jinak se PC po skonceni restartoval sam, mam ho restartovat jeste jednou?
ComboFix 13-02-12.01 - pokus 12.02.2013 21:30:50.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1014.508 [GMT 1:00]
Spuštěný z: c:\documents and settings\pokus\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\pokus\WINDOWS
c:\windows\msmqinst.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\winlogon.bak
.
.
\\.\PhysicalDrive0 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive1 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive2 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive3 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive4 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive5 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive6 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive7 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive8 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive9 - Bootkit Sinowal was found and disinfected
.
\\.\PhysicalDrive0 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive1 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive2 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive3 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive4 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive5 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive6 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive7 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive8 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive9 - Bootkit Sinowal was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
-------\Service_xpsec
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-01-12 do 2013-02-12 )))))))))))))))))))))))))))))))
.
.
2013-02-12 20:16 . 2013-02-12 20:16 -------- d-----w- C:\TDSSKiller_Quarantine
2013-02-12 14:54 . 2013-02-12 14:54 -------- d-----w- c:\documents and settings\pokus\Data aplikací\Malwarebytes
2013-02-12 14:54 . 2013-02-12 14:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-02-12 14:54 . 2013-02-12 14:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-12 14:54 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-12 13:35 . 2013-02-12 13:35 50688 ----a-w- c:\program files\ATF-Cleaner.exe
2013-02-11 19:08 . 2013-02-11 19:08 388096 ----a-r- c:\documents and settings\pokus\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-02-11 19:08 . 2013-02-11 19:08 -------- d-----w- c:\program files\Trend Micro
2013-02-11 16:58 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-02-11 16:58 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-02-11 16:58 . 2012-10-30 22:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-02-11 16:58 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-02-11 16:58 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-02-11 16:58 . 2012-10-30 22:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2013-02-11 16:58 . 2012-10-30 22:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2013-02-11 16:58 . 2012-10-30 22:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2013-02-11 16:57 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2013-02-11 16:57 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2013-02-11 16:56 . 2013-02-11 16:56 -------- d-----w- c:\program files\AVAST Software
2013-02-11 16:56 . 2013-02-11 16:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2013-02-11 15:43 . 2013-02-11 15:56 97565024 ----a-w- c:\program files\avast_free_antivirus_setup.exe
2013-02-11 12:09 . 2001-10-25 14:00 138752 -c--a-w- c:\windows\system32\dllcache\sndvol32.exe
2013-02-11 12:09 . 2001-10-25 14:00 138752 ----a-w- c:\windows\system32\sndvol32.exe
2013-02-10 08:31 . 2008-02-18 16:14 106624 ----a-w- c:\windows\system32\drivers\Gt51Ip.sys
2013-02-10 08:31 . 2008-02-08 12:00 59648 ----a-w- c:\windows\system32\drivers\gt72ubus.sys
2013-02-10 08:31 . 2007-03-30 12:38 8064 ----a-w- c:\windows\system32\drivers\gtptser.sys
2013-02-10 08:31 . 2013-02-10 08:31 -------- d-----w- c:\program files\Option
2013-02-10 08:30 . 2013-02-10 08:30 -------- d-----w- c:\program files\Emotum
2013-02-09 17:10 . 2013-02-10 08:33 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Emotum
2013-01-29 12:19 . 2013-01-29 12:19 -------- d-----w- C:\IL
2013-01-29 12:19 . 1997-05-29 15:31 314880 ----a-w- c:\windows\IsUn041d.exe
2013-01-25 14:45 . 2013-02-04 10:03 -------- d-----w- c:\documents and settings\pokus\Data aplikací\EuroTalk
2013-01-25 14:45 . 2013-01-25 14:45 -------- d-----w- c:\program files\EuroTalk Interactive
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-09 17:23 . 2012-04-18 04:45 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-09 17:23 . 2012-02-07 09:41 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-30 10:53 . 2011-11-20 16:54 232336 ------w- c:\windows\system32\MpSigStub.exe
2012-11-29 17:37 . 2012-11-29 17:38 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-29 17:37 . 2008-11-18 15:07 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-29 17:37 . 2012-11-29 17:38 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-29 17:37 . 2012-11-29 17:38 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-22 14:11 . 2012-05-22 14:11 568640 ----a-w- c:\program files\ChromeSetup.exe
2011-10-18 19:29 . 2011-10-18 19:29 2108336 ----a-w- c:\program files\iLividSetupV1.exe
2010-05-26 12:41 . 2010-05-26 12:41 33850672 -c--a-w- c:\program files\QuickTimeInstaller.exe
2010-04-26 20:53 . 2010-04-26 20:53 9890272 -c--a-w- c:\program files\PDFT4CZ.exe
2009-03-19 22:01 . 2009-03-19 21:59 3096064 -c--a-w- c:\program files\BitLord_1.01.exe
2008-12-01 18:46 . 2008-12-01 18:45 5184550 -c--a-w- c:\program files\kodek016cz.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-09-12 . 427E6DED3A2369D3432A683EB489EE14 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\winlogon.exe
[7] 2004-08-17 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\winlogon.exe
.
[-] 2008-09-30 . 07DE423FB70EBAC5136677E3956FDBC3 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-14 . 56A6034E7764E23D9114223EB3523925 . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\sfcfiles.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"="c:\windows\OETRN.EXE" [2010-12-23 26624]
"Emotum Mobile Broadband"="c:\program files\Emotum\Mobile Broadband\Mobile.exe" [2009-05-14 348968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-30 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-30 138008]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-09-30 102400]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-07-04 475136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Acer Empowering Technology.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Acer Empowering Technology.lnk
backup=c:\windows\pss\Acer Empowering Technology.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^pokus^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\documents and settings\pokus\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePresentation HPD]
2007-03-02 10:25 208896 -c--a-w- c:\program files\Acer\Empowering Technology\ePresentation\ePresentation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boot]
2006-03-15 21:12 579584 -c--a-w- c:\program files\Acer\Empowering Technology\ePower\Boot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-03-28 21:11 3325952 -c--a-w- c:\program files\Electronic Arts\EADM\Core.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
2007-07-04 10:44 475136 ----a-w- c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2007-10-17 09:59 858632 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 16:04 2879488 -c--a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\BitLord_1.01.ex\\BitLord.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\pokus\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11.2.2013 17:58 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11.2.2013 17:58 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11.2.2013 17:58 21256]
R2 GTDetectSc;GtDetectSc Service;c:\program files\Option\Option 225 Driver Installation\GtDetectSc.exe [18.12.2007 12:48 196704]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12.2.2013 15:54 682344]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2.10.2012 11:13 3064000]
R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [10.2.2013 9:31 106624]
R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [10.2.2013 9:31 59648]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12.2.2013 15:54 21104]
S1 lchnvcop;lchnvcop;\??\c:\windows\system32\drivers\lchnvcop.sys --> c:\windows\system32\drivers\lchnvcop.sys [?]
S1 whckzjos;whckzjos;\??\c:\windows\system32\drivers\whckzjos.sys --> c:\windows\system32\drivers\whckzjos.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 12:28 160944]
S3 FlashUSB;FlashUSB;c:\windows\system32\drivers\FlashUSB.sys [27.4.2011 10:03 16896]
S3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\DRIVERS\ipw3gnet.sys --> c:\windows\system32\DRIVERS\ipw3gnet.sys [?]
S3 Sony PC Companion;Sony PC Companion;"c:\program files\Sony\Sony PC Companion\PCCService.exe" --> c:\program files\Sony\Sony PC Companion\PCCService.exe [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.11.2008 5:48 717296]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-02-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 17:23]
.
2013-02-12 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-02-11 22:50]
.
2013-02-12 c:\windows\Tasks\User_Feed_Synchronization-{D7450B31-9858-428F-8599-39DDCA4984F1}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: DhcpNameServer = 195.54.122.221 195.54.122.211
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-WEBTRAN - (no file)
SafeBoot-28027656.sys
SafeBoot-28708111.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Creative Live! Cam Manager - c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
MSConfigStartUp-T-Mobile Communication Centre - c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe
AddRemove-WinRAR archiver - c:\program files\WinRAR\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-12 21:49
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1028)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
.
- - - - - - - > 'lsass.exe'(1084)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
.
- - - - - - - > 'explorer.exe'(724)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
c:\windows\TrnOEH.dll
c:\program files\Acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2013-02-12 21:55:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-02-12 20:55
.
Před spuštěním: 8 794 664 960
Po spuštění: 8 661 180 416
.
- - End Of File - - 0F6A623886522F02B27732B5E107A388
PS: co mam pak delat se vsemi temi programy, co jsem si postahovala? vim, ze jsou uzitecne, ale jelikoz jsem postupovala podle navodu, nevim jak s nimi zachazet, co s nimi?
prosim o kontrolu logu, pls .. dekuji + Vyřešeno
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosim o kontrolu logu, pls .. dekuji
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Přeinstalovat IPWireless 3G Network Adapter a Sony PC Companion chybí ovladače..
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
c:\windows\system32\winlogon.exe
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Nebo na:
http://www.virscan.org/
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
Ty porty jsou otevřeny proč?
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Stáhni Bootkit Remover
http://www.smartestcomputing.us.com/fil ... t-remover/
rozbal a vyjmi soubor na plochu.
-spusť ho poklepáním ( u visty a win7 jako správce)
- pak klikni do černého okna pravým tl. myši a vyber:“ Vybrat vše“ , klikni na
CTRL+C , tím se obsah zkopíruje a pomocí CTRL+V ho vlož sem.
Popř. sem vlož screen toho okna.
Zkopíruj do něj následující celý text označený zeleně:
Kód: Vybrat vše
ClearJavaCache::
KillAll::
Folder::
C:\TDSSKiller_Quarantine
c:\program files\Skype\Updater
Driver::
lchnvcop
whckzjos
SkypeUpdate
IpwP
Sony PC Companion
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Přeinstalovat IPWireless 3G Network Adapter a Sony PC Companion chybí ovladače..
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
c:\windows\system32\winlogon.exe
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Nebo na:
http://www.virscan.org/
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
Ty porty jsou otevřeny proč?
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Stáhni Bootkit Remover
http://www.smartestcomputing.us.com/fil ... t-remover/
rozbal a vyjmi soubor na plochu.
-spusť ho poklepáním ( u visty a win7 jako správce)
- pak klikni do černého okna pravým tl. myši a vyber:“ Vybrat vše“ , klikni na
CTRL+C , tím se obsah zkopíruje a pomocí CTRL+V ho vlož sem.
Popř. sem vlož screen toho okna.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: prosim o kontrolu logu, pls .. dekuji
ComboFix 13-02-13.02 - pokus 13.02.2013 22:35:52.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1014.400 [GMT 1:00]
Spuštěný z: c:\documents and settings\pokus\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\pokus\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.dll
c:\program files\Skype\Updater\Updater.exe
C:\TDSSKiller_Quarantine
c:\tdsskiller_quarantine\12.02.2013_20.41.29\mbr0000\mbr0000\object.ini
c:\tdsskiller_quarantine\12.02.2013_20.41.29\mbr0000\mbr0000\tsk0000.dta
c:\tdsskiller_quarantine\12.02.2013_20.41.29\mbr0000\mbr0000\tsk0000.ini
c:\tdsskiller_quarantine\12.02.2013_20.41.29\mbr0000\mbr0000\tsk0001.dta
c:\tdsskiller_quarantine\12.02.2013_20.41.29\mbr0000\mbr0000\tsk0001.ini
c:\tdsskiller_quarantine\12.02.2013_20.41.29\mbr0000\object.ini
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SKYPEUPDATE
-------\Legacy_SONY_PC_COMPANION
-------\Service_IpwP
-------\Service_lchnvcop
-------\Service_SkypeUpdate
-------\Service_Sony PC Companion
-------\Service_whckzjos
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-01-13 do 2013-02-13 )))))))))))))))))))))))))))))))
.
.
2013-02-12 14:54 . 2013-02-12 14:54 -------- d-----w- c:\documents and settings\pokus\Data aplikací\Malwarebytes
2013-02-12 14:54 . 2013-02-12 14:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-02-12 14:54 . 2013-02-12 14:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-12 14:54 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-12 13:35 . 2013-02-12 13:35 50688 ----a-w- c:\program files\ATF-Cleaner.exe
2013-02-11 19:08 . 2013-02-11 19:08 388096 ----a-r- c:\documents and settings\pokus\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-02-11 19:08 . 2013-02-11 19:08 -------- d-----w- c:\program files\Trend Micro
2013-02-11 16:58 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-02-11 16:58 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-02-11 16:58 . 2012-10-30 22:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-02-11 16:58 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-02-11 16:58 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-02-11 16:58 . 2012-10-30 22:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2013-02-11 16:58 . 2012-10-30 22:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2013-02-11 16:58 . 2012-10-30 22:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2013-02-11 16:57 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2013-02-11 16:57 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2013-02-11 16:56 . 2013-02-11 16:56 -------- d-----w- c:\program files\AVAST Software
2013-02-11 16:56 . 2013-02-11 16:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2013-02-11 15:43 . 2013-02-11 15:56 97565024 ----a-w- c:\program files\avast_free_antivirus_setup.exe
2013-02-11 12:09 . 2001-10-25 14:00 138752 -c--a-w- c:\windows\system32\dllcache\sndvol32.exe
2013-02-11 12:09 . 2001-10-25 14:00 138752 ----a-w- c:\windows\system32\sndvol32.exe
2013-02-10 08:31 . 2008-02-18 16:14 106624 ----a-w- c:\windows\system32\drivers\Gt51Ip.sys
2013-02-10 08:31 . 2008-02-08 12:00 59648 ----a-w- c:\windows\system32\drivers\gt72ubus.sys
2013-02-10 08:31 . 2007-03-30 12:38 8064 ----a-w- c:\windows\system32\drivers\gtptser.sys
2013-02-10 08:31 . 2013-02-10 08:31 -------- d-----w- c:\program files\Option
2013-02-10 08:30 . 2013-02-10 08:30 -------- d-----w- c:\program files\Emotum
2013-02-09 17:10 . 2013-02-10 08:33 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Emotum
2013-01-29 12:19 . 2013-01-29 12:19 -------- d-----w- C:\IL
2013-01-29 12:19 . 1997-05-29 15:31 314880 ----a-w- c:\windows\IsUn041d.exe
2013-01-25 14:45 . 2013-02-04 10:03 -------- d-----w- c:\documents and settings\pokus\Data aplikací\EuroTalk
2013-01-25 14:45 . 2013-01-25 14:45 -------- d-----w- c:\program files\EuroTalk Interactive
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-09 17:23 . 2012-04-18 04:45 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-09 17:23 . 2012-02-07 09:41 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-30 10:53 . 2011-11-20 16:54 232336 ------w- c:\windows\system32\MpSigStub.exe
2012-11-29 17:37 . 2012-11-29 17:38 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-29 17:37 . 2008-11-18 15:07 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-29 17:37 . 2012-11-29 17:38 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-29 17:37 . 2012-11-29 17:38 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-22 14:11 . 2012-05-22 14:11 568640 ----a-w- c:\program files\ChromeSetup.exe
2011-10-18 19:29 . 2011-10-18 19:29 2108336 ----a-w- c:\program files\iLividSetupV1.exe
2010-05-26 12:41 . 2010-05-26 12:41 33850672 -c--a-w- c:\program files\QuickTimeInstaller.exe
2010-04-26 20:53 . 2010-04-26 20:53 9890272 -c--a-w- c:\program files\PDFT4CZ.exe
2009-03-19 22:01 . 2009-03-19 21:59 3096064 -c--a-w- c:\program files\BitLord_1.01.exe
2008-12-01 18:46 . 2008-12-01 18:45 5184550 -c--a-w- c:\program files\kodek016cz.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-09-12 . 427E6DED3A2369D3432A683EB489EE14 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\winlogon.exe
[7] 2004-08-17 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\winlogon.exe
.
[-] 2008-09-30 . 07DE423FB70EBAC5136677E3956FDBC3 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-14 . 56A6034E7764E23D9114223EB3523925 . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\sfcfiles.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"="c:\windows\OETRN.EXE" [2010-12-23 26624]
"Emotum Mobile Broadband"="c:\program files\Emotum\Mobile Broadband\Mobile.exe" [2009-05-14 348968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-30 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-30 138008]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-09-30 102400]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-07-04 475136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Acer Empowering Technology.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Acer Empowering Technology.lnk
backup=c:\windows\pss\Acer Empowering Technology.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^pokus^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\documents and settings\pokus\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePresentation HPD]
2007-03-02 10:25 208896 -c--a-w- c:\program files\Acer\Empowering Technology\ePresentation\ePresentation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boot]
2006-03-15 21:12 579584 -c--a-w- c:\program files\Acer\Empowering Technology\ePower\Boot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-03-28 21:11 3325952 -c--a-w- c:\program files\Electronic Arts\EADM\Core.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
2007-07-04 10:44 475136 ----a-w- c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2007-10-17 09:59 858632 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 16:04 2879488 -c--a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\BitLord_1.01.ex\\BitLord.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\pokus\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11.2.2013 17:58 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11.2.2013 17:58 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11.2.2013 17:58 21256]
R2 GTDetectSc;GtDetectSc Service;c:\program files\Option\Option 225 Driver Installation\GtDetectSc.exe [18.12.2007 12:48 196704]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12.2.2013 15:54 682344]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2.10.2012 11:13 3064000]
R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [10.2.2013 9:31 106624]
R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [10.2.2013 9:31 59648]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12.2.2013 15:54 21104]
S3 FlashUSB;FlashUSB;c:\windows\system32\drivers\FlashUSB.sys [27.4.2011 10:03 16896]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.11.2008 5:48 717296]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-02-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 17:23]
.
2013-02-13 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-02-11 22:50]
.
2013-02-13 c:\windows\Tasks\User_Feed_Synchronization-{D7450B31-9858-428F-8599-39DDCA4984F1}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: DhcpNameServer = 195.54.122.221 195.54.122.211
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-13 22:45
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1012)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
.
- - - - - - - > 'lsass.exe'(1068)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
.
- - - - - - - > 'explorer.exe'(2636)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
c:\windows\TrnOEH.dll
c:\program files\Acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2013-02-13 22:49:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-02-13 21:49
ComboFix2.txt 2013-02-12 20:55
.
Před spuštěním: 8 546 902 016
Po spuštění: 8 530 874 368
.
- - End Of File - - A81B77742A59E23BB890EEAB7DC20DB3
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1014.400 [GMT 1:00]
Spuštěný z: c:\documents and settings\pokus\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\pokus\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.dll
c:\program files\Skype\Updater\Updater.exe
C:\TDSSKiller_Quarantine
c:\tdsskiller_quarantine\12.02.2013_20.41.29\mbr0000\mbr0000\object.ini
c:\tdsskiller_quarantine\12.02.2013_20.41.29\mbr0000\mbr0000\tsk0000.dta
c:\tdsskiller_quarantine\12.02.2013_20.41.29\mbr0000\mbr0000\tsk0000.ini
c:\tdsskiller_quarantine\12.02.2013_20.41.29\mbr0000\mbr0000\tsk0001.dta
c:\tdsskiller_quarantine\12.02.2013_20.41.29\mbr0000\mbr0000\tsk0001.ini
c:\tdsskiller_quarantine\12.02.2013_20.41.29\mbr0000\object.ini
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SKYPEUPDATE
-------\Legacy_SONY_PC_COMPANION
-------\Service_IpwP
-------\Service_lchnvcop
-------\Service_SkypeUpdate
-------\Service_Sony PC Companion
-------\Service_whckzjos
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-01-13 do 2013-02-13 )))))))))))))))))))))))))))))))
.
.
2013-02-12 14:54 . 2013-02-12 14:54 -------- d-----w- c:\documents and settings\pokus\Data aplikací\Malwarebytes
2013-02-12 14:54 . 2013-02-12 14:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-02-12 14:54 . 2013-02-12 14:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-12 14:54 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-12 13:35 . 2013-02-12 13:35 50688 ----a-w- c:\program files\ATF-Cleaner.exe
2013-02-11 19:08 . 2013-02-11 19:08 388096 ----a-r- c:\documents and settings\pokus\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-02-11 19:08 . 2013-02-11 19:08 -------- d-----w- c:\program files\Trend Micro
2013-02-11 16:58 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-02-11 16:58 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-02-11 16:58 . 2012-10-30 22:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-02-11 16:58 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-02-11 16:58 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-02-11 16:58 . 2012-10-30 22:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2013-02-11 16:58 . 2012-10-30 22:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2013-02-11 16:58 . 2012-10-30 22:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2013-02-11 16:57 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2013-02-11 16:57 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2013-02-11 16:56 . 2013-02-11 16:56 -------- d-----w- c:\program files\AVAST Software
2013-02-11 16:56 . 2013-02-11 16:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2013-02-11 15:43 . 2013-02-11 15:56 97565024 ----a-w- c:\program files\avast_free_antivirus_setup.exe
2013-02-11 12:09 . 2001-10-25 14:00 138752 -c--a-w- c:\windows\system32\dllcache\sndvol32.exe
2013-02-11 12:09 . 2001-10-25 14:00 138752 ----a-w- c:\windows\system32\sndvol32.exe
2013-02-10 08:31 . 2008-02-18 16:14 106624 ----a-w- c:\windows\system32\drivers\Gt51Ip.sys
2013-02-10 08:31 . 2008-02-08 12:00 59648 ----a-w- c:\windows\system32\drivers\gt72ubus.sys
2013-02-10 08:31 . 2007-03-30 12:38 8064 ----a-w- c:\windows\system32\drivers\gtptser.sys
2013-02-10 08:31 . 2013-02-10 08:31 -------- d-----w- c:\program files\Option
2013-02-10 08:30 . 2013-02-10 08:30 -------- d-----w- c:\program files\Emotum
2013-02-09 17:10 . 2013-02-10 08:33 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Emotum
2013-01-29 12:19 . 2013-01-29 12:19 -------- d-----w- C:\IL
2013-01-29 12:19 . 1997-05-29 15:31 314880 ----a-w- c:\windows\IsUn041d.exe
2013-01-25 14:45 . 2013-02-04 10:03 -------- d-----w- c:\documents and settings\pokus\Data aplikací\EuroTalk
2013-01-25 14:45 . 2013-01-25 14:45 -------- d-----w- c:\program files\EuroTalk Interactive
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-09 17:23 . 2012-04-18 04:45 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-09 17:23 . 2012-02-07 09:41 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-30 10:53 . 2011-11-20 16:54 232336 ------w- c:\windows\system32\MpSigStub.exe
2012-11-29 17:37 . 2012-11-29 17:38 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-29 17:37 . 2008-11-18 15:07 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-29 17:37 . 2012-11-29 17:38 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-29 17:37 . 2012-11-29 17:38 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-22 14:11 . 2012-05-22 14:11 568640 ----a-w- c:\program files\ChromeSetup.exe
2011-10-18 19:29 . 2011-10-18 19:29 2108336 ----a-w- c:\program files\iLividSetupV1.exe
2010-05-26 12:41 . 2010-05-26 12:41 33850672 -c--a-w- c:\program files\QuickTimeInstaller.exe
2010-04-26 20:53 . 2010-04-26 20:53 9890272 -c--a-w- c:\program files\PDFT4CZ.exe
2009-03-19 22:01 . 2009-03-19 21:59 3096064 -c--a-w- c:\program files\BitLord_1.01.exe
2008-12-01 18:46 . 2008-12-01 18:45 5184550 -c--a-w- c:\program files\kodek016cz.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-09-12 . 427E6DED3A2369D3432A683EB489EE14 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\winlogon.exe
[7] 2004-08-17 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\winlogon.exe
.
[-] 2008-09-30 . 07DE423FB70EBAC5136677E3956FDBC3 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-14 . 56A6034E7764E23D9114223EB3523925 . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\ff65d7285a0ac7b11c922fdff2c799a3\sfcfiles.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"="c:\windows\OETRN.EXE" [2010-12-23 26624]
"Emotum Mobile Broadband"="c:\program files\Emotum\Mobile Broadband\Mobile.exe" [2009-05-14 348968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-30 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-30 138008]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-09-30 102400]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-07-04 475136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Acer Empowering Technology.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Acer Empowering Technology.lnk
backup=c:\windows\pss\Acer Empowering Technology.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^pokus^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\documents and settings\pokus\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePresentation HPD]
2007-03-02 10:25 208896 -c--a-w- c:\program files\Acer\Empowering Technology\ePresentation\ePresentation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boot]
2006-03-15 21:12 579584 -c--a-w- c:\program files\Acer\Empowering Technology\ePower\Boot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-03-28 21:11 3325952 -c--a-w- c:\program files\Electronic Arts\EADM\Core.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
2007-07-04 10:44 475136 ----a-w- c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2007-10-17 09:59 858632 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 16:04 2879488 -c--a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\BitLord_1.01.ex\\BitLord.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\pokus\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11.2.2013 17:58 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11.2.2013 17:58 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11.2.2013 17:58 21256]
R2 GTDetectSc;GtDetectSc Service;c:\program files\Option\Option 225 Driver Installation\GtDetectSc.exe [18.12.2007 12:48 196704]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12.2.2013 15:54 682344]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2.10.2012 11:13 3064000]
R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [10.2.2013 9:31 106624]
R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [10.2.2013 9:31 59648]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12.2.2013 15:54 21104]
S3 FlashUSB;FlashUSB;c:\windows\system32\drivers\FlashUSB.sys [27.4.2011 10:03 16896]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.11.2008 5:48 717296]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-02-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 17:23]
.
2013-02-13 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-02-11 22:50]
.
2013-02-13 c:\windows\Tasks\User_Feed_Synchronization-{D7450B31-9858-428F-8599-39DDCA4984F1}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: DhcpNameServer = 195.54.122.221 195.54.122.211
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-13 22:45
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1012)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
.
- - - - - - - > 'lsass.exe'(1068)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
.
- - - - - - - > 'explorer.exe'(2636)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
c:\windows\TrnOEH.dll
c:\program files\Acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2013-02-13 22:49:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-02-13 21:49
ComboFix2.txt 2013-02-12 20:55
.
Před spuštěním: 8 546 902 016
Po spuštění: 8 530 874 368
.
- - End Of File - - A81B77742A59E23BB890EEAB7DC20DB3
Re: prosim o kontrolu logu, pls .. dekuji
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:14:03, on 13.2.2013
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Option\Option 225 Driver Installation\GTDetectSc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\OETRN.EXE
C:\Program Files\Emotum\Mobile Broadband\Mobile.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\pokus\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\pokus\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\pokus\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\pokus\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\pokus\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\pokus\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\pokus\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE
O4 - HKCU\..\Run: [Emotum Mobile Broadband] C:\Program Files\Emotum\Mobile Broadband\Mobile.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = pilsfree.czf
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = pilsfree.czf
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: eLock Service (eLockService) - - C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: GtDetectSc Service (GTDetectSc) - OptionNV - C:\Program Files\Option\Option 225 Driver Installation\GTDetectSc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
--
End of file - 11195 bytes
Scan saved at 23:14:03, on 13.2.2013
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Option\Option 225 Driver Installation\GTDetectSc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\OETRN.EXE
C:\Program Files\Emotum\Mobile Broadband\Mobile.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\pokus\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\pokus\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\pokus\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\pokus\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\pokus\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\pokus\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\pokus\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE
O4 - HKCU\..\Run: [Emotum Mobile Broadband] C:\Program Files\Emotum\Mobile Broadband\Mobile.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = pilsfree.czf
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = pilsfree.czf
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: eLock Service (eLockService) - - C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: GtDetectSc Service (GTDetectSc) - OptionNV - C:\Program Files\Option\Option 225 Driver Installation\GTDetectSc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
--
End of file - 11195 bytes
Re: prosim o kontrolu logu, pls .. dekuji
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-14 00:06:23
-----------------------------
00:06:23.812 OS Version: Windows 5.1.2600 Service Pack 2
00:06:23.812 Number of processors: 1 586 0x1601
00:06:23.812 ComputerName: APOLLO-NOTE UserName: pokus
00:06:24.812 Initialize success
00:06:25.890 AVAST engine defs: 13021302
00:06:29.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
00:06:29.796 Disk 0 Vendor: Hitachi_HTS541680J9SA00 SB2OC70P Size: 76319MB BusType: 3
00:06:29.812 Disk 0 MBR read successfully
00:06:29.812 Disk 0 MBR scan
00:06:29.828 Disk 0 Windows XP default MBR code
00:06:29.828 Disk 0 Partition 1 00 12 Compaq diag MSDOS5.0 10252 MB offset 63
00:06:29.859 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 37032 MB offset 20996955
00:06:29.890 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 29031 MB offset 96839820
00:06:29.890 Disk 0 scanning sectors +156296385
00:06:29.906 Disk 0 malicious Win32:MBRoot code @ sector 156296388 !
00:06:29.953 Disk 0 scanning C:\WINDOWS\system32\drivers
00:06:46.531 Service scanning
00:07:20.171 Modules scanning
00:07:39.609 Disk 0 trace - called modules:
00:07:39.640 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
00:07:39.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87340ab8]
00:07:39.640 3 CLASSPNP.SYS[f754105b] -> nt!IofCallDriver -> \Device\00000096[0x87348908]
00:07:39.640 5 ACPI.sys[f73b7620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8733fd98]
00:07:39.953 AVAST engine scan C:\WINDOWS
00:07:47.484 AVAST engine scan C:\WINDOWS\system32
00:09:41.859 AVAST engine scan C:\WINDOWS\system32\drivers
00:09:53.734 AVAST engine scan C:\Documents and Settings\pokus
00:13:32.593 AVAST engine scan C:\Documents and Settings\All Users
00:13:33.875 File: C:\Documents and Settings\All Users\Data aplikací\AVAST Software\Avast\arpot\TEMP\01CE095A5296FBBA **INFECTED** Win32:Sinowal-IK [Trj]
00:13:33.984 File: C:\Documents and Settings\All Users\Data aplikací\AVAST Software\Avast\arpot\TEMP\01CE095AE4826802 **INFECTED** Win32:Sinowal-IK [Trj]
00:14:19.171 Scan finished successfully
00:14:32.859 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\pokus\Plocha\MBR.dat"
00:14:32.859 The log file has been saved successfully to "C:\Documents and Settings\pokus\Plocha\aswMBR.txt"
-vedle se mi ulozil program s ikonkou cd - nero, co pa to je??
Run date: 2013-02-14 00:06:23
-----------------------------
00:06:23.812 OS Version: Windows 5.1.2600 Service Pack 2
00:06:23.812 Number of processors: 1 586 0x1601
00:06:23.812 ComputerName: APOLLO-NOTE UserName: pokus
00:06:24.812 Initialize success
00:06:25.890 AVAST engine defs: 13021302
00:06:29.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
00:06:29.796 Disk 0 Vendor: Hitachi_HTS541680J9SA00 SB2OC70P Size: 76319MB BusType: 3
00:06:29.812 Disk 0 MBR read successfully
00:06:29.812 Disk 0 MBR scan
00:06:29.828 Disk 0 Windows XP default MBR code
00:06:29.828 Disk 0 Partition 1 00 12 Compaq diag MSDOS5.0 10252 MB offset 63
00:06:29.859 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 37032 MB offset 20996955
00:06:29.890 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 29031 MB offset 96839820
00:06:29.890 Disk 0 scanning sectors +156296385
00:06:29.906 Disk 0 malicious Win32:MBRoot code @ sector 156296388 !
00:06:29.953 Disk 0 scanning C:\WINDOWS\system32\drivers
00:06:46.531 Service scanning
00:07:20.171 Modules scanning
00:07:39.609 Disk 0 trace - called modules:
00:07:39.640 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
00:07:39.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87340ab8]
00:07:39.640 3 CLASSPNP.SYS[f754105b] -> nt!IofCallDriver -> \Device\00000096[0x87348908]
00:07:39.640 5 ACPI.sys[f73b7620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8733fd98]
00:07:39.953 AVAST engine scan C:\WINDOWS
00:07:47.484 AVAST engine scan C:\WINDOWS\system32
00:09:41.859 AVAST engine scan C:\WINDOWS\system32\drivers
00:09:53.734 AVAST engine scan C:\Documents and Settings\pokus
00:13:32.593 AVAST engine scan C:\Documents and Settings\All Users
00:13:33.875 File: C:\Documents and Settings\All Users\Data aplikací\AVAST Software\Avast\arpot\TEMP\01CE095A5296FBBA **INFECTED** Win32:Sinowal-IK [Trj]
00:13:33.984 File: C:\Documents and Settings\All Users\Data aplikací\AVAST Software\Avast\arpot\TEMP\01CE095AE4826802 **INFECTED** Win32:Sinowal-IK [Trj]
00:14:19.171 Scan finished successfully
00:14:32.859 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\pokus\Plocha\MBR.dat"
00:14:32.859 The log file has been saved successfully to "C:\Documents and Settings\pokus\Plocha\aswMBR.txt"
-vedle se mi ulozil program s ikonkou cd - nero, co pa to je??
Re: prosim o kontrolu logu, pls .. dekuji
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-14 00:06:23
-----------------------------
00:06:23.812 OS Version: Windows 5.1.2600 Service Pack 2
00:06:23.812 Number of processors: 1 586 0x1601
00:06:23.812 ComputerName: APOLLO-NOTE UserName: pokus
00:06:24.812 Initialize success
00:06:25.890 AVAST engine defs: 13021302
00:06:29.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
00:06:29.796 Disk 0 Vendor: Hitachi_HTS541680J9SA00 SB2OC70P Size: 76319MB BusType: 3
00:06:29.812 Disk 0 MBR read successfully
00:06:29.812 Disk 0 MBR scan
00:06:29.828 Disk 0 Windows XP default MBR code
00:06:29.828 Disk 0 Partition 1 00 12 Compaq diag MSDOS5.0 10252 MB offset 63
00:06:29.859 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 37032 MB offset 20996955
00:06:29.890 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 29031 MB offset 96839820
00:06:29.890 Disk 0 scanning sectors +156296385
00:06:29.906 Disk 0 malicious Win32:MBRoot code @ sector 156296388 !
00:06:29.953 Disk 0 scanning C:\WINDOWS\system32\drivers
00:06:46.531 Service scanning
00:07:20.171 Modules scanning
00:07:39.609 Disk 0 trace - called modules:
00:07:39.640 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
00:07:39.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87340ab8]
00:07:39.640 3 CLASSPNP.SYS[f754105b] -> nt!IofCallDriver -> \Device\00000096[0x87348908]
00:07:39.640 5 ACPI.sys[f73b7620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8733fd98]
00:07:39.953 AVAST engine scan C:\WINDOWS
00:07:47.484 AVAST engine scan C:\WINDOWS\system32
00:09:41.859 AVAST engine scan C:\WINDOWS\system32\drivers
00:09:53.734 AVAST engine scan C:\Documents and Settings\pokus
00:13:32.593 AVAST engine scan C:\Documents and Settings\All Users
00:13:33.875 File: C:\Documents and Settings\All Users\Data aplikací\AVAST Software\Avast\arpot\TEMP\01CE095A5296FBBA **INFECTED** Win32:Sinowal-IK [Trj]
00:13:33.984 File: C:\Documents and Settings\All Users\Data aplikací\AVAST Software\Avast\arpot\TEMP\01CE095AE4826802 **INFECTED** Win32:Sinowal-IK [Trj]
00:14:19.171 Scan finished successfully
00:14:32.859 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\pokus\Plocha\MBR.dat"
00:14:32.859 The log file has been saved successfully to "C:\Documents and Settings\pokus\Plocha\aswMBR.txt"
Run date: 2013-02-14 00:06:23
-----------------------------
00:06:23.812 OS Version: Windows 5.1.2600 Service Pack 2
00:06:23.812 Number of processors: 1 586 0x1601
00:06:23.812 ComputerName: APOLLO-NOTE UserName: pokus
00:06:24.812 Initialize success
00:06:25.890 AVAST engine defs: 13021302
00:06:29.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
00:06:29.796 Disk 0 Vendor: Hitachi_HTS541680J9SA00 SB2OC70P Size: 76319MB BusType: 3
00:06:29.812 Disk 0 MBR read successfully
00:06:29.812 Disk 0 MBR scan
00:06:29.828 Disk 0 Windows XP default MBR code
00:06:29.828 Disk 0 Partition 1 00 12 Compaq diag MSDOS5.0 10252 MB offset 63
00:06:29.859 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 37032 MB offset 20996955
00:06:29.890 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 29031 MB offset 96839820
00:06:29.890 Disk 0 scanning sectors +156296385
00:06:29.906 Disk 0 malicious Win32:MBRoot code @ sector 156296388 !
00:06:29.953 Disk 0 scanning C:\WINDOWS\system32\drivers
00:06:46.531 Service scanning
00:07:20.171 Modules scanning
00:07:39.609 Disk 0 trace - called modules:
00:07:39.640 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
00:07:39.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87340ab8]
00:07:39.640 3 CLASSPNP.SYS[f754105b] -> nt!IofCallDriver -> \Device\00000096[0x87348908]
00:07:39.640 5 ACPI.sys[f73b7620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8733fd98]
00:07:39.953 AVAST engine scan C:\WINDOWS
00:07:47.484 AVAST engine scan C:\WINDOWS\system32
00:09:41.859 AVAST engine scan C:\WINDOWS\system32\drivers
00:09:53.734 AVAST engine scan C:\Documents and Settings\pokus
00:13:32.593 AVAST engine scan C:\Documents and Settings\All Users
00:13:33.875 File: C:\Documents and Settings\All Users\Data aplikací\AVAST Software\Avast\arpot\TEMP\01CE095A5296FBBA **INFECTED** Win32:Sinowal-IK [Trj]
00:13:33.984 File: C:\Documents and Settings\All Users\Data aplikací\AVAST Software\Avast\arpot\TEMP\01CE095AE4826802 **INFECTED** Win32:Sinowal-IK [Trj]
00:14:19.171 Scan finished successfully
00:14:32.859 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\pokus\Plocha\MBR.dat"
00:14:32.859 The log file has been saved successfully to "C:\Documents and Settings\pokus\Plocha\aswMBR.txt"
Re: prosim o kontrolu logu, pls .. dekuji
Nebo na:
http://www.virscan.org/
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
Ty porty jsou otevřeny proč?
???????
http://www.virscan.org/
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
Ty porty jsou otevřeny proč?
???????
- memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: prosim o kontrolu logu, pls .. dekuji
Spusť znovu aswMBR a dej FIX
ty porty tedy neznáš? Tyhle soubory nemají v Program Files co dělat. Smaž je nebo přesuň:
c:\program files\ChromeSetup.exe
c:\program files\iLividSetupV1.exe
c:\program files\QuickTimeInstaller.exe
c:\program files\PDFT4CZ.exe
c:\program files\BitLord_1.01.exe
c:\program files\kodek016cz.exe
c:\program files\avast_free_antivirus_setup.exe
Máš málo volného místa na systémovém disku! Uvolni něco. 8 GB je málo. Volno má být cca 15 % kapacity pro plynulý chod.
ty porty tedy neznáš? Tyhle soubory nemají v Program Files co dělat. Smaž je nebo přesuň:
c:\program files\ChromeSetup.exe
c:\program files\iLividSetupV1.exe
c:\program files\QuickTimeInstaller.exe
c:\program files\PDFT4CZ.exe
c:\program files\BitLord_1.01.exe
c:\program files\kodek016cz.exe
c:\program files\avast_free_antivirus_setup.exe
Máš málo volného místa na systémovém disku! Uvolni něco. 8 GB je málo. Volno má být cca 15 % kapacity pro plynulý chod.
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: prosim o kontrolu logu, pls .. dekuji
FixMBR po spusteni? nebo nejprve scan a pak FIX?
obecne tam mam malo mista, chtela jsem si dokoupit exter. ale nejsou penize, ted ale co dat pryc? je tam jiste spusta souboru, ktere nejsou treba, nejake instalacni, ... aj. ?? hru mam snad jen jednu a te se nevzdam
, co tedy mohu odstranit, aniz bych narusila chod pc?? (mam tu par programku, ktere jsou docasne, ale ty moc mista nezaberou) - jinak vazne nevim, moc se v tom nevyznam, poradte prosim.
obecne tam mam malo mista, chtela jsem si dokoupit exter. ale nejsou penize, ted ale co dat pryc? je tam jiste spusta souboru, ktere nejsou treba, nejake instalacni, ... aj. ?? hru mam snad jen jednu a te se nevzdam

- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosim o kontrolu logu, pls .. dekuji
Spusť znovu aswMBR , dej sken a poté klikni na „Fix“
Zavři program , restartuj PC , po restartu
Po restartu vypni obnovení systému na všech discích.
http://support.microsoft.com/kb/310405/cs
Podívej se sem:
C:\System Volume Information\Microsoft--- pokud tam je tato složka (Microsoft) , tak jí smaž.
Nakonec si znovu zapni obnovu systému.
znovu spusť aswMBR a dej sken , klikni na „Save log“
Obsah logu sem znovu vlož.
Místo uvolníš odinstalací některých programů , které nepotřebuješ ( ale ne součásti windows!) a smazáním věcí z dokumentů.
se ptáme my..
Zavři program , restartuj PC , po restartu
Po restartu vypni obnovení systému na všech discích.
http://support.microsoft.com/kb/310405/cs
Podívej se sem:
C:\System Volume Information\Microsoft--- pokud tam je tato složka (Microsoft) , tak jí smaž.
Nakonec si znovu zapni obnovu systému.
znovu spusť aswMBR a dej sken , klikni na „Save log“
Obsah logu sem znovu vlož.
Místo uvolníš odinstalací některých programů , které nepotřebuješ ( ale ne součásti windows!) a smazáním věcí z dokumentů.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
Ty porty jsou otevřeny proč?
se ptáme my..
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: prosim o kontrolu logu, pls .. dekuji
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-15 10:39:21
-----------------------------
10:39:21.859 OS Version: Windows 5.1.2600 Service Pack 2
10:39:21.859 Number of processors: 1 586 0x1601
10:39:21.859 ComputerName: APOLLO-NOTE UserName: pokus
10:39:23.390 Initialize success
10:39:25.093 AVAST engine defs: 13021402
10:39:27.765 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
10:39:27.765 Disk 0 Vendor: Hitachi_HTS541680J9SA00 SB2OC70P Size: 76319MB BusType: 3
10:39:27.781 Disk 0 MBR read successfully
10:39:27.781 Disk 0 MBR scan
10:39:27.906 Disk 0 Windows XP default MBR code
10:39:27.906 Disk 0 Partition 1 00 12 Compaq diag MSDOS5.0 10252 MB offset 63
10:39:27.984 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 37032 MB offset 20996955
10:39:28.093 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 29031 MB offset 96839820
10:39:28.140 Disk 0 scanning sectors +156296385
10:39:28.312 Disk 0 scanning C:\WINDOWS\system32\drivers
10:39:47.515 Service scanning
10:40:07.812 Modules scanning
10:40:21.468 Disk 0 trace - called modules:
10:40:21.843 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
10:40:21.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87308ab8]
10:40:21.843 3 CLASSPNP.SYS[f751e05b] -> nt!IofCallDriver -> \Device\00000091[0x87340d78]
10:40:21.843 5 ACPI.sys[f7394620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x87357940]
10:40:22.093 AVAST engine scan C:\WINDOWS
10:40:29.203 AVAST engine scan C:\WINDOWS\system32
10:42:37.328 AVAST engine scan C:\WINDOWS\system32\drivers
10:42:50.234 AVAST engine scan C:\Documents and Settings\pokus
10:46:12.171 AVAST engine scan C:\Documents and Settings\All Users
10:46:13.968 File: C:\Documents and Settings\All Users\Data aplikací\AVAST Software\Avast\arpot\TEMP\01CE095A5296FBBA **INFECTED** Win32:Sinowal-IK [Trj]
10:46:14.046 File: C:\Documents and Settings\All Users\Data aplikací\AVAST Software\Avast\arpot\TEMP\01CE095AE4826802 **INFECTED** Win32:Sinowal-IK [Trj]
10:46:58.781 Scan finished successfully
10:48:20.656 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\pokus\Plocha\MBR.dat"
10:48:20.671 The log file has been saved successfully to "C:\Documents and Settings\pokus\Plocha\aswMBR.txt"
10:49:26.906 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\pokus\Plocha\MBR.dat"
10:49:26.921 The log file has been saved successfully to "C:\Documents and Settings\pokus\Plocha\aswMBR2.txt"
Run date: 2013-02-15 10:39:21
-----------------------------
10:39:21.859 OS Version: Windows 5.1.2600 Service Pack 2
10:39:21.859 Number of processors: 1 586 0x1601
10:39:21.859 ComputerName: APOLLO-NOTE UserName: pokus
10:39:23.390 Initialize success
10:39:25.093 AVAST engine defs: 13021402
10:39:27.765 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
10:39:27.765 Disk 0 Vendor: Hitachi_HTS541680J9SA00 SB2OC70P Size: 76319MB BusType: 3
10:39:27.781 Disk 0 MBR read successfully
10:39:27.781 Disk 0 MBR scan
10:39:27.906 Disk 0 Windows XP default MBR code
10:39:27.906 Disk 0 Partition 1 00 12 Compaq diag MSDOS5.0 10252 MB offset 63
10:39:27.984 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 37032 MB offset 20996955
10:39:28.093 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 29031 MB offset 96839820
10:39:28.140 Disk 0 scanning sectors +156296385
10:39:28.312 Disk 0 scanning C:\WINDOWS\system32\drivers
10:39:47.515 Service scanning
10:40:07.812 Modules scanning
10:40:21.468 Disk 0 trace - called modules:
10:40:21.843 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
10:40:21.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87308ab8]
10:40:21.843 3 CLASSPNP.SYS[f751e05b] -> nt!IofCallDriver -> \Device\00000091[0x87340d78]
10:40:21.843 5 ACPI.sys[f7394620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x87357940]
10:40:22.093 AVAST engine scan C:\WINDOWS
10:40:29.203 AVAST engine scan C:\WINDOWS\system32
10:42:37.328 AVAST engine scan C:\WINDOWS\system32\drivers
10:42:50.234 AVAST engine scan C:\Documents and Settings\pokus
10:46:12.171 AVAST engine scan C:\Documents and Settings\All Users
10:46:13.968 File: C:\Documents and Settings\All Users\Data aplikací\AVAST Software\Avast\arpot\TEMP\01CE095A5296FBBA **INFECTED** Win32:Sinowal-IK [Trj]
10:46:14.046 File: C:\Documents and Settings\All Users\Data aplikací\AVAST Software\Avast\arpot\TEMP\01CE095AE4826802 **INFECTED** Win32:Sinowal-IK [Trj]
10:46:58.781 Scan finished successfully
10:48:20.656 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\pokus\Plocha\MBR.dat"
10:48:20.671 The log file has been saved successfully to "C:\Documents and Settings\pokus\Plocha\aswMBR.txt"
10:49:26.906 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\pokus\Plocha\MBR.dat"
10:49:26.921 The log file has been saved successfully to "C:\Documents and Settings\pokus\Plocha\aswMBR2.txt"
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 98 hostů