Ahoj, moc bych poprosil o navod, jak se zbavit tohoto viru. Funguju jen v Safety mode, v normalnim windows mi hned po tom, co nabehne plocha vyskoci okno, ze je problem s csrss.exe, potom mi to vbehne do modre obrazovky s napisem Hard error a potom se laptom sam restartuje...
Logfile of HijackThis v1.99.1
Scan saved at 19:21:49, on 20.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Radim\Setupy\Bezpecnost\AdAware2008\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Radim\LOCALS~1\Temp\_tc\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: 82.98.231.89 browser-security.microsoft.com
O1 - Hosts: 82.98.231.89 best-click-scanner.info
O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.231.89 onlinenotifyq.net
O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com
O2 - BHO: {bf898552-9162-ab79-2294-7865aeb6dea1} - {1aed6bea-5687-4922-97ba-2619255898fb} - (no file)
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Radim\Setupy\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [ITSecMng] "C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" /START
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang CZ
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\Nástroj TOSHIBA Zooming Utility\SmoothView.exe"
O4 - HKLM\..\Run: [DDWMon] "C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe"
O4 - HKLM\..\Run: [topi] "C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" -startup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [FingerPrintNotifer] "C:\Program Files\TrueSuite Access Manager\FpNotifier.exe"
O4 - HKLM\..\Run: [UsbMonitor] "C:\Program Files\TrueSuite Access Manager\usbnotify.exe"
O4 - HKLM\..\Run: [PwdBank] "C:\Program Files\TrueSuite Access Manager\PwdBank.exe"
O4 - HKLM\..\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon
O4 - HKLM\..\Run: [Toshiba Controls Utility] "C:\Program Files\TOSHIBA\Controls\VolumeIndicator.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [iTunesHelper] "C:\Radim\Setupy\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Radim\Setupy\Bezpecnost\Trojan\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Radim\Setupy\Daemon\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE
O4 - HKCU\..\Run: [Rainlendar2] C:\Radim\Setupy\Kalendar\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ICQ] "C:\Radim\Setupy\Icq\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [Radim] C:\Documents and Settings\Radim\Radim.exe /i
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit pøekladaè - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Pøeložit &oznaèený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Pøeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/lib/york/support ... aryRdr.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Radim\Setupy\Bezpecnost\AdAware2008\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Authentec memory manager service (Authentec memory manager) - AuthenTec Inc. - C:\WINDOWS\system32\TAMSvr.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Ochrana HDD TOSHIBA (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
CSRSS.exe
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43061
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: CSRSS.exe
Především odinstaluj:
antivirus-xp-pro-2009
CSRSS.exe:
http://www.processlibrary.com/directory/files/csrss/
žádný vir...
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
antivirus-xp-pro-2009
CSRSS.exe:
http://www.processlibrary.com/directory/files/csrss/
žádný vir...
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: CSRSS.exe
Ahoj a diky moc za dosavadni pomoc. Log posilam nize, jen se mi nedari najit ten antivirus-xp-pro-2009. Psal jsi, ze ho mam odinstalovat...ale neni v te zprave nahodou napsano, kde se nachazi? :)
Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3
21.4.2009 16:28:24
mbam-log-2009-04-21 (16-28-21).txt
Scan type: Full Scan (C:\|)
Objects scanned: 162594
Time elapsed: 44 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 14
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\Radim\Data aplikací\nidle (Trojan.Agent) -> No action taken.
Files Infected:
C:\WINDOWS\system32\efcDuSIX.dll.vir (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lifosiyo.dll.vir (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mofekoyi.dll.vir (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nevipisu.dll.vir (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nitukito.dll.vir (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nptjtotf.dll.vir (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ragehage.dll.vir (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\segoyehi.dll.vir (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\seokrpve.dll.vir (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\uwrlkrfu.dll.vir (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\zajopone.dll.vir (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\eylondlf.dll.vir (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\geBsqqrs.dll.vir (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jkkJdBuT.dll.vir (Trojan.Vundo) -> No action taken.
Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3
21.4.2009 16:28:24
mbam-log-2009-04-21 (16-28-21).txt
Scan type: Full Scan (C:\|)
Objects scanned: 162594
Time elapsed: 44 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 14
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\Radim\Data aplikací\nidle (Trojan.Agent) -> No action taken.
Files Infected:
C:\WINDOWS\system32\efcDuSIX.dll.vir (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lifosiyo.dll.vir (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mofekoyi.dll.vir (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nevipisu.dll.vir (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nitukito.dll.vir (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nptjtotf.dll.vir (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ragehage.dll.vir (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\segoyehi.dll.vir (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\seokrpve.dll.vir (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\uwrlkrfu.dll.vir (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\zajopone.dll.vir (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\eylondlf.dll.vir (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\geBsqqrs.dll.vir (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jkkJdBuT.dll.vir (Trojan.Vundo) -> No action taken.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43061
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: CSRSS.exe
. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit log z MbAM.
Vypni rez. ochranu u AVG.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Zítra..
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit log z MbAM.
Vypni rez. ochranu u AVG.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Zítra..
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: CSRSS.exe
Zdravim, tak posilam oba logy:
Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3
21.4.2009 21:50:36
mbam-log-2009-04-21 (21-50-36).txt
Scan type: Full Scan (C:\|)
Objects scanned: 164206
Time elapsed: 1 hour(s), 3 minute(s), 7 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 14
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\Radim\Data aplikací\nidle (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\efcDuSIX.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lifosiyo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mofekoyi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nevipisu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nitukito.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nptjtotf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ragehage.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\segoyehi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\seokrpve.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uwrlkrfu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zajopone.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eylondlf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBsqqrs.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkJdBuT.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
ComboFix 09-04-21.A2 - Radim 21.04.2009 23:08.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3062.2303 [GMT 1:00]
Spuštěný z: c:\documents and settings\Radim\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Radim\Plocha\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-21 do 2009-04-21 )))))))))))))))))))))))))))))))
.
2009-04-21 14:16 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-21 14:16 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-20 19:59 . 2009-04-21 09:56 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-20 19:06 . 2009-04-20 19:06 -------- d-----w c:\program files\trend micro
2009-04-20 10:55 . 2009-04-20 10:55 -------- d-----w C:\ICQ
2009-04-16 06:57 . 2009-03-27 06:53 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 06:57 . 2008-04-21 21:15 216576 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-16 06:56 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 06:56 . 2009-03-06 14:23 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-16 06:56 . 2009-02-09 11:25 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-16 06:56 . 2009-02-09 10:56 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 06:56 . 2009-02-09 10:56 684032 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 06:56 . 2009-02-09 10:56 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 06:56 . 2009-02-06 10:39 35328 -c----w c:\windows\system32\dllcache\sc.exe
2009-04-16 06:56 . 2009-02-09 10:56 728064 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 06:56 . 2009-02-09 10:56 709632 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 06:56 . 2009-02-09 10:56 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-12 19:56 . 2004-03-08 23:00 224016 ----a-w c:\windows\system32\tabctl32.ocx
2009-04-07 22:00 . 2009-04-08 10:13 273 ----a-w c:\windows\wininit.ini
2009-04-07 20:51 . 2009-04-07 20:51 155 ----a-w c:\windows\system32\SelfDel.bat
2009-04-03 15:37 . 2009-04-03 15:37 -------- d-----w c:\program files\Common Files\xing shared
2009-04-03 15:37 . 2009-04-03 15:37 -------- d-----w c:\program files\Common Files\Real
2009-04-01 20:58 . 2009-04-21 22:14 -------- d-----w c:\documents and settings\Radim\.rainlendar2
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-21 22:07 . 2008-09-26 18:27 -------- d-----w c:\documents and settings\Radim\Data aplikací\Skype
2009-04-21 21:41 . 2008-09-26 18:47 -------- d-----w c:\documents and settings\Radim\Data aplikací\MxBoost
2009-04-21 18:37 . 2008-09-26 18:31 -------- d-----w c:\documents and settings\Radim\Data aplikací\skypePM
2009-04-21 17:45 . 2008-10-08 17:33 81012 ---h--w C:\treeinfo.wc
2009-04-21 14:14 . 2009-04-21 14:14 18506 ----a-w C:\ComboFix2.txt
2009-04-21 14:02 . 2008-04-03 10:11 76534 ----a-w c:\windows\system32\perfc005.dat
2009-04-21 14:02 . 2008-04-03 10:11 406866 ----a-w c:\windows\system32\perfh005.dat
2009-04-20 13:21 . 2008-09-26 11:51 -------- d-----w c:\program files\TrueSuite Access Manager
2009-04-20 12:56 . 2008-12-09 08:32 -------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-04-20 11:14 . 2008-12-02 23:15 -------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-04-14 12:50 . 2009-01-15 11:10 -------- d-----w c:\program files\SPSS
2009-04-11 09:30 . 2008-09-26 12:12 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-11 09:30 . 2008-09-26 12:12 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-11 09:30 . 2008-09-26 12:12 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-07 21:06 . 2008-09-26 12:12 -------- d-----w c:\documents and settings\All Users\Data aplikací\avg8
2009-03-09 17:23 . 2008-12-30 20:56 -------- d-----w c:\documents and settings\Radim\Data aplikací\Simply Super Software
2009-03-09 16:52 . 2008-11-12 21:44 -------- d-----w c:\documents and settings\Radim\Data aplikací\cald3
2009-03-06 14:23 . 2008-04-03 10:11 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-25 21:49 . 2008-10-07 21:24 -------- d-----w c:\documents and settings\Radim\Data aplikací\iolo
2009-02-25 17:43 . 2008-10-07 21:24 -------- d-----w c:\documents and settings\All Users\Data aplikací\iolo
2009-02-25 17:27 . 2009-02-25 17:27 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-02-25 17:27 . 2009-02-25 17:27 -------- dc-h--w c:\documents and settings\All Users\Data aplikací\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-25 17:26 . 2009-02-25 17:26 -------- d-----w c:\program files\Lavasoft
2009-02-20 08:12 . 2008-04-03 10:11 667136 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:12 . 2008-04-03 10:11 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-11 19:10 . 2008-10-07 21:27 936288 ----a-w c:\windows\system32\Incinerator.dll
2009-02-09 14:07 . 2008-04-03 10:11 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:26 . 2004-08-17 15:45 2025984 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:26 . 2004-08-17 15:45 2147328 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:25 . 2008-04-03 10:11 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:56 . 2008-04-03 10:11 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:56 . 2008-04-03 10:11 728064 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:56 . 2008-04-03 10:11 709632 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:56 . 2008-04-03 10:11 684032 ----a-w c:\windows\system32\advapi32.dll
2009-02-06 10:39 . 2008-04-03 10:11 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:58 . 2008-04-03 10:11 56832 ----a-w c:\windows\system32\secur32.dll
2009-01-15 14:17 . 2008-04-03 09:25 71584 ----a-w c:\documents and settings\Administrator\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2008-10-07 21:37 . 2008-09-26 11:52 125 ----a-w c:\documents and settings\Radim\Local Settings\Data aplikací\fusioncache.dat
2008-04-03 10:31 . 2008-09-26 11:52 68456 ----a-w c:\documents and settings\Radim\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2008-04-03 09:38 . 2008-04-03 09:38 133 ----a-w c:\documents and settings\Administrator\Local Settings\Data aplikací\fusioncache.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-04-21_14.00.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-03 10:11 . 2009-04-21 13:59 64648 c:\windows\system32\perfc009.dat
+ 2008-04-03 10:11 . 2009-04-21 14:02 64648 c:\windows\system32\perfc009.dat
+ 2008-04-03 10:11 . 2009-04-21 14:02 409126 c:\windows\system32\perfh009.dat
- 2008-04-03 10:11 . 2009-04-21 13:59 409126 c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1]
@="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}"
[HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}]
2007-04-20 09:40 118784 ----a-w c:\program files\TrueSuite Access Manager\IconOvrly.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-05-30 21718312]
"DAEMON Tools Lite"="c:\radim\Setupy\Daemon\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"OEXPRESS"="c:\windows\OETRN.EXE" [2008-09-27 26624]
"Rainlendar2"="c:\radim\Setupy\Kalendar\Rainlendar2\Rainlendar2.exe" [2009-02-21 4333568]
"ICQ"="c:\radim\Setupy\Icq\ICQ6\ICQ.exe" [2008-09-01 173304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2008-01-04 1773568]
"SmoothView"="c:\program files\TOSHIBA\Nástroj TOSHIBA Zooming Utility\SmoothView.exe" [2007-05-11 143360]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-25 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-25 137752]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696]
"FingerPrintNotifer"="c:\program files\TrueSuite Access Manager\FpNotifier.exe" [2008-03-01 671744]
"UsbMonitor"="c:\program files\TrueSuite Access Manager\usbnotify.exe" [2007-06-05 94208]
"PwdBank"="c:\program files\TrueSuite Access Manager\PwdBank.exe" [2008-02-01 3150848]
"Toshiba Controls Utility"="c:\program files\TOSHIBA\Controls\VolumeIndicator.exe" [2008-02-01 77824]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-11 1932568]
"iTunesHelper"="c:\radim\Setupy\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-25 509784]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-03 198160]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2008-02-06 271672]
"CFSServ.exe"="CFSServ.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-1-25 2938184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2008-02-28 17:42 180224 ----a-w c:\windows\system32\FpWinlogonNp.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-11 09:30 10520 ----a-w c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli shzanpg.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Toshiba\\ConfigFree\\NDSTray.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Radim\\Setupy\\Icq\\ICQ6\\ICQ.exe"=
"c:\\Radim\\Setupy\\Maxthon\\Maxthon2\\Maxthon.exe"=
"c:\\Radim\\Setupy\\Oxford advanced learner\\OALD7\\oald7.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 EventSystemNetDDE;Systém událostí modelu COM+ EventSystemNetDDE; [x]
R3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2007-11-02 106496]
S0 AlfaFF;AlfaFF mini-filter driver;c:\windows\system32\Drivers\AlfaFF.sys [2008-02-29 42608]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-02-25 64160]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2008-01-11 21120]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2007-09-04 6528]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-11 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-11 108552]
S2 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe [2007-10-15 49152]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-11 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-11 298264]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-02-06 712048]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-02-06 712048]
S2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\DRIVERS\tdudf.sys [2007-03-26 105856]
S2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\DRIVERS\trudf.sys [2007-02-19 134016]
S3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDAud.sys [2008-02-01 732160]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-03-04 48600]
S3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2008-04-13 69120]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2007-05-29 6912]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - mchInjDrv
.
Obsah adresáře 'Naplánované úlohy'
2009-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
SSODL-CDBurn-{fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\Messenger\msmsgs.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\AVG\AVG8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\COMMON~1\Skype\SKYPE4~1.DLL
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-21 23:14
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2165393696-4004528709-1796396126-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:2f,6f,24,61,3c,36,4e,19,a8,5a,17,eb,49,da,07,cc,de,3a,84,90,2b,9e,4c,
d9,78,37,41,bd,36,19,bb,60,68,9b,02,9c,0d,05,cb,61,a5,1d,1d,4c,2a,53,14,cd,\
"??"=hex:1e,c8,fa,44,6e,c9,61,10,4a,b7,4e,64,42,36,e7,9a
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(972)
c:\windows\system32\TAM_GINA.dll
c:\program files\TrueSuite Access Manager\fpsuites.DLL
c:\program files\TrueSuite Access Manager\SharedResources.dll
c:\program files\TrueSuite Access Manager\FPResource.dll
c:\windows\system32\FpWinLogonNp.dll
- - - - - - - > 'explorer.exe'(3960)
c:\windows\TrnOEH.dll
c:\program files\TrueSuite Access Manager\IconOvrly.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\radim\Setupy\Bezpecnost\AdAware2008\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\windows\system32\ThpSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\UAService.exe
c:\windows\system32\UAService7.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\program files\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\ThpSrv.exe
c:\program files\TrueSuite Access Manager\CssSvr.exe
c:\program files\Apoint2K\hidfind.exe
c:\program files\Apoint2K\ApntEx.exe
c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
c:\windows\system32\TPSBattM.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2009-04-21 23:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-04-21 22:17
ComboFix2.txt 2009-04-21 18:39
ComboFix3.txt 2009-04-21 14:03
Před spuštěním: Volných bajtů: 66 476 658 688
Po spuštění: Volných bajtů: 66 463 510 528
266 --- E O F --- 2009-04-16 15:03
Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3
21.4.2009 21:50:36
mbam-log-2009-04-21 (21-50-36).txt
Scan type: Full Scan (C:\|)
Objects scanned: 164206
Time elapsed: 1 hour(s), 3 minute(s), 7 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 14
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\Radim\Data aplikací\nidle (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\efcDuSIX.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lifosiyo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mofekoyi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nevipisu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nitukito.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nptjtotf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ragehage.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\segoyehi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\seokrpve.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uwrlkrfu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zajopone.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eylondlf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBsqqrs.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkJdBuT.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
ComboFix 09-04-21.A2 - Radim 21.04.2009 23:08.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3062.2303 [GMT 1:00]
Spuštěný z: c:\documents and settings\Radim\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Radim\Plocha\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-21 do 2009-04-21 )))))))))))))))))))))))))))))))
.
2009-04-21 14:16 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-21 14:16 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-20 19:59 . 2009-04-21 09:56 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-20 19:06 . 2009-04-20 19:06 -------- d-----w c:\program files\trend micro
2009-04-20 10:55 . 2009-04-20 10:55 -------- d-----w C:\ICQ
2009-04-16 06:57 . 2009-03-27 06:53 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 06:57 . 2008-04-21 21:15 216576 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-16 06:56 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 06:56 . 2009-03-06 14:23 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-16 06:56 . 2009-02-09 11:25 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-16 06:56 . 2009-02-09 10:56 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 06:56 . 2009-02-09 10:56 684032 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 06:56 . 2009-02-09 10:56 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 06:56 . 2009-02-06 10:39 35328 -c----w c:\windows\system32\dllcache\sc.exe
2009-04-16 06:56 . 2009-02-09 10:56 728064 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 06:56 . 2009-02-09 10:56 709632 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 06:56 . 2009-02-09 10:56 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-12 19:56 . 2004-03-08 23:00 224016 ----a-w c:\windows\system32\tabctl32.ocx
2009-04-07 22:00 . 2009-04-08 10:13 273 ----a-w c:\windows\wininit.ini
2009-04-07 20:51 . 2009-04-07 20:51 155 ----a-w c:\windows\system32\SelfDel.bat
2009-04-03 15:37 . 2009-04-03 15:37 -------- d-----w c:\program files\Common Files\xing shared
2009-04-03 15:37 . 2009-04-03 15:37 -------- d-----w c:\program files\Common Files\Real
2009-04-01 20:58 . 2009-04-21 22:14 -------- d-----w c:\documents and settings\Radim\.rainlendar2
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-21 22:07 . 2008-09-26 18:27 -------- d-----w c:\documents and settings\Radim\Data aplikací\Skype
2009-04-21 21:41 . 2008-09-26 18:47 -------- d-----w c:\documents and settings\Radim\Data aplikací\MxBoost
2009-04-21 18:37 . 2008-09-26 18:31 -------- d-----w c:\documents and settings\Radim\Data aplikací\skypePM
2009-04-21 17:45 . 2008-10-08 17:33 81012 ---h--w C:\treeinfo.wc
2009-04-21 14:14 . 2009-04-21 14:14 18506 ----a-w C:\ComboFix2.txt
2009-04-21 14:02 . 2008-04-03 10:11 76534 ----a-w c:\windows\system32\perfc005.dat
2009-04-21 14:02 . 2008-04-03 10:11 406866 ----a-w c:\windows\system32\perfh005.dat
2009-04-20 13:21 . 2008-09-26 11:51 -------- d-----w c:\program files\TrueSuite Access Manager
2009-04-20 12:56 . 2008-12-09 08:32 -------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-04-20 11:14 . 2008-12-02 23:15 -------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-04-14 12:50 . 2009-01-15 11:10 -------- d-----w c:\program files\SPSS
2009-04-11 09:30 . 2008-09-26 12:12 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-11 09:30 . 2008-09-26 12:12 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-11 09:30 . 2008-09-26 12:12 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-07 21:06 . 2008-09-26 12:12 -------- d-----w c:\documents and settings\All Users\Data aplikací\avg8
2009-03-09 17:23 . 2008-12-30 20:56 -------- d-----w c:\documents and settings\Radim\Data aplikací\Simply Super Software
2009-03-09 16:52 . 2008-11-12 21:44 -------- d-----w c:\documents and settings\Radim\Data aplikací\cald3
2009-03-06 14:23 . 2008-04-03 10:11 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-25 21:49 . 2008-10-07 21:24 -------- d-----w c:\documents and settings\Radim\Data aplikací\iolo
2009-02-25 17:43 . 2008-10-07 21:24 -------- d-----w c:\documents and settings\All Users\Data aplikací\iolo
2009-02-25 17:27 . 2009-02-25 17:27 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-02-25 17:27 . 2009-02-25 17:27 -------- dc-h--w c:\documents and settings\All Users\Data aplikací\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-25 17:26 . 2009-02-25 17:26 -------- d-----w c:\program files\Lavasoft
2009-02-20 08:12 . 2008-04-03 10:11 667136 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:12 . 2008-04-03 10:11 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-11 19:10 . 2008-10-07 21:27 936288 ----a-w c:\windows\system32\Incinerator.dll
2009-02-09 14:07 . 2008-04-03 10:11 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:26 . 2004-08-17 15:45 2025984 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:26 . 2004-08-17 15:45 2147328 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:25 . 2008-04-03 10:11 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:56 . 2008-04-03 10:11 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:56 . 2008-04-03 10:11 728064 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:56 . 2008-04-03 10:11 709632 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:56 . 2008-04-03 10:11 684032 ----a-w c:\windows\system32\advapi32.dll
2009-02-06 10:39 . 2008-04-03 10:11 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:58 . 2008-04-03 10:11 56832 ----a-w c:\windows\system32\secur32.dll
2009-01-15 14:17 . 2008-04-03 09:25 71584 ----a-w c:\documents and settings\Administrator\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2008-10-07 21:37 . 2008-09-26 11:52 125 ----a-w c:\documents and settings\Radim\Local Settings\Data aplikací\fusioncache.dat
2008-04-03 10:31 . 2008-09-26 11:52 68456 ----a-w c:\documents and settings\Radim\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2008-04-03 09:38 . 2008-04-03 09:38 133 ----a-w c:\documents and settings\Administrator\Local Settings\Data aplikací\fusioncache.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-04-21_14.00.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-03 10:11 . 2009-04-21 13:59 64648 c:\windows\system32\perfc009.dat
+ 2008-04-03 10:11 . 2009-04-21 14:02 64648 c:\windows\system32\perfc009.dat
+ 2008-04-03 10:11 . 2009-04-21 14:02 409126 c:\windows\system32\perfh009.dat
- 2008-04-03 10:11 . 2009-04-21 13:59 409126 c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1]
@="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}"
[HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}]
2007-04-20 09:40 118784 ----a-w c:\program files\TrueSuite Access Manager\IconOvrly.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-05-30 21718312]
"DAEMON Tools Lite"="c:\radim\Setupy\Daemon\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"OEXPRESS"="c:\windows\OETRN.EXE" [2008-09-27 26624]
"Rainlendar2"="c:\radim\Setupy\Kalendar\Rainlendar2\Rainlendar2.exe" [2009-02-21 4333568]
"ICQ"="c:\radim\Setupy\Icq\ICQ6\ICQ.exe" [2008-09-01 173304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2008-01-04 1773568]
"SmoothView"="c:\program files\TOSHIBA\Nástroj TOSHIBA Zooming Utility\SmoothView.exe" [2007-05-11 143360]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-25 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-25 137752]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696]
"FingerPrintNotifer"="c:\program files\TrueSuite Access Manager\FpNotifier.exe" [2008-03-01 671744]
"UsbMonitor"="c:\program files\TrueSuite Access Manager\usbnotify.exe" [2007-06-05 94208]
"PwdBank"="c:\program files\TrueSuite Access Manager\PwdBank.exe" [2008-02-01 3150848]
"Toshiba Controls Utility"="c:\program files\TOSHIBA\Controls\VolumeIndicator.exe" [2008-02-01 77824]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-11 1932568]
"iTunesHelper"="c:\radim\Setupy\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-25 509784]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-03 198160]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2008-02-06 271672]
"CFSServ.exe"="CFSServ.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-1-25 2938184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2008-02-28 17:42 180224 ----a-w c:\windows\system32\FpWinlogonNp.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-11 09:30 10520 ----a-w c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli shzanpg.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Toshiba\\ConfigFree\\NDSTray.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Radim\\Setupy\\Icq\\ICQ6\\ICQ.exe"=
"c:\\Radim\\Setupy\\Maxthon\\Maxthon2\\Maxthon.exe"=
"c:\\Radim\\Setupy\\Oxford advanced learner\\OALD7\\oald7.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 EventSystemNetDDE;Systém událostí modelu COM+ EventSystemNetDDE; [x]
R3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2007-11-02 106496]
S0 AlfaFF;AlfaFF mini-filter driver;c:\windows\system32\Drivers\AlfaFF.sys [2008-02-29 42608]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-02-25 64160]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2008-01-11 21120]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2007-09-04 6528]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-11 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-11 108552]
S2 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe [2007-10-15 49152]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-11 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-11 298264]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-02-06 712048]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-02-06 712048]
S2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\DRIVERS\tdudf.sys [2007-03-26 105856]
S2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\DRIVERS\trudf.sys [2007-02-19 134016]
S3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDAud.sys [2008-02-01 732160]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-03-04 48600]
S3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2008-04-13 69120]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2007-05-29 6912]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - mchInjDrv
.
Obsah adresáře 'Naplánované úlohy'
2009-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
SSODL-CDBurn-{fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\Messenger\msmsgs.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\AVG\AVG8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\COMMON~1\Skype\SKYPE4~1.DLL
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-21 23:14
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2165393696-4004528709-1796396126-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:2f,6f,24,61,3c,36,4e,19,a8,5a,17,eb,49,da,07,cc,de,3a,84,90,2b,9e,4c,
d9,78,37,41,bd,36,19,bb,60,68,9b,02,9c,0d,05,cb,61,a5,1d,1d,4c,2a,53,14,cd,\
"??"=hex:1e,c8,fa,44,6e,c9,61,10,4a,b7,4e,64,42,36,e7,9a
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(972)
c:\windows\system32\TAM_GINA.dll
c:\program files\TrueSuite Access Manager\fpsuites.DLL
c:\program files\TrueSuite Access Manager\SharedResources.dll
c:\program files\TrueSuite Access Manager\FPResource.dll
c:\windows\system32\FpWinLogonNp.dll
- - - - - - - > 'explorer.exe'(3960)
c:\windows\TrnOEH.dll
c:\program files\TrueSuite Access Manager\IconOvrly.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\radim\Setupy\Bezpecnost\AdAware2008\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\windows\system32\ThpSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\UAService.exe
c:\windows\system32\UAService7.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\program files\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\ThpSrv.exe
c:\program files\TrueSuite Access Manager\CssSvr.exe
c:\program files\Apoint2K\hidfind.exe
c:\program files\Apoint2K\ApntEx.exe
c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
c:\windows\system32\TPSBattM.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2009-04-21 23:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-04-21 22:17
ComboFix2.txt 2009-04-21 18:39
ComboFix3.txt 2009-04-21 14:03
Před spuštěním: Volných bajtů: 66 476 658 688
Po spuštění: Volných bajtů: 66 463 510 528
266 --- E O F --- 2009-04-16 15:03
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43061
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: CSRSS.exe
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Později večer se podívám.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
File::
c:\windows\shzanpg.dll
Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Později večer se podívám.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: CSRSS.exe
ComboFix 09-04-21.A2 - Radim 22.04.2009 11:28.5 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3062.2279 [GMT 1:00]
Spuštěný z: c:\documents and settings\Radim\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Radim\Plocha\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
FILE ::
c:\windows\shzanpg.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-22 do 2009-04-22 )))))))))))))))))))))))))))))))
.
2009-04-21 14:16 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-21 14:16 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-20 19:59 . 2009-04-21 09:56 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-20 19:06 . 2009-04-20 19:06 -------- d-----w c:\program files\trend micro
2009-04-20 10:55 . 2009-04-20 10:55 -------- d-----w C:\ICQ
2009-04-16 06:57 . 2009-03-27 06:53 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 06:57 . 2008-04-21 21:15 216576 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-16 06:56 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 06:56 . 2009-03-06 14:23 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-16 06:56 . 2009-02-09 11:25 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-16 06:56 . 2009-02-09 10:56 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 06:56 . 2009-02-09 10:56 684032 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 06:56 . 2009-02-09 10:56 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 06:56 . 2009-02-06 10:39 35328 -c----w c:\windows\system32\dllcache\sc.exe
2009-04-16 06:56 . 2009-02-09 10:56 728064 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 06:56 . 2009-02-09 10:56 709632 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 06:56 . 2009-02-09 10:56 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-12 19:56 . 2004-03-08 23:00 224016 ----a-w c:\windows\system32\tabctl32.ocx
2009-04-07 22:00 . 2009-04-08 10:13 273 ----a-w c:\windows\wininit.ini
2009-04-07 20:51 . 2009-04-07 20:51 155 ----a-w c:\windows\system32\SelfDel.bat
2009-04-03 15:37 . 2009-04-03 15:37 -------- d-----w c:\program files\Common Files\xing shared
2009-04-03 15:37 . 2009-04-03 15:37 -------- d-----w c:\program files\Common Files\Real
2009-04-01 20:58 . 2009-04-22 10:33 -------- d-----w c:\documents and settings\Radim\.rainlendar2
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 10:26 . 2008-09-26 18:27 -------- d-----w c:\documents and settings\Radim\Data aplikací\Skype
2009-04-22 10:20 . 2008-09-26 18:47 -------- d-----w c:\documents and settings\Radim\Data aplikací\MxBoost
2009-04-22 07:03 . 2008-09-26 18:31 -------- d-----w c:\documents and settings\Radim\Data aplikací\skypePM
2009-04-21 17:45 . 2008-10-08 17:33 81012 ---h--w C:\treeinfo.wc
2009-04-21 14:14 . 2009-04-21 14:14 18506 ----a-w C:\ComboFix2.txt
2009-04-21 14:02 . 2008-04-03 10:11 76534 ----a-w c:\windows\system32\perfc005.dat
2009-04-21 14:02 . 2008-04-03 10:11 406866 ----a-w c:\windows\system32\perfh005.dat
2009-04-20 13:21 . 2008-09-26 11:51 -------- d-----w c:\program files\TrueSuite Access Manager
2009-04-20 12:56 . 2008-12-09 08:32 -------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-04-20 11:14 . 2008-12-02 23:15 -------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-04-14 12:50 . 2009-01-15 11:10 -------- d-----w c:\program files\SPSS
2009-04-11 09:30 . 2008-09-26 12:12 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-11 09:30 . 2008-09-26 12:12 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-11 09:30 . 2008-09-26 12:12 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-07 21:06 . 2008-09-26 12:12 -------- d-----w c:\documents and settings\All Users\Data aplikací\avg8
2009-03-09 17:23 . 2008-12-30 20:56 -------- d-----w c:\documents and settings\Radim\Data aplikací\Simply Super Software
2009-03-09 16:52 . 2008-11-12 21:44 -------- d-----w c:\documents and settings\Radim\Data aplikací\cald3
2009-03-06 14:23 . 2008-04-03 10:11 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-25 21:49 . 2008-10-07 21:24 -------- d-----w c:\documents and settings\Radim\Data aplikací\iolo
2009-02-25 17:43 . 2008-10-07 21:24 -------- d-----w c:\documents and settings\All Users\Data aplikací\iolo
2009-02-25 17:27 . 2009-02-25 17:27 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-02-25 17:27 . 2009-02-25 17:27 -------- dc-h--w c:\documents and settings\All Users\Data aplikací\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-25 17:26 . 2009-02-25 17:26 -------- d-----w c:\program files\Lavasoft
2009-02-20 08:12 . 2008-04-03 10:11 667136 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:12 . 2008-04-03 10:11 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-11 19:10 . 2008-10-07 21:27 936288 ----a-w c:\windows\system32\Incinerator.dll
2009-02-09 14:07 . 2008-04-03 10:11 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:26 . 2004-08-17 15:45 2025984 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:26 . 2004-08-17 15:45 2147328 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:25 . 2008-04-03 10:11 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:56 . 2008-04-03 10:11 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:56 . 2008-04-03 10:11 728064 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:56 . 2008-04-03 10:11 709632 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:56 . 2008-04-03 10:11 684032 ----a-w c:\windows\system32\advapi32.dll
2009-02-06 10:39 . 2008-04-03 10:11 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:58 . 2008-04-03 10:11 56832 ----a-w c:\windows\system32\secur32.dll
2009-01-15 14:17 . 2008-04-03 09:25 71584 ----a-w c:\documents and settings\Administrator\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2008-10-07 21:37 . 2008-09-26 11:52 125 ----a-w c:\documents and settings\Radim\Local Settings\Data aplikací\fusioncache.dat
2008-04-03 10:31 . 2008-09-26 11:52 68456 ----a-w c:\documents and settings\Radim\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2008-04-03 09:38 . 2008-04-03 09:38 133 ----a-w c:\documents and settings\Administrator\Local Settings\Data aplikací\fusioncache.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-04-21_14.00.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-03 10:11 . 2009-04-21 13:59 64648 c:\windows\system32\perfc009.dat
+ 2008-04-03 10:11 . 2009-04-21 14:02 64648 c:\windows\system32\perfc009.dat
+ 2008-04-03 10:11 . 2009-04-21 14:02 409126 c:\windows\system32\perfh009.dat
- 2008-04-03 10:11 . 2009-04-21 13:59 409126 c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1]
@="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}"
[HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}]
2007-04-20 09:40 118784 ----a-w c:\program files\TrueSuite Access Manager\IconOvrly.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-05-30 21718312]
"DAEMON Tools Lite"="c:\radim\Setupy\Daemon\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"OEXPRESS"="c:\windows\OETRN.EXE" [2008-09-27 26624]
"Rainlendar2"="c:\radim\Setupy\Kalendar\Rainlendar2\Rainlendar2.exe" [2009-02-21 4333568]
"ICQ"="c:\radim\Setupy\Icq\ICQ6\ICQ.exe" [2008-09-01 173304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2008-01-04 1773568]
"SmoothView"="c:\program files\TOSHIBA\Nástroj TOSHIBA Zooming Utility\SmoothView.exe" [2007-05-11 143360]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-25 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-25 137752]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696]
"FingerPrintNotifer"="c:\program files\TrueSuite Access Manager\FpNotifier.exe" [2008-03-01 671744]
"UsbMonitor"="c:\program files\TrueSuite Access Manager\usbnotify.exe" [2007-06-05 94208]
"PwdBank"="c:\program files\TrueSuite Access Manager\PwdBank.exe" [2008-02-01 3150848]
"Toshiba Controls Utility"="c:\program files\TOSHIBA\Controls\VolumeIndicator.exe" [2008-02-01 77824]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-11 1932568]
"iTunesHelper"="c:\radim\Setupy\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-25 509784]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-03 198160]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2008-02-06 271672]
"CFSServ.exe"="CFSServ.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-1-25 2938184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2008-02-28 17:42 180224 ----a-w c:\windows\system32\FpWinlogonNp.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-11 09:30 10520 ----a-w c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Toshiba\\ConfigFree\\NDSTray.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Radim\\Setupy\\Icq\\ICQ6\\ICQ.exe"=
"c:\\Radim\\Setupy\\Maxthon\\Maxthon2\\Maxthon.exe"=
"c:\\Radim\\Setupy\\Oxford advanced learner\\OALD7\\oald7.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 EventSystemNetDDE;Systém událostí modelu COM+ EventSystemNetDDE; [x]
R3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2007-11-02 106496]
S0 AlfaFF;AlfaFF mini-filter driver;c:\windows\system32\Drivers\AlfaFF.sys [2008-02-29 42608]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-02-25 64160]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2008-01-11 21120]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2007-09-04 6528]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-11 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-11 108552]
S2 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe [2007-10-15 49152]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-11 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-11 298264]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-02-06 712048]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-02-06 712048]
S2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\DRIVERS\tdudf.sys [2007-03-26 105856]
S2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\DRIVERS\trudf.sys [2007-02-19 134016]
S3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDAud.sys [2008-02-01 732160]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-03-04 48600]
S3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2008-04-13 69120]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2007-05-29 6912]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - mchInjDrv
.
Obsah adresáře 'Naplánované úlohy'
2009-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
SSODL-WebCheck-{E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %SystemRoot%\system32\webcheck.dll
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\Messenger\msmsgs.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\AVG\AVG8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\COMMON~1\Skype\SKYPE4~1.DLL
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-22 11:33
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2165393696-4004528709-1796396126-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:2f,6f,24,61,3c,36,4e,19,a8,5a,17,eb,49,da,07,cc,de,3a,84,90,2b,9e,4c,
d9,78,37,41,bd,36,19,bb,60,68,9b,02,9c,0d,05,cb,61,a5,1d,1d,4c,2a,53,14,cd,\
"??"=hex:1e,c8,fa,44,6e,c9,61,10,4a,b7,4e,64,42,36,e7,9a
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(976)
c:\windows\system32\TAM_GINA.dll
c:\program files\TrueSuite Access Manager\fpsuites.DLL
c:\program files\TrueSuite Access Manager\SharedResources.dll
c:\program files\TrueSuite Access Manager\FPResource.dll
c:\windows\system32\FpWinLogonNp.dll
- - - - - - - > 'explorer.exe'(2728)
c:\windows\TrnOEH.dll
c:\program files\TrueSuite Access Manager\IconOvrly.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\radim\Setupy\Bezpecnost\AdAware2008\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\windows\system32\ThpSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\UAService.exe
c:\windows\system32\UAService7.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\program files\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\ThpSrv.exe
c:\program files\TrueSuite Access Manager\CssSvr.exe
c:\program files\Apoint2K\hidfind.exe
c:\program files\Apoint2K\ApntEx.exe
c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2009-04-22 11:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-04-22 10:35
ComboFix2.txt 2009-04-21 22:17
ComboFix3.txt 2009-04-21 18:39
ComboFix4.txt 2009-04-21 14:03
Před spuštěním: Volných bajtů: 66 435 657 728
Po spuštění: Volných bajtů: 66 431 471 616
266 --- E O F --- 2009-04-16 15:03
Logfile of HijackThis v1.99.1
Scan saved at 11:41:12, on 22.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\TAMSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Radim\Setupy\Bezpecnost\AdAware2008\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\TODDSrv.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\UAService.exe
C:\WINDOWS\system32\UAService7.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\TOSHIBA\Nástroj TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\TrueSuite Access Manager\usbnotify.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\TrueSuite Access Manager\PwdBank.exe
C:\WINDOWS\system32\thpsrv.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Radim\Setupy\iTunes\iTunesHelper.exe
C:\Program Files\TrueSuite Access Manager\CssSvr.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Radim\Setupy\Daemon\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\OETRN.EXE
C:\Radim\Setupy\Kalendar\Rainlendar2\Rainlendar2.exe
C:\Radim\Setupy\Icq\ICQ6\ICQ.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\system32\TPSBattM.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Radim\Setupy\Total Commander\totalcmd\TOTALCMD.EXE
C:\DOCUME~1\Radim\LOCALS~1\Temp\_tc\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Radim\Setupy\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [ITSecMng] "C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" /START
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang CZ
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\Nástroj TOSHIBA Zooming Utility\SmoothView.exe"
O4 - HKLM\..\Run: [DDWMon] "C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe"
O4 - HKLM\..\Run: [topi] "C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" -startup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [FingerPrintNotifer] "C:\Program Files\TrueSuite Access Manager\FpNotifier.exe"
O4 - HKLM\..\Run: [UsbMonitor] "C:\Program Files\TrueSuite Access Manager\usbnotify.exe"
O4 - HKLM\..\Run: [PwdBank] "C:\Program Files\TrueSuite Access Manager\PwdBank.exe"
O4 - HKLM\..\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon
O4 - HKLM\..\Run: [Toshiba Controls Utility] "C:\Program Files\TOSHIBA\Controls\VolumeIndicator.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [iTunesHelper] "C:\Radim\Setupy\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Radim\Setupy\Daemon\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE
O4 - HKCU\..\Run: [Rainlendar2] C:\Radim\Setupy\Kalendar\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ICQ] "C:\Radim\Setupy\Icq\ICQ6\ICQ.exe" silent
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/lib/york/support ... aryRdr.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Radim\Setupy\Bezpecnost\AdAware2008\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Authentec memory manager service (Authentec memory manager) - AuthenTec Inc. - C:\WINDOWS\system32\TAMSvr.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Ochrana HDD TOSHIBA (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3062.2279 [GMT 1:00]
Spuštěný z: c:\documents and settings\Radim\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Radim\Plocha\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
FILE ::
c:\windows\shzanpg.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-22 do 2009-04-22 )))))))))))))))))))))))))))))))
.
2009-04-21 14:16 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-21 14:16 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-20 19:59 . 2009-04-21 09:56 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-20 19:06 . 2009-04-20 19:06 -------- d-----w c:\program files\trend micro
2009-04-20 10:55 . 2009-04-20 10:55 -------- d-----w C:\ICQ
2009-04-16 06:57 . 2009-03-27 06:53 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 06:57 . 2008-04-21 21:15 216576 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-16 06:56 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 06:56 . 2009-03-06 14:23 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-16 06:56 . 2009-02-09 11:25 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-16 06:56 . 2009-02-09 10:56 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 06:56 . 2009-02-09 10:56 684032 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 06:56 . 2009-02-09 10:56 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 06:56 . 2009-02-06 10:39 35328 -c----w c:\windows\system32\dllcache\sc.exe
2009-04-16 06:56 . 2009-02-09 10:56 728064 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 06:56 . 2009-02-09 10:56 709632 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 06:56 . 2009-02-09 10:56 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-12 19:56 . 2004-03-08 23:00 224016 ----a-w c:\windows\system32\tabctl32.ocx
2009-04-07 22:00 . 2009-04-08 10:13 273 ----a-w c:\windows\wininit.ini
2009-04-07 20:51 . 2009-04-07 20:51 155 ----a-w c:\windows\system32\SelfDel.bat
2009-04-03 15:37 . 2009-04-03 15:37 -------- d-----w c:\program files\Common Files\xing shared
2009-04-03 15:37 . 2009-04-03 15:37 -------- d-----w c:\program files\Common Files\Real
2009-04-01 20:58 . 2009-04-22 10:33 -------- d-----w c:\documents and settings\Radim\.rainlendar2
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 10:26 . 2008-09-26 18:27 -------- d-----w c:\documents and settings\Radim\Data aplikací\Skype
2009-04-22 10:20 . 2008-09-26 18:47 -------- d-----w c:\documents and settings\Radim\Data aplikací\MxBoost
2009-04-22 07:03 . 2008-09-26 18:31 -------- d-----w c:\documents and settings\Radim\Data aplikací\skypePM
2009-04-21 17:45 . 2008-10-08 17:33 81012 ---h--w C:\treeinfo.wc
2009-04-21 14:14 . 2009-04-21 14:14 18506 ----a-w C:\ComboFix2.txt
2009-04-21 14:02 . 2008-04-03 10:11 76534 ----a-w c:\windows\system32\perfc005.dat
2009-04-21 14:02 . 2008-04-03 10:11 406866 ----a-w c:\windows\system32\perfh005.dat
2009-04-20 13:21 . 2008-09-26 11:51 -------- d-----w c:\program files\TrueSuite Access Manager
2009-04-20 12:56 . 2008-12-09 08:32 -------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-04-20 11:14 . 2008-12-02 23:15 -------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-04-14 12:50 . 2009-01-15 11:10 -------- d-----w c:\program files\SPSS
2009-04-11 09:30 . 2008-09-26 12:12 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-11 09:30 . 2008-09-26 12:12 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-11 09:30 . 2008-09-26 12:12 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-07 21:06 . 2008-09-26 12:12 -------- d-----w c:\documents and settings\All Users\Data aplikací\avg8
2009-03-09 17:23 . 2008-12-30 20:56 -------- d-----w c:\documents and settings\Radim\Data aplikací\Simply Super Software
2009-03-09 16:52 . 2008-11-12 21:44 -------- d-----w c:\documents and settings\Radim\Data aplikací\cald3
2009-03-06 14:23 . 2008-04-03 10:11 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-25 21:49 . 2008-10-07 21:24 -------- d-----w c:\documents and settings\Radim\Data aplikací\iolo
2009-02-25 17:43 . 2008-10-07 21:24 -------- d-----w c:\documents and settings\All Users\Data aplikací\iolo
2009-02-25 17:27 . 2009-02-25 17:27 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-02-25 17:27 . 2009-02-25 17:27 -------- dc-h--w c:\documents and settings\All Users\Data aplikací\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-25 17:26 . 2009-02-25 17:26 -------- d-----w c:\program files\Lavasoft
2009-02-20 08:12 . 2008-04-03 10:11 667136 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:12 . 2008-04-03 10:11 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-11 19:10 . 2008-10-07 21:27 936288 ----a-w c:\windows\system32\Incinerator.dll
2009-02-09 14:07 . 2008-04-03 10:11 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:26 . 2004-08-17 15:45 2025984 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:26 . 2004-08-17 15:45 2147328 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:25 . 2008-04-03 10:11 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:56 . 2008-04-03 10:11 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:56 . 2008-04-03 10:11 728064 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:56 . 2008-04-03 10:11 709632 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:56 . 2008-04-03 10:11 684032 ----a-w c:\windows\system32\advapi32.dll
2009-02-06 10:39 . 2008-04-03 10:11 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:58 . 2008-04-03 10:11 56832 ----a-w c:\windows\system32\secur32.dll
2009-01-15 14:17 . 2008-04-03 09:25 71584 ----a-w c:\documents and settings\Administrator\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2008-10-07 21:37 . 2008-09-26 11:52 125 ----a-w c:\documents and settings\Radim\Local Settings\Data aplikací\fusioncache.dat
2008-04-03 10:31 . 2008-09-26 11:52 68456 ----a-w c:\documents and settings\Radim\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2008-04-03 09:38 . 2008-04-03 09:38 133 ----a-w c:\documents and settings\Administrator\Local Settings\Data aplikací\fusioncache.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-04-21_14.00.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-03 10:11 . 2009-04-21 13:59 64648 c:\windows\system32\perfc009.dat
+ 2008-04-03 10:11 . 2009-04-21 14:02 64648 c:\windows\system32\perfc009.dat
+ 2008-04-03 10:11 . 2009-04-21 14:02 409126 c:\windows\system32\perfh009.dat
- 2008-04-03 10:11 . 2009-04-21 13:59 409126 c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1]
@="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}"
[HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}]
2007-04-20 09:40 118784 ----a-w c:\program files\TrueSuite Access Manager\IconOvrly.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-05-30 21718312]
"DAEMON Tools Lite"="c:\radim\Setupy\Daemon\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"OEXPRESS"="c:\windows\OETRN.EXE" [2008-09-27 26624]
"Rainlendar2"="c:\radim\Setupy\Kalendar\Rainlendar2\Rainlendar2.exe" [2009-02-21 4333568]
"ICQ"="c:\radim\Setupy\Icq\ICQ6\ICQ.exe" [2008-09-01 173304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2008-01-04 1773568]
"SmoothView"="c:\program files\TOSHIBA\Nástroj TOSHIBA Zooming Utility\SmoothView.exe" [2007-05-11 143360]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-25 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-25 137752]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696]
"FingerPrintNotifer"="c:\program files\TrueSuite Access Manager\FpNotifier.exe" [2008-03-01 671744]
"UsbMonitor"="c:\program files\TrueSuite Access Manager\usbnotify.exe" [2007-06-05 94208]
"PwdBank"="c:\program files\TrueSuite Access Manager\PwdBank.exe" [2008-02-01 3150848]
"Toshiba Controls Utility"="c:\program files\TOSHIBA\Controls\VolumeIndicator.exe" [2008-02-01 77824]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-11 1932568]
"iTunesHelper"="c:\radim\Setupy\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-25 509784]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-03 198160]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2008-02-06 271672]
"CFSServ.exe"="CFSServ.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-1-25 2938184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2008-02-28 17:42 180224 ----a-w c:\windows\system32\FpWinlogonNp.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-11 09:30 10520 ----a-w c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Toshiba\\ConfigFree\\NDSTray.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Radim\\Setupy\\Icq\\ICQ6\\ICQ.exe"=
"c:\\Radim\\Setupy\\Maxthon\\Maxthon2\\Maxthon.exe"=
"c:\\Radim\\Setupy\\Oxford advanced learner\\OALD7\\oald7.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 EventSystemNetDDE;Systém událostí modelu COM+ EventSystemNetDDE; [x]
R3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2007-11-02 106496]
S0 AlfaFF;AlfaFF mini-filter driver;c:\windows\system32\Drivers\AlfaFF.sys [2008-02-29 42608]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-02-25 64160]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2008-01-11 21120]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2007-09-04 6528]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-11 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-11 108552]
S2 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe [2007-10-15 49152]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-11 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-11 298264]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-02-06 712048]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-02-06 712048]
S2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\DRIVERS\tdudf.sys [2007-03-26 105856]
S2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\DRIVERS\trudf.sys [2007-02-19 134016]
S3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDAud.sys [2008-02-01 732160]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-03-04 48600]
S3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2008-04-13 69120]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2007-05-29 6912]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - mchInjDrv
.
Obsah adresáře 'Naplánované úlohy'
2009-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
SSODL-WebCheck-{E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %SystemRoot%\system32\webcheck.dll
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\Messenger\msmsgs.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\AVG\AVG8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\COMMON~1\Skype\SKYPE4~1.DLL
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-22 11:33
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2165393696-4004528709-1796396126-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:2f,6f,24,61,3c,36,4e,19,a8,5a,17,eb,49,da,07,cc,de,3a,84,90,2b,9e,4c,
d9,78,37,41,bd,36,19,bb,60,68,9b,02,9c,0d,05,cb,61,a5,1d,1d,4c,2a,53,14,cd,\
"??"=hex:1e,c8,fa,44,6e,c9,61,10,4a,b7,4e,64,42,36,e7,9a
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(976)
c:\windows\system32\TAM_GINA.dll
c:\program files\TrueSuite Access Manager\fpsuites.DLL
c:\program files\TrueSuite Access Manager\SharedResources.dll
c:\program files\TrueSuite Access Manager\FPResource.dll
c:\windows\system32\FpWinLogonNp.dll
- - - - - - - > 'explorer.exe'(2728)
c:\windows\TrnOEH.dll
c:\program files\TrueSuite Access Manager\IconOvrly.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\radim\Setupy\Bezpecnost\AdAware2008\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\windows\system32\ThpSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\UAService.exe
c:\windows\system32\UAService7.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\program files\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\ThpSrv.exe
c:\program files\TrueSuite Access Manager\CssSvr.exe
c:\program files\Apoint2K\hidfind.exe
c:\program files\Apoint2K\ApntEx.exe
c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2009-04-22 11:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-04-22 10:35
ComboFix2.txt 2009-04-21 22:17
ComboFix3.txt 2009-04-21 18:39
ComboFix4.txt 2009-04-21 14:03
Před spuštěním: Volných bajtů: 66 435 657 728
Po spuštění: Volných bajtů: 66 431 471 616
266 --- E O F --- 2009-04-16 15:03
Logfile of HijackThis v1.99.1
Scan saved at 11:41:12, on 22.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\TAMSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Radim\Setupy\Bezpecnost\AdAware2008\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\TODDSrv.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\UAService.exe
C:\WINDOWS\system32\UAService7.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\TOSHIBA\Nástroj TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\TrueSuite Access Manager\usbnotify.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\TrueSuite Access Manager\PwdBank.exe
C:\WINDOWS\system32\thpsrv.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Radim\Setupy\iTunes\iTunesHelper.exe
C:\Program Files\TrueSuite Access Manager\CssSvr.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Radim\Setupy\Daemon\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\OETRN.EXE
C:\Radim\Setupy\Kalendar\Rainlendar2\Rainlendar2.exe
C:\Radim\Setupy\Icq\ICQ6\ICQ.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\system32\TPSBattM.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Radim\Setupy\Total Commander\totalcmd\TOTALCMD.EXE
C:\DOCUME~1\Radim\LOCALS~1\Temp\_tc\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Radim\Setupy\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [ITSecMng] "C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" /START
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang CZ
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\Nástroj TOSHIBA Zooming Utility\SmoothView.exe"
O4 - HKLM\..\Run: [DDWMon] "C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe"
O4 - HKLM\..\Run: [topi] "C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" -startup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [FingerPrintNotifer] "C:\Program Files\TrueSuite Access Manager\FpNotifier.exe"
O4 - HKLM\..\Run: [UsbMonitor] "C:\Program Files\TrueSuite Access Manager\usbnotify.exe"
O4 - HKLM\..\Run: [PwdBank] "C:\Program Files\TrueSuite Access Manager\PwdBank.exe"
O4 - HKLM\..\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon
O4 - HKLM\..\Run: [Toshiba Controls Utility] "C:\Program Files\TOSHIBA\Controls\VolumeIndicator.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [iTunesHelper] "C:\Radim\Setupy\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Radim\Setupy\Daemon\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE
O4 - HKCU\..\Run: [Rainlendar2] C:\Radim\Setupy\Kalendar\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ICQ] "C:\Radim\Setupy\Icq\ICQ6\ICQ.exe" silent
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/lib/york/support ... aryRdr.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Radim\Setupy\Bezpecnost\AdAware2008\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Authentec memory manager service (Authentec memory manager) - AuthenTec Inc. - C:\WINDOWS\system32\TAMSvr.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Ochrana HDD TOSHIBA (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43061
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: CSRSS.exe
Příště novější verzi HJT (2.02.):
http://www.trendsecure.com/portal/en-US ... s/download
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, následně T-Cleaner smaž a zapni si AVG.
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Aktualizuj javu:
Java SE Runtime Environment 6u13
Vyber OS ( předpokládám Windows), dej zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u13-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.
Vše.
http://www.trendsecure.com/portal/en-US ... s/download
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Kód: Vybrat vše
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - - (no file)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, následně T-Cleaner smaž a zapni si AVG.
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Aktualizuj javu:
Java SE Runtime Environment 6u13
Vyber OS ( předpokládám Windows), dej zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u13-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.
Vše.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 32 hostů