Prosím o kontrolu logu - podezření na havěť

Kosai · Příspěvekod **Kosai** » 02 črc 2009 11:14

nejdou mi přesouvat ikony z místa na místo,nešla ani otevřít nabídka lišty Start,nicméně tohle se už zdá ok.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:03, on 2.7.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
D:\DAEMON Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - D:\Translator\WEBIE.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - D:\Translator\WEBIE.DLL
O4 - HKLM\..\Run: [DAEMON Tools] "D:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Quick\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Danek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - D:\Translator\WEBIE.DLL
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - D:\Translator\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - D:\Translator\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - D:\Translator\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - D:\Translator\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - D:\Translator\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - D:\Translator\WEBIE.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 3997024249
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C54A3CE-083F-452D-8A38-A99C496AEBB0}: NameServer = 192.168.1.5
O17 - HKLM\System\CS9\Services\Tcpip\..\{3C54A3CE-083F-452D-8A38-A99C496AEBB0}: NameServer = 192.168.1.5
O17 - HKLM\System\CS10\Services\Tcpip\..\{3C54A3CE-083F-452D-8A38-A99C496AEBB0}: NameServer = 192.168.1.5
O17 - HKLM\System\CS11\Services\Tcpip\..\{3C54A3CE-083F-452D-8A38-A99C496AEBB0}: NameServer = 192.168.1.5
O17 - HKLM\System\CS12\Services\Tcpip\..\{3C54A3CE-083F-452D-8A38-A99C496AEBB0}: NameServer = 192.168.1.5
O17 - HKLM\System\CS13\Services\Tcpip\..\{3C54A3CE-083F-452D-8A38-A99C496AEBB0}: NameServer = 192.168.1.5
O17 - HKLM\System\CS14\Services\Tcpip\..\{3C54A3CE-083F-452D-8A38-A99C496AEBB0}: NameServer = 192.168.1.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Prime95 Service - Unknown owner - D:\Prime95\prime95.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7873 bytes

Reklama

Příspěvekod **jaro3** » 02 črc 2009 13:24

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Kosai · Příspěvekod **Kosai** » 02 črc 2009 14:43

Malwarebytes' Anti-Malware 1.35
Verze databáze: 1910
Windows 5.1.2600 Service Pack 3

2.7.2009 14:05:16
mbam-log-2009-07-02 (14-05-16).txt

Typ skenu: Rychlý sken
Objektu skenováno: 80134
Uplynulý cas: 14 minute(s), 10 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

Mezitím jsem nechal běžet důkladný test lokálních disků u Avastu a našel vir/červa viz. obrázek v příloze,zvolil jsem možnost smazat,testování ještě pokračuje.

Příspěvekod **jaro3** » 02 črc 2009 15:38

Vypni rez. ochranu u Avastu.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Kosai · Příspěvekod **Kosai** » 02 črc 2009 21:19

ComboFix 09-07-01.04 - Danek 02.07.2009 20:48.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.235 [GMT 2:00]
Spuštěný z: c:\documents and settings\Danek\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090701-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\extensions\{816CE456-BB58-47C1-97D0-1BC92AA09A46}
c:\program files\Mozilla Firefox\extensions\{816CE456-BB58-47C1-97D0-1BC92AA09A46}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{816CE456-BB58-47C1-97D0-1BC92AA09A46}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{816CE456-BB58-47C1-97D0-1BC92AA09A46}\install.rdf

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OVFSTHWKYHOXLSRQONOBHJDMPWXNSSIVYPXMPP
-------\Service_ovfsthwkyhoxlsrqonobhjdmpwxnssivypxmpp

((((((((((((((((((((((((( Soubory vytvořené od 2009-06-02 do 2009-07-02 )))))))))))))))))))))))))))))))
.

2009-07-02 09:02 . 2009-07-02 09:02 -------- d-----w- c:\program files\Trend Micro
2009-06-17 19:41 . 2009-06-17 19:41 74 ---ha-w- c:\windows\efdcet.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-28 14:10 . 2009-03-27 16:21 -------- d-----w- c:\program files\HP
2009-06-28 14:03 . 2005-01-24 09:30 139264 ----a-w- c:\windows\system32\hpzjrd01.dll
2009-06-17 19:54 . 2006-08-14 13:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-12 15:37 . 2007-07-15 11:05 -------- d-----w- c:\program files\The KMPlayer
2009-05-15 17:18 . 2007-03-31 11:44 -------- d-----w- c:\program files\Apple Software Update
2009-05-13 19:35 . 2009-05-13 19:35 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-05-13 18:41 . 2006-10-06 15:28 -------- d-----r- c:\program files\Skype
2009-05-13 18:41 . 2009-05-13 18:41 -------- d-----w- c:\program files\Common Files\Skype
2009-04-08 13:12 . 2009-04-08 12:53 44895 ----a-w- c:\windows\War3Unin.dat
2009-04-08 13:12 . 2009-04-08 12:53 2829 ----a-w- c:\windows\War3Unin.pif
2009-04-08 13:12 . 2009-04-08 12:53 139264 ----a-w- c:\windows\War3Unin.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\Danek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="d:\daemon tools\daemon.exe" [2005-11-08 128920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-12 4112384]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-12 81920]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-06-10 286720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="d:\quick\QTTask.exe" [2009-01-05 413696]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-07-12 843776]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Update Utility"="\\?\globalroot\systemroot\system32\svchast.exe" [?]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="d:\nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

c:\documents and settings\Danek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\hry\\Warcraft III\\Warcraft III.exe"=
"d:\\hry\\Warcraft III\\War3.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"d:\\java\\EE-datak\\EE-AOC.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\ICQ6.5\\ICQ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1.4.2008 16:56 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.4.2008 16:56 20560]
S3 cpuz126;cpuz126;\??\c:\docume~1\Danek\LOCALS~1\Temp\cpuz.sys --> c:\docume~1\Danek\LOCALS~1\Temp\cpuz.sys [?]
S3 DLPortIO;DriverLINX Port I/O Driver;c:\documents and settings\Danek\Plocha\speedfan\DLPORTIO.SYS [23.11.2006 18:37 3584]
S3 NtApm;Ovladač rozhraní služby NT Apm/Legacy;c:\windows\system32\drivers\NtApm.sys [10.8.2006 12:18 9472]
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);c:\windows\system32\drivers\SE2Fbus.sys [8.4.2007 22:20 61600]
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;c:\windows\system32\drivers\SE2Fmdfl.sys [8.4.2007 22:20 9360]
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;c:\windows\system32\drivers\SE2Fmdm.sys [8.4.2007 22:20 97184]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - d:\translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - d:\translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - d:\translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - d:\translator\WEBIE.DLL
TCP: {3C54A3CE-083F-452D-8A38-A99C496AEBB0} = 192.168.1.5
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Danek\Data aplikací\Mozilla\Firefox\Profiles\jgmjfak9.default\
FF - prefs.js: browser.search.selectedEngine - qtl
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: d:\quick\Plugins\npqtplugin.dll
FF - plugin: d:\quick\Plugins\npqtplugin2.dll
FF - plugin: d:\quick\Plugins\npqtplugin3.dll
FF - plugin: d:\quick\Plugins\npqtplugin4.dll
FF - plugin: d:\quick\Plugins\npqtplugin5.dll
FF - plugin: d:\quick\Plugins\npqtplugin6.dll
FF - plugin: d:\quick\Plugins\npqtplugin7.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-02 20:59
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,45,ab,c3,7d,59,
3b,76,8f,e2,63,26,f1,3f,c8,ff,68,41,78,54,6b,cb,25,73,5e,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,60,f9,58,4e,dd,
71,a9,b3,6a,9c,d6,61,af,45,84,18,38,bb,d5,45,c2,68,70,5c,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,95,b6,ed,29,fb,
41,b5,71,ff,7c,85,e0,43,d4,0e,fe,e7,38,ef,42,95,63,97,c3,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,cf,09,3e,33,30,
24,54,72,86,8c,21,01,be,91,eb,e7,ba,33,a5,03,1a,41,48,16,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,ec,24,cf,f8,72,
35,09,bf,f5,1d,4d,73,a8,13,5c,05,1d,83,69,e8,ac,fb,66,38,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,80,5d,52,22,f1,
27,f7,ee,df,20,58,62,78,6b,cf,c8,4e,9e,52,48,ec,c0,a7,1c,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,c7,0d,5b,1b,3c,
1d,40,04,fb,a7,78,e6,12,2f,9a,ea,e2,c6,0d,83,3a,45,f8,77,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,1a,e1,a8,83,5b,
de,c0,25,01,3a,48,fc,e8,04,4a,f1,82,29,83,2f,7d,40,7b,d2,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,54,98,fb,da,c0,
16,6b,48,f6,0f,4e,58,98,5b,89,c9,25,df,65,00,2e,63,32,b1,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,0d,47,49,01,6a,
1f,02,17,3d,ce,ea,26,2d,45,aa,78,37,32,9f,41,5c,1f,78,77,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,c5,50,dd,8e,24,
d0,7f,2c,2a,b7,cc,b5,b9,7f,41,e7,8b,2c,6d,d9,31,77,a6,50,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,69,a3,ea,d9,ab,
33,9f,f4,6c,43,2d,1e,aa,22,2f,9c,92,e1,1e,0f,d6,06,73,36,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="F6F0EAAE5998883F0CF32E59850BDCF8082932037442534F37F7E503C866B97EF22AD4E254242674CA8103D5C89A206EB70AD7F2F1A7C5DBE5CC984986F79D1B084BF2BF87ECDA7FBECA16C42FCE4B2B12F1DE50E8D34237F23493326AF5A0A95690A9344913E245D89AA58AAE644698F559801312C177ED50F328E80CB8DD7E822D844131EBE2FE8F30941C81CCDB764D2D9849689F7A6475C4CBB1484950403647317E1DFEDE39DABE6A87272F3CD301CC26112A4F44D25FD396DE3F6A5BEB1EF800952E094354BA6DD1E95F637A98008B4C9FDBE72F410D41FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74CBA7FD869164D67949DB7CE019D40AA5CB8C5147A8633519B60A9A416376BE459AB732F18BADBC80C7282C6B0DC9A5750E3CF0209CD9B20B2266E81C397DAED1D9DD7F85A9CD1DC15AB92CD37AFC40144911A4BB43153215956AAD85745ECF4304146D06B137B8354681E55E31C770446473D490F9939589B6A0BC79F7224126DA91FB37ABAA18612F45B59DF4961F9A82AE09A60D8FDD2F983D02A9D3A59DF2012D76263155E328644161C86410380340648201F21A69DE8E5CEA58916B5FE0A55F9E1BB08A258E06C2AA26A733139A249C4817A090FCA4F7AEEA0CCE8B793E0752278CADDB14C43A60C354DB094C9A2873D28548D63F20A4A2CC50776B2C34C9702320B4123E6C2D1C0E02AAF29DC58F6ADC2408DA5306908178589E6CD3CE982DFE12E456305E96E63F72C0C411F5AF2A5C30A4CAC203086D3925BC583ABCB2692999560338737A3A18F344200C1B47A48DFADF0206697BC9BE2B705A1477412893159E924539B3B3D0057B65F7BE3AF4C925D8780294B4839320BF74DC5DF7AC5C546211E50FDA10DE65D2E2C855DD9FC19FD7E1D136B688E80FA577AE2F8395BB65A265FEBB7EAFB264354851D86643A76AA2A9DD28B808E90DA3FF55DA1CA74A949FDF415184C08E0393661843B5DF6EFAE417A9B3397C2E8B7B05DF9AE51CE05FB93C4C2E01F438123480A014B78BA908DE08124605CC655CE90A401E88F3B750CB305EBC561D2351C5F1A5CF70CA0257B855626819CC9E492A511BC8EEE9D6C4A0FC28EF3B4F36D6D3603657A1457C162946CE07B4E916AAA9CBF7D4F7EF11C393CDBA987DF715E996B09EAFAADA3BB60D58E96268676FD70081D9650EBC3FD91B38643924C3082D480C6C49A9C5BAC46F25A8E4C82E3F972596D60AB0E344E3ED2C8649C882495875DA6CC6CC86A7319FC42922FA1DA7D746B45366DDD790C5FDB7E181E455A1A4DCAEADFF5BB4FB194E60B7203E9EE6BEB7992F61678DB7BC773D8EF86D86E54F878A7DFB3241FCD2486CF806F8048EB832312879C9C3A27FE23DA"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Alwil Software\Avast4\Setup\avast.setup
.
**************************************************************************
.
Celkový čas: 2009-07-02 21:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-07-02 19:06

Před spuštěním: 768 647 168
Po spuštění: 686 858 240

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

Current=13 Default=13 Failed=11 LastKnownGood=14 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14
235

Příspěvekod **jaro3** » 03 črc 2009 07:09

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\system32\ezsidmv.dat

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Update Utility"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\windows\efdcet.dat
Vlož sem pak odkaz výsledku.

Proveď kontrolu a vlož sem log z Kaspersky Online Scanner!

-Ve vistě musíš prohlížeč otevřít jako administrátor. K užití skeneru je třeba stáhnout a nainstalovat programové soubory a databázi.
-V Linuxu skener neskenuje RAM, boot. sektor a MBR, takže nemůže detekovat nákazy v těchto místech.
-Skener detekuje nákazy, které jsou již v PC, takže se potom dají manuálně smazat.
-Před skenem je vhodné vypnout rez. ochranu antiviru a antispywaru.
Klikni na Accept, k potvrzení podmínek.
Pokud se Ti objeví okno zabezpečení prostředí java- dej přijmout.
- Začne se stahovat databáze a program.
- Po jeho skončení klikni vlevo na pod Scan na My computer
Začne sken Tvého PC.
Sken může trvat i několik hodin.. Po ukončení skenu klikni na Scan Report.
Poté zvol Save a název zvol: KAV.
Obsah mi sem prosím zkopíruj.

Budu až večer nebo zítra.

Kosai · Příspěvekod **Kosai** » 03 črc 2009 22:52

ComboFix 09-07-02.02 - Danek 03.07.2009 14:51.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.280 [GMT 2:00]
Spuštěný z: c:\documents and settings\Danek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Danek\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090702-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\system32\ezsidmv.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ezsidmv.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-03 do 2009-07-03 )))))))))))))))))))))))))))))))
.

2009-07-02 09:02 . 2009-07-02 09:02 -------- d-----w- c:\program files\Trend Micro
2009-06-17 19:41 . 2009-06-17 19:41 74 ---ha-w- c:\windows\efdcet.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-28 14:10 . 2009-03-27 16:21 -------- d-----w- c:\program files\HP
2009-06-28 14:03 . 2005-01-24 09:30 139264 ----a-w- c:\windows\system32\hpzjrd01.dll
2009-06-17 19:54 . 2006-08-14 13:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-12 15:37 . 2007-07-15 11:05 -------- d-----w- c:\program files\The KMPlayer
2009-05-15 17:18 . 2007-03-31 11:44 -------- d-----w- c:\program files\Apple Software Update
2009-05-13 18:41 . 2006-10-06 15:28 -------- d-----r- c:\program files\Skype
2009-05-13 18:41 . 2009-05-13 18:41 -------- d-----w- c:\program files\Common Files\Skype
2009-04-08 13:12 . 2009-04-08 12:53 44895 ----a-w- c:\windows\War3Unin.dat
2009-04-08 13:12 . 2009-04-08 12:53 2829 ----a-w- c:\windows\War3Unin.pif
2009-04-08 13:12 . 2009-04-08 12:53 139264 ----a-w- c:\windows\War3Unin.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-07-02_18.59.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-03 11:57 . 2009-07-03 11:57 16384 c:\windows\Temp\Perflib_Perfdata_724.dat
+ 2009-07-03 11:57 . 2009-07-03 11:57 16384 c:\windows\Temp\Perflib_Perfdata_57c.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\Danek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="d:\daemon tools\daemon.exe" [2005-11-08 128920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-12 4112384]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-12 81920]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-06-10 286720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="d:\quick\QTTask.exe" [2009-01-05 413696]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-07-12 843776]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="d:\nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

c:\documents and settings\Danek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\hry\\Warcraft III\\Warcraft III.exe"=
"d:\\hry\\Warcraft III\\War3.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"d:\\java\\EE-datak\\EE-AOC.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\ICQ6.5\\ICQ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1.4.2008 16:56 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.4.2008 16:56 20560]
S3 cpuz126;cpuz126;\??\c:\docume~1\Danek\LOCALS~1\Temp\cpuz.sys --> c:\docume~1\Danek\LOCALS~1\Temp\cpuz.sys [?]
S3 DLPortIO;DriverLINX Port I/O Driver;c:\documents and settings\Danek\Plocha\speedfan\DLPORTIO.SYS [23.11.2006 18:37 3584]
S3 NtApm;Ovladač rozhraní služby NT Apm/Legacy;c:\windows\system32\drivers\NtApm.sys [10.8.2006 12:18 9472]
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);c:\windows\system32\drivers\SE2Fbus.sys [8.4.2007 22:20 61600]
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;c:\windows\system32\drivers\SE2Fmdfl.sys [8.4.2007 22:20 9360]
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;c:\windows\system32\drivers\SE2Fmdm.sys [8.4.2007 22:20 97184]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - d:\translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - d:\translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - d:\translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - d:\translator\WEBIE.DLL
TCP: {3C54A3CE-083F-452D-8A38-A99C496AEBB0} = 192.168.1.5
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Danek\Data aplikací\Mozilla\Firefox\Profiles\jgmjfak9.default\
FF - prefs.js: browser.search.selectedEngine - qtl
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: d:\quick\Plugins\npqtplugin.dll
FF - plugin: d:\quick\Plugins\npqtplugin2.dll
FF - plugin: d:\quick\Plugins\npqtplugin3.dll
FF - plugin: d:\quick\Plugins\npqtplugin4.dll
FF - plugin: d:\quick\Plugins\npqtplugin5.dll
FF - plugin: d:\quick\Plugins\npqtplugin6.dll
FF - plugin: d:\quick\Plugins\npqtplugin7.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-03 14:57
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,45,ab,c3,7d,59,
3b,76,8f,e2,63,26,f1,3f,c8,ff,68,41,78,54,6b,cb,25,73,5e,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,60,f9,58,4e,dd,
71,a9,b3,6a,9c,d6,61,af,45,84,18,38,bb,d5,45,c2,68,70,5c,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,95,b6,ed,29,fb,
41,b5,71,ff,7c,85,e0,43,d4,0e,fe,e7,38,ef,42,95,63,97,c3,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,cf,09,3e,33,30,
24,54,72,86,8c,21,01,be,91,eb,e7,ba,33,a5,03,1a,41,48,16,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,ec,24,cf,f8,72,
35,09,bf,f5,1d,4d,73,a8,13,5c,05,1d,83,69,e8,ac,fb,66,38,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,80,5d,52,22,f1,
27,f7,ee,df,20,58,62,78,6b,cf,c8,4e,9e,52,48,ec,c0,a7,1c,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,c7,0d,5b,1b,3c,
1d,40,04,fb,a7,78,e6,12,2f,9a,ea,e2,c6,0d,83,3a,45,f8,77,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,1a,e1,a8,83,5b,
de,c0,25,01,3a,48,fc,e8,04,4a,f1,82,29,83,2f,7d,40,7b,d2,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,54,98,fb,da,c0,
16,6b,48,f6,0f,4e,58,98,5b,89,c9,25,df,65,00,2e,63,32,b1,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,0d,47,49,01,6a,
1f,02,17,3d,ce,ea,26,2d,45,aa,78,37,32,9f,41,5c,1f,78,77,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,c5,50,dd,8e,24,
d0,7f,2c,2a,b7,cc,b5,b9,7f,41,e7,8b,2c,6d,d9,31,77,a6,50,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,69,a3,ea,d9,ab,
33,9f,f4,6c,43,2d,1e,aa,22,2f,9c,92,e1,1e,0f,d6,06,73,36,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="F6F0EAAE5998883F0CF32E59850BDCF8082932037442534F37F7E503C866B97EF22AD4E254242674CA8103D5C89A206EB70AD7F2F1A7C5DBE5CC984986F79D1B084BF2BF87ECDA7FBECA16C42FCE4B2B12F1DE50E8D34237F23493326AF5A0A95690A9344913E245D89AA58AAE644698F559801312C177ED50F328E80CB8DD7E822D844131EBE2FE8F30941C81CCDB764D2D9849689F7A6475C4CBB1484950403647317E1DFEDE39DABE6A87272F3CD301CC26112A4F44D25FD396DE3F6A5BEB1EF800952E094354BA6DD1E95F637A98008B4C9FDBE72F410D41FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74CBA7FD869164D67949DB7CE019D40AA5CB8C5147A8633519B60A9A416376BE459AB732F18BADBC80C7282C6B0DC9A5750E3CF0209CD9B20B2266E81C397DAED1D9DD7F85A9CD1DC15AB92CD37AFC40144911A4BB43153215956AAD85745ECF4304146D06B137B8354681E55E31C770446473D490F9939589B6A0BC79F7224126DA91FB37ABAA18612F45B59DF4961F9A82AE09A60D8FDD2F983D02A9D3A59DF2012D76263155E328644161C86410380340648201F21A69DE8E5CEA58916B5FE0A55F9E1BB08A258E06C2AA26A733139A249C4817A090FCA4F7AEEA0CCE8B793E0752278CADDB14C43A60C354DB094C9A2873D28548D63F20A4A2CC50776B2C34C9702320B4123E6C2D1C0E02AAF29DC58F6ADC2408DA5306908178589E6CD3CE982DFE12E456305E96E63F72C0C411F5AF2A5C30A4CAC203086D3925BC583ABCB2692999560338737A3A18F344200C1B47A48DFADF0206697BC9BE2B705A1477412893159E924539B3B3D0057B65F7BE3AF4C925D8780294B4839320BF74DC5DF7AC5C546211E50FDA10DE65D2E2C855DD9FC19FD7E1D136B688E80FA577AE2F8395BB65A265FEBB7EAFB264354851D86643A76AA2A9DD28B808E90DA3FF55DA1CA74A949FDF415184C08E0393661843B5DF6EFAE417A9B3397C2E8B7B05DF9AE51CE05FB93C4C2E01F438123480A014B78BA908DE08124605CC655CE90A401E88F3B750CB305EBC561D2351C5F1A5CF70CA0257B855626819CC9E492A511BC8EEE9D6C4A0FC28EF3B4F36D6D3603657A1457C162946CE07B4E916AAA9CBF7D4F7EF11C393CDBA987DF715E996B09EAFAADA3BB60D58E96268676FD70081D9650EBC3FD91B38643924C3082D480C6C49A9C5BAC46F25A8E4C82E3F972596D60AB0E344E3ED2C8649C882495875DA6CC6CC86A7319FC42922FA1DA7D746B45366DDD790C5FDB7E181E455A1A4DCAEADFF5BB4FB194E60B7203E9EE6BEB7992F61678DB7BC773D8EF86D86E54F878A7DFB3241FCD2486CF806F8048EB832312879C9C3A27FE23DA"
.
Celkový čas: 2009-07-03 15:02
ComboFix-quarantined-files.txt 2009-07-03 13:01
ComboFix2.txt 2009-07-02 19:06

Před spuštěním: 675 078 144
Po spuštění: 657 215 488

Current=13 Default=13 Failed=11 LastKnownGood=14 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14
210

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:04:22, on 3.7.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
D:\DAEMON Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Danek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - D:\Translator\WEBIE.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - D:\Translator\WEBIE.DLL
O4 - HKLM\..\Run: [DAEMON Tools] "D:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Quick\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Danek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] D:\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - D:\Translator\WEBIE.DLL
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - D:\Translator\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - D:\Translator\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - D:\Translator\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - D:\Translator\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - D:\Translator\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - D:\Translator\WEBIE.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 3997024249
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C54A3CE-083F-452D-8A38-A99C496AEBB0}: NameServer = 192.168.1.5
O17 - HKLM\System\CS9\Services\Tcpip\..\{3C54A3CE-083F-452D-8A38-A99C496AEBB0}: NameServer = 192.168.1.5
O17 - HKLM\System\CS10\Services\Tcpip\..\{3C54A3CE-083F-452D-8A38-A99C496AEBB0}: NameServer = 192.168.1.5
O17 - HKLM\System\CS11\Services\Tcpip\..\{3C54A3CE-083F-452D-8A38-A99C496AEBB0}: NameServer = 192.168.1.5
O17 - HKLM\System\CS12\Services\Tcpip\..\{3C54A3CE-083F-452D-8A38-A99C496AEBB0}: NameServer = 192.168.1.5
O17 - HKLM\System\CS13\Services\Tcpip\..\{3C54A3CE-083F-452D-8A38-A99C496AEBB0}: NameServer = 192.168.1.5
O17 - HKLM\System\CS14\Services\Tcpip\..\{3C54A3CE-083F-452D-8A38-A99C496AEBB0}: NameServer = 192.168.1.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Prime95 Service - Unknown owner - D:\Prime95\prime95.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8158 bytes

Soubor efdcet.dat přijatý 2009.07.03 13:18:18 (UTC)
Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 5.0.0.2 2009.07.03 -
AntiVir 7.9.0.204 2009.07.03 -
Antiy-AVL 2.0.3.1 2009.07.03 -
Authentium 5.1.2.4 2009.07.02 -
Avast 4.8.1335.0 2009.07.02 -
AVG 8.5.0.386 2009.07.03 -
BitDefender 7.2 2009.07.03 -
CAT-QuickHeal 10.00 2009.07.03 -
ClamAV 0.94.1 2009.07.03 -
Comodo 1538 2009.07.02 -
DrWeb 5.0.0.12182 2009.07.03 -
eSafe 7.0.17.0 2009.07.02 -
eTrust-Vet 31.6.6595 2009.07.03 -
F-Prot 4.4.4.56 2009.07.02 -
F-Secure 8.0.14470.0 2009.07.03 -
Fortinet 3.117.0.0 2009.07.03 -
GData 19 2009.07.03 -
Ikarus T3.1.1.64.0 2009.07.03 -
Jiangmin 11.0.706 2009.07.03 -
K7AntiVirus 7.10.782 2009.07.02 -
Kaspersky 7.0.0.125 2009.07.03 -
McAfee 5664 2009.07.02 -
McAfee+Artemis 5664 2009.07.02 -
McAfee-GW-Edition 6.8.5 2009.07.03 -
Microsoft 1.4803 2009.07.03 -
NOD32 4212 2009.07.03 -
Norman 6.01.09 2009.07.03 -
nProtect 2009.1.8.0 2009.07.03 -
Panda 10.0.0.14 2009.07.02 -
PCTools 4.4.2.0 2009.07.03 -
Prevx 3.0 2009.07.03 -
Rising 21.36.43.00 2009.07.03 -
Sophos 4.43.0 2009.07.03 -
Sunbelt 3.2.1858.2 2009.07.02 -
Symantec 1.4.4.12 2009.07.03 -
TheHacker 6.3.4.3.360 2009.07.03 -
TrendMicro 8.950.0.1094 2009.07.03 -
VBA32 3.12.10.7 2009.07.03 -
ViRobot 2009.7.3.1818 2009.07.03 -
VirusBuster 4.6.5.0 2009.07.02 -
Rozšiřující informace
File size: 74 bytes
MD5...: 7bf8a6d93a3bd06fc99e2c67e5908386
SHA1..: 26a16611b60b3c9e6c3f457aa6afacb6cda07f56
SHA256: 3aeb92bff22c858111a5ce516bbb5ac18c7c7e08eae8bd1a15ecb14b21567b60
ssdeep: 3:sZ3e1RLrYRRiSyx6YW4ovnnDEK0XV/:O3e1t8RiSyvovnAKs/<br>
PEiD..: -
TrID..: File type identification<br>-
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, July 3, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, July 03, 2009 15:16:59
Records in database: 2419886
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Files scanned: 56870
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 04:16:52

File name / Threat name / Threats count
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S5ING1IN\part[1].exe Infected: not-a-virus:Server-Proxy.Win32.3proxy.bo 1
D:\DAEMON Tools\SetupDTSB.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1

The selected area was scanned.

Příspěvekod **jaro3** » 04 črc 2009 07:35

Najdi a smaž:
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S5ING1IN\part[1].exe
D:\DAEMON Tools\SetupDTSB.exe

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

O4 - HKLM\..\Run: [QuickTime Task] &quot;D:\Quick\QTTask.exe&quot; -atboottime
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Pořiď si něco na spyware: SpywareTerminator, Spybot, SpywareDoctor atd.
Můžeš přidat i firewall.
Pokud nejsou problémy , je to vše.

Kosai · Příspěvekod **Kosai** » 04 črc 2009 13:28

Doinstaloval jsem antispyware,a zdá se být vše ok,díky za pomoc :wink:

Prosím o kontrolu logu - podezření na havěť Vyřešeno

Prosím o kontrolu logu - podezření na havěť Vyřešeno

Re: Prosím o kontrolu logu - podezření na havěť

Re: Prosím o kontrolu logu - podezření na havěť

Re: Prosím o kontrolu logu - podezření na havěť

Re: Prosím o kontrolu logu - podezření na havěť

Re: Prosím o kontrolu logu - podezření na havěť

Re: Prosím o kontrolu logu - podezření na havěť

Re: Prosím o kontrolu logu - podezření na havěť

Re: Prosím o kontrolu logu - podezření na havěť

Kdo je online