 <DIR> ICQLite
31.07.2006 19:28 <DIR> Talkback
31.07.2006 19:28 <DIR> Thunderbird
31.07.2006 17:26 <DIR> Google
31.07.2006 16:41 <DIR> Macromedia
31.07.2006 16:18 <DIR> Mozilla
31.07.2006 14:41 <DIR> ATI
31.07.2006 14:41 <DIR> Identities
31.07.2006 14:41 62 desktop.ini
31.07.2006 14:41 <DIR> ..
31.07.2006 14:41 <DIR> .
31.07.2006 14:41 <DIR> Microsoft
1 soubor…, 62 bajt…
Adres ý…: 14, Volněch bajt…: 987111424
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 0899-B237.

Věpis adres ýe C:\Documents and Settings\Default User\DATAAP~1

01.01.2005 02:17 62 desktop.ini
01.01.2005 02:17 <DIR> ..
01.01.2005 02:17 <DIR> Microsoft
01.01.2005 02:17 <DIR> .
1 soubor…, 62 bajt…
Adres ý…: 3, Volněch bajt…: 987111424
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 0899-B237.

Věpis adres ýe C:\Documents and Settings\LocalService\DATAAP~1

06.11.2005 14:03 <DIR> ..
06.11.2005 14:03 <DIR> Microsoft
06.11.2005 14:03 <DIR> .
0 soubor…, 0 bajt…
Adres ý…: 3, Volněch bajt…: 987111424
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 0899-B237.

Věpis adres ýe C:\Documents and Settings\NetworkService\DATAAP~1

06.11.2005 14:03 <DIR> ..
06.11.2005 14:03 <DIR> Microsoft
06.11.2005 14:03 <DIR> .
0 soubor…, 0 bajt…
Adres ý…: 3, Volněch bajt…: 987111424

******************************************

2) Vyhledávání a odstranění podezřelých .job souborů:

a) Soubory přítomné v C:\WINDOWS\tasks\ adresáři:

Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 0899-B237.

Věpis adres ýe C:\WINDOWS\Tasks

30.04.2007 19:00 258 999A087DBC79BD49.job
06.11.2005 13:58 6 SA.DAT
06.11.2005 13:56 65 desktop.ini
06.11.2005 13:56 <DIR> ..
06.11.2005 13:56 <DIR> .
3 soubor…, 329 bajt…
Adres ý…: 2, Volněch bajt…: 987˙111˙424

––––––––––––––––––––––––––––––––––––––––––

b) Zjišťování vlastností přítomných .job souborů:

––––––––––––––––––––––––––––––––––––––––––

c) Nalezené a odstraněné nežádoucí soubory:


––––––––––––––––––––––––––––––––––––––––––

d) Soubory přítomné v adresáři po vymazání:

Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 0899-B237.

Věpis adres ýe C:\WINDOWS\Tasks

30.04.2007 19:00 258 999A087DBC79BD49.job
06.11.2005 13:58 6 SA.DAT
06.11.2005 13:56 65 desktop.ini
06.11.2005 13:56 <DIR> ..
06.11.2005 13:56 <DIR> .
3 soubor…, 329 bajt…
Adres ý…: 2, Volněch bajt…: 987˙172˙864

******************************************

3) Vyhledávání podvodných programů ve složce Program files:


Adresář C:\Program Files\Adv Nepřítomen !

Adresář C:\Program Files\Adverts Nepřítomen !

Adresář C:\Program Files\BitDownload Nepřítomen !

Adresář C:\Program Files\BitGrabber Nepřítomen !

Adresář C:\Program Files\BitRoll Nepřítomen !

Adresář C:\Program Files\C2Media Nepřítomen !

Adresář C:\Program Files\Download Plugin Nepřítomen !

Adresář C:\Program Files\Messenger Plus! 3 Nepřítomen !

Adresář C:\Program Files\NetPumper Nepřítomen !

Adresář C:\Program Files\Proxy download Nepřítomen !

Adresář C:\Program Files\SuperTorrent Nepřítomen !

Adresář C:\Program Files\Torrent101 Nepřítomen !

Adresář C:\Program Files\TorrentQ Nepřítomen !