Prosím o kontrolu logu - pomalý PC (ashwebsv?) Vyřešeno

[ovecka]

Dobrý den, prosím o kontrolu níže uvedeného logu. Zkoušela jsem MBAM, CC Cleaner, mám nainstalovaný avast, Ad-aware a více méně jsem nedospěla k žádným závažnějším problémům.

Děkuji!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:30:04, on 28.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Hanka\Plocha\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About:Blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ6\\ICQNet.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1606980848-2111687655-682003330-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Arnošt')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ6\\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ6\\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{44ABA7A9-4734-472D-BA60-F9772419E475}: NameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8862071-784B-44A0-8DF8-E720B01E9663}: NameServer = 194.228.41.113 194.228.41.65
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Hanka/LOCALS~1/Temp/msohtml1/03/clip_image001.jpg

--
End of file - 9955 bytes

[Reklama]

[pitimir]

Ahoj, jednu moznu pricinu pomaleho PC by som videl...
Btw, ten proces patri Avastu.

Stiahni SecurityCheck. Spust ho a postupuj podla instrukcii. Nakoniec vyhodi log, ktory skopiruj sem.

[ovecka]

Po kontrole prog. Security Check

Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
avast! Antivirus
a-squared Free 4.5
WMIC entry does not exist for antivirus; attempting automatic update.
avast! updated!
``````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Spyware Terminator
Spybot - Search & Destroy
HijackThis 2.0.2
CCleaner (remove only)
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 2
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!
``````````````````````````````
DNS Vulnerability Check:
POOR! (Vulnerable to DNS cache poisoning!!-- Consider OPENDNS)

`````````End of Log```````````

[pitimir]

1) Odinstaluj SpyBot a Ad-Aware (Start -> Ovl. Panel -> Pridat/Odstranit Programy).
Ak by to neslo, pouzi Revo Uninstaller.


2) Stiahni DDS. Uloz na plochu, ukonci vsetky spustene programy a spust ho. Po skonceni scanu sa otvoria vysledky v 2 oknach - DDS.txt a Attach.txt. Obsah oboch by som rad videl.

[ovecka]

---------------------------
D.D.S. - How to post the logs
---------------------------
These 2 log files shall disappear when you close them.

So, save them to your Desktop now



# DDS.txt

Post this to the forums.



# Attach.txt

Must be zipped, then attached (not posted) to your forum post

__________________________________________________



Forum helpers are dedicated individuals who selflessly invest their

own time/effort to helping you. They are not paid help. Common

courtesy & manners are always appreciated. Kindly be patient while

awaiting for someone to reply.
---------------------------
OK
---------------------------







UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Systém Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4.2.2006 18:31:14
System Uptime: 30.10.2009 16:21:07 (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | 'K8N'
Processor: AMD Sempron(tm) Processor 2600+ | Socket 754 | 1607/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 49 GiB total, 3,333 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 26 GiB total, 2,512 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6500c
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6500c
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

==== System Restore Points ===================

RP358: 9.8.2009 17:01:24 - Kontrolní bod systému
RP359: 26.8.2009 22:20:56 - Software Distribution Service 3.0
RP360: 26.8.2009 23:30:47 - Software Distribution Service 3.0
RP361: 28.8.2009 0:01:11 - Kontrolní bod systému
RP362: 29.8.2009 22:16:02 - Kontrolní bod systému
RP363: 30.8.2009 22:28:30 - Kontrolní bod systému
RP364: 11.9.2009 22:18:01 - Kontrolní bod systému
RP365: 20.9.2009 16:36:18 - Software Distribution Service 3.0
RP366: 26.9.2009 12:31:57 - Software Distribution Service 3.0
RP367: 27.9.2009 16:50:43 - Software Distribution Service 3.0
RP368: 2.10.2009 10:00:36 - Kontrolní bod systému
RP369: 4.10.2009 11:40:51 - Kontrolní bod systému
RP370: 5.10.2009 18:46:01 - Kontrolní bod systému
RP371: 10.10.2009 17:18:53 - Kontrolní bod systému
RP372: 11.10.2009 18:27:52 - Kontrolní bod systému
RP373: 12.10.2009 22:22:04 - Kontrolní bod systému
RP374: 14.10.2009 19:56:24 - Kontrolní bod systému
RP375: 17.10.2009 18:03:10 - Software Distribution Service 3.0
RP376: 20.10.2009 21:43:52 - Kontrolní bod systému
RP377: 21.10.2009 21:56:59 - Software Distribution Service 3.0
RP378: 22.10.2009 22:52:38 - Kontrolní bod systému
RP379: 25.10.2009 11:59:18 - Kontrolní bod systému
RP380: 26.10.2009 19:01:40 - Kontrolní bod systému
RP381: 27.10.2009 19:19:31 - Kontrolní bod systému
RP382: 28.10.2009 13:45:46 - Odebráno: Asistent pro přihlášení ke službě Windows Live
RP383: 28.10.2009 13:47:07 - Removed Rhapsody Player Engine
RP384: 28.10.2009 13:47:30 - Removed Rhapsody Player Engine
RP385: 28.10.2009 13:48:06 - Removed Japanese Fonts Support For Adobe Reader 8
RP386: 30.10.2009 16:18:58 - Removed Ad-Aware

==== Installed Programs ======================

a-squared Free 4.5
ACDSee 6.0 PowerPack
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe® Photoshop® Album Starter Edition 3.0
Aktualizace systému Windows XP (KB951072-v2)
Aktualizace systému Windows XP (KB951978)
Aktualizace systému Windows XP (KB955839)
Aktualizace systému Windows XP (KB967715)
Aktualizace systému Windows XP (KB968389)
Aktualizace systému Windows XP (KB973815)
Aktualizace zabezpečení aplikace Windows Media Player (KB911564)
Aktualizace zabezpečení aplikace Windows Media Player (KB952069)
Aktualizace zabezpečení aplikace Windows Media Player (KB954155)
Aktualizace zabezpečení aplikace Windows Media Player (KB968816)
Aktualizace zabezpečení aplikace Windows Media Player (KB973540)
Aktualizace zabezpečení aplikace Windows Media Player 11 (KB936782)
Aktualizace zabezpečení aplikace Windows Media Player 11 (KB954154)
Aktualizace zabezpečení aplikace Windows Media Player 6.4 (KB925398)
Aktualizace zabezpečení aplikace Windows Media Player 9 (KB911565)
Aktualizace zabezpečení aplikace Windows Media Player 9 (KB917734)
Aktualizace zabezpečení produktu Windows XP (KB923689)
Aktualizace zabezpečení produktu Windows XP (KB941569)
Aktualizace zabezpečení systému Windows XP (KB923561)
Aktualizace zabezpečení systému Windows XP (KB938464-v2)
Aktualizace zabezpečení systému Windows XP (KB938464)
Aktualizace zabezpečení systému Windows XP (KB946648)
Aktualizace zabezpečení systému Windows XP (KB950759)
Aktualizace zabezpečení systému Windows XP (KB950760)
Aktualizace zabezpečení systému Windows XP (KB950762)
Aktualizace zabezpečení systému Windows XP (KB950974)
Aktualizace zabezpečení systému Windows XP (KB951066)
Aktualizace zabezpečení systému Windows XP (KB951376-v2)
Aktualizace zabezpečení systému Windows XP (KB951376)
Aktualizace zabezpečení systému Windows XP (KB951698)
Aktualizace zabezpečení systému Windows XP (KB951748)
Aktualizace zabezpečení systému Windows XP (KB952004)
Aktualizace zabezpečení systému Windows XP (KB952954)
Aktualizace zabezpečení systému Windows XP (KB953838)
Aktualizace zabezpečení systému Windows XP (KB953839)
Aktualizace zabezpečení systému Windows XP (KB954211)
Aktualizace zabezpečení systému Windows XP (KB954459)
Aktualizace zabezpečení systému Windows XP (KB954600)
Aktualizace zabezpečení systému Windows XP (KB955069)
Aktualizace zabezpečení systému Windows XP (KB956390)
Aktualizace zabezpečení systému Windows XP (KB956391)
Aktualizace zabezpečení systému Windows XP (KB956572)
Aktualizace zabezpečení systému Windows XP (KB956744)
Aktualizace zabezpečení systému Windows XP (KB956802)
Aktualizace zabezpečení systému Windows XP (KB956803)
Aktualizace zabezpečení systému Windows XP (KB956841)
Aktualizace zabezpečení systému Windows XP (KB956844)
Aktualizace zabezpečení systému Windows XP (KB957095)
Aktualizace zabezpečení systému Windows XP (KB957097)
Aktualizace zabezpečení systému Windows XP (KB958215)
Aktualizace zabezpečení systému Windows XP (KB958644)
Aktualizace zabezpečení systému Windows XP (KB958687)
Aktualizace zabezpečení systému Windows XP (KB958690)
Aktualizace zabezpečení systému Windows XP (KB958869)
Aktualizace zabezpečení systému Windows XP (KB959426)
Aktualizace zabezpečení systému Windows XP (KB960225)
Aktualizace zabezpečení systému Windows XP (KB960714)
Aktualizace zabezpečení systému Windows XP (KB960715)
Aktualizace zabezpečení systému Windows XP (KB960803)
Aktualizace zabezpečení systému Windows XP (KB960859)
Aktualizace zabezpečení systému Windows XP (KB961371)
Aktualizace zabezpečení systému Windows XP (KB961373)
Aktualizace zabezpečení systému Windows XP (KB961501)
Aktualizace zabezpečení systému Windows XP (KB963027)
Aktualizace zabezpečení systému Windows XP (KB968537)
Aktualizace zabezpečení systému Windows XP (KB969059)
Aktualizace zabezpečení systému Windows XP (KB969897)
Aktualizace zabezpečení systému Windows XP (KB969898)
Aktualizace zabezpečení systému Windows XP (KB970238)
Aktualizace zabezpečení systému Windows XP (KB971486)
Aktualizace zabezpečení systému Windows XP (KB971557)
Aktualizace zabezpečení systému Windows XP (KB971633)
Aktualizace zabezpečení systému Windows XP (KB971657)
Aktualizace zabezpečení systému Windows XP (KB971961)
Aktualizace zabezpečení systému Windows XP (KB972260)
Aktualizace zabezpečení systému Windows XP (KB973346)
Aktualizace zabezpečení systému Windows XP (KB973354)
Aktualizace zabezpečení systému Windows XP (KB973507)
Aktualizace zabezpečení systému Windows XP (KB973525)
Aktualizace zabezpečení systému Windows XP (KB973869)
Aktualizace zabezpečení systému Windows XP (KB974112)
Aktualizace zabezpečení systému Windows XP (KB974455)
Aktualizace zabezpečení systému Windows XP (KB974571)
Aktualizace zabezpečení systému Windows XP (KB975025)
Aktualizace zabezpečení systému Windows XP (KB975467)
Allok MP3 to AMR Converter 3.0.2
ASUS Probe V2.25.02
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
µTorrent
µTorrent CZ 1.7.7 (build 8179)
AudibleManager
avast! Antivirus
AVI MPEG WMV RM to MP3 Converter 1.6.8
AVS DVD Player version 2.2
Balíček ovladače systému Windows - Nokia Modem (03/05/2008 3.7)
Balíček ovladače systému Windows - Nokia Modem (03/13/2008 6.86.0.1)
Balíček ovladače systému Windows - Nokia Modem (08/03/2007 6.84.0.2)
Balíček ovladače systému Windows - Nokia Modem (10/12/2007 3.6)
Balíček ovladače systému Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)
BlueSoleil
Business English Demo
CCleaner (remove only)
Creative Mass Storage Drivers
Creative MediaSource
Důležitá aktualizace aplikace Windows Media Player 11 (KB959772)
Google Earth
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
ICQ
ICQ Toolbar
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
Lingea Lexicon
Lingea Lexicon 2002
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.5
Mozilla Firefox (3.0.14)
MSVC80_x86
Nero OEM
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
Oprava hotfix aplikace Windows Media Player 11 (KB939683)
Oprava Hotfix systému Windows XP (KB952287)
Oprava Hotfix systému Windows XP (KB970653-v3)
PC Connectivity Solution
RealPlayer
Realtek AC'97 Audio
Skype™ 3.8
Softarová utilita ATI - Odinstalovat
Spyware Terminator
Total Commander (Remove or Repair)
WebFldrs XP
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Live installer
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR
Zuma Deluxe 1.0
ZyXEL ADSL USB Modem WAN Adapter

==== End Of File ===========================

[pitimir]

Skus spravit DDS este raz prosim, ten hlavnejsi log mi chyba :)

[ovecka]

DDS (Ver_09-10-26.01) - NTFSx86
Run by Hanka at 19:38:32,59 on so 31.10.2009
Internet Explorer: 6.0.2900.5512
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.107 [GMT 1:00]

AV: avast! antivirus 4.8.1356 [VPS 091030-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
svchost.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Hanka\Plocha\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uStart Page = About:Blank
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: ICQ Toolbar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icqtoolbar\toolbaru.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: ICQ Toolbar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icqtoolbar\toolbaru.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime
mRun: [ASUS Probe] c:\program files\asus\asus probe\AsusProb.exe
mRun: [CnxDslTaskBar] "c:\program files\zyxel\adsl usb modem\CnxDslTb.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Mirabilis ICQ] c:\progra~1\icq6\\ICQNet.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SpywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Nokia.PCSync] "c:\program files\nokia\nokia pc suite 6\PcSync2.exe" /NoDialog
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\hlavnp~1.lnk - c:\program files\ati technologies\ati.ace\CLI.exe
IE: &ICQ Toolbar Search - c:\program files\icqtoolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\progra~1\icq6\\ICQ.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: mojebanka.cz\www
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/ms ... b56986.cab
DPF: {50E43D86-A74D-11D0-98CE-004005249458} - hxxps://www.mojebanka.cz/jars/confwiz/MVSGif.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/Me ... b56907.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shoc ... wflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/Mi ... b56986.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: {44ABA7A9-4734-472D-BA60-F9772419E475} = 10.0.0.138
TCP: {B8862071-784B-44A0-8DF8-E720B01E9663} = 194.228.41.113 194.228.41.65
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\efcDVOGw

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hanka\dataap~1\mozilla\firefox\profiles\4qzeizzg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.idnes.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("security.checkloaduri", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("bidi.characterset", 1);
c:\program files\mozilla firefox\defaults\pref\channel-prefs.js - pref("app.update.channel", "release");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-18 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-4-19 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-18 20560]
R2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2008-7-2 222456]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [2006-2-15 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [2006-2-15 642944]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [2006-2-15 108675]

=============== Created Last 30 ================

2009-10-10 18:39:15 719872 ----a-w- c:\windows\system32\devil.dll
2009-10-10 18:39:15 0 d-----w- c:\program files\common files\Common Share
2009-10-10 18:39:14 351744 ----a-w- c:\windows\system32\avisynth.dll

==================== Find3M ====================

2009-10-25 09:40:47 63148 ----a-w- c:\windows\system32\perfc005.dat
2009-10-25 09:40:47 382548 ----a-w- c:\windows\system32\perfh005.dat
2009-09-25 05:37:33 668160 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:37:30 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:19:35 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:05:18 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:02:12 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 17:23:46 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 17:23:46 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:01:14 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 20:59:38 2191360 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:52:22 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 17:29:40 2068224 ----a-w- c:\windows\system32\ntkrnlpa.exe
2008-07-03 12:31:00 870 ----a-w- c:\program files\INSTALL.LOG
2008-07-02 19:32:54 6077952 ----a-w- c:\program files\icq5_1_setup2575.exe
2007-06-27 22:42:39 6109390 ----a-w- c:\program files\ZumaSetup.exe
2007-06-27 14:22:32 15049344 ----a-w- c:\program files\setupcze.exe
2007-05-22 18:53:53 5316176 ----a-w- c:\program files\instal.exe
2007-05-08 18:11:49 2857022 ----a-w- c:\program files\vstudio10.exe
2006-08-18 11:56:00 2855080 ----a-w- c:\program files\aawsepersonal.exe
2006-07-06 19:48:44 11817800 ----a-w- c:\program files\GoogleEarth.exe
2006-07-02 12:23:56 15300392 ----a-w- c:\program files\Install_Messenger.exe
2008-09-16 22:52:16 373727 --sha-w- c:\windows\system32\wGOVDcfe.ini2

============= FINISH: 19:39:37,00 ===============

[pitimir]

Stiahni ComboFix - NESPUSTAT.

Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:

Kód: Vybrat vše

KillAll::
DDS::
uStart Page = About:Blank
uURLSearchHooks: H - No File
uURLSearchHooks: ICQ Toolbar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icqtoolbar\toolbaru.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: ICQ Toolbar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icqtoolbar\toolbaru.dll
IE: &ICQ Toolbar Search - c:\program files\icqtoolbar\toolbaru.dll/SEARCH.HTML
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/ms ... b56986.cab
DPF: {50E43D86-A74D-11D0-98CE-004005249458} - hxxps://www.mojebanka.cz/jars/confwiz/MVSGif.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/Me ... b56907.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shoc ... wflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/Mi ... b56986.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

FireFox::
FF - ProfilePath - c:\docume~1\hanka\dataap~1\mozilla\firefox\profiles\4qzeizzg.default\
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=

Driver::
ICQ Service

Folder::
c:\program files\icq6toolbar

Extra::

Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.



Program script spracuje a spravi novy log.


Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.

[ovecka]

Udělala jsem řečené a log z CF Scriptu přikladám:

ComboFix 09-10-30.01 - Hanka 31.10.2009 20:39.1.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.214 [GMT 1:00]
Spuštěný z: c:\documents and settings\Hanka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Hanka\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1356 [VPS 091030-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Arnoçt\Dokumenty\cc_20090727_173334.reg
c:\program files\INSTALL.LOG
c:\program files\java\jre1.6.0_02\bin\ssv.dll
c:\windows\system32\ieuinit.inf
c:\windows\system32\wGOVDcfe.ini
c:\windows\system32\wGOVDcfe.ini2

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICQ_SERVICE
-------\Legacy_TDSSSERV
-------\Service_ICQ Service
-------\Service_TDSSserv


((((((((((((((((((((((((( Soubory vytvořené od 2009-09-28 do 2009-10-31 )))))))))))))))))))))))))))))))
.

2009-10-31 19:47 . 2004-06-03 02:40 79360 ----a-r- c:\windows\system32\drivers\nvatabus_2.sys
2009-10-10 18:39 . 2009-10-10 18:39 -------- d-----w- c:\program files\Common Files\Common Share
2009-10-10 18:39 . 2008-12-18 11:38 719872 ----a-w- c:\windows\system32\devil.dll
2009-10-10 18:39 . 2008-12-18 11:38 351744 ----a-w- c:\windows\system32\avisynth.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-31 09:47 . 2008-07-02 19:51 -------- d-----w- c:\program files\ICQ6
2009-10-30 15:21 . 2006-02-04 18:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-30 15:19 . 2006-02-19 11:10 -------- d-----w- c:\program files\Lavasoft
2009-10-28 16:49 . 2009-04-19 17:41 -------- d-----w- c:\program files\Spyware Terminator
2009-10-28 12:47 . 2007-10-16 19:44 -------- d-----w- c:\program files\Real
2009-10-25 09:40 . 2001-10-25 14:00 63148 ----a-w- c:\windows\system32\perfc005.dat
2009-10-25 09:40 . 2001-10-25 14:00 382548 ----a-w- c:\windows\system32\perfh005.dat
2009-09-26 20:27 . 2009-08-27 18:19 -------- d-----w- c:\program files\a-squared Free
2009-09-25 05:37 . 2004-08-17 13:49 668160 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2004-08-17 13:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-15 11:59 . 2008-12-18 20:12 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 11:56 . 2008-12-18 20:12 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-15 11:56 . 2008-12-18 20:12 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-15 11:55 . 2008-12-18 20:12 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 11:55 . 2008-12-18 20:12 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 11:54 . 2008-12-18 20:13 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 11:54 . 2008-12-18 20:13 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 11:53 . 2008-12-18 20:13 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-15 11:53 . 2008-12-18 20:12 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-11 14:19 . 2004-08-17 13:49 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:05 . 2004-08-17 13:49 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:02 . 2004-08-17 13:49 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 17:24 . 2006-02-04 17:26 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2006-02-04 17:26 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2006-02-04 17:26 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2005-05-26 03:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2006-02-04 17:26 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2004-08-17 13:49 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2006-02-04 17:26 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2008-03-15 17:30 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 17:23 . 2008-03-15 17:30 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 17:23 . 2006-02-04 17:26 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-17 13:49 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 20:59 . 2004-08-17 13:45 2191360 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:52 . 2009-08-04 17:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 17:29 . 2004-08-17 15:45 2068224 ----a-w- c:\windows\system32\ntkrnlpa.exe
2008-07-02 19:32 . 2008-07-02 19:32 6077952 ----a-w- c:\program files\icq5_1_setup2575.exe
2007-06-27 22:42 . 2007-06-27 22:42 6109390 ----a-w- c:\program files\ZumaSetup.exe
2007-06-27 14:22 . 2007-06-27 14:22 15049344 ----a-w- c:\program files\setupcze.exe
2007-05-22 18:53 . 2007-05-22 18:53 5316176 ----a-w- c:\program files\instal.exe
2007-05-08 18:11 . 2007-05-08 18:11 2857022 ----a-w- c:\program files\vstudio10.exe
2006-08-18 11:56 . 2006-08-18 11:55 2855080 ----a-w- c:\program files\aawsepersonal.exe
2006-07-06 19:48 . 2006-07-06 19:48 11817800 ----a-w- c:\program files\GoogleEarth.exe
2006-07-02 12:23 . 2006-07-02 12:23 15300392 ----a-w- c:\program files\Install_Messenger.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 61440]
"ASUS Probe"="c:\program files\ASUS\Asus Probe\AsusProb.exe" [2002-12-06 617984]
"CnxDslTaskBar"="c:\program files\ZyXEL\ADSL USB Modem\CnxDslTb.exe" [2003-07-31 458752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"Mirabilis ICQ"="c:\progra~1\ICQ6\\ICQNet.exe" [2003-10-14 38984]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-04-19 2176000]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-28 198160]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-06-14 77824]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Hlavnˇ panel ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-8-6 61440]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\ICQ6\\Icq.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [18.12.2008 21:12 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [19.4.2009 18:41 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18.12.2008 21:12 20560]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [15.2.2006 18:40 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [15.2.2006 18:40 642944]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [15.2.2006 18:40 108675]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - MBR
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
.
.
------- Doplňkový sken -------
.
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\www
TCP: {44ABA7A9-4734-472D-BA60-F9772419E475} = 10.0.0.138
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Hanka\Data aplikací\Mozilla\Firefox\Profiles\4qzeizzg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.idnes.cz/

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-31 20:47
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\a-squared Free\a2service.exe
c:\windows\system32\CTsvcCDA.EXE
c:\nvidia\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Spyware Terminator\sp_rsser.exe
c:\nvidia\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\windows\system32\rundll32.exe
c:\progra~1\ICQ6\ICQNet.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Spyware Terminator\SpywareTerminator.exe
.
**************************************************************************
.
Celkový čas: 2009-10-31 20:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-10-31 19:53

Před spuštěním: 2 696 761 344
Po spuštění: 2 698 207 232

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 1E342554C76F9FCA7AC60FE18A934EAC

[pitimir]

1) Odinstaluj SpyBot, Ad-Aware a a-squared (Start -> Ovl. Panel -> Pridat/Odstranit Programy).
Ak by to neslo, pouzi Revo Uninstaller.


2) Jedno male odporucanie - setupy nezalohuj. Zbytocne si zaberas miesto na disku.
Stiahni SystemLook. Uloz na plochu a spust. Do okna skopiruj:

Kód: Vybrat vše

:filefind
c:\program files\*.exe

Klikni na "Look" a nechaj program dokoncit scan. Po jeho skonceni sa ti zobrazi log, ktory potrebujem vidiet. V pripade problemov sa nachadza aj na ploche.

[ovecka]

SpyBot a Ad-Aware jsem odinstalovala už při předchozím kroku, teď jsem teda odinstalovala A-squared a log po scan přikládám:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 13:40 on 01/11/2009 by Hanka (Administrator - Elevation successful)

========== filefind ==========

Searching for "c:\program files\*.exe"
No files found.

-=End Of File=-

[pitimir]

Super.

1) Stiahni MbAM. Uloz na plochu, otvor "mbam-setup.exe" a nainstaluj. Updatuj. Potom spravis kompletny scan - co program najde, zmaz. Nasledny log vloz sem.


2) Stiahni CKScanner na plochu. Spust program dvojklikom na ikonu. Otvori sa okno, v nom klik na "Search For Files". Zacne scan, po jeho skonceni klikni na "Save List To File" -> "OK". Na ploche by sa mal objavit subor s nazvom CKFiles.txt, jeho obsah mi sem skopiruj.


3) Stiahni GMER, rozbal ho na plochu a spust. Program automaticky zacne scan (po jeho skonceni vloz log c. 1) - pokial pri scanovani nieco najde (=vyskoci nejake upozornenie), klik na "NO" a vpravo zafajknes vsetky polozky OKREM:

• Sections
• IAT/EAT
• Registry
• nesystemovych diskov a particii (system je zvycajne na "C:\" - takze nezaskrtnute nechas "D:\", "E:\"...atd.)
• Show All

Klik na "Scan". Po scane klik na "Save" a log c. 2 vloz sem.

Ak nic nenajde (=nevyskoci nic), zaskrtaj vpravo vsetko a spusti scan. Po jeho ukonceni klik na "Copy" a vloz log c. 2.