HijackThis utilita + LOGY k posouzeni

hamlet · Příspěvek od **hamlet** » pát 7. bře 2008, 20:35

sakra tohle jsi asi nechtěl....Tak znova:Objekt "gain.gator Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "gain.gator Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "trojan-downloader.bat.ftp.ab Trojan-Downloader" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "trojan-downloader.bat.ftp.ab Trojan-Downloader" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "wareout Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "wareout Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "wareout Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "wareout Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "mirar Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "savenow Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "spywaresecure Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Soubor C:\WINDOWS\system32\rqzzorhxl.exe~//PE_Patch.PECompact//PecBundle//PECompact indentifikován jako "not-a-virus:AdWare.Win32.NaviPromo.gen". Provedené akce: Nic nebylo provedeno.

BUBINO · Příspěvek od **BUBINO** » pát 7. bře 2008, 20:49

Toto zmaz :
C:\WINDOWS\system32\rqzzorhxl.exe

Otestoval si ten subor na virustotal.com?

Ako sa sprava pocitac?

McGruderová

Dobrý den,

měla jsem problémy s trojským koněm. Detekoval ho Spyware Terminator, vir jsem smazala, ale PC jel i poté nesnesitelně pomalu. Zkusila jsem antivirovou kontrolu v nouzovém režimu, NOD32 nic nenašel, přesto bych ale byla radši, kdyby se zde našel nějaký dobrotivec, který by se mi mrknul na hijack log... Děkuji mnohokrát!

Logfile of HijackThis v1.99.1
Scan saved at 23:21:37, on 7.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\PC home\Plocha\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3257818618
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3259414265
O17 - HKLM\System\CCS\Services\Tcpip\..\{48338B41-EA08-4410-BADC-AF7B61FFE2DE}: NameServer = 10.3.3.1,212.24.128.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{48338B41-EA08-4410-BADC-AF7B61FFE2DE}: NameServer = 10.3.3.1,212.24.128.8
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

hamlet · Příspěvek od **hamlet** » sob 8. bře 2008, 05:49

tak jsem ho smazal,na virustotal co jsem to nechal zkontrolovat...řekl bych,že se to maličko zrychlilo

Baron Prášil

spust služby - napsáním příkazu services.msc do Spustit... v nabídce START a klik na OK
najdi Spyware Terminator Clam Service zastav a typ spuštění dej na zakázáno (je to AV štít terminatora a mlátí se s nodem-zpomalení)

fixni zbytečnosti
v okně programu HJT zaškrtni nalevo u položek co napíšu a potom klik na Fix checked

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

vyčisti systém CCleanerem a RegCleanerem

defragmentuj,pokud to bude třeba
třeba tímto O&O Defrag 2000 Free

a dej vědět jestli se to zlepšilo-jinak,log je v pořádku a komp,až vypneš ten WinClam,bude dobře zabezpečen

McGruderová · Příspěvek od **McGruderová** » sob 8. bře 2008, 15:07

Vše klape tak, jak má a PC jede znatelně rychleji. Díky za pomoc.

hamlet · Příspěvek od **hamlet** » ned 9. bře 2008, 08:55

akorát mě leží v žaludku ten log z mav,dáavá ho sem:
Objekt "gain.gator Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "gain.gator Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "trojan-downloader.bat.ftp.ab Trojan-Downloader" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "trojan-downloader.bat.ftp.ab Trojan-Downloader" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "wareout Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "wareout Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "wareout Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "wareout Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "mirar Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "savenow Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "spywaresecure Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "NR csy_is1". Provedené akce: Nic nebylo provedeno.

maá to nechat bejt,nebo se s tím dá něco dělat?

Baron Prášil

není zač

Axident · Příspěvek od **Axident** » pon 10. bře 2008, 07:52

Kolegovi pada ICQ tak jde s prosikem, neni nejaky neporadek videt v logu?

Logfile of HijackThis v1.99.1
Scan saved at 7:39:47, on 10.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\System32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\windows\System32\oodag.exe
C:\windows\System32\svchost.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\AROWAN~1\BALL-L~1\4.0\lwbwheel.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\pripominac\pripominac.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\HotKey\HotKey.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Advanced Browser\browser.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.security2k.net/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.security2k.net/search.php?qq=%1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\cxgjc.dll/sp.html#10001
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.security2k.net/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.security2k.net/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Centrum.cz Turbo - {72FF0384-108C-48a5-A60C-6A92067419CF} - C:\Program Files\NetCentrum\Turbo\turbo.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\PROGRA~1\AROWAN~1\BALL-L~1\4.0\lwbwheel.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [pripominac] C:\Program Files\pripominac\pripominac.exe
O4 - HKLM\..\Run: [appsk.exe] C:\WINDOWS\system32\appsk.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-free\FreeScanner.exe -FastScan
O4 - Global Startup: HotKey Driver.lnk = C:\Program Files\HotKey\HotKey.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe (file missing)
O9 - Extra button: Centrum.cz - {8616B3F0-5B9D-4127-AFAF-DA12BFA2A05E} - C:\Program Files\NetCentrum\Turbo\turbo.dll
O9 - Extra 'Tools' menuitem: Centrum.cz Turbo - {8616B3F0-5B9D-4127-AFAF-DA12BFA2A05E} - C:\Program Files\NetCentrum\Turbo\turbo.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O20 - Winlogon Notify: WgaLogon - C:\windows\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\windows\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\windows\System32\oodag.exe

Diiky

Baron Prášil

takže za prvé-máš starou verzi Hijackthis-příště již prosím tento
http://www.trendsecure.com/portal/en-US ... ckThis.exe

fixni
v okně programu HJT zaškrtni nalevo u položek co napíšu a potom klik na Fix checked
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\cxgjc.dll/sp.html#10001
O4 - HKLM\..\Run: [appsk.exe] C:\WINDOWS\system32\appsk.exe
O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-free\FreeScanner.exe -FastScan
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe (file missing)
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O20 - Winlogon Notify: WgaLogon - C:\windows\

použij Avenger
V hlavním dialogu je potřeba zvolit "Input script manually" a dále stisknout tlačítko s lupou. Otevře se editor, do kterého se již vkládají samotné "skripty".Skript se uvede do chodu stisknutím tlačítka se semaforem. Program se ještě zeptá, zda to myslíme vážně a následně nabídne okamžitý restart celého systému (doporučeno).
skript

Kód: Vybrat vše

Files to delete:
C:\WINDOWS\system32\cxgjc.dll
C:\WINDOWS\system32\appsk.exe 

Folders to delete:
C:\spywarevanisher-free

Po restartu pošli z avengera log co na tebe vybafne+nový log z hijackthis

Axident · Příspěvek od **Axident** » úte 11. bře 2008, 08:16

Diky moc, uz ted se zda, ze se vse zlepsilo, ICQ funguje a pocitac se nekouse, tady je Hijack a Avenger log:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\rkjrpdlb

*******************

Script file located at: \??\C:\Documents and Settings\lxbcxmnp.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\cxgjc.dll not found!
Deletion of file C:\WINDOWS\system32\cxgjc.dll failed!

Could not process line:
C:\WINDOWS\system32\cxgjc.dll
Status: 0xc0000034

File C:\WINDOWS\system32\appsk.exe not found!
Deletion of file C:\WINDOWS\system32\appsk.exe failed!

Could not process line:
C:\WINDOWS\system32\appsk.exe
Status: 0xc0000034

Folder C:\spywarevanisher-free not found!
Deletion of folder C:\spywarevanisher-free failed!

Could not process line:
C:\spywarevanisher-free
Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminate.

HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:38:09, on 10.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\System32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\windows\System32\oodag.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\windows\System32\svchost.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\AROWAN~1\BALL-L~1\4.0\lwbwheel.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\pripominac\pripominac.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\HotKey\HotKey.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.security2k.net/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.security2k.net/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\cxgjc.dll/sp.html#10001
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.security2k.net/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.security2k.net/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Centrum.cz Turbo - {72FF0384-108C-48a5-A60C-6A92067419CF} - C:\Program Files\NetCentrum\Turbo\turbo.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\PROGRA~1\AROWAN~1\BALL-L~1\4.0\lwbwheel.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [pripominac] C:\Program Files\pripominac\pripominac.exe
O4 - HKLM\..\Run: [appsk.exe] C:\WINDOWS\system32\appsk.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-free\FreeScanner.exe -FastScan
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HotKey Driver.lnk = C:\Program Files\HotKey\HotKey.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Centrum.cz - {8616B3F0-5B9D-4127-AFAF-DA12BFA2A05E} - C:\Program Files\NetCentrum\Turbo\turbo.dll
O9 - Extra 'Tools' menuitem: Centrum.cz Turbo - {8616B3F0-5B9D-4127-AFAF-DA12BFA2A05E} - C:\Program Files\NetCentrum\Turbo\turbo.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\windows\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\windows\System32\oodag.exe

--
End of file - 6632 bytes

Baron Prášil

nechci tě zklamat,ale to hlavní co mělo jít pryč tam zůstalo a je pouze otázka času kdy to začne zase řádit.

takže to bude chtít combofix a až ho uděláš a pošleš log,tak nainstaluj firewall

COMBOFIX
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah+nový log z hijackthis
....................
FIREWALL
vyber si tady,doporučuju ZoneAlarm nebo Comodo
návod na ZA http://www.kn.vutbr.cz/docs/conf/zonealarm/
na comodo http://www.nforce.cz/modules.php?name=N ... cle&sid=18

BUBINO · Příspěvek od **BUBINO** » úte 11. bře 2008, 23:54

Su to len zbytky po vyliecenych objektoch. Log je v poriadku.

Nova.Niky · Příspěvek od **Nova.Niky** » ned 16. bře 2008, 11:27

Logfile of HijackThis v1.99.1
Scan saved at 11:23:25, on 16.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Winamp\winampa.exe
C:\Program Files\Mouse Tachometer\Mouse Tachometer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
D:\Program Files\QIP\qip.exe
D:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\RapidSpool\rapidspool.exe
C:\Documents and Settings\Owner\Plocha\Nová složka\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Mouse Tachometer] C:\Program Files\Mouse Tachometer\Mouse Tachometer.exe --hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RapidSpool] C:\Program Files\RapidSpool\rapidspool.exe -h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [eMuleAutoStart] D:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

Axident · Příspěvek od **Axident** » pon 17. bře 2008, 00:16

Omlouvam se, několik dni jsem se nedostal ke kompu, tady je log z Combofixu:

ComboFix 08-03-10.1 - D 2008-03-12 7:57:39.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.266 [GMT 1:00]
Running from: C:\Documents and Settings\D\Local Settings\Temporary Internet Files\Content.IE5\3NVBVO1H\ComboFix[1].exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\D\Data aplikací\inst.exe
C:\Program Files\deskbar
C:\windows\iywvu.dat
C:\windows\omzwy.dat
C:\windows\system32\aabjt.dat
C:\windows\system32\dkfvr.dat
C:\windows\system32\mmwdg.dat
C:\windows\vihfw.dat

.
((((((((((((((((((((((((( Files Created from 2008-02-12 to 2008-03-12 )))))))))))))))))))))))))))))))
.

2008-03-10 20:40 . 2008-03-10 20:40 127,391 --a------ C:\Program Files\avenger.zip
2008-03-10 19:45 . 2008-03-10 19:45 11,724,688 --a------ C:\Program Files\winamp552_full_emusic-7plus_all.exe
2008-03-10 18:22 . 2008-03-10 18:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-10 18:22 . 2008-03-10 18:22 812,344 --a------ C:\Program Files\HJTInstall.exe
2008-03-08 20:38 . 2008-03-08 20:38 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-03-08 20:38 . 2008-03-08 20:38 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-03-04 06:52 . 2008-03-10 19:24 <DIR> d-------- C:\Program Files\ICQToolbar
2008-03-04 06:51 . 2008-03-07 19:50 <DIR> d-------- C:\Documents and Settings\D\Data aplikací\ICQ
2008-03-04 06:50 . 2008-03-04 06:53 <DIR> d-------- C:\Program Files\ICQ6
2008-03-04 06:48 . 2008-03-04 06:48 14,111,464 --a------ C:\Program Files\install_atlas_icq6.exe
2008-03-02 09:51 . 2007-08-15 12:09 159,744 --a------ C:\WINDOWS\system32\wt_menu.dll
2008-03-02 09:50 . 2008-03-03 20:30 <DIR> d-------- C:\Program Files\Smarty Uninstaller Pro
2008-03-02 07:34 . 2008-03-02 07:34 <DIR> d-------- C:\Documents and Settings\D\Data aplikací\ICQ Toolbar
2008-03-02 07:33 . 2008-03-02 07:33 <DIR> d-------- C:\Documents and Settings\D\Data aplikací\InstallShield
2008-03-02 07:25 . 2008-03-02 07:34 <DIR> d-------- C:\Program Files\ICQ
2008-02-13 20:36 . 2001-08-17 21:47 12,928 --a------ C:\WINDOWS\system32\drivers\Dot4Prt.sys
2008-02-13 20:36 . 2001-08-17 21:47 12,928 --a--c--- C:\WINDOWS\system32\dllcache\dot4prt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-11 11:33 --------- d-----w C:\Documents and Settings\D\Data aplikací\uTorrent
2008-03-04 05:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-03 19:25 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-02-13 19:26 --------- d-----w C:\Program Files\Hewlett-Packard
2008-02-10 08:52 691,545 ----a-w C:\windows\unins000.exe
2008-02-05 20:19 --------- d-----w C:\Program Files\icon
2008-01-14 12:44 --------- d-----w C:\Documents and Settings\D\Data aplikací\Vso
2007-11-18 18:28 2,331 ----a-w C:\Program Files\Install.log
2007-11-18 18:27 79,872 ------r C:\Program Files\lex4w.dot
2007-11-18 18:27 57,500 ------r C:\Program Files\Ipa93mr.ttf
2007-11-18 18:27 564,224 ------r C:\Program Files\lexicon.exe
2007-11-18 18:27 47,760 ------r C:\Program Files\Ipa93dr.ttf
2007-11-18 18:27 40,508 ------r C:\Program Files\Ipa93sr.ttf
2007-11-18 18:27 308,224 ------r C:\Program Files\lexsnd.dll
2007-11-18 18:27 290,304 ------r C:\Program Files\lex4w.dll
2007-11-18 18:27 26,112 ------r C:\Program Files\lguninst.exe
2007-11-18 18:27 1,462,272 ------r C:\Program Files\setup.exe
2007-11-08 16:05 19,560 -c--a-w C:\Documents and Settings\D\Data aplikací\GDIPFONTCACHEV1.DAT
2007-10-15 19:10 208,226 ----a-w C:\Program Files\pripominac.zip
2007-06-20 18:25 5,037,072 -c--a-w C:\Program Files\spybotsd14.exe
2007-05-30 12:57 47,360 -c--a-w C:\Documents and Settings\D\Data aplikací\pcouffin.sys
2006-09-20 16:09 81,920 ----a-w C:\Documents and Settings\D\Data aplikací\ezpinst.exe
2006-09-20 16:07 3,706,734 -c--a-w C:\Program Files\DVDFabPlatinum_2[1].9.8.3.zip
2006-03-26 09:19 207,563 -c--a-w C:\Program Files\utorrent15.exe
2005-06-28 17:45 3,241,661 -c--a-w C:\Program Files\absetup.exe
2005-06-02 18:09 3,393,518 -c--a-w C:\Program Files\XnView-win.exe
2005-04-03 16:02 877,056 -c--a-w C:\Program Files\iview395.exe
2005-02-25 16:02 1,089,816 -c--a-w C:\Program Files\abrowser.exe
2005-01-28 17:06 8,463,288 -c--a-w C:\Program Files\setupcze.exe
2005-01-25 18:33 14,989,328 -c--a-w C:\Program Files\jre-1_5_0-windows-i586.exe
2003-07-29 18:46 261,702 -c--a-w C:\Program Files\DVD Shrink 2.3 Slovak.exe
2003-07-29 18:39 137,587 -c--a-w C:\Program Files\DVD Shrink 2.3 Slovak.chm
2003-03-12 13:05 433,280 -c--a-w C:\windows\inf\EL2K_N64.sys
2003-03-12 13:05 143,744 -c--a-w C:\windows\inf\EL2K_XP.sys
2003-03-12 13:05 143,616 ----a-w C:\windows\inf\EL2K_2K.sys
2003-12-17 11:21 8 -csh--r C:\windows\system32\85C80767CB.sys
2003-12-17 11:21 1,682 -csha-w C:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{72FF0384-108C-48A5-A60C-6A92067419CF}"= "C:\Program Files\NetCentrum\Turbo\turbo.dll" [2005-06-25 08:26 282624]

[HKEY_CLASSES_ROOT\clsid\{72ff0384-108c-48a5-a60c-6a92067419cf}]
[HKEY_CLASSES_ROOT\Centrum.Turbo.1]
[HKEY_CLASSES_ROOT\TypeLib\{7E196648-36C8-45d6-9864-86D962061F6A}]
[HKEY_CLASSES_ROOT\Centrum.Turbo]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\windows\system32\ctfmon.exe" [2004-08-17 23:49 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"AWMON"="C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" [2005-05-25 11:12 517632]
"Spyware Vanisher"="C:\spywarevanisher-free\FreeScanner.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-02-27 07:29 47104 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-13 21:10 335872]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"LWBMOUSE"="C:\PROGRA~1\AROWAN~1\BALL-L~1\4.0\lwbwheel.exe" [2000-02-11 13:33 242688]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-06-17 19:20 188416]
"mouseElf"="C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE" [2002-08-20 11:59 172032]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2002-12-28 12:14 77824]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0\bin\jusched.exe" [2005-01-25 20:43 36972]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Mirabilis ICQ"="C:\PROGRA~1\ICQ\ICQNet.exe" [ ]
"pripominac"="C:\Program Files\pripominac\pripominac.exe" [2007-10-01 19:13 416256]
"appsk.exe"="C:\WINDOWS\system32\appsk.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 23:49 15360]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HotKey Driver.lnk - C:\Program Files\HotKey\HotKey.exe [2003-12-18 15:59:50 36864]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)
"NoProfilePage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=

R3 PSched;Plánovač paketů technologie QoS;C:\windows\system32\DRIVERS\psched.sys [2004-08-04 07:04]
R3 st3bus28;st3bus28;C:\windows\system32\DRIVERS\st3bus28.sys [2002-12-28 12:16]
R3 st3mp28;st3mp28;C:\windows\system32\DRIVERS\st3mp28.sys [2002-12-28 12:16]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-12 07:59:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
Completion time: 2008-03-12 8:00:00
ComboFix-quarantined-files.txt 2008-03-12 06:59:50
.
2008-03-12 06:42:56 --- E O F ---

A tady nový HiJack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:03:50, on 12.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\System32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\spoolsv.exe
C:\windows\System32\oodag.exe
C:\windows\System32\svchost.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\AROWAN~1\BALL-L~1\4.0\lwbwheel.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\pripominac\pripominac.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HotKey\HotKey.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.security2k.net/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.security2k.net/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Centrum.cz Turbo - {72FF0384-108C-48a5-A60C-6A92067419CF} - C:\Program Files\NetCentrum\Turbo\turbo.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\PROGRA~1\AROWAN~1\BALL-L~1\4.0\lwbwheel.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [pripominac] C:\Program Files\pripominac\pripominac.exe
O4 - HKLM\..\Run: [appsk.exe] C:\WINDOWS\system32\appsk.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-free\FreeScanner.exe -FastScan
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HotKey Driver.lnk = C:\Program Files\HotKey\HotKey.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Centrum.cz - {8616B3F0-5B9D-4127-AFAF-DA12BFA2A05E} - C:\Program Files\NetCentrum\Turbo\turbo.dll
O9 - Extra 'Tools' menuitem: Centrum.cz Turbo - {8616B3F0-5B9D-4127-AFAF-DA12BFA2A05E} - C:\Program Files\NetCentrum\Turbo\turbo.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\windows\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\windows\System32\oodag.exe

--
End of file - 6325 bytes

Baron Prášil

je v pořádku.

zbytečný spouštění po startu můžeš pofackovat dle tohoto
http://www.extra-pc.cz/otravne_programy ... ra_pc_1207

Baron Prášil

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

File::
C:\spywarevanisher-free\FreeScanner.exe
C:\WINDOWS\system32\appsk.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"Spyware Vanisher"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"appsk.exe"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
Obrázek

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu+nový log z hijackthis

Axident · Příspěvek od **Axident** » úte 18. bře 2008, 11:10

Diky.
ComboFix:
ComboFix 08-03-14.4 - D 2008-03-17 20:39:59.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.257 [GMT 1:00]
Running from: C:\Documents and Settings\D\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\D\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\spywarevanisher-free\FreeScanner.exe
C:\WINDOWS\system32\appsk.exe
.

((((((((((((((((((((((((( Files Created from 2008-02-17 to 2008-03-17 )))))))))))))))))))))))))))))))
.

2008-03-14 19:47 . 2008-03-16 21:32 <DIR> d-------- C:\Documents and Settings\D\Data aplikací\Comodo
2008-03-14 06:10 . 2008-03-14 06:27 <DIR> d-------- C:\Program Files\Mv2Player
2008-03-12 17:10 . 2008-03-12 17:10 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar
2008-03-12 17:10 . 2008-03-12 17:10 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\OrbNetworks
2008-03-12 17:09 . 2007-03-08 00:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-03-12 17:09 . 2007-03-08 00:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-03-12 17:09 . 2007-03-08 00:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-03-12 10:49 . 2008-03-12 11:00 59,424 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-12 10:49 . 2008-03-12 11:00 2,816 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-12 10:47 . 2008-03-12 10:59 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-03-12 10:45 . 2007-11-14 16:05 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-03-12 08:47 . 2008-03-12 08:25 262,144 --a------ C:\Program Files\Uninstall Spy Blocker.dll
2008-03-12 08:24 . 2008-03-12 08:24 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\MailFrontier
2008-03-12 08:23 . 2008-03-12 11:01 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-03-12 08:23 . 2007-11-14 16:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-03-12 08:23 . 2008-03-12 10:48 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-03-12 08:22 . 2008-03-12 10:56 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-03-10 20:40 . 2008-03-10 20:40 127,391 --a------ C:\Program Files\avenger.zip
2008-03-10 18:22 . 2008-03-10 18:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-10 18:22 . 2008-03-10 18:22 812,344 --a------ C:\Program Files\HJTInstall.exe
2008-03-08 20:38 . 2008-03-08 20:38 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-03-08 20:38 . 2008-03-08 20:38 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-03-04 06:52 . 2008-03-10 19:24 <DIR> d-------- C:\Program Files\ICQToolbar
2008-03-04 06:51 . 2008-03-07 19:50 <DIR> d-------- C:\Documents and Settings\D\Data aplikací\ICQ
2008-03-04 06:50 . 2008-03-04 06:53 <DIR> d-------- C:\Program Files\ICQ6
2008-03-04 06:48 . 2008-03-04 06:48 14,111,464 --a------ C:\Program Files\install_atlas_icq6.exe
2008-03-02 09:51 . 2007-08-15 12:09 159,744 --a------ C:\WINDOWS\system32\wt_menu.dll
2008-03-02 09:50 . 2008-03-03 20:30 <DIR> d-------- C:\Program Files\Smarty Uninstaller Pro
2008-03-02 07:34 . 2008-03-02 07:34 <DIR> d-------- C:\Documents and Settings\D\Data aplikací\ICQ Toolbar
2008-03-02 07:33 . 2008-03-02 07:33 <DIR> d-------- C:\Documents and Settings\D\Data aplikací\InstallShield
2008-03-02 07:25 . 2008-03-02 07:34 <DIR> d-------- C:\Program Files\ICQ

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-17 19:25 --------- d-----w C:\Documents and Settings\D\Data aplikací\uTorrent
2008-03-12 16:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-12 07:10 19,560 -c--a-w C:\Documents and Settings\D\Data aplikací\GDIPFONTCACHEV1.DAT
2008-03-03 19:25 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-02-13 19:26 --------- d-----w C:\Program Files\Hewlett-Packard
2008-02-10 08:52 691,545 ----a-w C:\windows\unins000.exe
2008-02-05 20:19 --------- d-----w C:\Program Files\icon
2007-11-18 18:28 2,331 ----a-w C:\Program Files\Install.log
2007-11-18 18:27 79,872 ------r C:\Program Files\lex4w.dot
2007-11-18 18:27 57,500 ------r C:\Program Files\Ipa93mr.ttf
2007-11-18 18:27 564,224 ------r C:\Program Files\lexicon.exe
2007-11-18 18:27 47,760 ------r C:\Program Files\Ipa93dr.ttf
2007-11-18 18:27 40,508 ------r C:\Program Files\Ipa93sr.ttf
2007-11-18 18:27 308,224 ------r C:\Program Files\lexsnd.dll
2007-11-18 18:27 290,304 ------r C:\Program Files\lex4w.dll
2007-11-18 18:27 26,112 ------r C:\Program Files\lguninst.exe
2007-11-18 18:27 1,462,272 ------r C:\Program Files\setup.exe
2007-10-15 19:10 208,226 ----a-w C:\Program Files\pripominac.zip
2007-06-20 18:25 5,037,072 -c--a-w C:\Program Files\spybotsd14.exe
2007-05-30 12:57 47,360 -c--a-w C:\Documents and Settings\D\Data aplikací\pcouffin.sys
2006-09-20 16:09 81,920 ----a-w C:\Documents and Settings\D\Data aplikací\ezpinst.exe
2006-09-20 16:07 3,706,734 -c--a-w C:\Program Files\DVDFabPlatinum_2[1].9.8.3.zip
2006-03-26 09:19 207,563 -c--a-w C:\Program Files\utorrent15.exe
2005-06-28 17:45 3,241,661 -c--a-w C:\Program Files\absetup.exe
2005-06-02 18:09 3,393,518 -c--a-w C:\Program Files\XnView-win.exe
2005-04-03 16:02 877,056 -c--a-w C:\Program Files\iview395.exe
2005-02-25 16:02 1,089,816 -c--a-w C:\Program Files\abrowser.exe
2005-01-28 17:06 8,463,288 -c--a-w C:\Program Files\setupcze.exe
2005-01-25 18:33 14,989,328 -c--a-w C:\Program Files\jre-1_5_0-windows-i586.exe
2003-07-29 18:46 261,702 -c--a-w C:\Program Files\DVD Shrink 2.3 Slovak.exe
2003-07-29 18:39 137,587 -c--a-w C:\Program Files\DVD Shrink 2.3 Slovak.chm
2003-03-12 13:05 433,280 -c--a-w C:\windows\inf\EL2K_N64.sys
2003-03-12 13:05 143,744 -c--a-w C:\windows\inf\EL2K_XP.sys
2003-03-12 13:05 143,616 ----a-w C:\windows\inf\EL2K_2K.sys
2003-12-17 11:21 8 -csh--r C:\windows\system32\85C80767CB.sys
2003-12-17 11:21 1,682 -csha-w C:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{72FF0384-108C-48A5-A60C-6A92067419CF}"= "C:\Program Files\NetCentrum\Turbo\turbo.dll" [2005-06-25 08:26 282624]

[HKEY_CLASSES_ROOT\clsid\{72ff0384-108c-48a5-a60c-6a92067419cf}]
[HKEY_CLASSES_ROOT\Centrum.Turbo.1]
[HKEY_CLASSES_ROOT\TypeLib\{7E196648-36C8-45d6-9864-86D962061F6A}]
[HKEY_CLASSES_ROOT\Centrum.Turbo]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\windows\system32\ctfmon.exe" [2004-08-17 23:49 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"AWMON"="C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" [2005-05-25 11:12 517632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-02-27 07:29 47104 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-13 21:10 335872]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"LWBMOUSE"="C:\PROGRA~1\AROWAN~1\BALL-L~1\4.0\lwbwheel.exe" [2000-02-11 13:33 242688]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-06-17 19:20 188416]
"mouseElf"="C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE" [2002-08-20 11:59 172032]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2002-12-28 12:14 77824]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0\bin\jusched.exe" [2005-01-25 20:43 36972]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Mirabilis ICQ"="C:\PROGRA~1\ICQ\ICQNet.exe" [ ]
"pripominac"="C:\Program Files\pripominac\pripominac.exe" [2007-10-01 19:13 416256]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 23:49 15360]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HotKey Driver.lnk - C:\Program Files\HotKey\HotKey.exe [2003-12-18 15:59:50 36864]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)
"NoProfilePage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=

R3 PSched;Plánovač paketů technologie QoS;C:\windows\system32\DRIVERS\psched.sys [2004-08-04 07:04]
R3 st3bus28;st3bus28;C:\windows\system32\DRIVERS\st3bus28.sys [2002-12-28 12:16]
R3 st3mp28;st3mp28;C:\windows\system32\DRIVERS\st3mp28.sys [2002-12-28 12:16]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{471dc003-f046-11dc-a54a-00508d4c53bd}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 20:41:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
Completion time: 2008-03-17 20:42:20
.
2008-03-12 06:42:56 --- E O F ---

HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:44:32, on 17.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\System32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\spoolsv.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\AROWAN~1\BALL-L~1\4.0\lwbwheel.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\pripominac\pripominac.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HotKey\HotKey.exe
C:\windows\System32\oodag.exe
C:\windows\System32\svchost.exe
C:\Program Files\Advanced Browser\browser.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\explorer.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.security2k.net/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\cxgjc.dll/sp.html#10001
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.security2k.net/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.security2k.net/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Centrum.cz Turbo - {72FF0384-108C-48a5-A60C-6A92067419CF} - C:\Program Files\NetCentrum\Turbo\turbo.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\PROGRA~1\AROWAN~1\BALL-L~1\4.0\lwbwheel.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [pripominac] C:\Program Files\pripominac\pripominac.exe
O4 - HKLM\..\Run: [appsk.exe] C:\WINDOWS\system32\appsk.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-free\FreeScanner.exe -FastScan
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HotKey Driver.lnk = C:\Program Files\HotKey\HotKey.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Centrum.cz - {8616B3F0-5B9D-4127-AFAF-DA12BFA2A05E} - C:\Program Files\NetCentrum\Turbo\turbo.dll
O9 - Extra 'Tools' menuitem: Centrum.cz Turbo - {8616B3F0-5B9D-4127-AFAF-DA12BFA2A05E} - C:\Program Files\NetCentrum\Turbo\turbo.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs:
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\windows\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\windows\System32\oodag.exe

--
End of file - 6898 bytes

Baron Prášil

toto zavání rootkitem

Stáhni si SUPERAntiSpyware
Nainstaluj a spusť ho a klikni na tlačítko Check for Updates...
Po provedení Update klikni na tlačítko: Scan your computer
Zvol možnost: Perform Complete Scan a klikni na tlačítko Další >

Proběhne kontrola, po skončení vypíše vše co našel.
Ujisti se že všechny položko jsou zaškrtnuty a pak zvol tlačítko Další
Pak klikni na tlačítko Finish a měl by ses dostat na úvodní obrazovku.
Tam klikni na tlačítko: Preferences... a tam zvol záložku Statistics/Logs
Tam klikni na log s dnešním datem který tam bude a dej tlačítko: View Log...
Otevře se ti Okno s logem tak jeho obsah sem zkopíruj.

ale předtím nainstaluj firewall !
vyber si tady,doporučuju ZoneAlarm,Comodo nebo Ashampoo
návod na ZA http://www.kn.vutbr.cz/docs/conf/zonealarm/
na comodo http://www.nforce.cz/modules.php?name=N ... cle&sid=18
Ashampoo Firewall free + čeština

Axident · Příspěvek od **Axident** » úte 18. bře 2008, 20:19

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/18/2008 at 05:24 PM

Application Version : 4.0.1154

Core Rules Database Version : 3421
Trace Rules Database Version: 1413

Scan type : Quick Scan
Total Scan Time : 00:10:08

Memory items scanned : 395
Memory threats detected : 0
Registry items scanned : 334
Registry threats detected : 3
File items scanned : 220
File threats detected : 172

Adware.Tracking Cookie
C:\Documents and Settings\D\Cookies\d@php[1].txt
C:\Documents and Settings\D\Cookies\d@adclickstats[1].txt
C:\Documents and Settings\D\Cookies\d@showit[1].txt
C:\Documents and Settings\D\Cookies\d@toplist[1].txt
C:\Documents and Settings\D\Cookies\d@1072303867[1].txt
C:\Documents and Settings\D\Cookies\d@jobdnes.idnes[2].txt
C:\Documents and Settings\D\Cookies\d@counters.dataintech[1].txt
C:\Documents and Settings\D\Cookies\d@ajax_interface[3].txt
C:\Documents and Settings\D\Cookies\d@www.xbanner[1].txt
C:\Documents and Settings\D\Cookies\d@xxx[1].txt
C:\Documents and Settings\D\Cookies\d@stat[1].txt
C:\Documents and Settings\D\Cookies\d@sport.idnes[2].txt
C:\Documents and Settings\D\Cookies\d@www.amaterixxx[2].txt
C:\Documents and Settings\D\Cookies\d@add.newmedia[2].txt
C:\Documents and Settings\D\Cookies\d@accelerator-media[1].txt
C:\Documents and Settings\D\Cookies\d@598[4].txt
C:\Documents and Settings\D\Cookies\d@cz4.clickzs[1].txt
C:\Documents and Settings\D\Cookies\d@ad2.iinfo[2].txt
C:\Documents and Settings\D\Cookies\d@www.sexkompas[1].txt
C:\Documents and Settings\D\Cookies\d@www.abecedasexu[1].txt
C:\Documents and Settings\D\Cookies\d@www.sexonline[1].txt
C:\Documents and Settings\D\Cookies\d@vip.clickzs[1].txt
C:\Documents and Settings\D\Cookies\d@b-cz[1].txt
C:\Documents and Settings\D\Cookies\d@www.eumedia-online[1].txt
C:\Documents and Settings\D\Cookies\d@hit.stat[2].txt
C:\Documents and Settings\D\Cookies\d@free.wegcash[2].txt
C:\Documents and Settings\D\Cookies\d@hostedctr[2].txt
C:\Documents and Settings\D\Cookies\d@ad.wz[2].txt
C:\Documents and Settings\D\Cookies\d@windowsmedia[2].txt
C:\Documents and Settings\D\Cookies\d@showit[3].txt
C:\Documents and Settings\D\Cookies\d@www.sexyvideo[2].txt
C:\Documents and Settings\D\Cookies\d@2[2].txt
C:\Documents and Settings\D\Cookies\d@usenext[2].txt
C:\Documents and Settings\D\Cookies\d@1[4].txt
C:\Documents and Settings\D\Cookies\d@czech-republic[1].txt
C:\Documents and Settings\D\Cookies\d@www.macromedia[2].txt
C:\Documents and Settings\D\Cookies\d@hfc[1].txt
C:\Documents and Settings\D\Cookies\d@www.freesexik[1].txt
C:\Documents and Settings\D\Cookies\d@zakony.idnes[1].txt
C:\Documents and Settings\D\Cookies\d@atwola[1].txt
C:\Documents and Settings\D\Cookies\d@adrenalinesk[1].txt
C:\Documents and Settings\D\Cookies\d@ads.ookla[2].txt
C:\Documents and Settings\D\Cookies\d@topmodelka-nemcova-tancovala-bez-bot-fesak-delon-libal-havlovou-pw2-[1].txt
C:\Documents and Settings\D\Cookies\d@2[3].txt
C:\Documents and Settings\D\Cookies\d@counter.cnw[2].txt
C:\Documents and Settings\D\Cookies\d@image.masterstats[1].txt
C:\Documents and Settings\D\Cookies\d@www.sexgate[1].txt
C:\Documents and Settings\D\Cookies\d@adrenaline[1].txt
C:\Documents and Settings\D\Cookies\d@www.rudesexlinks[1].txt
C:\Documents and Settings\D\Cookies\d@www.amateri.sexdoma[1].txt
C:\Documents and Settings\D\Cookies\d@www.topsex[2].txt
C:\Documents and Settings\D\Cookies\d@cenybytu.idnes[1].txt
C:\Documents and Settings\D\Cookies\d@xiti[1].txt
C:\Documents and Settings\D\Cookies\d@jarmark.idnes[2].txt
C:\Documents and Settings\D\Cookies\d@dist.belnk[2].txt
C:\Documents and Settings\D\Cookies\d@www.sexpartner[1].txt
C:\Documents and Settings\D\Cookies\d@mb[4].txt
C:\Documents and Settings\D\Cookies\d@adopt.hbmediapro[2].txt
C:\Documents and Settings\D\Cookies\d@www.realstat[1].txt
C:\Documents and Settings\D\Cookies\d@superstats[1].txt
C:\Documents and Settings\D\Cookies\d@www.sexyporno[1].txt
C:\Documents and Settings\D\Cookies\d@www.mediat[1].txt
C:\Documents and Settings\D\Cookies\d@sexytela[2].txt
C:\Documents and Settings\D\Cookies\d@ads.toplist[2].txt
C:\Documents and Settings\D\Cookies\d@www.xctrk[2].txt
C:\Documents and Settings\D\Cookies\d@expresradio.idnes[1].txt
C:\Documents and Settings\D\Cookies\d@k.iinfo[2].txt
C:\Documents and Settings\D\Cookies\d@pornotube[1].txt
C:\Documents and Settings\D\Cookies\d@britney-spearsova-byla-zbavena-svepravnosti-fa1-[1].txt
C:\Documents and Settings\D\Cookies\d@www.femalelife[1].txt
C:\Documents and Settings\D\Cookies\d@www.bigfreesex[2].txt
C:\Documents and Settings\D\Cookies\d@traffic-splitter[1].txt
C:\Documents and Settings\D\Cookies\d@adverticum[1].txt
C:\Documents and Settings\D\Cookies\d@advertures[1].txt
C:\Documents and Settings\D\Cookies\d@ads.vnuemedia[1].txt
C:\Documents and Settings\D\Cookies\d@chokertraffic[1].txt
C:\Documents and Settings\D\Cookies\d@sexshop[1].txt
C:\Documents and Settings\D\Cookies\d@www.zendpornmovies[1].txt
C:\Documents and Settings\D\Cookies\d@ewanie.rajce.idnes[1].txt
C:\Documents and Settings\D\Cookies\d@www.sexyfoto[1].txt
C:\Documents and Settings\D\Cookies\d@adknowledge[1].txt
C:\Documents and Settings\D\Cookies\d@ads.realcastmedia[1].txt
C:\Documents and Settings\D\Cookies\d@audit.median[1].txt
C:\Documents and Settings\D\Cookies\d@cfusion[1].txt
C:\Documents and Settings\D\Cookies\d@ads.iq-studio[1].txt
C:\Documents and Settings\D\Cookies\d@www.fullreleases[1].txt
C:\Documents and Settings\D\Cookies\d@www.fucking[1].txt
C:\Documents and Settings\D\Cookies\d@mb[2].txt
C:\Documents and Settings\D\Cookies\d@ad3.iinfo[1].txt
C:\Documents and Settings\D\Cookies\d@creativeby.viewpoint[2].txt
C:\Documents and Settings\D\Cookies\d@cz5.clickzs[2].txt
C:\Documents and Settings\D\Cookies\d@www.toplist[1].txt
C:\Documents and Settings\D\Cookies\d@www.pornstaremart[2].txt
C:\Documents and Settings\D\Cookies\d@www.777-sex[1].txt
C:\Documents and Settings\D\Cookies\d@torrent-finder[1].txt
C:\Documents and Settings\D\Cookies\d@fucking[1].txt
C:\Documents and Settings\D\Cookies\d@sexrande[2].txt
C:\Documents and Settings\D\Cookies\d@belnk[1].txt
C:\Documents and Settings\D\Cookies\d@cgi-bin[3].txt
C:\Documents and Settings\D\Cookies\d@mb[3].txt
C:\Documents and Settings\D\Cookies\d@yadro[2].txt
C:\Documents and Settings\D\Cookies\d@couplesseduceteens[2].txt
C:\Documents and Settings\D\Cookies\d@sexpro[2].txt
C:\Documents and Settings\D\Cookies\d@clicksor[2].txt
C:\Documents and Settings\D\Cookies\d@tracker.czech-server[2].txt
C:\Documents and Settings\D\Cookies\d@cgi[1].txt
C:\Documents and Settings\D\Cookies\d@statsweb.bnpparibas[1].txt
C:\Documents and Settings\D\Cookies\d@www.webhostingcounter[1].txt
C:\Documents and Settings\D\Cookies\d@www.adbrite[1].txt
C:\Documents and Settings\D\Cookies\d@ad1.clickhype[2].txt
C:\Documents and Settings\D\Cookies\d@ajax_interface[1].txt
C:\Documents and Settings\D\Cookies\d@site.www.adbrite[2].txt
C:\Documents and Settings\D\Cookies\d@ad.zanox[2].txt
C:\Documents and Settings\D\Cookies\d@sex-doma[1].txt
C:\Documents and Settings\D\Cookies\d@cgi-bin[1].txt
C:\Documents and Settings\D\Cookies\d@www.pornofotky[1].txt
C:\Documents and Settings\D\Cookies\d@uk-adultcash[1].txt
C:\Documents and Settings\D\Cookies\d@ads.planetactive[2].txt
C:\Documents and Settings\D\Cookies\d@fincentrum.idnes[1].txt
C:\Documents and Settings\D\Cookies\d@komtrack[2].txt
C:\Documents and Settings\D\Cookies\d@sexshopik[1].txt
C:\Documents and Settings\D\Cookies\d@www.sex-po-telefonu[1].txt
C:\Documents and Settings\D\Cookies\d@www.sexshopik[1].txt
C:\Documents and Settings\D\Cookies\d@www.sexkauf[2].txt
C:\Documents and Settings\D\Cookies\d@3.adbrite[2].txt
C:\Documents and Settings\D\Cookies\d@ads.searchextreme[2].txt
C:\Documents and Settings\D\Cookies\d@list[1].txt
C:\Documents and Settings\D\Cookies\d@pornokritik[2].txt
C:\Documents and Settings\D\Cookies\d@campaign.indieclick[1].txt
C:\Documents and Settings\D\Cookies\d@sex-vztahy.doktorka[1].txt
C:\Documents and Settings\D\Cookies\d@warezak[2].txt
C:\Documents and Settings\D\Cookies\d@sexus[1].txt
C:\Documents and Settings\D\Cookies\d@euros4click[1].txt
C:\Documents and Settings\D\Cookies\d@77055085[2].txt
C:\Documents and Settings\D\Cookies\d@www.drunk-party-porn[2].txt
C:\Documents and Settings\D\Cookies\d@ad.play[1].txt
C:\Documents and Settings\D\Cookies\d@saj[1].txt
C:\Documents and Settings\D\Cookies\d@www.arama.turuncumedia[1].txt
C:\Documents and Settings\D\Cookies\d@kanoodle[1].txt
C:\Documents and Settings\D\Cookies\d@www.masterpornvids[2].txt
C:\Documents and Settings\D\Cookies\d@jizdnirady.idnes[2].txt
C:\Documents and Settings\D\Cookies\d@statsnove.cybertest[1].txt
C:\Documents and Settings\D\Cookies\d@adecn[2].txt
C:\Documents and Settings\D\Cookies\d@konec-lasky-nebeske-znetvoreny-marinak-se-rozvedl-fw2-[1].txt
C:\Documents and Settings\D\Cookies\d@lotzadollars[2].txt
C:\Documents and Settings\D\Cookies\d@cgi-bin[2].txt
C:\Documents and Settings\D\Cookies\d@antactica.ad.adnetwork.com[2].txt
C:\Documents and Settings\D\Cookies\d@ona.idnes[2].txt
C:\Documents and Settings\D\Cookies\d@www.elektromedia[1].txt
C:\Documents and Settings\D\Cookies\d@aukro.idnes[1].txt
C:\Documents and Settings\D\Cookies\d@ad1.singersroom[1].txt
C:\Documents and Settings\D\Cookies\d@matrixmedia[2].txt
C:\Documents and Settings\D\Cookies\d@www.digiinfo[1].txt
C:\Documents and Settings\D\Cookies\d@toplist[3].txt
C:\Documents and Settings\D\Cookies\d@www.teen-porn-video[2].txt
C:\Documents and Settings\D\Cookies\d@ads.epiccash[1].txt
C:\Documents and Settings\D\Cookies\d@germany[1].txt
C:\Documents and Settings\D\Cookies\d@track-your-partner[1].txt
C:\Documents and Settings\D\Cookies\d@ernst-and-young[1].txt
C:\Documents and Settings\D\Cookies\d@www.highfi-stats[2].txt
C:\Documents and Settings\D\Cookies\d@tom-tailor[1].txt
C:\Documents and Settings\D\Cookies\d@gps-tracking-info[1].txt
C:\Documents and Settings\D\Cookies\d@clickaider[1].txt
C:\Documents and Settings\D\Cookies\d@clicktorrent[1].txt
C:\Documents and Settings\D\Cookies\d@elektromedia[1].txt
C:\Documents and Settings\D\Cookies\d@ads.us.e-planning[1].txt
C:\Documents and Settings\D\Cookies\d@ads.glispa[2].txt
C:\Documents and Settings\D\Cookies\d@bannery.gsgroup[2].txt
C:\Documents and Settings\D\Cookies\d@showit[4].txt
C:\Documents and Settings\D\Cookies\d@ad.rajsmichu[1].txt

Unclassified.Unknown Origin
HKCR\CLSID\{F54252AB-AF1A-DA2D-3827-1F172DB2A621}
HKCR\CLSID\{F54252AB-AF1A-DA2D-3827-1F172DB2A621}\Data

Adware.IST/YourSiteBar
C:\windows\Downloaded Program Files\ysbactivex.inf

Malware.Spyware Vanisher
HKU\S-1-5-21-1085031214-1035525444-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run#Spyware Vanisher [ C:\spywarevanisher-free\FreeScanner.exe -FastScan ]
C:\windows\Spyware Vanisher Setup Log.txt

(ja to sem jen vkladam za kolegu, o jehoz pocitac jde, ale denne si vymenujeme vypalena DVDRW a ja mel problem s rootkitem pred par dny, spadla mi partition, nakonec jsem musel preinstalovat XP a pro jistotu vymenit disk, tak snad jsem ok, dalsi kolega, co si odnes onen disk a chtel z nej zkusit zachranit data, ho vrazil k sobe do PC adruhy den mu spadl system a uz nenajel, takze nejake rootkit svinstvo to asi bude!!!!)

HijackThis utilita + LOGY k posouzeni

Prosím o kontrolu hijack logu...

Prosim o kontrolu,pada ICQ,diky

Diky

Prosím o kontrolu logu

Combo log atd.

nove logy

SuperAnti log