HijackThis utilita + LOGY k posouzeni

Axident · Příspěvek od **Axident** » sob 2. úno 2008, 00:31

updatnuto a tohle je vysledek, dolni okno:

Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "mediaadvantage Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: No Action Taken.
Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: No Action Taken.
Object "remacc.multiwebsurv Generic Malware" found in File System! Action Taken: No Action Taken.
Entry "HKCR\Access.ShortCut.3" refers to invalid object "{AFB191E7-99F6-745E-C153-0B1F3B8C1504}". Action Taken: No Action Taken.
Entry "HKCR\Adobe.Illustrator.dwg" refers to invalid object "{C0ED15F0-61BB-11d3-B6CA-00C04F6A0D06}". Action Taken: No Action Taken.
Entry "HKCR\Adobe.Illustrator.dxf" refers to invalid object "{C0ED15F0-61BB-11d3-B6CA-00C04F6A0D06}". Action Taken: No Action Taken.
Entry "HKCR\Adobe.Illustrator.pict" refers to invalid object "{C0ED15F0-61BB-11d3-B6CA-00C04F6A0D06}". Action Taken: No Action Taken.
Entry "HKCR\COMCTL.HpodLogger" refers to invalid object "{15163F7F-BA8B-CE2C-5320-5D4B47B5B633}". Action Taken: No Action Taken.
Entry "HKCR\HpqUtil.ppDSView.2" refers to invalid object "{10D2A2D4-62A9-77B1-DDE9-B23A69CFD7AB}". Action Taken: No Action Taken.
Entry "HKCR\ImageReady.Application.1" refers to invalid object "{52F2F130-2BC5-11D2-8FB7-000000000000}". Action Taken: No Action Taken.
Entry "HKCR\KMPlayer.kpl" refers to invalid object "{9EB4C4CB-74C2-4BE9-AA5D-8249F16020AD}". Action Taken: No Action Taken.
Entry "HKCR\KMPlayer.ksf" refers to invalid object "{9EB4C4CB-74C2-4BE9-AA5D-8249F16020AD}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\Microsoft.Files.2" refers to invalid object "{DCF638DE-4AC0-4607-4947-57C92214C294}". Action Taken: No Action Taken.
Entry "HKCR\MSDASC.SCDVDMedia" refers to invalid object "{4E85D421-1DF0-4A9F-FDC8-CDF8499F1AAB}". Action Taken: No Action Taken.
Entry "HKCR\SPort.SPortAx" refers to invalid object "{BAF2361D-5CCA-49AE-9BFB-6BF65FD28C4C}". Action Taken: No Action Taken.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "c:\viavoice\vocabs\langs\en_uk\default.ini". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\msvcr71d.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Kerio\Personal Firewall 4\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Kerio\Personal Firewall 4\License\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Kerio\Personal Firewall 4\Trans\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Kerio\Personal Firewall 4\Config\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Z_temp\SqlSetup\Temp\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Z_temp\SqlSetup\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "F:\Program Files (F)\Photoshop CS3\Adobe Bridge CS3\browser\defaults\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "F:\Program Files (F)\Photoshop CS3\Adobe Device Central CS3\Required\Opera\defaults\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "F:\Program Files (F)\Photoshop CS3\Adobe Stock Photos CS3\Template\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "F:\Program Files (F)\Photoshop CS3\Adobe Stock Photos CS3\Template\images\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "F:\Program Files (F)\Photoshop CS3\Adobe Stock Photos CS3\Template\images\FirstRun\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "F:\Program Files (F)\Photoshop CS3\Adobe Stock Photos CS3\Template\images\ImgDetail\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "F:\Program Files (F)\Photoshop CS3\Adobe Stock Photos CS3\Template\images\NavBar\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "F:\Program Files (F)\Photoshop CS3\Adobe Stock Photos CS3\Template\images\print\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "F:\Program Files (F)\Photoshop CS3\Adobe Stock Photos CS3\Template\images\ShopCart\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "F:\Program Files (F)\Photoshop CS3\Adobe Stock Photos CS3\Template\stylesheets\". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".%29(28905)23-25". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".%29(28905)23-25-6s". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".(original)". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".06". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".06)". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".07". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".07)". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".1". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".1994". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".2". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".2006". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".6". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".9". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".97". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".976)". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".9spojene". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".acr". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ar". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".b3d". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".BWA". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".BWI". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cam". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".CGP". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".CME". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".COF". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".CSA". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".CurXPTheme". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dbd". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dcm". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".di7". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dmg". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ecw". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".elsewhere". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".exi". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".fsh". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".g3". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ids". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".idx". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".imy". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".iw44". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jad". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jpf". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jpm". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".kdc". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ldf". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lng". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".logonxp". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lwf". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mez". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".MLS". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mms". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mpga". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mvc". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".neznámý". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ngg". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".nlm". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".nol". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".org)". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ovl". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pdi". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pem". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".prc". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rgp". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rgs". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sff". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sfw". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sid". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sis". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".srt". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ssa". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ssm". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sub". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sun". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sup". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tbs". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".torrent--url". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".VIV". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".wcz". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".xbin". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".XQT". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".xxx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "BSPlayer1". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "BSPlayerp". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "DreamAqua". Action Taken: No Action Taken.

(Ten Combo jsem zatim ale neudelal, cekam na odpoved

)

BUBINO · Příspěvek od **BUBINO** » sob 2. úno 2008, 00:39

Log je v poriadku. Predrhni pocitac niekolko krat s ccleanerom:
http://www.viry.cz/forum/viewtopic.php?t=7478

Este ten combofix.

Axident · Příspěvek od **Axident** » sob 2. úno 2008, 05:24

Tady to je (udelal jsem, cos poradil):

ComboFix 08-02.01.6 - R 2008-02-02 5:05:12.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.633 [GMT 1:00]
Running from: C:\Documents and Settings\R\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\R\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\_dele.bat
C:\WINDOWS\system32\abcbb0_r.dll
C:\WINDOWS\system32\drivers\csrss.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\_dele.bat
C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\abcbb0_r.dll
C:\WINDOWS\system32\drivers\csrss.exe
C:\WINDOWS\system32\taskmgr.com

----- BITS: Possible infected sites -----

hxxp://au.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Created from 2008-01-02 to 2008-02-02 )))))))))))))))))))))))))))))))
.

2008-02-02 01:28 . 2007-03-18 20:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-02-02 01:27 . 2004-05-04 11:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-02-01 01:51 . 2007-03-02 20:55 9,893,888 --a------ C:\WINDOWS\system32\Koi Fish 3D Screensaver.exe
2008-02-01 01:51 . 2007-03-02 20:55 771,072 --a------ C:\WINDOWS\system32\Koi_Fish_3D_Screensaver.scr
2008-02-01 01:51 . 2007-02-27 00:35 7,552 --a------ C:\WINDOWS\Koi Fish 3D Screensaver.html
2008-02-01 01:50 . 2008-02-01 01:51 <DIR> d-------- C:\Program Files\MSTpscre
2008-01-31 20:00 . 2008-02-01 02:07 <DIR> d-------- C:\WINDOWS\system32\Open Season Characters dir
2008-01-21 13:47 . 2008-02-02 05:15 <DIR> d-------- C:\Z_temp
2008-01-20 13:28 . 2008-01-21 10:03 1,752 --a------ C:\Documents and Settings\R\clean.reg
2008-01-20 13:14 . 2008-01-20 13:15 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-15 01:38 . 2008-01-15 01:38 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-01-09 17:54 . 2008-01-09 17:54 <DIR> d-------- C:\Program Files\spectaculator.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-02 04:14 161,726 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-02-02 00:27 --------- d-----w C:\Program Files\VSO
2008-02-01 23:32 --------- d-----w C:\Program Files\Trillian
2008-02-01 05:47 --------- d-----w C:\Program Files\CureROM
2008-01-28 15:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-27 05:50 --------- d-----w C:\Program Files\Spyware Doctor
2008-01-20 06:56 --------- d-----w C:\Program Files\Alcohol Soft
2008-01-19 08:49 --------- d-----w C:\Program Files\FisherPriceToyland
2008-01-15 21:42 --------- d-----w C:\Program Files\Pinnacle
2008-01-13 14:48 --------- d-----w C:\Program Files\Hello Kitty Dream Carnival
2008-01-08 03:51 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-01-05 07:30 --------- d-----w C:\Program Files\Total Video Converter
2008-01-02 23:30 --------- d-----w C:\Program Files\Všeználek to ví
2008-01-02 23:19 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-28 17:58 --------- d-----w C:\Program Files\eRightSoft
2007-12-28 05:09 --------- d-----w C:\Program Files\Azureus
2007-12-27 16:53 --------- d-----w C:\Program Files\Google
2007-12-27 11:24 163,712 ----a-w C:\WINDOWS\system32\drivers\vidstub.sys
2007-12-24 06:57 --------- d-----w C:\Program Files\Common Files\ACD Systems
2007-12-15 08:07 --------- d-----w C:\Program Files\IDOS
2007-12-13 00:19 --------- d-----w C:\Program Files\Security Task Manager
2007-12-12 03:48 --------- d-----w C:\Program Files\Ashampoo
2007-12-09 11:09 --------- d-----w C:\Program Files\Jigsaws
2007-12-09 07:08 --------- d-----w C:\Program Files\Supercow
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-12-02 00:22 --------- d-----w C:\Program Files\OO Software
2007-11-22 10:30 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-07 09:29 720,896 ------w C:\WINDOWS\system32\lsasrv.dll
2006-09-28 15:22 91,265 ----a-w C:\Program Files\OCT2006_xinput_x64.cab
2006-09-28 15:22 49,149 ----a-w C:\Program Files\OCT2006_xinput_x86.cab
2006-09-28 15:21 41,996 ----a-w C:\Program Files\dxdllreg_x86.cab
2006-09-28 15:21 183,321 ----a-w C:\Program Files\OCT2006_XACT_x64.cab
2006-09-28 15:21 138,977 ----a-w C:\Program Files\OCT2006_XACT_x86.cab
2006-09-28 15:21 1,413,862 ----a-w C:\Program Files\OCT2006_d3dx9_31_x64.cab
2006-09-28 15:21 1,128,177 ----a-w C:\Program Files\OCT2006_d3dx9_31_x86.cab
2006-09-28 14:55 976,020 ------w C:\Program Files\BDAXP.cab
2006-09-28 14:55 917,318 ------w C:\Program Files\Apr2006_MDX1_x86.cab
2006-09-28 14:55 88,102 ------w C:\Program Files\AUG2006_xinput_x64.cab
2006-09-28 14:55 87,989 ------w C:\Program Files\Apr2006_xinput_x64.cab
2006-09-28 14:55 86,925 ------w C:\Program Files\Oct2005_xinput_x64.cab
2006-09-28 14:55 82,374 ----a-w C:\Program Files\dxupdate.cab
2006-09-28 14:55 74,520 ----a-w C:\Program Files\DSETUP.dll
2006-09-28 14:55 703,080 ------w C:\Program Files\BDA.cab
2006-09-28 14:55 484,632 ----a-w C:\Program Files\DXSETUP.exe
2006-09-28 14:55 47,018 ------w C:\Program Files\AUG2006_xinput_x86.cab
2006-09-28 14:55 46,898 ------w C:\Program Files\Apr2006_xinput_x86.cab
2006-09-28 14:55 46,247 ------w C:\Program Files\Oct2005_xinput_x86.cab
2006-09-28 14:55 4,163,518 ------w C:\Program Files\Apr2006_MDX1_x86_Archive.cab
2006-09-28 14:55 2,248,984 ----a-w C:\Program Files\dsetup32.dll
2006-09-28 14:55 183,863 ------w C:\Program Files\AUG2006_XACT_x64.cab
2006-09-28 14:55 181,745 ------w C:\Program Files\JUN2006_XACT_x64.cab
2006-09-28 14:55 180,021 ------w C:\Program Files\Apr2006_XACT_x64.cab
2006-09-28 14:55 179,247 ------w C:\Program Files\Feb2006_XACT_x64.cab
2006-09-28 14:55 15,493,481 ------w C:\Program Files\DirectX.cab
2006-09-28 14:55 138,195 ------w C:\Program Files\AUG2006_XACT_x86.cab
2006-09-28 14:55 134,631 ------w C:\Program Files\JUN2006_XACT_x86.cab
2006-09-28 14:55 133,991 ------w C:\Program Files\Apr2006_XACT_x86.cab
2006-09-28 14:55 133,297 ------w C:\Program Files\Feb2006_XACT_x86.cab
2006-09-28 14:55 13,265,040 ------w C:\Program Files\dxnt.cab
2006-09-28 14:55 1,398,718 ------w C:\Program Files\Apr2006_d3dx9_30_x64.cab
2006-09-28 14:55 1,363,684 ------w C:\Program Files\Feb2006_d3dx9_29_x64.cab
2006-09-28 14:55 1,358,864 ------w C:\Program Files\Dec2005_d3dx9_28_x64.cab
2006-09-28 14:55 1,351,430 ------w C:\Program Files\Aug2005_d3dx9_27_x64.cab
2006-09-28 14:55 1,348,242 ------w C:\Program Files\Apr2005_d3dx9_25_x64.cab
2006-09-28 14:55 1,336,890 ------w C:\Program Files\Jun2005_d3dx9_26_x64.cab
2006-09-28 14:55 1,248,387 ------w C:\Program Files\Feb2005_d3dx9_24_x64.cab
2006-09-28 14:55 1,156,363 ------w C:\Program Files\BDANT.cab
2006-09-28 14:55 1,116,109 ------w C:\Program Files\Apr2006_d3dx9_30_x86.cab
2006-09-28 14:55 1,085,608 ------w C:\Program Files\Feb2006_d3dx9_29_x86.cab
2006-09-28 14:55 1,080,344 ------w C:\Program Files\Dec2005_d3dx9_28_x86.cab
2006-09-28 14:55 1,079,850 ------w C:\Program Files\Apr2005_d3dx9_25_x86.cab
2006-09-28 14:55 1,078,532 ------w C:\Program Files\Aug2005_d3dx9_27_x86.cab
2006-09-28 14:55 1,065,813 ------w C:\Program Files\Jun2005_d3dx9_26_x86.cab
2006-09-28 14:55 1,014,113 ------w C:\Program Files\Feb2005_d3dx9_24_x86.cab
2006-02-23 12:53 90 ----a-w C:\Program Files\Crash.log
2005-11-12 09:26 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Documents and Settings\R\Data aplikací\Disney Interactive ----

2008-01-09 19:16 63 --a------ C:\Documents and Settings\R\Data aplikací\Disney Interactive\piglet1\piglet1.ini

---- Directory of C:\Program Files\FisherPriceToyland ----

2006-07-15 12:41 2864 --a------ C:\Program Files\FisherPriceToyland\DeIsL1.isu
2006-07-15 12:40 329 --a------ C:\Program Files\FisherPriceToyland\teaser.ini
1996-10-25 20:17 7774 --a--c--- C:\Program Files\FisherPriceToyland\readme.txt
1996-09-02 17:26 918067 --a------ C:\Program Files\FisherPriceToyland\START16.EXE
1996-08-05 13:34 17462 --a--c--- C:\Program Files\FisherPriceToyland\Wp.bmp
1996-08-05 13:14 766 --a--c--- C:\Program Files\FisherPriceToyland\toyunin.ico
1996-08-05 12:46 766 --a--c--- C:\Program Files\FisherPriceToyland\toyicon.ico
1996-06-21 06:34 13920 --a------ C:\Program Files\FisherPriceToyland\XTRAS\FUNBONE.X16
1996-06-07 23:57 12548 --a------ C:\Program Files\FisherPriceToyland\START16.INI
1996-05-07 06:30 158720 --a------ C:\Program Files\FisherPriceToyland\XTRAS\POMLITE.X16
1996-02-22 06:27 37064 --a------ C:\Program Files\FisherPriceToyland\FILEIO.DLL
1996-01-27 04:37 123472 --a--c--- C:\Program Files\FisherPriceToyland\XTRAS\PMATIC.DLL
1995-03-15 12:12 766 --a--c--- C:\Program Files\FisherPriceToyland\Previews.ICO
1994-12-20 19:04 826 --a------ C:\Program Files\FisherPriceToyland\LINGO.INI

---- Directory of C:\Program Files\Jigsaws ----

2007-12-09 12:18 705 --a------ C:\Program Files\Jigsaws\tunes.ini
2007-12-09 12:18 2494 --a------ C:\Program Files\Jigsaws\jigwin.ini
2007-12-09 12:18 18 --a------ C:\Program Files\Jigsaws\sounds.ini
2007-12-09 12:18 167 --a------ C:\Program Files\Jigsaws\Folders.ini
2007-12-09 12:09 687277 --a------ C:\Program Files\Jigsaws\dsc00571.jsm
2007-11-08 19:10 1440054 ---h----- C:\Program Files\Jigsaws\Capture.bmp
2007-09-28 09:59 1095196 --a------ C:\Program Files\Jigsaws\dsc00164.jsm
2007-09-28 09:57 1814995 --a------ C:\Program Files\Jigsaws\dsc00106.jsm
2007-09-28 09:55 355053 --a------ C:\Program Files\Jigsaws\dsc00081.jsm
2007-09-15 10:50 2071911 --a------ C:\Program Files\Jigsaws\p7318768.jss
2007-09-15 10:48 2071187 --a------ C:\Program Files\Jigsaws\p7318768.jsm
2007-01-28 11:17 856041 --a------ C:\Program Files\Jigsaws\p1016375.jsm
2007-01-28 11:11 1026772 --a------ C:\Program Files\Jigsaws\p1016321.jsm
2007-01-28 11:08 747337 --a------ C:\Program Files\Jigsaws\kopie - p1216557.jsm
2007-01-11 13:31 1141932 --a------ C:\Program Files\Jigsaws\p8114866.jsm
2005-10-22 10:21 631293 --a--c--- C:\Program Files\Jigsaws\p6240357.jsm
2005-10-22 08:52 626950 --a--c--- C:\Program Files\Jigsaws\p6240345.jsm
2005-10-22 08:27 685135 --a--c--- C:\Program Files\Jigsaws\p7120711.jsm
2005-10-22 08:15 678085 --a--c--- C:\Program Files\Jigsaws\p9041494.jsm
2005-10-22 00:42 747559 --a--c--- C:\Program Files\Jigsaws\pa051846.jsm
2005-10-22 00:26 527377 --a--c--- C:\Program Files\Jigsaws\Julie.jsm
2005-10-22 00:20 856578 --a------ C:\Program Files\Jigsaws\jigwin.exe
2005-10-22 00:19 630409 --a------ C:\Program Files\Jigsaws\unins000.exe
2005-10-22 00:19 481958 --a------ C:\Program Files\Jigsaws\Dock.jsm
2005-10-22 00:19 46 --a------ C:\Program Files\Jigsaws\jigwin.url
2005-10-22 00:19 378126 --a--c--- C:\Program Files\Jigsaws\Sails.jsm
2005-10-22 00:19 343070 --a--c--- C:\Program Files\Jigsaws\Santa.jsm
2005-10-22 00:19 337685 --a------ C:\Program Files\Jigsaws\Baubles.jsm
2005-10-22 00:19 314288 --a--c--- C:\Program Files\Jigsaws\Moon.jsm
2005-10-22 00:19 301062 --a--c--- C:\Program Files\Jigsaws\Pear.jsm
2005-10-22 00:19 294588 --a------ C:\Program Files\Jigsaws\Snowman.jsm
2005-10-22 00:19 294537 --a--c--- C:\Program Files\Jigsaws\Rose.jsm
2005-10-22 00:19 259785 --a--c--- C:\Program Files\Jigsaws\Tokyo.jsm
2005-10-22 00:19 204487 --a------ C:\Program Files\Jigsaws\HotAir.jsm
2005-10-22 00:19 13573 --a------ C:\Program Files\Jigsaws\unins000.dat
2005-01-28 11:24 132 --a------ C:\Program Files\Jigsaws\JIGWIN.BSF
2005-01-28 10:50 427840 --a------ C:\Program Files\Jigsaws\JigSaver.scr
2005-01-28 10:44 372736 --a------ C:\Program Files\Jigsaws\jigplay.dat
2005-01-28 10:38 978 --a------ C:\Program Files\Jigsaws\JigWin.cnt
2005-01-28 10:38 197653 --a------ C:\Program Files\Jigsaws\jigwin.hlp
2004-10-29 10:46 8369 --a--c--- C:\Program Files\Jigsaws\README.TXT
2004-02-23 16:51 3261 --a--c--- C:\Program Files\Jigsaws\tips.txt
2003-10-27 21:29 3063 --a------ C:\Program Files\Jigsaws\license.txt
2003-04-07 15:25 40910 --a------ C:\Program Files\Jigsaws\Skins\Snow.jpg
2003-04-07 15:21 38267 --a------ C:\Program Files\Jigsaws\Skins\Misty.jpg
2003-04-07 15:20 49407 --a------ C:\Program Files\Jigsaws\Skins\Icy.jpg
2003-04-06 22:36 1953 --a------ C:\Program Files\Jigsaws\Jazz1.mid
2003-04-06 22:35 2651 --a------ C:\Program Files\Jigsaws\Jazz3.mid
2003-04-06 22:32 2221 --a------ C:\Program Files\Jigsaws\Jazz2.mid
2003-04-06 22:26 26213 --a------ C:\Program Files\Jigsaws\bandaid.mid
2001-02-15 10:21 3999 --a--c--- C:\Program Files\Jigsaws\tipsexp.txt
2001-02-12 20:15 1091 --a------ C:\Program Files\Jigsaws\ATIRead.txt
2001-02-05 20:54 1989 --a------ C:\Program Files\Jigsaws\Skins\wood057.jpg
2000-12-04 18:07 7613 --a------ C:\Program Files\Jigsaws\Skins\misc047.jpg
2000-12-04 18:07 6246 --a------ C:\Program Files\Jigsaws\Skins\misc046.jpg
2000-12-04 18:00 10805 --a------ C:\Program Files\Jigsaws\Skins\pa009.jpg
2000-12-04 17:41 9629 --a--c--- C:\Program Files\Jigsaws\Skins\write024.jpg
2000-12-04 17:40 2263 --a--c--- C:\Program Files\Jigsaws\Skins\write007.jpg
2000-12-04 17:35 15423 --a------ C:\Program Files\Jigsaws\Skins\paper001.jpg
2000-12-04 17:33 3037 --a------ C:\Program Files\Jigsaws\Skins\comp001.jpg
2000-12-04 17:30 2494 --a------ C:\Program Files\Jigsaws\Skins\ss049.jpg
2000-12-04 17:29 9475 --a------ C:\Program Files\Jigsaws\Skins\ss048.jpg
2000-12-04 17:18 6685 --a------ C:\Program Files\Jigsaws\Skins\water003.jpg
2000-12-04 17:16 3996 --a------ C:\Program Files\Jigsaws\Skins\cloth035.jpg
2000-12-04 17:15 3415 --a------ C:\Program Files\Jigsaws\Skins\cloth022.jpg
2000-12-04 17:14 5993 --a------ C:\Program Files\Jigsaws\Skins\cloth001.jpg
2000-12-04 17:10 4373 --a------ C:\Program Files\Jigsaws\Skins\lrock030.jpg
2000-12-04 17:10 3401 --a------ C:\Program Files\Jigsaws\Skins\lrock026.jpg
2000-12-04 17:10 11009 --a------ C:\Program Files\Jigsaws\Skins\lrock036.jpg
2000-12-04 16:30 5191 --a------ C:\Program Files\Jigsaws\Skins\lrock011.jpg
2000-12-04 16:28 8588 --a------ C:\Program Files\Jigsaws\Skins\rock026.jpg
2000-12-04 16:26 4885 --a------ C:\Program Files\Jigsaws\Skins\rock011.jpg
2000-12-04 16:24 3105 --a------ C:\Program Files\Jigsaws\Skins\brick014.jpg
2000-12-04 16:24 2568 --a------ C:\Program Files\Jigsaws\Skins\brick023.jpg
2000-12-04 16:21 2827 --a------ C:\Program Files\Jigsaws\Skins\marb096.jpg
2000-12-04 16:12 6961 --a------ C:\Program Files\Jigsaws\Skins\marb011.jpg
2000-12-04 16:11 4222 --a------ C:\Program Files\Jigsaws\Skins\marb009.jpg
2000-10-19 23:24 2621 --a------ C:\Program Files\Jigsaws\Skins\comp010.jpg
1997-04-15 23:03 15608 --a------ C:\Program Files\Jigsaws\fantasy.mid
1997-04-15 23:00 5831 --a------ C:\Program Files\Jigsaws\Romance.mid
1997-04-15 22:54 16276 --a------ C:\Program Files\Jigsaws\RockShow.mid
1997-04-15 22:47 15832 --a------ C:\Program Files\Jigsaws\Dreamy.mid
1997-04-15 21:57 8362 --a------ C:\Program Files\Jigsaws\gospel.mid
1997-04-15 21:41 23090 --a------ C:\Program Files\Jigsaws\gogo.mid
1997-04-15 21:36 7390 --a------ C:\Program Files\Jigsaws\fusion.mid
1997-04-15 20:00 27901 --a------ C:\Program Files\Jigsaws\fever.mid
1997-04-04 14:32 37186 --a------ C:\Program Files\Jigsaws\raveup.mid
1997-01-30 13:44 29646 --a------ C:\Program Files\Jigsaws\Dawn.mid
1996-05-02 13:39 9670 --a------ C:\Program Files\Jigsaws\HOUSE.MID
1996-05-02 10:50 13881 --a------ C:\Program Files\Jigsaws\SEESAW.MID
1996-05-02 10:50 12231 --a------ C:\Program Files\Jigsaws\CAROUSEL.MID
1995-09-11 15:03 13511 --a------ C:\Program Files\Jigsaws\HOTSTEEL.MID
1995-09-11 14:31 16276 --a------ C:\Program Files\Jigsaws\PENELOPE.MID

---- Directory of C:\WINDOWS\system32\Open Season Characters dir ----

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"PC Dictionary"="" []
"OEXPRESS"="" []
"WEBTRAN"="" []
"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [2005-05-25 12:12 517632]
"DU Meter"="F:\Program Files (F)\DU Meter\DUMeter.exe" [2007-11-11 19:48 2585360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 21:49 7286784]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"pripominac"="F:\Software (F)\Připomínač\pripominac.exe" [ ]
"BootSkin Startup Jobs"="C:\Program Files\BootSkin\BootSkin.exe" [2004-04-26 15:21 270336]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 16:26 406016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]
"Spyware Doctor"="" []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hide IP Platinum]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys [2003-06-03 14:52]
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2003-12-19 01:00]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 09:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 09:21]
R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys [2003-06-03 14:52]
R2 athsgt;athsgt;C:\WINDOWS\system32\DRIVERS\athsgt.sys [2006-02-04 15:19]
R2 DUMeterSvc;DU Meter Service;F:\Program Files (F)\DU Meter\DUMeterSvc.exe [2007-11-12 20:39]
R2 limsgt;limsgt;C:\WINDOWS\system32\DRIVERS\limsgt.sys [2006-02-04 15:19]
R2 Nadim;NAD Proto Driver;C:\WINDOWS\system32\DRIVERS\nadim.sys [2005-05-30 22:27]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 09:21]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2003-04-08 08:56]
S0 vburner;vburner;C:\WINDOWS\system32\DRIVERS\vburner.sys [2007-08-10 12:10]
S0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-23 02:15]
S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 09:47]
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-05-11 12:12]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-05-11 12:12]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-05-11 12:12]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-05-11 12:12]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-05-11 12:12]
S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2004-12-18 20:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47dff97c-5c85-11da-b38a-00d009e41662}]
\Shell\AutoRun\command - K:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bd05ae6-3a75-11da-b066-806d6172696f}]
\Shell\AutoRun\command - I:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73f45e3b-5c83-11da-b29a-00d009e41662}]
\Shell\AutoRun\command - J:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a28ea383-5c81-11da-9b56-00d009e41662}]
\Shell\AutoRun\command - J:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b151a666-4955-11da-8fad-806d6172696f}]
\Shell\AutoRun\command - I:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8cd2924-1ba2-11dc-a5ce-00d009e41662}]
\Shell\AutoRun\command - I:\start.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba5eb216-3c67-11da-a060-806d6172696f}]
\Shell\AutoRun\command - I:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0a8b2e3-5d48-11da-b7de-00d009e41662}]
\Shell\AutoRun\command - I:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e063b836-ae65-11da-bd41-00d009e41662}]
\Shell\AutoRun\command - J:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e38b7bd0-ae08-11da-bd3f-00d009e41662}]
\Shell\AutoRun\command - J:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7ecc450-8395-11da-8c26-00d009e41662}]
\Shell\AutoRun\command - I:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f51cc172-adfd-11da-8cd3-00d009e41662}]
\Shell\AutoRun\command - J:\autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1578F1DA-7365-0FBE-0507-030407050804}]
C:\WINDOWS\system32\RegMen.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 05:16:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DUMeterSvc]
"ImagePath"="F:\Program Files (F)\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\Program Files (F)\DU Meter\DUMeterSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
F:\Program Files (F)\DU Meter\DUMeter.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
.
**************************************************************************
.
Completion time: 2008-02-02 5:22:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-02 04:22:40
ComboFix2.txt 2008-02-01 18:04:10
ComboFix3.txt 2008-01-21 12:47:18
.
2008-01-16 04:31:36 --- E O F ---

Axident · Příspěvek od **Axident** » sob 2. úno 2008, 14:36

Hmno, coby vedlejsi efekt mi vznikl po cachrem s ComboFixem nemily problem, Incredimail (Neco jako Outlook), ktery rad pouzivam roky, mi ted pri zapnuti hlasi, ze mi chybi spravna verze Flash od Macromedia a bez ni, ze to nehcodi, ale ze kliknete OK a brnkacka, bude stazen a nainstalovan, jenze pak se otevre IE (fuj)! a nedeje se nic. Stahl jsem Flash Player od Macromedia, nainstaloval a zadna zmena, mam ho roky a nikdy se to nestalo, cim by to mohlo... Zazalohovat (Incredimail BackUp) vsechna data, ucty, maily jdou, pro pozdejsi import, ale do nej se nedostanu...Uz jsem nainstaloval i jinou, novejsi verzi IM a totez...

BUBINO · Příspěvek od **BUBINO** » sob 2. úno 2008, 16:47

V c:\Qoobox\Qarantine najdi subor abcbb0_r.dll.vir . Ten premenuj naspet na abcbb0_r.dll a skopiruj do C:\WINDOWS\system32
Restart pocitaca.

Axident · Příspěvek od **Axident** » ned 3. úno 2008, 20:04

Tak IM uz funguje, ale byl to porod, proradny program, odinstaloval jsem, vycistil registry a stejne mi to nechtelo dovolit novou instalaci, nakonec jsem musel smazat uplne vsechno, co to naslo o IM v registrech a uz je to OK, alespon jsem upgradnul na novejsi verzi

Pocitac, zda se, uz neni plny trojanu, zatim..

Axident · Příspěvek od **Axident** » ned 3. úno 2008, 20:08

To s tim abcbb0_r.dll.vir je kvuliva tomu Incredimailu nebo pokracujeme v procisteni pocitace? Protoze IM uz facha.

BUBINO · Příspěvek od **BUBINO** » ned 3. úno 2008, 21:15

Ak to uz ide, tak je to ok. Tieto veci poznas?

C:\Program Files\FisherPriceToyland
C:\Program Files\Jigsaws

Axident · Příspěvek od **Axident** » pon 4. úno 2008, 02:38

Jo, jo, to jsou taky hry holek

. Takze ti strasne moc dekuji za veskery cas a pomoc, cos´ mi venoval!

BUBINO · Příspěvek od **BUBINO** » pon 4. úno 2008, 13:57

Ak nemas s pocitacom ziadne problemy, je to ok. Nemas zac

michalpuk · Příspěvek od **michalpuk** » pát 8. úno 2008, 18:58

Logfile of HijackThis v1.99.1
Scan saved at 18:58:19, on 8.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\cFosSpeed\spd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\DOCUME~1\MICHAL~1\Plocha\DRIVES~1.EXE
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRAM FILES\FRAPS\FRAPS.EXE
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\MICHAL~1\LOCALS~1\Temp\Rar$EX17.250\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\michalpuk\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\michalpuk\Data aplikací\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [cFosSpeed] "C:\Program Files\cFosSpeed\cFosSpeed.exe"
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Nero DriveSpeed] C:\DOCUME~1\MICHAL~1\Plocha\DRIVES~1.EXE
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ClockGen] C:\Documents and Settings\michalpuk\Plocha\downoandy\ClockGen\ClockGen.exe -i p=0
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Fraps] "C:\PROGRAM FILES\FRAPS\FRAPS.EXE"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí BitSpiritu - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\michalpuk\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\michalpuk\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\michalpuk\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\michalpuk\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\michalpuk\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\michalpuk\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\michalpuk\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\michalpuk\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\michalpuk\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://forum.travian.cz
O15 - Trusted Zone: http://s4.travian.cz
O15 - Trusted Zone: http://speed.travian.cz
O15 - Trusted Zone: http://*.travian.cz
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Theatre of War Drivers Auto Removal (pr2akteb) (pr2akteb) - Cenega Czech - C:\WINDOWS\system32\pr2akteb.exe
O23 - Service: Outfront 2.5 Drivers Auto Removal (pr2am38c) (pr2am38c) - 1C Multimedia - C:\WINDOWS\system32\pr2am38c.exe
O23 - Service: HUMMER 4x4 Drivers Auto Removal (pr2anrjb) (pr2anrjb) - 1C - C:\WINDOWS\system32\pr2anrjb.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

BUBINO · Příspěvek od **BUBINO** » pát 8. úno 2008, 20:31

Caw. Stiahni si avenger: http://www.viry.cz/forum/viewtopic.php?t=19832
Podla navodu sa dopracuj k tomu okne a do neho vloz toto dole:

Drivers to unload:
Theatre of War Drivers Auto Removal
Outfront 2.5 Drivers Auto Removal
HUMMER 4x4 Drivers Auto Removal

Files to delete:
C:\WINDOWS\system32\pr2akteb.exe
C:\WINDOWS\system32\pr2am38c.exe
C:\WINDOWS\system32\pr2anrjb.exe

Done >> Smeafor >> OK
Pocitac sa restartuje. Po restarte naskoci log a ten skopiruj sem. Urob novy log z HJT.

michalpuk · Příspěvek od **michalpuk** » pát 8. úno 2008, 21:05

tady to je

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vfdsgxxf

*******************

Script file located at: \??\C:\ghdwweso.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key \Registry\Machine\System\CurrentControlSet\Services\Theatre of War Drivers Auto Removal not found!
Unload of driver Theatre of War Drivers Auto Removal failed!

Could not process line:
Theatre of War Drivers Auto Removal
Status: 0xc0000034

Registry key \Registry\Machine\System\CurrentControlSet\Services\Outfront 2.5 Drivers Auto Removal not found!
Unload of driver Outfront 2.5 Drivers Auto Removal failed!

Could not process line:
Outfront 2.5 Drivers Auto Removal
Status: 0xc0000034

Registry key \Registry\Machine\System\CurrentControlSet\Services\HUMMER 4x4 Drivers Auto Removal not found!
Unload of driver HUMMER 4x4 Drivers Auto Removal failed!

Could not process line:
HUMMER 4x4 Drivers Auto Removal
Status: 0xc0000034

File C:\WINDOWS\system32\pr2akteb.exe deleted successfully.
File C:\WINDOWS\system32\pr2am38c.exe deleted successfully.
File C:\WINDOWS\system32\pr2anrjb.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Logfile of HijackThis v1.99.1
Scan saved at 21:04:58, on 8.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\cFosSpeed\spd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\oodtray.exe
C:\DOCUME~1\MICHAL~1\Plocha\DRIVES~1.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\PROGRAM FILES\FRAPS\FRAPS.EXE
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\MICHAL~1\LOCALS~1\Temp\Rar$EX00.750\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\michalpuk\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\michalpuk\Data aplikací\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Nero DriveSpeed] C:\DOCUME~1\MICHAL~1\Plocha\DRIVES~1.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [ClockGen] C:\Documents and Settings\michalpuk\Plocha\downoandy\ClockGen\ClockGen.exe -i p=0
O4 - HKLM\..\Run: [cFosSpeed] "C:\Program Files\cFosSpeed\cFosSpeed.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Fraps] "C:\PROGRAM FILES\FRAPS\FRAPS.EXE"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí BitSpiritu - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\michalpuk\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\michalpuk\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\michalpuk\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\michalpuk\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\michalpuk\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\michalpuk\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\michalpuk\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\michalpuk\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\michalpuk\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://forum.travian.cz
O15 - Trusted Zone: http://s4.travian.cz
O15 - Trusted Zone: http://speed.travian.cz
O15 - Trusted Zone: http://*.travian.cz
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Theatre of War Drivers Auto Removal (pr2akteb) (pr2akteb) - Unknown owner - C:\WINDOWS\system32\pr2akteb.exe (file missing)
O23 - Service: Outfront 2.5 Drivers Auto Removal (pr2am38c) (pr2am38c) - Unknown owner - C:\WINDOWS\system32\pr2am38c.exe (file missing)
O23 - Service: HUMMER 4x4 Drivers Auto Removal (pr2anrjb) (pr2anrjb) - Unknown owner - C:\WINDOWS\system32\pr2anrjb.exe (file missing)
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

BUBINO · Příspěvek od **BUBINO** » pát 8. úno 2008, 21:13

Toto fixni:
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)

Start >> spustit >> napis services.msc
Vyhladaj v zozname tieto veci :

Theatre of War Drivers Auto Removal
Outfront 2.5 Drivers Auto Removal
HUMMER 4x4 Drivers Auto Removal

Poklikaj na kazdu jednu a v moznostiach ju zastav, alebo zakaz. Nasledne novy log. Ako sa chova pocitac?

michalpuk · Příspěvek od **michalpuk** » pát 8. úno 2008, 21:34

Tam to sem fixnul ,ale u tech dalsich veci de tam jen spustit ostatni policka jsou zasedla, sou to vsechno hry ze starforce, jinac pocitac je uz trochu pomalejsi pri startu a tak celkove ale mozna je to tim ze uz sem dlouho nereinstaloval win, mel sem problemy s mechanikou ale nevim jestli to s tim souvisi

BUBINO · Příspěvek od **BUBINO** » pát 8. úno 2008, 21:36

Pouzi ccleaner :
http://www.viry.cz/forum/viewtopic.php?t=7478

hamlet · Příspěvek od **hamlet** » ned 10. úno 2008, 21:07

prosím o kontrolu C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE
C:\PROGRAM FILES\NETSOFTWARE\NETSOFTWARE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\CRAWLER\TOOLBAR\CTOOLBAR.EXE
C:\PROGRAM FILES\WINRAR\WINRAR.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE
C:\PROGRAM FILES\NETMEETING\CONF.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\CRAWLER\TOOLBAR\CTBR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\CRAWLER\TOOLBAR\CTBR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRAM FILES\SPYWARE TERMINATOR\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NetSoftware] "C:\Program Files\NetSoftware\Starter.exe" /path="C:\Program Files\NetSoftware"
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\.DEFAULT\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User 'Default user')
O4 - .DEFAULT Startup: Spuštění Office.lnk = C:\Program Files\Windows Messaging\NEWPROF.EXE (User 'Default user')
O4 - .DEFAULT Startup: Rychlé hledání Microsoft.lnk = C:\Program Files\Windows Messaging\NEWPROF.EXE (User 'Default user')
O4 - Startup: Spuštění Office.lnk = C:\Program Files\Windows Messaging\NEWPROF.EXE
O4 - Startup: Rychlé hledání Microsoft.lnk = C:\Program Files\Windows Messaging\NEWPROF.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm707YYCZ
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Eurotran XP - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\PROGRAM FILES\INTERNET EXPLORER\EUROTRAN XP\ETNXP.DLL
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\PROGRAM FILES\INTERNET EXPLORER\EUROTRAN XP\ETNXP.DLL
O9 - Extra 'Tools' menuitem: Eurotran XP... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\PROGRAM FILES\INTERNET EXPLORER\EUROTRAN XP\ETNXP.DLL
O11 - Options group: [Usnadnění přístupu] Usnadnění přístupu
O16 - DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} (ToolbarInetInstall Control) - http://software.seznam.cz/listicka/toolbar.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.15-3.cab
O16 - DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} (GWebInstallControl Object) - http://pl.recruit.netmonitor.cz/WebInstaller.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\CRAWLER\TOOLBAR\CTBR.DLL

--
End of file - 6047 bytes

BUBINO · Příspěvek od **BUBINO** » ned 10. úno 2008, 21:21

Log nie je cely. Chyba prva cast.Skopiruj ho tu este raz

hamlet · Příspěvek od **hamlet** » ned 10. úno 2008, 21:52

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:11:46, on 10.2.2008
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE
C:\PROGRAM FILES\NETSOFTWARE\NETSOFTWARE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\CRAWLER\TOOLBAR\CTOOLBAR.EXE
C:\PROGRAM FILES\WINRAR\WINRAR.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE
C:\PROGRAM FILES\NETMEETING\CONF.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\CRAWLER\TOOLBAR\CTBR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\CRAWLER\TOOLBAR\CTBR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRAM FILES\SPYWARE TERMINATOR\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NetSoftware] "C:\Program Files\NetSoftware\Starter.exe" /path="C:\Program Files\NetSoftware"
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\.DEFAULT\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User 'Default user')
O4 - .DEFAULT Startup: Spuštění Office.lnk = C:\Program Files\Windows Messaging\NEWPROF.EXE (User 'Default user')
O4 - .DEFAULT Startup: Rychlé hledání Microsoft.lnk = C:\Program Files\Windows Messaging\NEWPROF.EXE (User 'Default user')
O4 - Startup: Spuštění Office.lnk = C:\Program Files\Windows Messaging\NEWPROF.EXE
O4 - Startup: Rychlé hledání Microsoft.lnk = C:\Program Files\Windows Messaging\NEWPROF.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm707YYCZ
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Eurotran XP - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\PROGRAM FILES\INTERNET EXPLORER\EUROTRAN XP\ETNXP.DLL
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\PROGRAM FILES\INTERNET EXPLORER\EUROTRAN XP\ETNXP.DLL
O9 - Extra 'Tools' menuitem: Eurotran XP... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\PROGRAM FILES\INTERNET EXPLORER\EUROTRAN XP\ETNXP.DLL
O11 - Options group: [Usnadnění přístupu] Usnadnění přístupu
O16 - DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} (ToolbarInetInstall Control) - http://software.seznam.cz/listicka/toolbar.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.15-3.cab
O16 - DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} (GWebInstallControl Object) - http://pl.recruit.netmonitor.cz/WebInstaller.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\CRAWLER\TOOLBAR\CTBR.DLL

--
End of file - 6047 bytes

BUBINO · Příspěvek od **BUBINO** » ned 10. úno 2008, 22:07

Toto otestuj na virustotal.com :
C:\PROGRAM FILES\NETSOFTWARE\NETSOFTWARE.EXE
C:\WINDOWS\taskmon.exe
C:\Program Files\Windows Messaging\NEWPROF.EXE
Uploadni subor a nechaj kym to antiviry otestuju.Vysledky skopiruj sem.

Toto fixni:
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm707YYCZ
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... enSaversFW BInitialSetup1.0.0.15-3.cab
O16 - DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} (GWebInstallControl Object) - http://pl.recruit.netmonitor.cz/WebInstaller.dll

Nevidim firewall.

Ty nemas O23 ?

HijackThis utilita + LOGY k posouzeni

mwav

Re: mwav

ComboFix

Vyrobil se problem...

Re: Vyrobil se problem...

IM je uz OK

abcbb0_r.dll.vir

Re: abcbb0_r.dll.vir

Ok

Re: Ok

kontrola logu

Re: kontrola logu

log z hijack this

Re: log z hijack this