Prosím o kontrolu logu

[Kule]

Problém je Explorer exe,asi tam je nějakej šmejd.

Logfile of HijackThis v1.99.1
Scan saved at 19:04:54, on 17.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\program files\analog devices\soundmax\smax4.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\internet download manager\idman.exe
C:\Program Files\Weather Watcher\ww.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\RAMASST.exe
C:\program files\internet download manager\IEMonitor.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Documents and Settings\user\Dokumenty\PROGRAMY\UTILITKY\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\program files\internet download manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\program files\analog devices\soundmax\smax4.exe" /tray
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\program files\internet download manager\idman.exe /onboot
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download All Links with IDM - C:\program files\internet download manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\program files\internet download manager\IEExt.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - - (no file)
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

[Reklama]

[Baron Prášil]

fixni zbytečnosti
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)

zakaž a zastav toto ve službách
Ad-Aware 2007 Service
služby spustíš napsáním příkazu services.msc do Spustit... v nabídce START a klik na OK

takže vyčisti systém CCleanerem a RegCleanerem
a
udělej log z MWAV

[Kule]

Sun Jun 17 21:49:47 2007 => Key found with NULL Character: HKLM\Software\Microsoft\Windows\CurrentVersion\System !!!
Sun Jun 17 21:49:49 2007 => Objekt "NULLBYTE Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.

Sun Jun 17 21:49:51 2007 => Offending file found: C:\WINDOWS\system32\swreg.exe
Sun Jun 17 21:49:51 2007 => System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (swreg.exe)! Action taken: Nic nebylo provedeno.

Sun Jun 17 21:49:51 2007 => Offending file found: C:\WINDOWS\system32\swsc.exe
Sun Jun 17 21:49:51 2007 => System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (swsc.exe)! Action taken: Nic nebylo provedeno.

Sun Jun 17 21:49:51 2007 => Offending file found: C:\DOCUME~1\user\LOCALS~1\Temp\glb1a2b.exe
Sun Jun 17 21:49:51 2007 => System found infected with lopcom Browser Hijacker (glb1a2b.exe)! Action taken: Nic nebylo provedeno.

Sun Jun 17 21:49:54 2007 => Offending file found: C:\Documents and Settings\user\Local Settings\temp\glb1a2b.exe
Sun Jun 17 21:49:54 2007 => System found infected with lopcom Browser Hijacker (glb1a2b.exe)! Action taken: Nic nebylo provedeno.

Sun Jun 17 21:49:56 2007 => Offending file found: C:\WINDOWS\system32\unrar.dll
Sun Jun 17 21:49:56 2007 => System found infected with savenow Adware (C:\WINDOWS\system32\unrar.dll)! Action taken: Nic nebylo provedeno.

[Baron Prášil]

použij Avenger
http://www.viry.cz/forum/viewtopic.php?t=21484

a tento skript

Files to delete:
C:\WINDOWS\system32\swreg.exe
C:\WINDOWS\system32\swsc.exe
C:\DOCUME~1\user\LOCALS~1\Temp\glb1a2b.exe
C:\Documents and Settings\user\Local Settings\temp\glb1a2b.exe
C:\WINDOWS\system32\unrar.dll

po restartu pošli log z Avengeru
vyskočí ti na plochu nebo ho najdeš v C:\

[Kule]

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\smilleli

*******************

Script file located at: \??\C:\Documents and Settings\gckcgefd.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\swreg.exe deleted successfully.
File C:\WINDOWS\system32\swsc.exe deleted successfully.


File C:\DOCUME~1\user\LOCALS~1\Temp\glb1a2b.exe not found!
Deletion of file C:\DOCUME~1\user\LOCALS~1\Temp\glb1a2b.exe failed!

Could not process line:
C:\DOCUME~1\user\LOCALS~1\Temp\glb1a2b.exe
Status: 0xc0000034



File C:\Documents and Settings\user\Local Settings\temp\glb1a2b.exe not found!
Deletion of file C:\Documents and Settings\user\Local Settings\temp\glb1a2b.exe failed!

Could not process line:
C:\Documents and Settings\user\Local Settings\temp\glb1a2b.exe
Status: 0xc0000034

File C:\WINDOWS\system32\unrar.dll deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[Baron Prášil]

postupuj podle návodu tady
http://www.viry.cz/forum/viewtopic.php?p=270034

a pošli log z lopfindu

a novej log z hijackthis.HijackThis.exe přejmenuj na hájdžek.exe

[Kule]

LopFind v3 © Čas: 23:43:22,89 Datum: ne 17.06.2007

******************************************

1) Výpis obsahů Application Data složek pro zjištění podezřelých adresářů:

Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je E854-C163.

Věpis adres ýe C:\Documents and Settings\All Users\DATAAP~1

15.06.2007 23:13 <DIR> Spybot - Search & Destroy
10.06.2007 13:00 <DIR> Lavasoft
09.06.2007 00:05 1751 QTSBandwidthCache
08.06.2007 23:54 <DIR> InstallShield
03.06.2007 14:55 <DIR> Skype
28.05.2007 20:19 <DIR> Ulead Systems
22.05.2007 10:48 <DIR> Real
20.05.2007 09:54 <DIR> Azureus
19.05.2007 10:40 <DIR> Microsoft Help
17.05.2007 22:09 <DIR> Apple Computer
29.04.2007 08:52 <DIR> error flaw noun save
16.04.2007 15:16 <DIR> NVIDIA
15.04.2007 19:27 <DIR> LangSoft
31.03.2007 12:22 <DIR> Pinnacle
28.03.2007 18:38 <DIR> Google
25.03.2007 09:26 <DIR> WildTangent
24.03.2007 21:30 <DIR> ashampoo
24.03.2007 16:05 <DIR> Adobe
21.03.2007 17:05 <DIR> Windows Genuine Advantage
21.03.2007 16:36 <DIR> TreeCardGames
17.03.2007 21:17 <DIR> Trymedia
14.03.2007 19:11 <DIR> DVD Shrink
14.03.2007 18:25 <DIR> SUPERAntiSpyware.com
14.03.2007 17:47 <DIR> Comodo
14.03.2007 17:23 <DIR> AOL
13.03.2007 18:26 62 desktop.ini
13.03.2007 18:25 <DIR> Microsoft
13.03.2007 18:25 <DIR> ..
13.03.2007 18:25 <DIR> .
2 soubor…, 1813 bajt…
Adres ý…: 27, Volněch bajt…: 169749778432






Logfile of HijackThis v1.99.1
Scan saved at 23:46:12, on 17.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\program files\analog devices\soundmax\smax4.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\internet download manager\idman.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\RAMASST.exe
C:\program files\internet download manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user\Dokumenty\PROGRAMY\UTILITKY\Hijack This\Hajdžek exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\program files\internet download manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\program files\analog devices\soundmax\smax4.exe" /tray
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\program files\internet download manager\idman.exe /onboot
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download All Links with IDM - C:\program files\internet download manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\program files\internet download manager\IEExt.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - - (no file)
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

[Baron Prášil]

ten log z lopfindu neni celej

pořeš taky ten Ad-Aware

[Kule]

Omlouvám se a dík za trpělivost.


LopFind v3 © Čas: 23:43:22,89 Datum: ne 17.06.2007

******************************************

1) Výpis obsahů Application Data složek pro zjištění podezřelých adresářů:

Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je E854-C163.

Věpis adres ýe C:\Documents and Settings\All Users\DATAAP~1

15.06.2007 23:13 <DIR> Spybot - Search & Destroy
10.06.2007 13:00 <DIR> Lavasoft
09.06.2007 00:05 1751 QTSBandwidthCache
08.06.2007 23:54 <DIR> InstallShield
03.06.2007 14:55 <DIR> Skype
28.05.2007 20:19 <DIR> Ulead Systems
22.05.2007 10:48 <DIR> Real
20.05.2007 09:54 <DIR> Azureus
19.05.2007 10:40 <DIR> Microsoft Help
17.05.2007 22:09 <DIR> Apple Computer
29.04.2007 08:52 <DIR> error flaw noun save
16.04.2007 15:16 <DIR> NVIDIA
15.04.2007 19:27 <DIR> LangSoft
31.03.2007 12:22 <DIR> Pinnacle
28.03.2007 18:38 <DIR> Google
25.03.2007 09:26 <DIR> WildTangent
24.03.2007 21:30 <DIR> ashampoo
24.03.2007 16:05 <DIR> Adobe
21.03.2007 17:05 <DIR> Windows Genuine Advantage
21.03.2007 16:36 <DIR> TreeCardGames
17.03.2007 21:17 <DIR> Trymedia
14.03.2007 19:11 <DIR> DVD Shrink
14.03.2007 18:25 <DIR> SUPERAntiSpyware.com
14.03.2007 17:47 <DIR> Comodo
14.03.2007 17:23 <DIR> AOL
13.03.2007 18:26 62 desktop.ini
13.03.2007 18:25 <DIR> Microsoft
13.03.2007 18:25 <DIR> ..
13.03.2007 18:25 <DIR> .
2 soubor…, 1813 bajt…
Adres ý…: 27, Volněch bajt…: 169749778432
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je E854-C163.

Věpis adres ýe C:\Documents and Settings\user\DATAAP~1

14.06.2007 11:43 <DIR> Uniblue
13.06.2007 22:16 <DIR> SUPERAntiSpyware.com
10.06.2007 21:54 <DIR> FreeCall
10.06.2007 14:22 <DIR> Lavasoft
09.06.2007 00:06 <DIR> Apple Computer
09.06.2007 00:02 <DIR> InterVideo
03.06.2007 14:55 <DIR> Skype
03.06.2007 11:28 <DIR> VoipCheapCom
28.05.2007 20:21 <DIR> Ulead Systems
23.05.2007 20:22 <DIR> InstallShield
22.05.2007 10:48 <DIR> Media Player Classic
22.05.2007 10:48 <DIR> Real
20.05.2007 09:54 <DIR> Azureus
19.05.2007 14:35 <DIR> Sun
08.05.2007 18:26 <DIR> uTorrent
29.04.2007 08:51 <DIR> dumb tool lies
21.04.2007 08:47 87608 inst.exe
15.04.2007 19:27 <DIR> LangSoft
28.03.2007 18:32 <DIR> DivX
25.03.2007 17:42 <DIR> dvdcss
24.03.2007 21:31 <DIR> Ashampoo
24.03.2007 16:33 <DIR> Pegasys Inc
24.03.2007 16:06 <DIR> AdobeUM
24.03.2007 16:05 <DIR> Adobe
21.03.2007 16:47 <DIR> Help
21.03.2007 16:02 <DIR> SolSuite
20.03.2007 19:32 <DIR> ICQLite
17.03.2007 22:16 <DIR> URSoft
15.03.2007 21:13 <DIR> ABBYY
14.03.2007 23:45 <DIR> IDM
14.03.2007 23:45 <DIR> DMCache
14.03.2007 21:19 <DIR> Macromedia
14.03.2007 20:19 <DIR> vlc
14.03.2007 19:31 34 pcouffin.log
14.03.2007 19:31 47360 pcouffin.sys
14.03.2007 19:31 87608 ezpinst.exe
14.03.2007 19:31 7887 pcouffin.cat
14.03.2007 19:31 1144 pcouffin.inf
14.03.2007 19:31 <DIR> Vso
14.03.2007 19:12 <DIR> DVD Shrink
14.03.2007 19:01 <DIR> Ahead
14.03.2007 17:47 <DIR> Comodo
14.03.2007 17:41 <DIR> Mozilla
13.03.2007 10:45 <DIR> Identities
13.03.2007 10:45 62 desktop.ini
13.03.2007 10:45 <DIR> ..
13.03.2007 10:45 <DIR> .
13.03.2007 10:45 <DIR> Microsoft
7 soubor…, 231703 bajt…
Adres ý…: 41, Volněch bajt…: 169749774336
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je E854-C163.

Věpis adres ýe C:\Documents and Settings\Default User\DATAAP~1

13.03.2007 18:26 62 desktop.ini
13.03.2007 18:25 <DIR> ..
13.03.2007 18:25 <DIR> Microsoft
13.03.2007 18:25 <DIR> .
1 soubor…, 62 bajt…
Adres ý…: 3, Volněch bajt…: 169749774336
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je E854-C163.

Věpis adres ýe C:\Documents and Settings\LocalService\DATAAP~1

13.03.2007 10:44 <DIR> ..
13.03.2007 10:44 <DIR> Microsoft
13.03.2007 10:44 <DIR> .
0 soubor…, 0 bajt…
Adres ý…: 3, Volněch bajt…: 169749774336
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je E854-C163.

Věpis adres ýe C:\Documents and Settings\NetworkService\DATAAP~1

13.03.2007 10:38 <DIR> ..
13.03.2007 10:38 <DIR> Microsoft
13.03.2007 10:38 <DIR> .
0 soubor…, 0 bajt…
Adres ý…: 3, Volněch bajt…: 169749774336

******************************************

2) Vyhledávání a odstranění podezřelých .job souborů:

a) Soubory přítomné v C:\WINDOWS\tasks\ adresáři:

Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je E854-C163.

Věpis adres ýe C:\WINDOWS\Tasks

15.06.2007 09:21 436 RegCure Program Check.job
15.06.2007 09:21 370 RegCure.job
14.06.2007 11:53 336 Uniblue SpyEraser.job
08.06.2007 23:56 284 AppleSoftwareUpdate.job
29.04.2007 08:53 260 B647DCD491444600.job
13.03.2007 10:44 6 SA.DAT
13.03.2007 10:34 65 desktop.ini
13.03.2007 10:34 <DIR> .
13.03.2007 10:34 <DIR> ..
7 soubor…, 1˙757 bajt…
Adres ý…: 2, Volněch bajt…: 169˙749˙774˙336

––––––––––––––––––––––––––––––––––––––––––

b) Zjišťování vlastností přítomných .job souborů:

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'AppleSoftwareUpdate.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Apple Software Update\SoftwareUpdate.exe'
Parameters: '-Task'
WorkingDirectory: ''
Comment: ''
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 06/11/2007 19:24:00
NextRun: 06/18/2007 19:24:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: .M.....
StartDate: 06/08/2007
EndDate: 00/00/0000
StartTime: 19:24
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'B647DCD491444600.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\user\dataap~1\dumbto~1\CHIC TRAY BALM.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'user'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 04/29/2007 18:00:00
NextRun: 06/18/2007 0:00:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 06/18/1995
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'RegCure Program Check.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\RegCure\RegCure.exe'
Parameters: 'ShowReminders'
WorkingDirectory: 'C:\Program Files\RegCure\RegCure.exe'
Comment: 'Checks status of application.'
Creator: 'user'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 06/17/2007 23:29:40
NextRun: 06/18/2007 17:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

2 Triggers

Trigger 0:
Type: AtLogon
StartDate: 01/01/2006
EndDate: 00/00/0000
StartTime: 12:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 1:
Type: Daily
DaysInterval: 1
StartDate: 01/01/2006
EndDate: 00/00/0000
StartTime: 17:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'RegCure.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\RegCure\RegCure.exe'
Parameters: '-t'
WorkingDirectory: 'C:\Program Files\RegCure\RegCure.exe'
Comment: 'Runs RegCure at Scheduled Time.'
Creator: 'user'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 06/17/2007 18:00:00
NextRun: 06/18/2007 18:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: UM.W.F.
StartDate: 01/01/2006
EndDate: 00/00/0000
StartTime: 18:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'Uniblue SpyEraser.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe'
Parameters: '-s'
WorkingDirectory: 'C:\Program Files\Uniblue\SpyEraser\'
Comment: 'Uniblue SpyEraser Scheduler'
Creator: 'user'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 00/00/0000 0:00:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_NOT_SCHEDULED
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

No triggers


––––––––––––––––––––––––––––––––––––––––––

c) Nalezené a odstraněné nežádoucí soubory:

B647DCD491444600.job

––––––––––––––––––––––––––––––––––––––––––

d) Soubory přítomné v adresáři po vymazání:

Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je E854-C163.

Věpis adres ýe C:\WINDOWS\Tasks

15.06.2007 09:21 436 RegCure Program Check.job
15.06.2007 09:21 370 RegCure.job
14.06.2007 11:53 336 Uniblue SpyEraser.job
08.06.2007 23:56 284 AppleSoftwareUpdate.job
13.03.2007 10:44 6 SA.DAT
13.03.2007 10:34 65 desktop.ini
13.03.2007 10:34 <DIR> ..
13.03.2007 10:34 <DIR> .
6 soubor…, 1˙497 bajt…
Adres ý…: 2, Volněch bajt…: 169˙749˙766˙144

******************************************

3) Vyhledávání podvodných programů ve složce Program Files:

Nebyly nalezeny žádné podvodné adresáře.

[Kule]

Jde asi o thle, filmy DviX,Avi nebo DviRip ktré jsem si normalně pouštěl (mám je v Pc) tak teď spustit nejdou.
Když na film pravým kliknu objeví se hláška: V zajmu bezpeč.počítače byl tento proces ukončen. Explorer exe.
To jen abych vám přiblížil co to dělá.

[Baron Prášil]

použij Avenger s tímto skriptem

Files to delete:
c:\docume~1\user\dataap~1\dumbto~1\CHIC TRAY BALM.exe

pošli log z Avengeru a
udělej log z combofixu
- po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem celý jeho obsah

[Kule]

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ndcbwvng

*******************

Script file located at: \??\C:\WINDOWS\fyqbvgyq.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File c:\docume~1\user\dataap~1\dumbto~1\CHIC TRAY BALM.exe not found!
Deletion of file c:\docume~1\user\dataap~1\dumbto~1\CHIC TRAY BALM.exe failed!

Could not process line:
c:\docume~1\user\dataap~1\dumbto~1\CHIC TRAY BALM.exe
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.