Každou chvíli mi vyskakují v novém okně v prohlížeči, ať sem na jakékoliv stránce, nejrůznější reklamy.. Nevím co s tím.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:30:26, on 27.7.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Games and Programs\RapGet\rapget.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.3.20290\stbapp.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.3.20290\stbappHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
D:\Stahuj\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://images.rapidshare.com/software/r ... pplication
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 94.23.0.179 l2authd.lineage2.com #L2TnS
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: 94.23.0.179 l2authd.lineage2.com
O1 - Hosts: 94.23.0.179 l2testauthd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O2 - BHO: (no name) - {003EBAB0-3850-4C63-826E-5C524CE7B23C} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\1.5.0.850\HPIEAddOn.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.3.0.840\ssd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: _ - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.3.20290\stb0.dll
O4 - HKLM\..\Run: [Rapget] D:\Games and Programs\RapGet\rapget.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SmileyApp] C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.3.20290\stbapp.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: StartupFaster
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O9 - Extra 'Tools' menuitem: Nastavení aplikace &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: fsp_lmwl - C:\WINDOWS\
O20 - Winlogon Notify: opnkIawX - opnkIawX.dll (file missing)
O20 - Winlogon Notify: winmfu32 - winmfu32.dll (file missing)
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9b86054da129e) (gupdate1c9b86054da129e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TwonkyMedia - PacketVideo - C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe
--
End of file - 11859 bytes
Prosím o kontrolu logu Vyřešeno
-
zajochanek
- nováček
- Příspěvky: 17
- Registrován: listopad 08
- Pohlaví:
- Stav:
Offline
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Prosím o kontrolu logu
Odinstaluj:
Media Access Startup
Internet Saving Optimizer
System Search Dispatcher
DoubleD (GamingHarbor Toolbar)
Pak mi sem vlož nový log z HijackThis
Media Access Startup
Internet Saving Optimizer
System Search Dispatcher
DoubleD (GamingHarbor Toolbar)
Pak mi sem vlož nový log z HijackThis
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
-
zajochanek
- nováček
- Příspěvky: 17
- Registrován: listopad 08
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:07:53, on 27.7.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Games and Programs\RapGet\rapget.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
d:\Stahuj\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://images.rapidshare.com/software/r ... pplication
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 94.23.0.179 l2authd.lineage2.com #L2TnS
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: 94.23.0.179 l2authd.lineage2.com
O1 - Hosts: 94.23.0.179 l2testauthd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O2 - BHO: (no name) - {003EBAB0-3850-4C63-826E-5C524CE7B23C} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.3.0.840\ssd.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Rapget] D:\Games and Programs\RapGet\rapget.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: StartupFaster
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O9 - Extra 'Tools' menuitem: Nastavení aplikace &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: fsp_lmwl - C:\WINDOWS\
O20 - Winlogon Notify: opnkIawX - opnkIawX.dll (file missing)
O20 - Winlogon Notify: winmfu32 - winmfu32.dll (file missing)
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9b86054da129e) (gupdate1c9b86054da129e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TwonkyMedia - PacketVideo - C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe
--
End of file - 11165 bytes
Scan saved at 21:07:53, on 27.7.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Games and Programs\RapGet\rapget.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
d:\Stahuj\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://images.rapidshare.com/software/r ... pplication
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 94.23.0.179 l2authd.lineage2.com #L2TnS
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: 94.23.0.179 l2authd.lineage2.com
O1 - Hosts: 94.23.0.179 l2testauthd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O2 - BHO: (no name) - {003EBAB0-3850-4C63-826E-5C524CE7B23C} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.3.0.840\ssd.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Rapget] D:\Games and Programs\RapGet\rapget.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: StartupFaster
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O9 - Extra 'Tools' menuitem: Nastavení aplikace &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: fsp_lmwl - C:\WINDOWS\
O20 - Winlogon Notify: opnkIawX - opnkIawX.dll (file missing)
O20 - Winlogon Notify: winmfu32 - winmfu32.dll (file missing)
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9b86054da129e) (gupdate1c9b86054da129e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TwonkyMedia - PacketVideo - C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe
--
End of file - 11165 bytes
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Prosím o kontrolu logu
Spusť HJT, vypni prohlížeče, odpoj se od internetu a fixni (zatrhnout políčko před hodnotou, zmáčknout
"Fix checked"):
O2 - BHO: (no name) - {003EBAB0-3850-4C63-826E-5C524CE7B23C} - (no file)
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.3.0.840\ssd.dll (file missing)
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - Startup: StartupFaster
O20 - Winlogon Notify: fsp_lmwl - C:\WINDOWS\
O20 - Winlogon Notify: opnkIawX - opnkIawX.dll (file missing)
O20 - Winlogon Notify: winmfu32 - winmfu32.dll (file missing)
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
"Fix checked"):
O2 - BHO: (no name) - {003EBAB0-3850-4C63-826E-5C524CE7B23C} - (no file)
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.3.0.840\ssd.dll (file missing)
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - Startup: StartupFaster
O20 - Winlogon Notify: fsp_lmwl - C:\WINDOWS\
O20 - Winlogon Notify: opnkIawX - opnkIawX.dll (file missing)
O20 - Winlogon Notify: winmfu32 - winmfu32.dll (file missing)
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
-
zajochanek
- nováček
- Příspěvky: 17
- Registrován: listopad 08
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Malwarebytes' Anti-Malware 1.39
Verze databáze: 2513
Windows 5.1.2600 Service Pack 3
27.7.2009 21:35:02
mbam-log-2009-07-27 (21-34-56).txt
Typ skenu: Rychlý sken
Objektu skenováno: 104190
Uplynulý cas: 5 minute(s), 28 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 11
Infikované hodnoty registru: 2
Infikované položky dat registru: 0
Infikované složky: 16
Infikované soubory: 60
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7fc793e3-2599-4e31-9806-1e7bff68f894} (Trojan.Vundo) -> No action taken.
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
C:\Program Files\DoubleD (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Sameček\Local Settings\Application Data\DoubleD (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\DoubleD\gamingharbor toolbar\4.1.3.20290 (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\DoubleD\gamingharbor toolbar\4.1.3.20290\Data (Adware.DoubleD) -> No action taken.
c:\documents and settings\sameček\local settings\application data\doubled\gamingharbor toolbar\4.1.3.20290\data\?A (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons (Adware.DoubleD) -> No action taken.
c:\documents and settings\sameček\local settings\application data\doubled\gamingharbor toolbar\4.1.3.20290\icons\?A (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\DoubleD\gamingharbor toolbar\4.1.3.20290\Skins (Adware.DoubleD) -> No action taken.
c:\documents and settings\sameček\local settings\application data\doubled\gamingharbor toolbar\4.1.3.20290\skins\?A (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\DoubleD\gamingharbor toolbar\4.1.3.20290\Cache (Adware.DoubleD) -> No action taken.
c:\documents and settings\sameček\local settings\application data\doubled\gamingharbor toolbar\4.1.3.20290\cache\?A (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Sameček\Local Settings\Application Data\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Sameček\Local Settings\Application Data\Media Access Startup (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850 (Adware.DoubleD) -> No action taken.
Infikované soubory:
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\config.md (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090719-075639.687.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090719-075711.218.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090719-125740.078.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090719-132414.750.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090719-132430.062.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090719-132431.218.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090719-230943.859.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090720-195536.187.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090720-195600.734.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090720-200149.265.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090720-201828.343.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090721-153332.328.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090721-202842.203.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090721-211412.187.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090722-154427.187.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090722-162030.625.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090722-162109.734.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090722-233346.612.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-095544.437.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-100632.375.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-200118.718.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-202424.234.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-202435.343.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-202437.750.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-205326.453.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090724-131229.093.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090724-134004.968.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090724-153939.437.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090724-172342.984.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090724-181228.312.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090725-113239.140.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090725-141526.968.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090725-141626.031.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090725-141635.156.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090725-141738.078.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090725-142112.109.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090725-160948.031.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-145714.281.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-191032.109.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-201319.343.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-202713.609.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-204946.359.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-210408.406.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-210412.609.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-210555.562.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-210559.234.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-210652.562.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-210655.796.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-212507.453.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-214719.359.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-214723.593.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090727-090625.421.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090727-113208.140.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090727-113831.390.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090727-202356.343.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090727-210012.875.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090727-210017.093.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090727-210540.562.log (Adware.DoubleD) -> No action taken.
C:\WINDOWS\youtubex.dll (Trojan.Agent) -> No action taken.
Verze databáze: 2513
Windows 5.1.2600 Service Pack 3
27.7.2009 21:35:02
mbam-log-2009-07-27 (21-34-56).txt
Typ skenu: Rychlý sken
Objektu skenováno: 104190
Uplynulý cas: 5 minute(s), 28 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 11
Infikované hodnoty registru: 2
Infikované položky dat registru: 0
Infikované složky: 16
Infikované soubory: 60
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7fc793e3-2599-4e31-9806-1e7bff68f894} (Trojan.Vundo) -> No action taken.
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
C:\Program Files\DoubleD (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Sameček\Local Settings\Application Data\DoubleD (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\DoubleD\gamingharbor toolbar\4.1.3.20290 (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\DoubleD\gamingharbor toolbar\4.1.3.20290\Data (Adware.DoubleD) -> No action taken.
c:\documents and settings\sameček\local settings\application data\doubled\gamingharbor toolbar\4.1.3.20290\data\?A (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons (Adware.DoubleD) -> No action taken.
c:\documents and settings\sameček\local settings\application data\doubled\gamingharbor toolbar\4.1.3.20290\icons\?A (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\DoubleD\gamingharbor toolbar\4.1.3.20290\Skins (Adware.DoubleD) -> No action taken.
c:\documents and settings\sameček\local settings\application data\doubled\gamingharbor toolbar\4.1.3.20290\skins\?A (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\DoubleD\gamingharbor toolbar\4.1.3.20290\Cache (Adware.DoubleD) -> No action taken.
c:\documents and settings\sameček\local settings\application data\doubled\gamingharbor toolbar\4.1.3.20290\cache\?A (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Sameček\Local Settings\Application Data\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Sameček\Local Settings\Application Data\Media Access Startup (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850 (Adware.DoubleD) -> No action taken.
Infikované soubory:
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\config.md (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090719-075639.687.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090719-075711.218.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090719-125740.078.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090719-132414.750.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090719-132430.062.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090719-132431.218.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090719-230943.859.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090720-195536.187.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090720-195600.734.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090720-200149.265.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090720-201828.343.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090721-153332.328.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090721-202842.203.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090721-211412.187.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090722-154427.187.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090722-162030.625.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090722-162109.734.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090722-233346.612.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-095544.437.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-100632.375.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-200118.718.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-202424.234.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-202435.343.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-202437.750.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-205326.453.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090724-131229.093.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090724-134004.968.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090724-153939.437.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090724-172342.984.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090724-181228.312.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090725-113239.140.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090725-141526.968.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090725-141626.031.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090725-141635.156.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090725-141738.078.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090725-142112.109.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090725-160948.031.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-145714.281.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-191032.109.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-201319.343.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-202713.609.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-204946.359.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-210408.406.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-210412.609.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-210555.562.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-210559.234.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-210652.562.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-210655.796.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-212507.453.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-214719.359.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-214723.593.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090727-090625.421.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090727-113208.140.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090727-113831.390.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090727-202356.343.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090727-210012.875.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090727-210017.093.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090727-210540.562.log (Adware.DoubleD) -> No action taken.
C:\WINDOWS\youtubex.dll (Trojan.Agent) -> No action taken.
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Prosím o kontrolu logu
Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
-
zajochanek
- nováček
- Příspěvky: 17
- Registrován: listopad 08
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Tady je log z Malwarebytes
Malwarebytes' Anti-Malware 1.39
Verze databáze: 2513
Windows 5.1.2600 Service Pack 3
27.7.2009 21:57:29
mbam-log-2009-07-27 (21-57-29).txt
Typ skenu: Rychlý sken
Objektu skenováno: 104175
Uplynulý cas: 5 minute(s), 18 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 11
Infikované hodnoty registru: 2
Infikované položky dat registru: 0
Infikované složky: 16
Infikované soubory: 60
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7fc793e3-2599-4e31-9806-1e7bff68f894} (Trojan.Vundo) -> Quarantined and deleted successfully.
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
C:\Program Files\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sameček\Local Settings\Application Data\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\DoubleD\gamingharbor toolbar\4.1.3.20290 (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\DoubleD\gamingharbor toolbar\4.1.3.20290\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\sameček\local settings\application data\doubled\gamingharbor toolbar\4.1.3.20290\data\?A (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\sameček\local settings\application data\doubled\gamingharbor toolbar\4.1.3.20290\icons\?A (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\DoubleD\gamingharbor toolbar\4.1.3.20290\Skins (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\sameček\local settings\application data\doubled\gamingharbor toolbar\4.1.3.20290\skins\?A (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\DoubleD\gamingharbor toolbar\4.1.3.20290\Cache (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\sameček\local settings\application data\doubled\gamingharbor toolbar\4.1.3.20290\cache\?A (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sameček\Local Settings\Application Data\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sameček\Local Settings\Application Data\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850 (Adware.DoubleD) -> Quarantined and deleted successfully.
Infikované soubory:
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090719-075639.687.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090719-075711.218.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090719-125740.078.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090719-132414.750.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090719-132430.062.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090719-132431.218.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090719-230943.859.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090720-195536.187.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090720-195600.734.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090720-200149.265.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090720-201828.343.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090721-153332.328.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090721-202842.203.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090721-211412.187.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090722-154427.187.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090722-162030.625.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090722-162109.734.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090722-233346.612.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-095544.437.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-100632.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-200118.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-202424.234.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-202435.343.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-202437.750.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-205326.453.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090724-131229.093.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090724-134004.968.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090724-153939.437.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090724-172342.984.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090724-181228.312.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090725-113239.140.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090725-141526.968.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090725-141626.031.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090725-141635.156.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090725-141738.078.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090725-142112.109.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090725-160948.031.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-145714.281.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-191032.109.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-201319.343.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-202713.609.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-204946.359.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-210408.406.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-210412.609.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-210555.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-210559.234.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-210652.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-210655.796.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-212507.453.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-214719.359.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-214723.593.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090727-090625.421.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090727-113208.140.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090727-113831.390.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090727-202356.343.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090727-210012.875.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090727-210017.093.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090727-210540.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\WINDOWS\youtubex.dll (Trojan.Agent) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.39
Verze databáze: 2513
Windows 5.1.2600 Service Pack 3
27.7.2009 21:57:29
mbam-log-2009-07-27 (21-57-29).txt
Typ skenu: Rychlý sken
Objektu skenováno: 104175
Uplynulý cas: 5 minute(s), 18 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 11
Infikované hodnoty registru: 2
Infikované položky dat registru: 0
Infikované složky: 16
Infikované soubory: 60
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7fc793e3-2599-4e31-9806-1e7bff68f894} (Trojan.Vundo) -> Quarantined and deleted successfully.
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
C:\Program Files\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sameček\Local Settings\Application Data\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\DoubleD\gamingharbor toolbar\4.1.3.20290 (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\DoubleD\gamingharbor toolbar\4.1.3.20290\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\sameček\local settings\application data\doubled\gamingharbor toolbar\4.1.3.20290\data\?A (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\sameček\local settings\application data\doubled\gamingharbor toolbar\4.1.3.20290\icons\?A (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\DoubleD\gamingharbor toolbar\4.1.3.20290\Skins (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\sameček\local settings\application data\doubled\gamingharbor toolbar\4.1.3.20290\skins\?A (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\DoubleD\gamingharbor toolbar\4.1.3.20290\Cache (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\sameček\local settings\application data\doubled\gamingharbor toolbar\4.1.3.20290\cache\?A (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sameček\Local Settings\Application Data\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sameček\Local Settings\Application Data\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850 (Adware.DoubleD) -> Quarantined and deleted successfully.
Infikované soubory:
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090719-075639.687.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090719-075711.218.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090719-125740.078.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090719-132414.750.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090719-132430.062.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090719-132431.218.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090719-230943.859.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090720-195536.187.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090720-195600.734.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090720-200149.265.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090720-201828.343.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090721-153332.328.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090721-202842.203.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090721-211412.187.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090722-154427.187.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090722-162030.625.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090722-162109.734.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090722-233346.612.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-095544.437.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-100632.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-200118.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-202424.234.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-202435.343.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-202437.750.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-205326.453.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090724-131229.093.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090724-134004.968.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090724-153939.437.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090724-172342.984.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090724-181228.312.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090725-113239.140.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090725-141526.968.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090725-141626.031.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090725-141635.156.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090725-141738.078.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090725-142112.109.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090725-160948.031.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-145714.281.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-191032.109.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-201319.343.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-202713.609.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-204946.359.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-210408.406.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-210412.609.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-210555.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-210559.234.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-210652.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-210655.796.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-212507.453.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-214719.359.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-214723.593.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090727-090625.421.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090727-113208.140.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090727-113831.390.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090727-202356.343.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090727-210012.875.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090727-210017.093.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Sameček\local settings\application data\media access startup\1.5.0.850\HJHP_20090727-210540.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\WINDOWS\youtubex.dll (Trojan.Agent) -> Quarantined and deleted successfully.
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Prosím o kontrolu logu
Fajn, ještě ComboFix
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
-
zajochanek
- nováček
- Příspěvky: 17
- Registrován: listopad 08
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
ComboFix 09-07-26.03 - Sameček 27.07.2009 22:00.2.1 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.1022.612 [GMT 2:00]
Spuštěný z: c:\documents and settings\Sameček\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\kb913800.exe
c:\windows\system32\Drivers\zmmw.sys
c:\windows\system32\uurwdbea.ini
D:\resycled
d:\resycled\boot.com
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_lxcok
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-27 do 2009-07-27 )))))))))))))))))))))))))))))))
.
2009-07-27 19:28 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-27 19:28 . 2009-07-27 19:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-27 19:28 . 2009-07-27 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-27 19:28 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-19 04:52 . 2009-07-19 04:52 -------- d-sh--w- C:\FOUND.017
2009-07-18 17:34 . 1994-09-21 00:00 12800 ----a-w- c:\windows\system\WING32.DLL
2009-07-18 17:32 . 2009-07-18 17:32 -------- d-----w- C:\hegames
2009-07-18 17:32 . 1994-09-21 00:00 12800 ----a-r- c:\windows\system32\wing32.dll
2009-07-17 12:00 . 2009-07-17 12:00 -------- d-----w- c:\program files\DOSBox-0.72
2009-06-28 10:20 . 2009-06-28 10:20 -------- d-----w- c:\program files\EA SPORTS
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-28 10:20 . 2008-12-20 14:04 480 ----a-w- c:\windows\eReg.dat
2009-06-26 11:03 . 2006-08-28 12:31 47480 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-19 22:30 . 2009-06-19 22:30 -------- d-----w- c:\program files\EurotelSMS
2009-06-16 14:36 . 2004-08-10 18:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-10 18:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 20:14 . 2009-06-15 20:14 -------- d-----w- c:\program files\QuickTime
2009-06-15 20:14 . 2009-06-15 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-15 20:12 . 2009-06-15 20:12 -------- d-----w- c:\program files\Apple Software Update
2009-06-15 20:12 . 2009-06-15 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-15 20:00 . 2009-06-15 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ConMet
2009-06-10 21:08 . 2009-06-10 21:08 -------- d-----w- c:\program files\Virgin Interactive
2009-06-09 22:33 . 2009-06-09 22:33 -------- d-----w- c:\program files\JoWooD
2009-06-03 19:09 . 2005-06-29 01:55 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:32 . 2004-08-10 18:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:46 . 2006-01-09 18:02 666624 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:46 . 2004-08-10 18:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-07-23 08:06 . 2008-10-17 03:34 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-12-03 19:07 . 2008-10-22 20:56 1004 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
2009-07-24 08:20 150768 ----a-w- c:\documents and settings\Sameček\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rapget"="d:\games and programs\RapGet\rapget.exe" [2008-06-03 171008]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-14 53248]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-06-22 602112]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 222208]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 421888]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 204800]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-27 16248320]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-15 2879488]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer Empowering Technology.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acer Empowering Technology.lnk
backup=c:\windows\pss\Acer Empowering Technology.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Steam\\steamapps\\zajda553\\counter-strike\\hl.exe"=
"d:\\Games and Programs\\Warcraft III\\euroloader.exe"=
"d:\\Games and Programs\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Games and Programs\\Warcraft III\\Warcraft III.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymedia.exe"=
"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymediaserver.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Metin2_TESTER\\metin2.bin"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Mobiola Web Camera for S60\\webcam.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:W3 Hoster
"6112:UDP"= 6112:UDP:W3 Hoster
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [7.12.2008 23:28 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7.12.2008 23:28 20560]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\eLock2BurnerLockDriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\eLock2FSCTLDriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]
S2 gupdate1c9b86054da129e;Google Update Service (gupdate1c9b86054da129e);c:\program files\Google\Update\GoogleUpdate.exe [8.4.2009 17:40 133104]
S2 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]
S3 msvad_simple;SoliCall;c:\windows\system32\drivers\solicall.sys [10.6.2006 15:19 205312]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [15.2.2009 22:43 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [15.2.2009 22:43 8320]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [15.2.2009 23:37 32377]
.
Obsah adresáře 'Naplánované úlohy'
2009-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 15:40]
2009-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 15:40]
.
.
------- Doplňkový sken -------
.
uStart Page = start.qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://cs.intl.acer.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://images.rapidshare.com/software/r ... pplication
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Sameček\Application Data\Mozilla\Firefox\Profiles\3vo7155e.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff30\gears.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-27 22:09
Windows 5.1.2600 Service Pack 3 FAT NTAPI
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(4032)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\PC Connectivity Solution\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\acer\Empowering Technology\ePower\SysHook.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
c:\program files\GOOGLE\UPDATE\1.2.183.7\GOOGLECRASHHANDLER.EXE
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\acer\EMPOWERING TECHNOLOGY\EPERFORMANCE\MEMCHECK.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\IVT CORPORATION\BLUESOLEIL\BTNTSERVICE.EXE
c:\program files\BONJOUR\MDNSRESPONDER.EXE
c:\windows\EHOME\EHRECVR.EXE
c:\windows\EHOME\EHSCHED.EXE
c:\program files\JAVA\JRE6\BIN\JQS.EXE
c:\program files\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXE
c:\program files\NERO\NERO8\NERO BACKITUP\NBSERVICE.EXE
c:\windows\SYSTEM32\IOCTLSVC.EXE
c:\windows\EHOME\MCRDSVC.EXE
c:\windows\SYSTEM32\WBEM\UNSECAPP.EXE
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Nokia\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-07-27 22:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-07-27 20:12
Před spuštěním: 26 981 433 344 bytes free
Po spuštění: Volných bajtů: 26 841 448 448
222 --- E O F --- 2009-07-15 13:18
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.1022.612 [GMT 2:00]
Spuštěný z: c:\documents and settings\Sameček\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\kb913800.exe
c:\windows\system32\Drivers\zmmw.sys
c:\windows\system32\uurwdbea.ini
D:\resycled
d:\resycled\boot.com
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_lxcok
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-27 do 2009-07-27 )))))))))))))))))))))))))))))))
.
2009-07-27 19:28 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-27 19:28 . 2009-07-27 19:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-27 19:28 . 2009-07-27 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-27 19:28 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-19 04:52 . 2009-07-19 04:52 -------- d-sh--w- C:\FOUND.017
2009-07-18 17:34 . 1994-09-21 00:00 12800 ----a-w- c:\windows\system\WING32.DLL
2009-07-18 17:32 . 2009-07-18 17:32 -------- d-----w- C:\hegames
2009-07-18 17:32 . 1994-09-21 00:00 12800 ----a-r- c:\windows\system32\wing32.dll
2009-07-17 12:00 . 2009-07-17 12:00 -------- d-----w- c:\program files\DOSBox-0.72
2009-06-28 10:20 . 2009-06-28 10:20 -------- d-----w- c:\program files\EA SPORTS
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-28 10:20 . 2008-12-20 14:04 480 ----a-w- c:\windows\eReg.dat
2009-06-26 11:03 . 2006-08-28 12:31 47480 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-19 22:30 . 2009-06-19 22:30 -------- d-----w- c:\program files\EurotelSMS
2009-06-16 14:36 . 2004-08-10 18:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-10 18:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 20:14 . 2009-06-15 20:14 -------- d-----w- c:\program files\QuickTime
2009-06-15 20:14 . 2009-06-15 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-15 20:12 . 2009-06-15 20:12 -------- d-----w- c:\program files\Apple Software Update
2009-06-15 20:12 . 2009-06-15 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-15 20:00 . 2009-06-15 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ConMet
2009-06-10 21:08 . 2009-06-10 21:08 -------- d-----w- c:\program files\Virgin Interactive
2009-06-09 22:33 . 2009-06-09 22:33 -------- d-----w- c:\program files\JoWooD
2009-06-03 19:09 . 2005-06-29 01:55 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:32 . 2004-08-10 18:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:46 . 2006-01-09 18:02 666624 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:46 . 2004-08-10 18:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-07-23 08:06 . 2008-10-17 03:34 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-12-03 19:07 . 2008-10-22 20:56 1004 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
2009-07-24 08:20 150768 ----a-w- c:\documents and settings\Sameček\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rapget"="d:\games and programs\RapGet\rapget.exe" [2008-06-03 171008]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-14 53248]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-06-22 602112]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 222208]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 421888]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 204800]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-27 16248320]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-15 2879488]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer Empowering Technology.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acer Empowering Technology.lnk
backup=c:\windows\pss\Acer Empowering Technology.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Steam\\steamapps\\zajda553\\counter-strike\\hl.exe"=
"d:\\Games and Programs\\Warcraft III\\euroloader.exe"=
"d:\\Games and Programs\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Games and Programs\\Warcraft III\\Warcraft III.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymedia.exe"=
"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymediaserver.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Metin2_TESTER\\metin2.bin"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Mobiola Web Camera for S60\\webcam.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:W3 Hoster
"6112:UDP"= 6112:UDP:W3 Hoster
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [7.12.2008 23:28 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7.12.2008 23:28 20560]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\eLock2BurnerLockDriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\eLock2FSCTLDriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]
S2 gupdate1c9b86054da129e;Google Update Service (gupdate1c9b86054da129e);c:\program files\Google\Update\GoogleUpdate.exe [8.4.2009 17:40 133104]
S2 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]
S3 msvad_simple;SoliCall;c:\windows\system32\drivers\solicall.sys [10.6.2006 15:19 205312]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [15.2.2009 22:43 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [15.2.2009 22:43 8320]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [15.2.2009 23:37 32377]
.
Obsah adresáře 'Naplánované úlohy'
2009-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 15:40]
2009-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 15:40]
.
.
------- Doplňkový sken -------
.
uStart Page = start.qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://cs.intl.acer.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://images.rapidshare.com/software/r ... pplication
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Sameček\Application Data\Mozilla\Firefox\Profiles\3vo7155e.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff30\gears.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-27 22:09
Windows 5.1.2600 Service Pack 3 FAT NTAPI
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(4032)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\PC Connectivity Solution\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\acer\Empowering Technology\ePower\SysHook.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
c:\program files\GOOGLE\UPDATE\1.2.183.7\GOOGLECRASHHANDLER.EXE
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\acer\EMPOWERING TECHNOLOGY\EPERFORMANCE\MEMCHECK.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\IVT CORPORATION\BLUESOLEIL\BTNTSERVICE.EXE
c:\program files\BONJOUR\MDNSRESPONDER.EXE
c:\windows\EHOME\EHRECVR.EXE
c:\windows\EHOME\EHSCHED.EXE
c:\program files\JAVA\JRE6\BIN\JQS.EXE
c:\program files\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXE
c:\program files\NERO\NERO8\NERO BACKITUP\NBSERVICE.EXE
c:\windows\SYSTEM32\IOCTLSVC.EXE
c:\windows\EHOME\MCRDSVC.EXE
c:\windows\SYSTEM32\WBEM\UNSECAPP.EXE
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Nokia\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-07-27 22:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-07-27 20:12
Před spuštěním: 26 981 433 344 bytes free
Po spuštění: Volných bajtů: 26 841 448 448
222 --- E O F --- 2009-07-15 13:18
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Prosím o kontrolu logu
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:
File::
C:\FOUND.017
c:\windows\system32\eLock2BurnerLockDriver.sys
c:\windows\system32\eLock2FSCTLDriver.sys
Folder::
C:\FOUND.017
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
Driver::
eLock2BurnerLockDriver;eLock2BurnerLockDriver
eLock2BurnerLockDriver
eLock2FSCTLDriver;eLock2FSCTLDriver
eLock2FSCTLDriver
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače
Zkopíruj do něj následující celý text označený zeleně:
File::
C:\FOUND.017
c:\windows\system32\eLock2BurnerLockDriver.sys
c:\windows\system32\eLock2FSCTLDriver.sys
Folder::
C:\FOUND.017
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
Driver::
eLock2BurnerLockDriver;eLock2BurnerLockDriver
eLock2BurnerLockDriver
eLock2FSCTLDriver;eLock2FSCTLDriver
eLock2FSCTLDriver
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
-
zajochanek
- nováček
- Příspěvky: 17
- Registrován: listopad 08
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
ComboFix 09-07-26.03 - Sameček 27.07.2009 22:33.3.1 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.1022.568 [GMT 2:00]
Spuštěný z: c:\documents and settings\Sameček\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Sameček\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090727-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"C:\FOUND.017"
"c:\windows\system32\eLock2BurnerLockDriver.sys"
"c:\windows\system32\eLock2FSCTLDriver.sys"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\FOUND.017
c:\found.017\FILE0000.CHK
c:\found.017\FILE0001.CHK
c:\found.017\FILE0002.CHK
c:\found.017\FILE0003.CHK
c:\found.017\FILE0004.CHK
c:\found.017\FILE0005.CHK
c:\found.017\FILE0006.CHK
c:\found.017\FILE0007.CHK
c:\found.017\FILE0008.CHK
c:\found.017\FILE0009.CHK
c:\found.017\FILE0010.CHK
c:\found.017\FILE0011.CHK
c:\found.017\FILE0012.CHK
c:\found.017\FILE0013.CHK
c:\found.017\FILE0014.CHK
c:\found.017\FILE0015.CHK
c:\found.017\FILE0016.CHK
c:\found.017\FILE0017.CHK
c:\found.017\FILE0018.CHK
c:\found.017\FILE0019.CHK
c:\found.017\FILE0020.CHK
c:\found.017\FILE0021.CHK
c:\found.017\FILE0022.CHK
c:\found.017\FILE0023.CHK
c:\found.017\FILE0024.CHK
c:\found.017\FILE0025.CHK
c:\found.017\FILE0026.CHK
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ELOCK2BURNERLOCKDRIVER
-------\Legacy_ELOCK2FSCTLDRIVER
-------\Service_eLock2BurnerLockDriver
-------\Service_eLock2FSCTLDriver
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-27 do 2009-07-27 )))))))))))))))))))))))))))))))
.
2009-07-27 19:28 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-27 19:28 . 2009-07-27 19:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-27 19:28 . 2009-07-27 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-27 19:28 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-18 17:34 . 1994-09-21 00:00 12800 ----a-w- c:\windows\system\WING32.DLL
2009-07-18 17:32 . 2009-07-18 17:32 -------- d-----w- C:\hegames
2009-07-18 17:32 . 1994-09-21 00:00 12800 ----a-r- c:\windows\system32\wing32.dll
2009-07-17 12:00 . 2009-07-17 12:00 -------- d-----w- c:\program files\DOSBox-0.72
2009-06-28 10:20 . 2009-06-28 10:20 -------- d-----w- c:\program files\EA SPORTS
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-28 10:20 . 2008-12-20 14:04 480 ----a-w- c:\windows\eReg.dat
2009-06-26 11:03 . 2006-08-28 12:31 47480 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-19 22:30 . 2009-06-19 22:30 -------- d-----w- c:\program files\EurotelSMS
2009-06-16 14:36 . 2004-08-10 18:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-10 18:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 20:14 . 2009-06-15 20:14 -------- d-----w- c:\program files\QuickTime
2009-06-15 20:14 . 2009-06-15 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-15 20:12 . 2009-06-15 20:12 -------- d-----w- c:\program files\Apple Software Update
2009-06-15 20:12 . 2009-06-15 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-15 20:00 . 2009-06-15 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ConMet
2009-06-10 21:08 . 2009-06-10 21:08 -------- d-----w- c:\program files\Virgin Interactive
2009-06-09 22:33 . 2009-06-09 22:33 -------- d-----w- c:\program files\JoWooD
2009-06-03 19:09 . 2005-06-29 01:55 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:32 . 2004-08-10 18:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:46 . 2006-01-09 18:02 666624 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:46 . 2004-08-10 18:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-07-23 08:06 . 2008-10-17 03:34 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-12-03 19:07 . 2008-10-22 20:56 1004 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-07-27_20.09.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-27 20:39 . 2009-07-27 20:40 16384 c:\windows\Temp\Perflib_Perfdata_bd0.dat
- 2009-07-27 18:55 . 2009-07-27 18:55 16384 c:\windows\Temp\Perflib_Perfdata_bd0.dat
+ 2009-07-27 20:39 . 2009-07-27 20:39 16384 c:\windows\Temp\Perflib_Perfdata_754.dat
+ 2009-07-27 20:39 . 2009-07-27 20:39 16384 c:\windows\Temp\Perflib_Perfdata_704.dat
+ 2009-07-27 20:39 . 2009-07-27 20:39 16384 c:\windows\Temp\Perflib_Perfdata_498.dat
+ 2009-07-27 20:40 . 2009-07-27 20:40 1536 c:\windows\Temp\NEventMessages.dll
- 2009-07-27 20:08 . 2009-07-27 20:08 1536 c:\windows\Temp\NEventMessages.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
2009-07-24 08:20 150768 ----a-w- c:\documents and settings\Sameček\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-14 53248]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-06-22 602112]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 222208]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 421888]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 204800]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-27 16248320]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-15 2879488]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer Empowering Technology.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acer Empowering Technology.lnk
backup=c:\windows\pss\Acer Empowering Technology.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Steam\\steamapps\\zajda553\\counter-strike\\hl.exe"=
"d:\\Games and Programs\\Warcraft III\\euroloader.exe"=
"d:\\Games and Programs\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Games and Programs\\Warcraft III\\Warcraft III.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymedia.exe"=
"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymediaserver.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Mobiola Web Camera for S60\\webcam.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:W3 Hoster
"6112:UDP"= 6112:UDP:W3 Hoster
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [7.12.2008 23:28 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7.12.2008 23:28 20560]
S2 gupdate1c9b86054da129e;Google Update Service (gupdate1c9b86054da129e);c:\program files\Google\Update\GoogleUpdate.exe [8.4.2009 17:40 133104]
S2 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]
S3 msvad_simple;SoliCall;c:\windows\system32\drivers\solicall.sys [10.6.2006 15:19 205312]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [15.2.2009 22:43 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [15.2.2009 22:43 8320]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [15.2.2009 23:37 32377]
.
Obsah adresáře 'Naplánované úlohy'
2009-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 15:40]
2009-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 15:40]
.
.
------- Doplňkový sken -------
.
uStart Page = start.qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://cs.intl.acer.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://images.rapidshare.com/software/r ... pplication
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Sameček\Application Data\Mozilla\Firefox\Profiles\3vo7155e.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff30\gears.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-27 22:40
Windows 5.1.2600 Service Pack 3 FAT NTAPI
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1544)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\PC Connectivity Solution\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
c:\program files\GOOGLE\UPDATE\1.2.183.7\GOOGLECRASHHANDLER.EXE
c:\acer\EMPOWERING TECHNOLOGY\EPERFORMANCE\MEMCHECK.EXE
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\program files\IVT CORPORATION\BLUESOLEIL\BTNTSERVICE.EXE
c:\program files\BONJOUR\MDNSRESPONDER.EXE
c:\windows\EHOME\EHRECVR.EXE
c:\windows\eHome\ehmsas.exe
c:\windows\EHOME\EHSCHED.EXE
c:\program files\JAVA\JRE6\BIN\JQS.EXE
c:\program files\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXE
c:\program files\NERO\NERO8\NERO BACKITUP\NBSERVICE.EXE
c:\windows\SYSTEM32\IOCTLSVC.EXE
c:\windows\EHOME\MCRDSVC.EXE
c:\windows\SYSTEM32\WBEM\UNSECAPP.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Nokia\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\program files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
.
**************************************************************************
.
Celkový čas: 2009-07-27 22:44 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-07-27 20:43
ComboFix2.txt 2009-07-27 20:12
Před spuštěním: 27 570 176 000 bytes free
Po spuštění: Volných bajtů: 27 526 004 736
251 --- E O F --- 2009-07-15 13:18
EDIT// Zatím mi nevyskočila ani jedna reklama.. :-)
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.1022.568 [GMT 2:00]
Spuštěný z: c:\documents and settings\Sameček\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Sameček\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090727-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"C:\FOUND.017"
"c:\windows\system32\eLock2BurnerLockDriver.sys"
"c:\windows\system32\eLock2FSCTLDriver.sys"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\FOUND.017
c:\found.017\FILE0000.CHK
c:\found.017\FILE0001.CHK
c:\found.017\FILE0002.CHK
c:\found.017\FILE0003.CHK
c:\found.017\FILE0004.CHK
c:\found.017\FILE0005.CHK
c:\found.017\FILE0006.CHK
c:\found.017\FILE0007.CHK
c:\found.017\FILE0008.CHK
c:\found.017\FILE0009.CHK
c:\found.017\FILE0010.CHK
c:\found.017\FILE0011.CHK
c:\found.017\FILE0012.CHK
c:\found.017\FILE0013.CHK
c:\found.017\FILE0014.CHK
c:\found.017\FILE0015.CHK
c:\found.017\FILE0016.CHK
c:\found.017\FILE0017.CHK
c:\found.017\FILE0018.CHK
c:\found.017\FILE0019.CHK
c:\found.017\FILE0020.CHK
c:\found.017\FILE0021.CHK
c:\found.017\FILE0022.CHK
c:\found.017\FILE0023.CHK
c:\found.017\FILE0024.CHK
c:\found.017\FILE0025.CHK
c:\found.017\FILE0026.CHK
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ELOCK2BURNERLOCKDRIVER
-------\Legacy_ELOCK2FSCTLDRIVER
-------\Service_eLock2BurnerLockDriver
-------\Service_eLock2FSCTLDriver
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-27 do 2009-07-27 )))))))))))))))))))))))))))))))
.
2009-07-27 19:28 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-27 19:28 . 2009-07-27 19:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-27 19:28 . 2009-07-27 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-27 19:28 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-18 17:34 . 1994-09-21 00:00 12800 ----a-w- c:\windows\system\WING32.DLL
2009-07-18 17:32 . 2009-07-18 17:32 -------- d-----w- C:\hegames
2009-07-18 17:32 . 1994-09-21 00:00 12800 ----a-r- c:\windows\system32\wing32.dll
2009-07-17 12:00 . 2009-07-17 12:00 -------- d-----w- c:\program files\DOSBox-0.72
2009-06-28 10:20 . 2009-06-28 10:20 -------- d-----w- c:\program files\EA SPORTS
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-28 10:20 . 2008-12-20 14:04 480 ----a-w- c:\windows\eReg.dat
2009-06-26 11:03 . 2006-08-28 12:31 47480 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-19 22:30 . 2009-06-19 22:30 -------- d-----w- c:\program files\EurotelSMS
2009-06-16 14:36 . 2004-08-10 18:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-10 18:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 20:14 . 2009-06-15 20:14 -------- d-----w- c:\program files\QuickTime
2009-06-15 20:14 . 2009-06-15 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-15 20:12 . 2009-06-15 20:12 -------- d-----w- c:\program files\Apple Software Update
2009-06-15 20:12 . 2009-06-15 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-15 20:00 . 2009-06-15 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ConMet
2009-06-10 21:08 . 2009-06-10 21:08 -------- d-----w- c:\program files\Virgin Interactive
2009-06-09 22:33 . 2009-06-09 22:33 -------- d-----w- c:\program files\JoWooD
2009-06-03 19:09 . 2005-06-29 01:55 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:32 . 2004-08-10 18:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:46 . 2006-01-09 18:02 666624 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:46 . 2004-08-10 18:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-07-23 08:06 . 2008-10-17 03:34 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-12-03 19:07 . 2008-10-22 20:56 1004 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-07-27_20.09.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-27 20:39 . 2009-07-27 20:40 16384 c:\windows\Temp\Perflib_Perfdata_bd0.dat
- 2009-07-27 18:55 . 2009-07-27 18:55 16384 c:\windows\Temp\Perflib_Perfdata_bd0.dat
+ 2009-07-27 20:39 . 2009-07-27 20:39 16384 c:\windows\Temp\Perflib_Perfdata_754.dat
+ 2009-07-27 20:39 . 2009-07-27 20:39 16384 c:\windows\Temp\Perflib_Perfdata_704.dat
+ 2009-07-27 20:39 . 2009-07-27 20:39 16384 c:\windows\Temp\Perflib_Perfdata_498.dat
+ 2009-07-27 20:40 . 2009-07-27 20:40 1536 c:\windows\Temp\NEventMessages.dll
- 2009-07-27 20:08 . 2009-07-27 20:08 1536 c:\windows\Temp\NEventMessages.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
2009-07-24 08:20 150768 ----a-w- c:\documents and settings\Sameček\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-14 53248]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-06-22 602112]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 222208]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 421888]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 204800]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-27 16248320]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-15 2879488]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer Empowering Technology.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acer Empowering Technology.lnk
backup=c:\windows\pss\Acer Empowering Technology.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Steam\\steamapps\\zajda553\\counter-strike\\hl.exe"=
"d:\\Games and Programs\\Warcraft III\\euroloader.exe"=
"d:\\Games and Programs\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Games and Programs\\Warcraft III\\Warcraft III.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymedia.exe"=
"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymediaserver.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Mobiola Web Camera for S60\\webcam.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:W3 Hoster
"6112:UDP"= 6112:UDP:W3 Hoster
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [7.12.2008 23:28 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7.12.2008 23:28 20560]
S2 gupdate1c9b86054da129e;Google Update Service (gupdate1c9b86054da129e);c:\program files\Google\Update\GoogleUpdate.exe [8.4.2009 17:40 133104]
S2 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]
S3 msvad_simple;SoliCall;c:\windows\system32\drivers\solicall.sys [10.6.2006 15:19 205312]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [15.2.2009 22:43 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [15.2.2009 22:43 8320]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [15.2.2009 23:37 32377]
.
Obsah adresáře 'Naplánované úlohy'
2009-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 15:40]
2009-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 15:40]
.
.
------- Doplňkový sken -------
.
uStart Page = start.qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://cs.intl.acer.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://images.rapidshare.com/software/r ... pplication
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Sameček\Application Data\Mozilla\Firefox\Profiles\3vo7155e.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff30\gears.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-27 22:40
Windows 5.1.2600 Service Pack 3 FAT NTAPI
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1544)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\PC Connectivity Solution\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
c:\program files\GOOGLE\UPDATE\1.2.183.7\GOOGLECRASHHANDLER.EXE
c:\acer\EMPOWERING TECHNOLOGY\EPERFORMANCE\MEMCHECK.EXE
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\program files\IVT CORPORATION\BLUESOLEIL\BTNTSERVICE.EXE
c:\program files\BONJOUR\MDNSRESPONDER.EXE
c:\windows\EHOME\EHRECVR.EXE
c:\windows\eHome\ehmsas.exe
c:\windows\EHOME\EHSCHED.EXE
c:\program files\JAVA\JRE6\BIN\JQS.EXE
c:\program files\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXE
c:\program files\NERO\NERO8\NERO BACKITUP\NBSERVICE.EXE
c:\windows\SYSTEM32\IOCTLSVC.EXE
c:\windows\EHOME\MCRDSVC.EXE
c:\windows\SYSTEM32\WBEM\UNSECAPP.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Nokia\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\program files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
.
**************************************************************************
.
Celkový čas: 2009-07-27 22:44 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-07-27 20:43
ComboFix2.txt 2009-07-27 20:12
Před spuštěním: 27 570 176 000 bytes free
Po spuštění: Volných bajtů: 27 526 004 736
251 --- E O F --- 2009-07-15 13:18
EDIT// Zatím mi nevyskočila ani jedna reklama.. :-)
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Prosím o kontrolu logu
Ještě mi sem dej log z HJT.
Odinstaluj ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
Odinstaluj ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 115 hostů