kONTROLA HiJacklogu Vyřešeno

[KingDuck]

Zdravim, potrebeval bych zkontrolovat log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:45:36, on 14.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programy\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=61005
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=61005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [VoipDiscount] "C:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe" -nosplash -minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9100BA25-85A6-4C80-86E9-426D2899F8EF} (WirelessContactHandler Class) - http://xtraz.icq.com/xtraz/products/wir ... ontact.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://arcade.icq.com/online/online2/be ... der_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A74ADC47-4327-4D6D-A83A-177590255CDE}: NameServer = 192.168.24.100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: wmpuurlm - C:\WINDOWS\system32\wmpuurlm.dll (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 8483 bytes

[Reklama]

[KingDuck]

Chtel jsem sem pridat log s ComboFix. bohuzel cekam vice jak 10 minut a nic, zda se vam tohle normalni ???¨Celkove se mi posledni dobou neja spomaluje pc.
Predem diky za odpoved

[jaro3]

Fix v HJT:

Kód: Vybrat vše

R3 - URLSearchHook: (no name) - - (no file)
O20 - Winlogon Notify: wmpuurlm - C:\WINDOWS\system32\wmpuurlm.dll (file missing)


Kde máš antivir??
Vypnul jsi před Combofixem rez. štít u ST?
CF někdy trvá i 20-25min.

[KingDuck]

Mam jen Ad-Aware SE Personal
A Spyware Terminator a tady mam rezidentni stit neaktivni, staci to, nebo nemam antivirus ?
ComboFix to prosel rychle ale odesilani trvalo vice jak deset minut a stejne nic

[jaro3]

Nemáš, pořiď si aspoň free antivirusovej program, Ad-Aware je jen na spyware,adware.Potřebuji ten log z CF, program Ti ho nevytvoří , nebo, co? Štít vypni, ukonči všechny ostatní okna a prohlížeče a zkus to znovu.Počkej až vyjede ten log a pak ho dej sem..Pokud Ti to nepůjde ,jdi do nouzového režimu a zkus to v něm.

[KingDuck]

Omlouvam se za opozdenou odpoved, mel jsem potize s internetem

ComboFix 08-10-18.03 - OEM 2008-10-23 17:09:33.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.255 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\OEM\Plocha\ComboFix.exe
.

((((((((((((((((((((((((( Soubory vytvořené od 2008-09-23 do 2008-10-23 )))))))))))))))))))))))))))))))
.

2008-10-15 10:10 . 2008-10-15 10:11 1,393 --a------ C:\WINDOWS\imsins.BAK
2008-10-15 08:39 . 2008-09-15 17:27 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 08:39 . 2008-09-08 12:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 08:38 . 2008-08-14 15:26 2,191,360 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 08:38 . 2008-08-14 15:26 2,147,328 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 08:38 . 2008-08-14 15:26 2,068,224 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 08:38 . 2008-08-14 15:26 2,025,984 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-14 18:22 . 2008-10-14 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Yahoo! Companion
2008-10-14 17:24 . 2008-10-14 17:24 <DIR> d-------- C:\hry
2008-10-14 17:01 . 2008-10-14 17:19 <DIR> d-------- C:\instalacky programu
2008-10-14 17:00 . 2008-10-14 17:00 <DIR> d-------- C:\Program Files\Yahoo!
2008-10-14 16:48 . 2008-10-14 16:48 0 --a------ C:\WINDOWS\nsreg.dat
2008-10-14 16:47 . 2008-10-14 16:47 <DIR> d-------- C:\Documents and Settings\OEM\Data aplikací\vlc
2008-10-14 16:47 . 2008-10-14 16:47 <DIR> d-------- C:\Documents and Settings\OEM\Data aplikací\vlc
2008-10-14 16:47 . 2008-10-14 16:47 <DIR> d-------- C:\Documents and Settings\OEM\Data aplikací\vlc
2008-10-14 16:37 . 2008-10-14 17:00 <DIR> d-------- C:\Programy
2008-10-02 20:32 . 2008-10-02 20:32 <DIR> d-------- C:\WINDOWS\system32\cs-cz
2008-10-02 20:32 . 2008-10-02 20:32 <DIR> d-------- C:\WINDOWS\system32\cs
2008-10-02 20:32 . 2008-10-02 20:32 <DIR> d-------- C:\WINDOWS\system32\bits
2008-10-02 20:32 . 2008-10-02 20:32 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-02 20:28 . 2008-10-02 20:33 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-10-02 20:09 . 2008-10-02 20:09 <DIR> d-------- C:\WINDOWS\EHome
2008-10-01 15:13 . 2004-08-17 15:43 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-23 15:08 --------- d-----w C:\Documents and Settings\OEM\Data aplikací\Spyware Terminator
2008-10-23 15:08 --------- d-----w C:\Documents and Settings\OEM\Data aplikací\Spyware Terminator
2008-10-23 15:08 --------- d-----w C:\Documents and Settings\OEM\Data aplikací\Spyware Terminator
2008-10-23 15:08 --------- d-----w C:\Documents and Settings\OEM\Data aplikací\Skype
2008-10-23 15:08 --------- d-----w C:\Documents and Settings\OEM\Data aplikací\Skype
2008-10-23 15:08 --------- d-----w C:\Documents and Settings\OEM\Data aplikací\Skype
2008-10-23 15:06 --------- d-----w C:\Documents and Settings\OEM\Data aplikací\skypePM
2008-10-23 15:06 --------- d-----w C:\Documents and Settings\OEM\Data aplikací\skypePM
2008-10-23 15:06 --------- d-----w C:\Documents and Settings\OEM\Data aplikací\skypePM
2008-10-23 15:06 --------- d-----w C:\Documents and Settings\OEM\Data aplikací\OpenOffice.org2
2008-10-23 15:06 --------- d-----w C:\Documents and Settings\OEM\Data aplikací\OpenOffice.org2
2008-10-23 15:06 --------- d-----w C:\Documents and Settings\OEM\Data aplikací\OpenOffice.org2
2008-10-22 17:01 --------- d-----w C:\Program Files\ICQToolbar
2008-10-19 15:07 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-10-14 18:29 141,312 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-10-14 18:29 --------- d-----w C:\Program Files\Spyware Terminator
2008-10-14 15:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-14 14:43 --------- d-----w C:\Documents and Settings\OEM\Data aplikací\Lavasoft
2008-10-14 14:43 --------- d-----w C:\Documents and Settings\OEM\Data aplikací\Lavasoft
2008-10-14 14:43 --------- d-----w C:\Documents and Settings\OEM\Data aplikací\Lavasoft
2008-10-14 14:40 --------- d-----w C:\Program Files\Lavasoft
2008-10-10 16:52 --------- d-----w C:\Program Files\Lx_cats
2008-09-22 18:01 --------- d-----w C:\Program Files\ICQ6
2008-09-15 15:27 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-20 05:10 667,136 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 13:26 2,191,360 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:26 2,068,224 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-03-02 09:19 32 ----a-w C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
2007-10-07 08:55 1,892,268 ----a-w C:\Program Files\aresregular204_installer.exe
2004-03-11 12:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"VoipDiscount"="C:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe" [2006-12-14 7558720]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"PowerBar"="C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-03-08 86016]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-20 68856]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2008-09-01 173304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 114688]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"lxccmon.exe"="C:\Program Files\Lexmark 3300 Series\lxccmon.exe" [2005-07-21 192512]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]
"LXCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 73728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\OEM\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-02-26 393216]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-12-28 57344]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-10-14 141312]
R2 ICQ Service;ICQ Service;C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-05-29 220920]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2008-04-13 69120]
.
.
------- Doplňkový sken -------
.
FireFox -: Profile - C:\Documents and Settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\yov24j3j.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.seznam.cz/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-23 17:11:31
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2008-10-23 17:12:36
ComboFix-quarantined-files.txt 2008-10-23 15:12:29
ComboFix2.txt 2008-10-19 15:12:11
ComboFix3.txt 2008-10-19 10:24:27

Před spuštěním: Volných bajtů: 59 948 597 248
Po spuštění: Volných bajtů: 60,408,315,904

132 --- E O F --- 2008-10-15 08:11:45

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[KingDuck]

ComboFix 08-10-18.03 - OEM 2008-10-23 19:18:55.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.128 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\OEM\Plocha\ComboFix.exe
Použité ovládací přepínače :: C:\Documents and Settings\OEM\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((( Soubory vytvořené od 2008-09-23 do 2008-10-23 )))))))))))))))))))))))))))))))
.

2008-10-15 10:10 . 2008-10-15 10:11 1,393 --a------ C:\WINDOWS\imsins.BAK
2008-10-15 08:39 . 2008-09-15 17:27 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 08:39 . 2008-09-08 12:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 08:38 . 2008-08-14 15:26 2,191,360 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 08:38 . 2008-08-14 15:26 2,147,328 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 08:38 . 2008-08-14 15:26 2,068,224 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 08:38 . 2008-08-14 15:26 2,025,984 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-14 18:22 . 2008-10-14 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Yahoo! Companion
2008-10-14 17:24 . 2008-10-14 17:24 <DIR> d-------- C:\hry
2008-10-14 17:01 . 2008-10-14 17:19 <DIR> d-------- C:\instalacky programu
2008-10-14 17:00 . 2008-10-14 17:00 <DIR> d-------- C:\Program Files\Yahoo!
2008-10-14 16:48 . 2008-10-14 16:48 0 --a------ C:\WINDOWS\nsreg.dat
2008-10-14 16:47 . 2008-10-14 16:47 <DIR> d-------- C:\Documents and Settings\OEM\Data aplikací\vlc
2008-10-14 16:47 . 2008-10-14 16:47 <DIR> d-------- C:\Documents and Settings\OEM\Data aplikací\vlc
2008-10-14 16:47 . 2008-10-14 16:47 <DIR> d-------- C:\Documents and Settings\OEM\Data aplikací\vlc
2008-10-14 16:37 . 2008-10-14 17:00 <DIR> d-------- C:\Programy
2008-10-02 20:32 . 2008-10-02 20:32 <DIR> d-------- C:\WINDOWS\system32\cs-cz
2008-10-02 20:32 . 2008-10-02 20:32 <DIR> d-------- C:\WINDOWS\system32\cs
2008-10-02 20:32 . 2008-10-02 20:32 <DIR> d-------- C:\WINDOWS\system32\bits
2008-10-02 20:32 . 2008-10-02 20:32 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-02 20:28 . 2008-10-02 20:33 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-10-02 20:09 . 2008-10-02 20:09 <DIR> d-------- C:\WINDOWS\EHome
2008-10-01 15:13 . 2004-08-17 15:43 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-23 17:15 --------- d-----w C:\Documents and Settings\OEM\Data aplikací\Skype
2008-10-23 17:15 --------- d-----w C:\Documents and Settings\OEM\Data aplikací\Skype
2008-10-23 17:15 --------- d-----w C:\Documents and Settings\OEM\Data aplikací\Skype
2008-10-23 15:08 --------- d-----w C:\Documents and Settings\OEM\Data aplikací\Spyware Terminator
2008-10-23 15:08 --------- d-----w C:\Documents and Settings\OEM\Data aplikací\Spyware Terminator
2008-10-23 15:08 --------- d-----w C:\Documents and Settings\OEM\Data aplikací\Spyware Terminator
2008-10-23 15:06 --------- d-----w C:\Documents and Settings\OEM\Data aplikací\skypePM
2008-10-23 15:06 --------- d-----w C:\Documents and Settings\OEM\Data aplikací\skypePM
2008-10-23 15:06 --------- d-----w C:\Documents and Settings\OEM\Data aplikací\skypePM
2008-10-23 15:06 --------- d-----w C:\Documents and Settings\OEM\Data aplikací\OpenOffice.org2
2008-10-23 15:06 --------- d-----w C:\Documents and Settings\OEM\Data aplikací\OpenOffice.org2
2008-10-23 15:06 --------- d-----w C:\Documents and Settings\OEM\Data aplikací\OpenOffice.org2
2008-10-22 17:01 --------- d-----w C:\Program Files\ICQToolbar
2008-10-19 15:07 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-10-14 18:29 141,312 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-10-14 18:29 --------- d-----w C:\Program Files\Spyware Terminator
2008-10-14 15:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-14 14:43 --------- d-----w C:\Documents and Settings\OEM\Data aplikací\Lavasoft
2008-10-14 14:43 --------- d-----w C:\Documents and Settings\OEM\Data aplikací\Lavasoft
2008-10-14 14:43 --------- d-----w C:\Documents and Settings\OEM\Data aplikací\Lavasoft
2008-10-14 14:40 --------- d-----w C:\Program Files\Lavasoft
2008-10-10 16:52 --------- d-----w C:\Program Files\Lx_cats
2008-09-22 18:01 --------- d-----w C:\Program Files\ICQ6
2008-09-15 15:27 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-20 05:10 667,136 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 13:26 2,191,360 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:26 2,068,224 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-03-02 09:19 32 ----a-w C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
2007-10-07 08:55 1,892,268 ----a-w C:\Program Files\aresregular204_installer.exe
2004-03-11 12:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"VoipDiscount"="C:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe" [2006-12-14 7558720]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"PowerBar"="C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-03-08 86016]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-20 68856]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2008-09-01 173304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 114688]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"lxccmon.exe"="C:\Program Files\Lexmark 3300 Series\lxccmon.exe" [2005-07-21 192512]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]
"LXCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 73728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\OEM\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-02-26 393216]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-12-28 57344]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-10-14 141312]
R2 ICQ Service;ICQ Service;C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-05-29 220920]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2008-04-13 69120]

*Newly Created Service* - CATCHME
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-23 19:20:19
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2008-10-23 19:21:20
ComboFix-quarantined-files.txt 2008-10-23 17:21:10
ComboFix2.txt 2008-10-23 15:12:37
ComboFix3.txt 2008-10-19 15:12:11
ComboFix4.txt 2008-10-19 10:24:27

Před spuštěním: Volných bajtů: 60 391 014 400
Po spuštění: Volných bajtů: 60,383,088,640

128 --- E O F --- 2008-10-15 08:11:45

[jaro3]

Log O.K. , ještě log z HJT.

[KingDuck]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:21, on 25.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\lxcccoms.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programy\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=61005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [VoipDiscount] "C:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe" -nosplash -minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9100BA25-85A6-4C80-86E9-426D2899F8EF} (WirelessContactHandler Class) - http://xtraz.icq.com/xtraz/products/wir ... ontact.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A74ADC47-4327-4D6D-A83A-177590255CDE}: NameServer = 192.168.24.100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7990 bytes

[jaro3]

fix v HJT:

Kód: Vybrat vše

R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)


ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
viewtopic.php?t=5130
a použij i T-Cleaner
http://www.sweb.cz/Marinus/T-Cleaner.exe
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
aktualizuj javu:
Java SE Runtime Environment 6u10
https://cds.sun.com/is-bin/INTERSHOP.en ... _Developer
Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u10-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.