Prosím o kontrolu hijackthis logu

zemak154 · Příspěvekod **zemak154** » 29 zář 2013 15:07

Combo fix log
--------------------------------------------------------

ComboFix 13-09-28.02 - PC-007 . 09. 2013 14:45:16.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.766.516 [GMT 2:00]
Running from: c:\documents and settings\PC-007\Plocha\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2013 *Disabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Home-PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
C:\prefs.js
c:\program files\FireFox\uninstall\helper.exe
c:\program files\FireFox\updater.exe
c:\windows\daemon.dll
c:\windows\IsUn0407.exe
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((( Files Created from 2013-08-28 to 2013-09-29 )))))))))))))))))))))))))))))))
.
.
2013-09-21 17:07 . 2013-09-21 17:07 -------- d-----w- c:\windows\ERUNT
2013-09-21 15:49 . 2013-09-21 16:45 -------- d-----w- C:\AdwCleaner
2013-09-21 15:07 . 2013-09-21 15:07 -------- d-----w- c:\documents and settings\PC-007\Data aplikací\Malwarebytes
2013-09-21 15:06 . 2013-09-21 15:06 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2013-09-21 15:06 . 2013-09-21 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-21 15:06 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-21 13:47 . 2013-09-21 13:47 388096 ----a-r- c:\documents and settings\PC-007\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-09-21 13:47 . 2013-09-21 13:47 -------- d-----w- c:\program files\hijack
2013-09-21 10:51 . 2013-09-29 11:20 -------- d-----w- c:\program files\trend micro
2013-09-21 10:51 . 2013-09-21 10:52 -------- d-----w- C:\rsit
2013-09-14 12:49 . 2013-09-14 12:49 -------- d-----w- c:\windows\system32\AppData
2013-09-08 09:15 . 2013-09-08 09:15 -------- d-----w- c:\documents and settings\PC-007\Data aplikací\IObit Apps
2013-09-05 07:38 . 2013-05-22 16:49 29528 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2013-09-05 07:37 . 2013-05-22 16:49 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-09 23:34 . 2012-09-21 02:45 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-04 23:43 . 2012-09-14 02:05 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-07-25 08:14 . 2008-04-14 06:52 669696 ----a-w- c:\windows\system32\wininet.dll
2013-07-25 08:14 . 2008-04-14 06:50 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-07-25 08:14 . 2008-04-14 06:51 81920 ----a-w- c:\windows\system32\ieencode.dll
2013-07-25 07:25 . 2008-04-14 05:50 370176 ----a-w- c:\windows\system32\html.iec
2013-07-19 23:51 . 2012-09-21 02:46 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-07-19 23:50 . 2012-10-22 12:02 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-19 23:50 . 2012-10-15 02:48 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-07-19 23:50 . 2012-10-02 02:30 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-07-10 10:37 . 2008-04-14 06:52 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 07:34 . 2008-04-14 08:06 2072320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-04 07:34 . 2008-04-14 06:07 2195712 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-01-14 491856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-08-15 4411440]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PanProcess.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [15. 10. 2012 4:48 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21. 9. 2012 4:46 246072]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [14. 9. 2012 4:05 39224]
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [23. 2. 2013 14:19 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [23. 2. 2013 14:19 5248]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [5. 9. 2013 9:37 14776]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [22. 10. 2012 14:02 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [21. 9. 2012 4:45 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2. 10. 2012 4:30 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [21. 9. 2012 4:46 182072]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [4. 5. 2013 17:05 465232]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [23. 7. 2013 19:09 283136]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [31. 3. 2013 13:24 335168]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [21. 9. 2013 17:06 701512]
R2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [1. 2. 2013 19:05 625304]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12. 1. 2012 20:52 30944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21. 9. 2013 17:06 22856]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2013\avgfws.exe [4. 9. 2013 9:20 1432080]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [4. 7. 2013 15:53 4939312]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12. 1. 2012 20:52 30944]
S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [20. 6. 2013 22:53 31520]
S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [20. 6. 2013 22:53 17360]
S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [20. 6. 2013 22:53 247968]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-29 10:29 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-29 c:\windows\Tasks\ASC6_AutoClean.job
- c:\program files\IObit\Advanced SystemCare 6\AutoSweep.exe [2013-05-04 15:23]
.
2013-09-29 c:\windows\Tasks\ASC6_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 6\Monitor.exe [2013-05-04 15:24]
.
2013-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-16 16:32]
.
2013-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-16 16:32]
.
2013-09-29 c:\windows\Tasks\SmartDefragUpdate.job
- c:\program files\IObit\Smart Defrag 2\AutoUpdate.exe [2013-05-29 15:33]
.
2013-09-29 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2013-05-29 15:33]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.4.1 192.168.10.2
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Moorhuhn Winter-Edition - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-29 14:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1068)
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5705_x-ww_36cfed49\comctl32.dll
.
- - - - - - - > 'explorer.exe'(2136)
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5705_x-ww_36cfed49\comctl32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\SOUNDMAN.EXE
c:\program files\PANDORA.TV\PanService\PanProcess.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-09-29 15:02:01 - machine was rebooted
ComboFix-quarantined-files.txt 2013-09-29 13:01
ComboFix2.txt 2013-01-28 14:52
.
Pre-Run: Volných bajtů: 20 000 948 224
Post-Run: Volných bajtů: 20 500 926 464
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 532FB7BD5BFE2BD60C6762CB57EB9E6E
413FC2A0C716421B3158746D63736515

Reklama

Příspěvekod **memphisto** » 29 zář 2013 17:25

Ten Iobit advance care nepotřebuješ...

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

Folder::
c:\program files\Google\Update

File::
c:\windows\Tasks\ASC6_AutoClean.job
c:\windows\Tasks\ASC6_PerformanceMonitor.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upus.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Prosím o kontrolu hijackthis logu

Re: Prosím o kontrolu hijackthis logu

Re: Prosím o kontrolu hijackthis logu

Kdo je online