Dobrý den! Prosím o radu, jak očistit PC od havěti. Někde jsem něco nakoupil, nejspíš v DC++, ale nejsem si tím jistý. Vpravo dole (tray) se usadily dvě ikony, červené kolečko s křížkem a žlutý trojúhelníček s vykřičníkem. Z jedné z nich co chvíli vyskakuje bublina s hláškou Windows Antivirus. Na ploše dále vyskakuje okno Windows Security Alert. Když jsem kliknul na OK, objevila se nabídka SuspenzorPC. Dál jsem už neklikal, poněvadž to smrdělo. Zbavím se toho programem ComboFix, ale po vypnutí PC, resp. po opětovném spuštění je to tam zase. Prosím o radu, jak se toho definitivně zbavit. Posílám zprávu ComboFixu po přečištění a HijackThisu rovněž po přečistění. Teď to je dobrý, ale až vypnu PC a znovu spustím, bude to tam zase. Co mám dělat? Věděl bych, co dělat, kdybych měl po ruce autora toho svinstva!
ComboFix 08-01-30.6 - Uzivatel 2008-01-30 14:40:08.8 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1595 [GMT 1:00]
Running from: C:\Documents and Settings\Uzivatel\Plocha\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-30 )))))))))))))))))))))))))))))))
.
2008-01-28 18:13 . 2008-01-28 18:13 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-28 16:37 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-28 09:46 . 2008-01-28 09:46 15,872 --a------ C:\WINDOWS\system32\drvcav.dll
2008-01-22 12:37 . 2008-01-22 12:58 <DIR> d-------- C:\Program Files\Freeware PDF Unlocker
2008-01-17 09:36 . 2008-01-17 09:36 <DIR> d-------- C:\Program Files\OFIS
2008-01-15 15:03 . 2007-10-12 02:57 195,096 --a------ C:\WINDOWS\system32\lvci1150.dll
2008-01-15 13:05 . 2008-01-15 13:05 <DIR> d-------- C:\Program Files\Verdict Free
2008-01-14 12:50 . 2008-01-14 14:07 <DIR> d-------- C:\TRANSLAT
2008-01-14 11:56 . 2008-01-18 08:42 <DIR> d-------- C:\Program Files\WinDUO-cvicne
2008-01-13 18:30 . 2008-01-13 18:33 <DIR> d-------- C:\Program Files\yBook
2008-01-13 10:34 . 2008-01-15 12:55 <DIR> d-------- C:\Poznamky
2008-01-13 10:23 . 2008-01-13 17:21 <DIR> d-------- C:\Program Files\Notes24
2008-01-13 10:13 . 2008-01-13 16:43 796,672 --a------ C:\WINDOWS\GPInstall.exe
2008-01-13 10:13 . 1999-10-20 18:28 7,538 --a------ C:\WINDOWS\Czech_CZ.gpl
2008-01-13 09:05 . 2008-01-13 09:05 <DIR> d-------- C:\Program Files\Listové obálky 2.8.5
2008-01-13 08:17 . 2008-01-13 08:30 <DIR> d-------- C:\Program Files\Slovnik cizich slov
2008-01-11 16:10 . 2008-01-11 16:10 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\MSScanAppDataDir
2008-01-05 14:58 . 2008-01-14 12:52 70 --a------ C:\WINDOWS\WTRDCTM.INI
2008-01-05 14:57 . 2008-01-14 12:51 516,096 --a------ C:\WINDOWS\UN32.EXE
2008-01-05 14:57 . 2008-01-14 12:51 2,753 --a------ C:\WINDOWS\UN32P.INI
2008-01-05 12:20 . 2008-01-05 12:22 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\WinZip
2008-01-05 11:46 . 2008-01-05 11:46 <DIR> d-------- C:\TEACHER
2008-01-05 11:46 . 2008-01-14 13:49 <DIR> d-------- C:\Documents and Settings\Uzivatel\Data aplikací\LangSoft
2008-01-05 11:46 . 2008-01-14 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\LangSoft
2007-12-27 13:23 . 2008-01-13 08:14 73 --a------ C:\WINDOWS\cdplayer.ini
2007-12-27 13:05 . 2007-12-27 13:05 <DIR> d-------- C:\Program Files\MySearch
2007-12-27 13:05 . 2007-12-27 13:05 <DIR> d-------- C:\Program Files\FreeRIP3
2007-12-25 16:42 . 2007-12-25 16:42 <DIR> d-------- C:\Documents and Settings\Uzivatel\Data aplikací\COWON
2007-12-25 16:41 . 2008-01-14 22:08 <DIR> d-------- C:\Program Files\JetAudio
2007-12-25 16:41 . 2007-12-25 16:41 <DIR> d-------- C:\Program Files\Common Files\COWON
2007-12-22 19:41 . 2007-12-22 19:41 <DIR> d-------- C:\Documents and Settings\LocalService\Plocha
2007-12-04 20:48 . 2007-12-04 20:48 <DIR> d-------- C:\WINDOWS\IIS Temporary Compressed Files
2007-12-04 20:46 . 2007-12-04 20:48 <DIR> d-------- C:\WINDOWS\system32\msmq
2007-12-04 20:46 . 2007-12-04 20:49 <DIR> d-------- C:\Inetpub
2007-12-04 19:38 . 2007-12-04 19:54 <DIR> d-------- C:\Documents and Settings\Uzivatel\Data aplikací\MSN6
2007-12-04 19:38 . 2007-12-04 19:38 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\MSN6
2007-12-04 17:55 . 2007-12-04 17:55 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-04 17:55 . 2007-12-04 17:55 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Apple
2007-12-03 20:35 . 2007-12-03 20:35 <DIR> d-------- C:\Documents and Settings\Uzivatel\Data aplikací\Lost Marble
2007-12-03 20:34 . 2007-12-03 20:34 <DIR> d-------- C:\Program Files\e frontier
2007-12-03 20:16 . 1998-11-13 12:58 307,200 --a------ C:\WINDOWS\IsUn0405.exe
2007-12-03 15:50 . 2007-12-03 15:50 0 --a------ C:\WINDOWS\hpqEmlsz.INI
2007-12-03 14:46 . 2007-12-03 14:46 <DIR> d-------- C:\Documents and Settings\Uzivatel\Data aplikací\Hewlett-Packard
2007-12-03 14:44 . 2007-12-03 14:44 <DIR> d-------- C:\Documents and Settings\Uzivatel\Data aplikací\Složka odesílání Share-to-Web
2007-12-03 14:43 . 2007-12-03 14:43 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 19:14 --------- d-----w C:\Program Files\ICQToolbar
2008-01-25 13:05 --------- d-----w C:\Program Files\PSPad editor
2008-01-22 14:59 --------- d-----w C:\Documents and Settings\Uzivatel\Data aplikací\OpenOffice.org2
2008-01-22 08:57 --------- d-----w C:\Program Files\DC++
2008-01-18 14:55 --------- d-----w C:\Program Files\WinDUO
2008-01-16 09:18 --------- d-----w C:\Documents and Settings\Uzivatel\Data aplikací\Cestak
2008-01-15 14:04 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-01-15 14:03 --------- d-----w C:\Program Files\Common Files\Logitech
2008-01-15 14:02 --------- d-----w C:\Program Files\Logitech
2008-01-14 13:25 --------- d-----w C:\Program Files\Translator
2008-01-14 11:52 45,056 ----a-w C:\WINDOWS\TRNOEH.DLL
2008-01-14 11:52 26,624 ----a-w C:\WINDOWS\OETRN.EXE
2008-01-14 11:52 200,704 ----a-w C:\WINDOWS\TRNOET.DLL
2008-01-13 11:36 --------- d-----w C:\Program Files\Prehravace
2008-01-13 11:22 --------- d-----w C:\Program Files\EasyVys
2007-12-25 15:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-22 15:48 --------- d-----w C:\Documents and Settings\Uzivatel\Data aplikací\ICQ
2007-12-03 19:25 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-02 16:38 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-11-02 13:50 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-11-02 13:50 249,856 ------w C:\WINDOWS\Setup1.exe
2007-10-16 20:15 558,142 ----a-w C:\WINDOWS\java\Packages\PV3DJN97.ZIP
2007-10-16 20:15 155,995 ----a-w C:\WINDOWS\java\Packages\XFVJNXJ9.ZIP
2007-10-12 02:00 490,008 ----a-w C:\WINDOWS\system32\LVUI2.dll
2007-10-12 02:00 465,432 ----a-w C:\WINDOWS\system32\LVUI2RC.dll
2007-10-12 01:57 416,280 ----a-w C:\WINDOWS\system32\lvcodec2.dll
2007-10-12 01:18 21,138 ----a-w C:\WINDOWS\system32\Repository.reg
2007-10-11 06:14 660,480 ----a-w C:\WINDOWS\system32\wininet.dll
2007-10-03 22:36 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"OEXPRESS"="C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2008-01-14 13:49 26624]
"WEBTRAN"="" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-04-12 16:44 8429568]
"nwiz"="nwiz.exe" [2007-04-12 16:44 1626112 C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\System32\sw20.exe" [2006-12-15 03:58 208896]
"SW24"="C:\WINDOWS\System32\sw24.exe" [2006-12-15 03:58 69632]
"WinSys2"="C:\WINDOWS\System32\winsys2.exe" [2006-12-15 03:59 217088]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-04-12 16:44 81920]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 14:34 868352]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 06:12 729088]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"pdfSaver3"="" []
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"MSDisp32"="C:\WINDOWS\system32\drvcav.dll" [2008-01-28 09:46 15872]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 14:49 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="C:\Program Files\Common Files\logishrd\WUApp32.exe" [2007-10-12 03:03 439568]
R3 AEXPAM;Philips SmartManage Service;C:\WINDOWS\system32\Drivers\aexpamdrv.sys [2005-12-20 10:57]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
"2008-01-23 11:26:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 14:45:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2180]
-> C:\Documents and Settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
.
Completion time: 2008-01-30 14:51:16
ComboFix-quarantined-files.txt 2008-01-30 13:50:54
ComboFix2.txt 2008-01-29 19:11:51
ComboFix3.txt 2008-01-29 17:41:36
ComboFix4.txt 2008-01-29 17:14:22
ComboFix5.txt 2008-01-29 17:02:39
.
2008-01-09 08:34:47 --- E O F ---
---------------------------------------------------
---------------------------------------------------
---------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 16:11:55, on 30.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\winsys2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Uzivatel\Plocha\HijackThis\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\System32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvcav.dll,startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A9DAD15A-365E-494D-9D41-8A0BB80007B0} (ArcticShell control) - http://www.arcticpigs.com/activex/mayhem.cab
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Windows Antivirus
-
vladimir.v
- nováček
- Příspěvky: 5
- Registrován: leden 08
- Pohlaví:
- Stav:
Offline
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
fuj! 
kde máš zabezpečení?
JURASSIC PARK sis tam vytvořil
ukonči v taskmanageru(ctrl+alt+del)
winsys2.exe
fixni
v okně programu HJT zaškrtni nalevo u položek co napíšu a potom klik na Fix checked
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\System32\winsys2.exe
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvcav.dll,startup
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu+nový log z hijackthis
kde máš zabezpečení?
JURASSIC PARK sis tam vytvořil
ukonči v taskmanageru(ctrl+alt+del)
winsys2.exe
fixni
v okně programu HJT zaškrtni nalevo u položek co napíšu a potom klik na Fix checked
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\System32\winsys2.exe
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvcav.dll,startup
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:
Kód: Vybrat vše
File::
C:\WINDOWS\System32\winsys2.exe
C:\WINDOWS\system32\drvcav.dll
Folder::
C:\Program Files\MySearch
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinSys2"=-Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu+nový log z hijackthis
-
vladimir.v
- nováček
- Příspěvky: 5
- Registrován: leden 08
- Pohlaví:
- Stav:
Offline
Už to je dobrý
Moc děkuju, Barone Zachránče, už to je dobrý. HijackThis a ComboFix zabraly, jsou to úžasně užitečný nástroje. Ohledně nedostatečného zabezpečení to bylo tak, v jedné diskusi jsem se dočetl, že před použitím ComboFixu je třeba deaktivovat antivirový program, tak jsem vypnul antivir Avast, který používám. Červa (nebo co to bylo) jsem nejspíš nakoupil přes DC++, bylo by to možný? Posílám zprávy z ComboFixu a HijackThisu a chci věřiti, že havěť už je ve řiti. Ještě jednou děkuju! Tvojí zásluhou je kapitalismus snesitelnější.
COMBOFIX
ComboFix 08-01-30.6 - Uzivatel 2008-01-31 19:11:42.10 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1572 [GMT 1:00]
Running from: C:\Documents and Settings\Uzivatel\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Uzivatel\Plocha\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE
C:\WINDOWS\system32\drvcav.dll
C:\WINDOWS\System32\winsys2.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\MySearch
C:\Program Files\MySearch\bar\1.bin\NPMYSRCH.DLL
C:\Program Files\MySearch\bar\1.bin\S4FFXTBR.JAR
C:\Program Files\MySearch\bar\1.bin\S4FFXTBR.MANIFEST
C:\Program Files\MySearch\bar\1.bin\S4NTSTBR.JAR
C:\Program Files\MySearch\bar\1.bin\S4NTSTBR.MANIFEST
C:\Program Files\MySearch\bar\1.bin\S4PLUGIN.DLL
C:\Program Files\MySearch\bar\Cache\[u]0[/u]025C36B
C:\Program Files\MySearch\bar\Cache\[u]0[/u]025C791
C:\Program Files\MySearch\bar\Cache\[u]0[/u]025C966.bmp
C:\Program Files\MySearch\bar\Cache\[u]0[/u]025CB5A.bmp
C:\Program Files\MySearch\bar\Cache\files.ini
C:\Program Files\MySearch\bar\History\search2
C:\Program Files\MySearch\bar\Settings\prevcfg2.htm
C:\WINDOWS\system32\drvcav.dll
C:\WINDOWS\System32\winsys2.exe
.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-31 )))))))))))))))))))))))))))))))
.
2008-01-31 09:40 . 2008-01-31 09:40 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-01-30 21:08 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-30 21:08 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-30 21:08 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-30 21:08 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-30 21:08 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-30 21:08 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-30 21:08 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-30 21:08 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-28 18:13 . 2008-01-28 18:13 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-28 16:37 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-22 12:37 . 2008-01-22 12:58 <DIR> d-------- C:\Program Files\Freeware PDF Unlocker
2008-01-17 09:36 . 2008-01-17 09:36 <DIR> d-------- C:\Program Files\OFIS
2008-01-15 15:03 . 2007-10-12 02:57 195,096 --a------ C:\WINDOWS\system32\lvci1150.dll
2008-01-14 12:50 . 2008-01-14 14:07 <DIR> d-------- C:\TRANSLAT
2008-01-14 11:56 . 2008-01-18 08:42 <DIR> d-------- C:\Program Files\WinDUO-cvicne
2008-01-13 18:30 . 2008-01-13 18:33 <DIR> d-------- C:\Program Files\yBook
2008-01-13 10:34 . 2008-01-15 12:55 <DIR> d-------- C:\Poznamky
2008-01-13 10:23 . 2008-01-13 17:21 <DIR> d-------- C:\Program Files\Notes24
2008-01-13 10:13 . 2008-01-13 16:43 796,672 --a------ C:\WINDOWS\GPInstall.exe
2008-01-13 10:13 . 1999-10-20 18:28 7,538 --a------ C:\WINDOWS\Czech_CZ.gpl
2008-01-13 09:05 . 2008-01-13 09:05 <DIR> d-------- C:\Program Files\Listové obálky 2.8.5
2008-01-13 08:17 . 2008-01-13 08:30 <DIR> d-------- C:\Program Files\Slovnik cizich slov
2008-01-11 16:10 . 2008-01-11 16:10 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\MSScanAppDataDir
2008-01-05 14:58 . 2008-01-14 12:52 70 --a------ C:\WINDOWS\WTRDCTM.INI
2008-01-05 14:57 . 2008-01-14 12:51 516,096 --a------ C:\WINDOWS\UN32.EXE
2008-01-05 14:57 . 2008-01-14 12:51 2,753 --a------ C:\WINDOWS\UN32P.INI
2008-01-05 12:20 . 2008-01-05 12:22 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\WinZip
2008-01-05 11:46 . 2008-01-05 11:46 <DIR> d-------- C:\TEACHER
2008-01-05 11:46 . 2008-01-14 13:49 <DIR> d-------- C:\Documents and Settings\Uzivatel\Data aplikací\LangSoft
2008-01-05 11:46 . 2008-01-14 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\LangSoft
2007-12-27 13:23 . 2008-01-13 08:14 73 --a------ C:\WINDOWS\cdplayer.ini
2007-12-27 13:05 . 2007-12-27 13:05 <DIR> d-------- C:\Program Files\FreeRIP3
2007-12-25 16:42 . 2007-12-25 16:42 <DIR> d-------- C:\Documents and Settings\Uzivatel\Data aplikací\COWON
2007-12-25 16:41 . 2008-01-14 22:08 <DIR> d-------- C:\Program Files\JetAudio
2007-12-25 16:41 . 2007-12-25 16:41 <DIR> d-------- C:\Program Files\Common Files\COWON
2007-12-22 19:41 . 2007-12-22 19:41 <DIR> d-------- C:\Documents and Settings\LocalService\Plocha
2007-12-04 20:48 . 2007-12-04 20:48 <DIR> d-------- C:\WINDOWS\IIS Temporary Compressed Files
2007-12-04 20:46 . 2007-12-04 20:48 <DIR> d-------- C:\WINDOWS\system32\msmq
2007-12-04 20:46 . 2007-12-04 20:49 <DIR> d-------- C:\Inetpub
2007-12-04 19:38 . 2007-12-04 19:54 <DIR> d-------- C:\Documents and Settings\Uzivatel\Data aplikací\MSN6
2007-12-04 19:38 . 2007-12-04 19:38 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\MSN6
2007-12-04 17:55 . 2007-12-04 17:55 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-04 17:55 . 2007-12-04 17:55 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Apple
2007-12-03 20:35 . 2007-12-03 20:35 <DIR> d-------- C:\Documents and Settings\Uzivatel\Data aplikací\Lost Marble
2007-12-03 20:34 . 2007-12-03 20:34 <DIR> d-------- C:\Program Files\e frontier
2007-12-03 20:16 . 1998-11-13 12:58 307,200 --a------ C:\WINDOWS\IsUn0405.exe
2007-12-03 15:50 . 2007-12-03 15:50 0 --a------ C:\WINDOWS\hpqEmlsz.INI
2007-12-03 14:46 . 2007-12-03 14:46 <DIR> d-------- C:\Documents and Settings\Uzivatel\Data aplikací\Hewlett-Packard
2007-12-03 14:44 . 2007-12-03 14:44 <DIR> d-------- C:\Documents and Settings\Uzivatel\Data aplikací\Složka odesílání Share-to-Web
2007-12-03 14:43 . 2007-12-03 14:43 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-31 08:49 --------- d-----w C:\Program Files\ICQToolbar
2008-01-25 13:05 --------- d-----w C:\Program Files\PSPad editor
2008-01-22 14:59 --------- d-----w C:\Documents and Settings\Uzivatel\Data aplikací\OpenOffice.org2
2008-01-22 08:57 --------- d-----w C:\Program Files\DC++
2008-01-18 14:55 --------- d-----w C:\Program Files\WinDUO
2008-01-16 09:18 --------- d-----w C:\Documents and Settings\Uzivatel\Data aplikací\Cestak
2008-01-15 14:04 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-01-15 14:03 --------- d-----w C:\Program Files\Common Files\Logitech
2008-01-15 14:02 --------- d-----w C:\Program Files\Logitech
2008-01-14 13:25 --------- d-----w C:\Program Files\Translator
2008-01-14 11:52 45,056 ----a-w C:\WINDOWS\TRNOEH.DLL
2008-01-14 11:52 26,624 ----a-w C:\WINDOWS\OETRN.EXE
2008-01-14 11:52 200,704 ----a-w C:\WINDOWS\TRNOET.DLL
2008-01-13 11:36 --------- d-----w C:\Program Files\Prehravace
2008-01-13 11:22 --------- d-----w C:\Program Files\EasyVys
2007-12-25 15:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-22 15:48 --------- d-----w C:\Documents and Settings\Uzivatel\Data aplikací\ICQ
2007-12-03 19:25 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-02 16:38 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-11-02 13:50 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-11-02 13:50 249,856 ------w C:\WINDOWS\Setup1.exe
2007-10-16 20:15 558,142 ----a-w C:\WINDOWS\java\Packages\PV3DJN97.ZIP
2007-10-16 20:15 155,995 ----a-w C:\WINDOWS\java\Packages\XFVJNXJ9.ZIP
2007-10-12 02:00 490,008 ----a-w C:\WINDOWS\system32\LVUI2.dll
2007-10-12 02:00 465,432 ----a-w C:\WINDOWS\system32\LVUI2RC.dll
2007-10-12 01:57 416,280 ----a-w C:\WINDOWS\system32\lvcodec2.dll
2007-10-12 01:18 21,138 ----a-w C:\WINDOWS\system32\Repository.reg
2007-10-11 06:14 660,480 ----a-w C:\WINDOWS\system32\wininet.dll
2007-10-03 22:36 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"OEXPRESS"="C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2008-01-14 13:49 26624]
"WEBTRAN"="" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-04-12 16:44 8429568]
"nwiz"="nwiz.exe" [2007-04-12 16:44 1626112 C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\System32\sw20.exe" [2006-12-15 03:58 208896]
"SW24"="C:\WINDOWS\System32\sw24.exe" [2006-12-15 03:58 69632]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-04-12 16:44 81920]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 14:34 868352]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 06:12 729088]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"pdfSaver3"="" []
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 14:49 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="C:\Program Files\Common Files\logishrd\WUApp32.exe" [2007-10-12 03:03 439568]
R2 SMTPSVC;Simple Mail Transport Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-17 14:49]
R3 AEXPAM;Philips SmartManage Service;C:\WINDOWS\system32\Drivers\aexpamdrv.sys [2005-12-20 10:57]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
S3 p2pgasvc;Ověřování v síti skupiny rovnocenných počítačů;C:\WINDOWS\System32\svchost.exe [2004-08-17 14:49]
S3 p2pimsvc;Správce identit sítě rovnocenných počítačů;C:\WINDOWS\System32\svchost.exe [2004-08-17 14:49]
S3 p2psvc;Síť rovnocenných počítačů;C:\WINDOWS\System32\svchost.exe [2004-08-17 14:49]
S3 PNRPSvc;Protokol PNRP;C:\WINDOWS\System32\svchost.exe [2004-08-17 14:49]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
"2008-01-23 11:26:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-31 19:17:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-31 19:21:36
ComboFix-quarantined-files.txt 2008-01-31 18:21:22
ComboFix2.txt 2008-01-31 08:38:54
ComboFix3.txt 2008-01-29 19:11:51
ComboFix4.txt 2008-01-29 17:41:36
ComboFix5.txt 2008-01-29 17:14:22
.
2008-01-09 08:34:47 --- E O F ---
--------------------------------------------------------------------------
--------------------------------------------------------------------------
--------------------------------------------------------------------------
HIJACKTHIS
Logfile of HijackThis v1.99.1
Scan saved at 19:25:54, on 31.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Uzivatel\Plocha\HijackThis\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
COMBOFIX
ComboFix 08-01-30.6 - Uzivatel 2008-01-31 19:11:42.10 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1572 [GMT 1:00]
Running from: C:\Documents and Settings\Uzivatel\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Uzivatel\Plocha\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE
C:\WINDOWS\system32\drvcav.dll
C:\WINDOWS\System32\winsys2.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\MySearch
C:\Program Files\MySearch\bar\1.bin\NPMYSRCH.DLL
C:\Program Files\MySearch\bar\1.bin\S4FFXTBR.JAR
C:\Program Files\MySearch\bar\1.bin\S4FFXTBR.MANIFEST
C:\Program Files\MySearch\bar\1.bin\S4NTSTBR.JAR
C:\Program Files\MySearch\bar\1.bin\S4NTSTBR.MANIFEST
C:\Program Files\MySearch\bar\1.bin\S4PLUGIN.DLL
C:\Program Files\MySearch\bar\Cache\[u]0[/u]025C36B
C:\Program Files\MySearch\bar\Cache\[u]0[/u]025C791
C:\Program Files\MySearch\bar\Cache\[u]0[/u]025C966.bmp
C:\Program Files\MySearch\bar\Cache\[u]0[/u]025CB5A.bmp
C:\Program Files\MySearch\bar\Cache\files.ini
C:\Program Files\MySearch\bar\History\search2
C:\Program Files\MySearch\bar\Settings\prevcfg2.htm
C:\WINDOWS\system32\drvcav.dll
C:\WINDOWS\System32\winsys2.exe
.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-31 )))))))))))))))))))))))))))))))
.
2008-01-31 09:40 . 2008-01-31 09:40 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-01-30 21:08 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-30 21:08 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-30 21:08 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-30 21:08 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-30 21:08 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-30 21:08 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-30 21:08 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-30 21:08 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-28 18:13 . 2008-01-28 18:13 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-28 16:37 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-22 12:37 . 2008-01-22 12:58 <DIR> d-------- C:\Program Files\Freeware PDF Unlocker
2008-01-17 09:36 . 2008-01-17 09:36 <DIR> d-------- C:\Program Files\OFIS
2008-01-15 15:03 . 2007-10-12 02:57 195,096 --a------ C:\WINDOWS\system32\lvci1150.dll
2008-01-14 12:50 . 2008-01-14 14:07 <DIR> d-------- C:\TRANSLAT
2008-01-14 11:56 . 2008-01-18 08:42 <DIR> d-------- C:\Program Files\WinDUO-cvicne
2008-01-13 18:30 . 2008-01-13 18:33 <DIR> d-------- C:\Program Files\yBook
2008-01-13 10:34 . 2008-01-15 12:55 <DIR> d-------- C:\Poznamky
2008-01-13 10:23 . 2008-01-13 17:21 <DIR> d-------- C:\Program Files\Notes24
2008-01-13 10:13 . 2008-01-13 16:43 796,672 --a------ C:\WINDOWS\GPInstall.exe
2008-01-13 10:13 . 1999-10-20 18:28 7,538 --a------ C:\WINDOWS\Czech_CZ.gpl
2008-01-13 09:05 . 2008-01-13 09:05 <DIR> d-------- C:\Program Files\Listové obálky 2.8.5
2008-01-13 08:17 . 2008-01-13 08:30 <DIR> d-------- C:\Program Files\Slovnik cizich slov
2008-01-11 16:10 . 2008-01-11 16:10 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\MSScanAppDataDir
2008-01-05 14:58 . 2008-01-14 12:52 70 --a------ C:\WINDOWS\WTRDCTM.INI
2008-01-05 14:57 . 2008-01-14 12:51 516,096 --a------ C:\WINDOWS\UN32.EXE
2008-01-05 14:57 . 2008-01-14 12:51 2,753 --a------ C:\WINDOWS\UN32P.INI
2008-01-05 12:20 . 2008-01-05 12:22 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\WinZip
2008-01-05 11:46 . 2008-01-05 11:46 <DIR> d-------- C:\TEACHER
2008-01-05 11:46 . 2008-01-14 13:49 <DIR> d-------- C:\Documents and Settings\Uzivatel\Data aplikací\LangSoft
2008-01-05 11:46 . 2008-01-14 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\LangSoft
2007-12-27 13:23 . 2008-01-13 08:14 73 --a------ C:\WINDOWS\cdplayer.ini
2007-12-27 13:05 . 2007-12-27 13:05 <DIR> d-------- C:\Program Files\FreeRIP3
2007-12-25 16:42 . 2007-12-25 16:42 <DIR> d-------- C:\Documents and Settings\Uzivatel\Data aplikací\COWON
2007-12-25 16:41 . 2008-01-14 22:08 <DIR> d-------- C:\Program Files\JetAudio
2007-12-25 16:41 . 2007-12-25 16:41 <DIR> d-------- C:\Program Files\Common Files\COWON
2007-12-22 19:41 . 2007-12-22 19:41 <DIR> d-------- C:\Documents and Settings\LocalService\Plocha
2007-12-04 20:48 . 2007-12-04 20:48 <DIR> d-------- C:\WINDOWS\IIS Temporary Compressed Files
2007-12-04 20:46 . 2007-12-04 20:48 <DIR> d-------- C:\WINDOWS\system32\msmq
2007-12-04 20:46 . 2007-12-04 20:49 <DIR> d-------- C:\Inetpub
2007-12-04 19:38 . 2007-12-04 19:54 <DIR> d-------- C:\Documents and Settings\Uzivatel\Data aplikací\MSN6
2007-12-04 19:38 . 2007-12-04 19:38 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\MSN6
2007-12-04 17:55 . 2007-12-04 17:55 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-04 17:55 . 2007-12-04 17:55 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Apple
2007-12-03 20:35 . 2007-12-03 20:35 <DIR> d-------- C:\Documents and Settings\Uzivatel\Data aplikací\Lost Marble
2007-12-03 20:34 . 2007-12-03 20:34 <DIR> d-------- C:\Program Files\e frontier
2007-12-03 20:16 . 1998-11-13 12:58 307,200 --a------ C:\WINDOWS\IsUn0405.exe
2007-12-03 15:50 . 2007-12-03 15:50 0 --a------ C:\WINDOWS\hpqEmlsz.INI
2007-12-03 14:46 . 2007-12-03 14:46 <DIR> d-------- C:\Documents and Settings\Uzivatel\Data aplikací\Hewlett-Packard
2007-12-03 14:44 . 2007-12-03 14:44 <DIR> d-------- C:\Documents and Settings\Uzivatel\Data aplikací\Složka odesílání Share-to-Web
2007-12-03 14:43 . 2007-12-03 14:43 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-31 08:49 --------- d-----w C:\Program Files\ICQToolbar
2008-01-25 13:05 --------- d-----w C:\Program Files\PSPad editor
2008-01-22 14:59 --------- d-----w C:\Documents and Settings\Uzivatel\Data aplikací\OpenOffice.org2
2008-01-22 08:57 --------- d-----w C:\Program Files\DC++
2008-01-18 14:55 --------- d-----w C:\Program Files\WinDUO
2008-01-16 09:18 --------- d-----w C:\Documents and Settings\Uzivatel\Data aplikací\Cestak
2008-01-15 14:04 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-01-15 14:03 --------- d-----w C:\Program Files\Common Files\Logitech
2008-01-15 14:02 --------- d-----w C:\Program Files\Logitech
2008-01-14 13:25 --------- d-----w C:\Program Files\Translator
2008-01-14 11:52 45,056 ----a-w C:\WINDOWS\TRNOEH.DLL
2008-01-14 11:52 26,624 ----a-w C:\WINDOWS\OETRN.EXE
2008-01-14 11:52 200,704 ----a-w C:\WINDOWS\TRNOET.DLL
2008-01-13 11:36 --------- d-----w C:\Program Files\Prehravace
2008-01-13 11:22 --------- d-----w C:\Program Files\EasyVys
2007-12-25 15:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-22 15:48 --------- d-----w C:\Documents and Settings\Uzivatel\Data aplikací\ICQ
2007-12-03 19:25 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-02 16:38 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-11-02 13:50 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-11-02 13:50 249,856 ------w C:\WINDOWS\Setup1.exe
2007-10-16 20:15 558,142 ----a-w C:\WINDOWS\java\Packages\PV3DJN97.ZIP
2007-10-16 20:15 155,995 ----a-w C:\WINDOWS\java\Packages\XFVJNXJ9.ZIP
2007-10-12 02:00 490,008 ----a-w C:\WINDOWS\system32\LVUI2.dll
2007-10-12 02:00 465,432 ----a-w C:\WINDOWS\system32\LVUI2RC.dll
2007-10-12 01:57 416,280 ----a-w C:\WINDOWS\system32\lvcodec2.dll
2007-10-12 01:18 21,138 ----a-w C:\WINDOWS\system32\Repository.reg
2007-10-11 06:14 660,480 ----a-w C:\WINDOWS\system32\wininet.dll
2007-10-03 22:36 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"OEXPRESS"="C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2008-01-14 13:49 26624]
"WEBTRAN"="" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-04-12 16:44 8429568]
"nwiz"="nwiz.exe" [2007-04-12 16:44 1626112 C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\System32\sw20.exe" [2006-12-15 03:58 208896]
"SW24"="C:\WINDOWS\System32\sw24.exe" [2006-12-15 03:58 69632]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-04-12 16:44 81920]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 14:34 868352]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 06:12 729088]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"pdfSaver3"="" []
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 14:49 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="C:\Program Files\Common Files\logishrd\WUApp32.exe" [2007-10-12 03:03 439568]
R2 SMTPSVC;Simple Mail Transport Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-17 14:49]
R3 AEXPAM;Philips SmartManage Service;C:\WINDOWS\system32\Drivers\aexpamdrv.sys [2005-12-20 10:57]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
S3 p2pgasvc;Ověřování v síti skupiny rovnocenných počítačů;C:\WINDOWS\System32\svchost.exe [2004-08-17 14:49]
S3 p2pimsvc;Správce identit sítě rovnocenných počítačů;C:\WINDOWS\System32\svchost.exe [2004-08-17 14:49]
S3 p2psvc;Síť rovnocenných počítačů;C:\WINDOWS\System32\svchost.exe [2004-08-17 14:49]
S3 PNRPSvc;Protokol PNRP;C:\WINDOWS\System32\svchost.exe [2004-08-17 14:49]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
"2008-01-23 11:26:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-31 19:17:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-31 19:21:36
ComboFix-quarantined-files.txt 2008-01-31 18:21:22
ComboFix2.txt 2008-01-31 08:38:54
ComboFix3.txt 2008-01-29 19:11:51
ComboFix4.txt 2008-01-29 17:41:36
ComboFix5.txt 2008-01-29 17:14:22
.
2008-01-09 08:34:47 --- E O F ---
--------------------------------------------------------------------------
--------------------------------------------------------------------------
--------------------------------------------------------------------------
HIJACKTHIS
Logfile of HijackThis v1.99.1
Scan saved at 19:25:54, on 31.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Uzivatel\Plocha\HijackThis\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
logy jsou v pořádku.
ještě bych ti doporučil instalaci firewall a antispyware
FIREWALL
vyber si tady,doporučuju ZoneAlarm nebo Comodo
ANTISPYWARE
doporučuju Spyware Terminator nebo Spybot S&D
kdyby s tim byl nějakej trabl,tak se zase ozvi-klidně sem.
a není zač
ještě bych ti doporučil instalaci firewall a antispyware
FIREWALL
vyber si tady,doporučuju ZoneAlarm nebo Comodo
ANTISPYWARE
doporučuju Spyware Terminator nebo Spybot S&D
kdyby s tim byl nějakej trabl,tak se zase ozvi-klidně sem.
a není zač
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 118 hostů