Prosim o kontrolu logu HJT. Po startu systemu hlasi avast problem s Win32 Dialer 407. Mam zpomaleny internet
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:36:20, on 22.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SensorsView\sview.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\n2ewma1xxsv2234.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TEMP\BN3.tmp
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system32\ntos.exe,
O1 - Hosts: 124.217.252.77 http://www.bravesentry.com
O1 - Hosts: 124.217.252.77 bravesentry.com
O1 - Hosts: 124.217.252.78 secure.isoftpay.com
O1 - Hosts: 124.217.252.77 http://www.bravesentry.com
O1 - Hosts: 124.217.252.77 bravesentry.com
O1 - Hosts: 124.217.252.78 secure.isoftpay.com
O1 - Hosts: 124.217.252.77 http://www.bravesentry.com
O1 - Hosts: 124.217.252.77 bravesentry.com
O1 - Hosts: 124.217.252.78 secure.isoftpay.com
O1 - Hosts: 124.217.252.77 http://www.bravesentry.com
O1 - Hosts: 124.217.252.77 bravesentry.com
O1 - Hosts: 124.217.252.78 secure.isoftpay.com
O1 - Hosts: 124.217.252.77 http://www.bravesentry.com
O1 - Hosts: 124.217.252.77 bravesentry.com
O1 - Hosts: 124.217.252.78 secure.isoftpay.com
O1 - Hosts: 124.217.252.77 http://www.bravesentry.com
O1 - Hosts: 124.217.252.77 bravesentry.com
O1 - Hosts: 124.217.252.78 secure.isoftpay.com
O1 - Hosts: 124.217.252.77 http://www.bravesentry.com
O1 - Hosts: 124.217.252.77 bravesentry.com
O1 - Hosts: 124.217.252.78 secure.isoftpay.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SensorsView] C:\Program Files\SensorsView\sview.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S8C.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SystemSv121] C:\WINDOWS\system32\n2ewma1xxsv2234.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CB348A6-ABCB-40A9-A6E6-002996FFDA1B}: NameServer = 192.168.20.1,194.228.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0CB348A6-ABCB-40A9-A6E6-002996FFDA1B}: NameServer = 192.168.20.1,194.228.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0CB348A6-ABCB-40A9-A6E6-002996FFDA1B}: NameServer = 192.168.20.1,194.228.2.1
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 7193 bytes
Kontrola logu (Win32 Dialer)
Re: Kontrola logu (Win32 Dialer)
Zdravím.
Tohle zastav ve správci úloh:
C:\WINDOWS\system32\n2ewma1xxsv2234.exe
Tohle fixni v HijackThisu:
F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system32\ntos.exe,
O1 - Hosts: 124.217.252.77 http://www.bravesentry.com
O1 - Hosts: 124.217.252.77 bravesentry.com
O1 - Hosts: 124.217.252.78 secure.isoftpay.com
O1 - Hosts: 124.217.252.77 http://www.bravesentry.com
O1 - Hosts: 124.217.252.77 bravesentry.com
O1 - Hosts: 124.217.252.78 secure.isoftpay.com
O1 - Hosts: 124.217.252.77 http://www.bravesentry.com
O1 - Hosts: 124.217.252.77 bravesentry.com
O1 - Hosts: 124.217.252.78 secure.isoftpay.com
O1 - Hosts: 124.217.252.77 http://www.bravesentry.com
O1 - Hosts: 124.217.252.77 bravesentry.com
O1 - Hosts: 124.217.252.78 secure.isoftpay.com
O1 - Hosts: 124.217.252.77 http://www.bravesentry.com
O1 - Hosts: 124.217.252.77 bravesentry.com
O1 - Hosts: 124.217.252.78 secure.isoftpay.com
O1 - Hosts: 124.217.252.77 http://www.bravesentry.com
O1 - Hosts: 124.217.252.77 bravesentry.com
O1 - Hosts: 124.217.252.78 secure.isoftpay.com
O1 - Hosts: 124.217.252.77 http://www.bravesentry.com
O1 - Hosts: 124.217.252.77 bravesentry.com
O1 - Hosts: 124.217.252.78 secure.isoftpay.com
O4 - HKLM\..\Run: [SystemSv121] C:\WINDOWS\system32\n2ewma1xxsv2234.exe
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
+tohle smaž pomocí KillBoxu(návod v podpise):
C:\WINDOWS\SYSTEM32\WLCtrl32.dll
Pak restart a nový log.
Tohle zastav ve správci úloh:
C:\WINDOWS\system32\n2ewma1xxsv2234.exe
Tohle fixni v HijackThisu:
F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system32\ntos.exe,
O1 - Hosts: 124.217.252.77 http://www.bravesentry.com
O1 - Hosts: 124.217.252.77 bravesentry.com
O1 - Hosts: 124.217.252.78 secure.isoftpay.com
O1 - Hosts: 124.217.252.77 http://www.bravesentry.com
O1 - Hosts: 124.217.252.77 bravesentry.com
O1 - Hosts: 124.217.252.78 secure.isoftpay.com
O1 - Hosts: 124.217.252.77 http://www.bravesentry.com
O1 - Hosts: 124.217.252.77 bravesentry.com
O1 - Hosts: 124.217.252.78 secure.isoftpay.com
O1 - Hosts: 124.217.252.77 http://www.bravesentry.com
O1 - Hosts: 124.217.252.77 bravesentry.com
O1 - Hosts: 124.217.252.78 secure.isoftpay.com
O1 - Hosts: 124.217.252.77 http://www.bravesentry.com
O1 - Hosts: 124.217.252.77 bravesentry.com
O1 - Hosts: 124.217.252.78 secure.isoftpay.com
O1 - Hosts: 124.217.252.77 http://www.bravesentry.com
O1 - Hosts: 124.217.252.77 bravesentry.com
O1 - Hosts: 124.217.252.78 secure.isoftpay.com
O1 - Hosts: 124.217.252.77 http://www.bravesentry.com
O1 - Hosts: 124.217.252.77 bravesentry.com
O1 - Hosts: 124.217.252.78 secure.isoftpay.com
O4 - HKLM\..\Run: [SystemSv121] C:\WINDOWS\system32\n2ewma1xxsv2234.exe
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
+tohle smaž pomocí KillBoxu(návod v podpise):
C:\WINDOWS\SYSTEM32\WLCtrl32.dll
Pak restart a nový log.
Re: Kontrola logu (Win32 Dialer)
Takze Avast nic nenasel, a vypada to ze je po problemu. Prikladam log po restartu, kdyby se tam jeste neco objevilo
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:15:36, on 22.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SensorsView\sview.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TEMP\BN7.tmp
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SensorsView] C:\Program Files\SensorsView\sview.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S8C.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CB348A6-ABCB-40A9-A6E6-002996FFDA1B}: NameServer = 192.168.20.1,194.228.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0CB348A6-ABCB-40A9-A6E6-002996FFDA1B}: NameServer = 192.168.20.1,194.228.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0CB348A6-ABCB-40A9-A6E6-002996FFDA1B}: NameServer = 192.168.20.1,194.228.2.1
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 6484 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:15:36, on 22.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SensorsView\sview.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TEMP\BN7.tmp
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SensorsView] C:\Program Files\SensorsView\sview.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S8C.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CB348A6-ABCB-40A9-A6E6-002996FFDA1B}: NameServer = 192.168.20.1,194.228.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0CB348A6-ABCB-40A9-A6E6-002996FFDA1B}: NameServer = 192.168.20.1,194.228.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0CB348A6-ABCB-40A9-A6E6-002996FFDA1B}: NameServer = 192.168.20.1,194.228.2.1
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 6484 bytes
Re: Kontrola logu (Win32 Dialer)
Tak hlavní problém vyřešen, nicméně všechno to není.
Teď tohle:
Stáhněte a uložte na plochu ComboFix:
Spusťte aplikaci pod účtem Správce počítače - zavřete všechny spuštěné programy (webový prohlížeč, messenger ap.) - následuje licenční ujednání, klikněte na Ano - začne se testovat (celá akce trvá cca. 5-10 minut, někdy i trochu déle) - během skenu se nepokoušejte spouštět žádne jiné aplikace a neklikejte do okna ComboFixu - po dokončení se automaticky otevře okno poznámkového bloku s textem (pokud se tak nestane, log je v C:\ComboFix.txt), který sem pomocí známých klávesových zkratek Ctrl + A (označení celého textu) -> Ctrl + C (uložení do jakési schránky) -> Ctrl + V (vložení textu) zkopírujte - a počkejte na další postup
VAROVÁNÍ: Pokud se vám zobrazí "CRITICAL WARNING !!" nesmíte restartovat počítač, o varování napište.
VAROVÁNÍ2: Je možné, že při testu budou různé bezpečnostní programy hlásit neoprávněný pokus o smazání daného souboru či něco jiného. Povolte jejich případné dotazy nebo na dobu scanu úplně vypněte rezidentní modul daného programu.
Teď tohle:
Stáhněte a uložte na plochu ComboFix:
Spusťte aplikaci pod účtem Správce počítače - zavřete všechny spuštěné programy (webový prohlížeč, messenger ap.) - následuje licenční ujednání, klikněte na Ano - začne se testovat (celá akce trvá cca. 5-10 minut, někdy i trochu déle) - během skenu se nepokoušejte spouštět žádne jiné aplikace a neklikejte do okna ComboFixu - po dokončení se automaticky otevře okno poznámkového bloku s textem (pokud se tak nestane, log je v C:\ComboFix.txt), který sem pomocí známých klávesových zkratek Ctrl + A (označení celého textu) -> Ctrl + C (uložení do jakési schránky) -> Ctrl + V (vložení textu) zkopírujte - a počkejte na další postup
VAROVÁNÍ: Pokud se vám zobrazí "CRITICAL WARNING !!" nesmíte restartovat počítač, o varování napište.
VAROVÁNÍ2: Je možné, že při testu budou různé bezpečnostní programy hlásit neoprávněný pokus o smazání daného souboru či něco jiného. Povolte jejich případné dotazy nebo na dobu scanu úplně vypněte rezidentní modul daného programu.
Re: Kontrola logu (Win32 Dialer)
combofix probehl v poradku, co ted?
ComboFix 08-03-22.1 - Nugosh 2008-03-22 16:42:12.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.598 [GMT 1:00]
Running from: C:\Documents and Settings\Nugosh\Plocha\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - svchost.exe: deleted 28672 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Nugosh\Data aplikací\install.dat
C:\WINDOWS\system32\drivers\symavc32.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ICF
((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))))
.
2008-03-22 16:45 . 2008-03-22 16:45 11,776 --a------ C:\WINDOWS\system32\WLCtrl32.dl_
2008-03-22 13:44 . 2008-03-22 13:44 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-22 13:08 . 2008-03-22 13:08 2,506 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-22 13:03 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-22 13:03 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-22 13:03 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-22 13:03 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-22 13:03 . 2007-09-28 14:26 25,088 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-22 12:05 . 2008-03-22 12:05 <DIR> d-------- C:\Program Files\Yahoo!
2008-03-22 12:05 . 2008-03-22 12:10 <DIR> d-------- C:\Program Files\CCleaner
2008-03-22 12:00 . 2008-03-22 12:00 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-22 01:27 . 2004-08-17 14:49 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-03-21 18:43 . 2008-03-21 18:43 390 --a------ C:\WINDOWS\ODBC.INI
2008-03-21 18:42 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-03-21 18:40 . 2008-03-21 18:41 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-03-21 18:40 . 2008-03-21 18:40 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-03-17 15:36 . 1996-11-05 16:13 299,008 --a------ C:\WINDOWS\uninst.exe
2008-03-16 19:10 . 2008-03-16 19:10 309 --a------ C:\WINDOWS\game.ini
2008-03-16 18:48 . 2008-03-16 18:48 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-03-14 15:37 . 2008-03-14 15:37 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-09 13:51 . 2008-03-09 13:51 16,848 --a------ C:\WINDOWS\system32\wind32.exe
2008-03-09 11:35 . 2008-03-22 01:31 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-03-09 11:35 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-03-08 17:26 . 2008-03-08 17:26 159,744 --a------ C:\caxlkn.exe
2008-03-08 17:26 . 2008-03-08 17:26 2 --a------ C:\-263432784
2008-03-08 17:25 . 2008-03-22 16:45 26,624 --a------ C:\WINDOWS\system32\drivers\Qva62.sys
2008-03-08 17:25 . 2008-03-22 16:45 11,776 --a------ C:\WINDOWS\system32\WLCtrl32.dll
2008-03-08 14:44 . 2008-03-08 14:44 <DIR> d-------- C:\Program Files\Common Files\ParallelGraphics
2008-03-08 14:44 . 2008-03-08 14:44 1,692 --a------ C:\WINDOWS\mozver.dat
2008-03-08 11:47 . 2008-03-08 11:47 <DIR> d-------- C:\Program Files\GameSpy
2008-03-08 11:46 . 2008-03-08 11:46 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-03-08 11:44 . 2008-03-08 11:44 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-08 11:11 . 2008-03-08 11:14 <DIR> d-------- C:\downloads
2008-03-07 23:41 . 2008-03-07 23:41 <DIR> d-------- C:\Program Files\D-Tools
2008-03-01 21:15 . 2008-03-01 21:15 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-01 14:35 . 2008-03-01 14:35 <DIR> d-------- C:\Program Files\Skype
2008-03-01 13:48 . 2008-03-01 13:50 <DIR> d-------- C:\prison break 1
2008-02-26 17:39 . 2008-03-14 10:11 640 --a------ C:\settings.dat
2008-02-24 20:08 . 2008-02-24 20:08 <DIR> d-------- C:\WINDOWS\Sun
2008-02-24 20:08 . 2008-02-24 20:08 <DIR> d-------- C:\Documents and Settings\Nugosh\kbpki
2008-02-24 20:01 . 2008-02-24 20:01 <DIR> d-------- C:\Program Files\Java
2008-02-24 20:01 . 2008-02-24 20:01 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-24 20:01 . 2005-03-04 03:36 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-02-23 09:12 . 2008-02-23 09:12 0 --a------ C:\WINDOWS\XXLGSC
2008-02-22 18:02 . 2008-02-22 18:02 <DIR> d-------- C:\Program Files\Guitar Pro 5
2008-02-22 16:55 . 2008-02-22 16:55 <DIR> d-------- C:\Program Files\uTorrent
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 18:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-21 08:47 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-21 08:44 --------- d-----w C:\Program Files\epson
2008-02-21 08:42 --------- d-----w C:\Program Files\ABBYY FineReader 6.0 Sprint
2008-02-21 08:25 --------- d-----w C:\Program Files\ICQ6
2008-02-20 19:49 --------- d-----w C:\Program Files\7-Zip
2008-02-20 16:16 --------- d-----w C:\Program Files\Nero
2008-02-20 16:16 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-20 14:21 --------- d-----w C:\Program Files\Codec Pack - All In 1
2008-02-20 14:20 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-02-20 12:25 --------- d-----w C:\Program Files\SensorsView
2008-02-20 10:44 --------- d-----w C:\Program Files\Winamp
2008-02-19 18:05 --------- d-----w C:\Program Files\Alwil Software
2008-02-19 17:39 --------- d-----w C:\Program Files\ATI Technologies
2008-02-19 17:36 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2008-02-19 17:29 --------- d-----w C:\Program Files\VIAudioi
2008-02-19 17:16 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-02-06 12:49 19490344]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-12-19 15:48 172280]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2004-03-03 07:09 5730304]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"NWEReboot"="" []
"SensorsView"="C:\Program Files\SensorsView\sview.exe" [2005-11-28 20:24 940032]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 03:36 36975]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-10-02 02:20 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
WLCtrl32.dll 2008-03-22 16:45 11776 C:\WINDOWS\system32\WLCtrl32.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Programy\\DC++ strong\\rc10\\StrongDC.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\hry\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 pnpshark;pnpshark;C:\WINDOWS\system32\DRIVERS\pnpshark.sys [2003-10-02 03:16]
R0 Qva62;Qva62;C:\WINDOWS\system32\Drivers\Qva62.sys [2008-03-22 16:45]
R0 st3shark;st3shark;C:\WINDOWS\system32\DRIVERS\st3shark.sys [2003-09-27 14:37]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
R3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S2 grande48;grande48;C:\WINDOWS\system32\drivers\grande48.sys []
S2 riode32;riode32;C:\WINDOWS\system32\drivers\riode32.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 16:46:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\WLCtrl32.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\TEMP\BN9.tmp
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-03-22 16:47:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-22 15:47:31
.
2008-03-22 00:32:17 --- E O F ---
ComboFix 08-03-22.1 - Nugosh 2008-03-22 16:42:12.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.598 [GMT 1:00]
Running from: C:\Documents and Settings\Nugosh\Plocha\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - svchost.exe: deleted 28672 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Nugosh\Data aplikací\install.dat
C:\WINDOWS\system32\drivers\symavc32.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ICF
((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))))
.
2008-03-22 16:45 . 2008-03-22 16:45 11,776 --a------ C:\WINDOWS\system32\WLCtrl32.dl_
2008-03-22 13:44 . 2008-03-22 13:44 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-22 13:08 . 2008-03-22 13:08 2,506 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-22 13:03 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-22 13:03 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-22 13:03 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-22 13:03 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-22 13:03 . 2007-09-28 14:26 25,088 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-22 12:05 . 2008-03-22 12:05 <DIR> d-------- C:\Program Files\Yahoo!
2008-03-22 12:05 . 2008-03-22 12:10 <DIR> d-------- C:\Program Files\CCleaner
2008-03-22 12:00 . 2008-03-22 12:00 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-22 01:27 . 2004-08-17 14:49 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-03-21 18:43 . 2008-03-21 18:43 390 --a------ C:\WINDOWS\ODBC.INI
2008-03-21 18:42 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-03-21 18:40 . 2008-03-21 18:41 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-03-21 18:40 . 2008-03-21 18:40 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-03-17 15:36 . 1996-11-05 16:13 299,008 --a------ C:\WINDOWS\uninst.exe
2008-03-16 19:10 . 2008-03-16 19:10 309 --a------ C:\WINDOWS\game.ini
2008-03-16 18:48 . 2008-03-16 18:48 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-03-14 15:37 . 2008-03-14 15:37 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-09 13:51 . 2008-03-09 13:51 16,848 --a------ C:\WINDOWS\system32\wind32.exe
2008-03-09 11:35 . 2008-03-22 01:31 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-03-09 11:35 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-03-08 17:26 . 2008-03-08 17:26 159,744 --a------ C:\caxlkn.exe
2008-03-08 17:26 . 2008-03-08 17:26 2 --a------ C:\-263432784
2008-03-08 17:25 . 2008-03-22 16:45 26,624 --a------ C:\WINDOWS\system32\drivers\Qva62.sys
2008-03-08 17:25 . 2008-03-22 16:45 11,776 --a------ C:\WINDOWS\system32\WLCtrl32.dll
2008-03-08 14:44 . 2008-03-08 14:44 <DIR> d-------- C:\Program Files\Common Files\ParallelGraphics
2008-03-08 14:44 . 2008-03-08 14:44 1,692 --a------ C:\WINDOWS\mozver.dat
2008-03-08 11:47 . 2008-03-08 11:47 <DIR> d-------- C:\Program Files\GameSpy
2008-03-08 11:46 . 2008-03-08 11:46 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-03-08 11:44 . 2008-03-08 11:44 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-08 11:11 . 2008-03-08 11:14 <DIR> d-------- C:\downloads
2008-03-07 23:41 . 2008-03-07 23:41 <DIR> d-------- C:\Program Files\D-Tools
2008-03-01 21:15 . 2008-03-01 21:15 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-01 14:35 . 2008-03-01 14:35 <DIR> d-------- C:\Program Files\Skype
2008-03-01 13:48 . 2008-03-01 13:50 <DIR> d-------- C:\prison break 1
2008-02-26 17:39 . 2008-03-14 10:11 640 --a------ C:\settings.dat
2008-02-24 20:08 . 2008-02-24 20:08 <DIR> d-------- C:\WINDOWS\Sun
2008-02-24 20:08 . 2008-02-24 20:08 <DIR> d-------- C:\Documents and Settings\Nugosh\kbpki
2008-02-24 20:01 . 2008-02-24 20:01 <DIR> d-------- C:\Program Files\Java
2008-02-24 20:01 . 2008-02-24 20:01 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-24 20:01 . 2005-03-04 03:36 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-02-23 09:12 . 2008-02-23 09:12 0 --a------ C:\WINDOWS\XXLGSC
2008-02-22 18:02 . 2008-02-22 18:02 <DIR> d-------- C:\Program Files\Guitar Pro 5
2008-02-22 16:55 . 2008-02-22 16:55 <DIR> d-------- C:\Program Files\uTorrent
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 18:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-21 08:47 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-21 08:44 --------- d-----w C:\Program Files\epson
2008-02-21 08:42 --------- d-----w C:\Program Files\ABBYY FineReader 6.0 Sprint
2008-02-21 08:25 --------- d-----w C:\Program Files\ICQ6
2008-02-20 19:49 --------- d-----w C:\Program Files\7-Zip
2008-02-20 16:16 --------- d-----w C:\Program Files\Nero
2008-02-20 16:16 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-20 14:21 --------- d-----w C:\Program Files\Codec Pack - All In 1
2008-02-20 14:20 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-02-20 12:25 --------- d-----w C:\Program Files\SensorsView
2008-02-20 10:44 --------- d-----w C:\Program Files\Winamp
2008-02-19 18:05 --------- d-----w C:\Program Files\Alwil Software
2008-02-19 17:39 --------- d-----w C:\Program Files\ATI Technologies
2008-02-19 17:36 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2008-02-19 17:29 --------- d-----w C:\Program Files\VIAudioi
2008-02-19 17:16 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-02-06 12:49 19490344]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-12-19 15:48 172280]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2004-03-03 07:09 5730304]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"NWEReboot"="" []
"SensorsView"="C:\Program Files\SensorsView\sview.exe" [2005-11-28 20:24 940032]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 03:36 36975]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-10-02 02:20 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
WLCtrl32.dll 2008-03-22 16:45 11776 C:\WINDOWS\system32\WLCtrl32.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Programy\\DC++ strong\\rc10\\StrongDC.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\hry\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 pnpshark;pnpshark;C:\WINDOWS\system32\DRIVERS\pnpshark.sys [2003-10-02 03:16]
R0 Qva62;Qva62;C:\WINDOWS\system32\Drivers\Qva62.sys [2008-03-22 16:45]
R0 st3shark;st3shark;C:\WINDOWS\system32\DRIVERS\st3shark.sys [2003-09-27 14:37]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
R3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S2 grande48;grande48;C:\WINDOWS\system32\drivers\grande48.sys []
S2 riode32;riode32;C:\WINDOWS\system32\drivers\riode32.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 16:46:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\WLCtrl32.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\TEMP\BN9.tmp
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-03-22 16:47:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-22 15:47:31
.
2008-03-22 00:32:17 --- E O F ---
Re: Kontrola logu (Win32 Dialer)
Tak teď tohle:
Přesuňte Combofix na plochu (pokud ho tam ještě nemáte) - otevřete si poznámkový blok - do něj zkopírujte text z nasledujícího okna:
Text uložte jako CFScript.txt na plochu - po uložení uchopte vámi vytvořený soubor .txt levým tlačítkem myši a přesuňte jej nad ikonu ComboFixu - nad ikonou ComboFixu soubor .txt upusťte - spustí se ComboFix (možná budete muset znova potvrdit licenční podmínky kliknutím na Ano) - a CF začne znova scanovat, nakonci scanování se pokusí CF smazat zadané soubory či něco jiného, co jsme mu zadali - po provedení akce se opět zobrazí okno poznámkového bloku s textem, který sem zkopírujte a vyčkejte prosím na další rady
Přesuňte Combofix na plochu (pokud ho tam ještě nemáte) - otevřete si poznámkový blok - do něj zkopírujte text z nasledujícího okna:
Kód: Vybrat vše
File::
C:\WINDOWS\system32\drivers\grande48.sys
C:\WINDOWS\system32\drivers\riode32.sys
C:\WINDOWS\system32\WLCtrl32.dll
C:\WINDOWS\system32\drivers\Qva62.sys
C:\WINDOWS\system32\wind32.exe
C:\caxlkn.exe
C:\WINDOWS\system32\WLCtrl32.dl_
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
Driver::
riode32
grande48
Qva62Text uložte jako CFScript.txt na plochu - po uložení uchopte vámi vytvořený soubor .txt levým tlačítkem myši a přesuňte jej nad ikonu ComboFixu - nad ikonou ComboFixu soubor .txt upusťte - spustí se ComboFix (možná budete muset znova potvrdit licenční podmínky kliknutím na Ano) - a CF začne znova scanovat, nakonci scanování se pokusí CF smazat zadané soubory či něco jiného, co jsme mu zadali - po provedení akce se opět zobrazí okno poznámkového bloku s textem, který sem zkopírujte a vyčkejte prosím na další rady
Re: Kontrola logu (Win32 Dialer)
Tady to je, cekam na dalsi postup
ComboFix 08-03-22.1 - Nugosh 2008-03-22 17:29:46.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.613 [GMT 1:00]
Running from: C:\Documents and Settings\Nugosh\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nugosh\Plocha\CFScript.txt.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\caxlkn.exe
C:\WINDOWS\system32\drivers\grande48.sys
C:\WINDOWS\system32\drivers\Qva62.sys
C:\WINDOWS\system32\drivers\riode32.sys
C:\WINDOWS\system32\wind32.exe
C:\WINDOWS\system32\WLCtrl32.dl_
C:\WINDOWS\system32\WLCtrl32.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\caxlkn.exe
C:\WINDOWS\system32\drivers\Qva62.sys
C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\system32\wind32.exe
C:\WINDOWS\system32\WLCtrl32.dl_
C:\WINDOWS\system32\WLCtrl32.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_GRANDE48
-------\Legacy_QVA62
-------\Legacy_RIODE32
-------\Service_grande48
-------\Service_Qva62
-------\Service_riode32
((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))))
.
2008-03-22 13:44 . 2008-03-22 13:44 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-22 13:08 . 2008-03-22 13:08 2,506 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-22 13:03 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-22 13:03 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-22 13:03 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-22 13:03 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-22 13:03 . 2007-09-28 14:26 25,088 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-22 12:05 . 2008-03-22 12:05 <DIR> d-------- C:\Program Files\Yahoo!
2008-03-22 12:05 . 2008-03-22 12:10 <DIR> d-------- C:\Program Files\CCleaner
2008-03-22 12:00 . 2008-03-22 12:00 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-22 01:27 . 2004-08-17 14:49 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-03-21 18:43 . 2008-03-21 18:43 390 --a------ C:\WINDOWS\ODBC.INI
2008-03-21 18:42 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-03-21 18:40 . 2008-03-21 18:41 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-03-21 18:40 . 2008-03-21 18:40 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-03-17 15:36 . 1996-11-05 16:13 299,008 --a------ C:\WINDOWS\uninst.exe
2008-03-16 19:10 . 2008-03-16 19:10 309 --a------ C:\WINDOWS\game.ini
2008-03-16 18:48 . 2008-03-16 18:48 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-03-14 15:37 . 2008-03-14 15:37 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-09 11:35 . 2008-03-22 01:31 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-03-09 11:35 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-03-08 17:26 . 2008-03-08 17:26 2 --a------ C:\-263432784
2008-03-08 14:44 . 2008-03-08 14:44 <DIR> d-------- C:\Program Files\Common Files\ParallelGraphics
2008-03-08 14:44 . 2008-03-08 14:44 1,692 --a------ C:\WINDOWS\mozver.dat
2008-03-08 11:47 . 2008-03-08 11:47 <DIR> d-------- C:\Program Files\GameSpy
2008-03-08 11:46 . 2008-03-08 11:46 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-03-08 11:44 . 2008-03-08 11:44 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-08 11:11 . 2008-03-08 11:14 <DIR> d-------- C:\downloads
2008-03-07 23:41 . 2008-03-07 23:41 <DIR> d-------- C:\Program Files\D-Tools
2008-03-01 21:15 . 2008-03-01 21:15 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-01 14:35 . 2008-03-01 14:35 <DIR> d-------- C:\Program Files\Skype
2008-03-01 13:48 . 2008-03-01 13:50 <DIR> d-------- C:\prison break 1
2008-02-26 17:39 . 2008-03-14 10:11 640 --a------ C:\settings.dat
2008-02-24 20:08 . 2008-02-24 20:08 <DIR> d-------- C:\WINDOWS\Sun
2008-02-24 20:08 . 2008-02-24 20:08 <DIR> d-------- C:\Documents and Settings\Nugosh\kbpki
2008-02-24 20:01 . 2008-02-24 20:01 <DIR> d-------- C:\Program Files\Java
2008-02-24 20:01 . 2008-02-24 20:01 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-24 20:01 . 2005-03-04 03:36 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-02-23 09:12 . 2008-02-23 09:12 0 --a------ C:\WINDOWS\XXLGSC
2008-02-22 18:02 . 2008-02-22 18:02 <DIR> d-------- C:\Program Files\Guitar Pro 5
2008-02-22 16:55 . 2008-02-22 16:55 <DIR> d-------- C:\Program Files\uTorrent
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 18:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-21 08:47 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-21 08:44 --------- d-----w C:\Program Files\epson
2008-02-21 08:42 --------- d-----w C:\Program Files\ABBYY FineReader 6.0 Sprint
2008-02-21 08:25 --------- d-----w C:\Program Files\ICQ6
2008-02-20 19:49 --------- d-----w C:\Program Files\7-Zip
2008-02-20 16:16 --------- d-----w C:\Program Files\Nero
2008-02-20 16:16 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-20 14:21 --------- d-----w C:\Program Files\Codec Pack - All In 1
2008-02-20 14:20 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-02-20 12:25 --------- d-----w C:\Program Files\SensorsView
2008-02-20 10:44 --------- d-----w C:\Program Files\Winamp
2008-02-19 18:05 --------- d-----w C:\Program Files\Alwil Software
2008-02-19 17:39 --------- d-----w C:\Program Files\ATI Technologies
2008-02-19 17:36 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2008-02-19 17:29 --------- d-----w C:\Program Files\VIAudioi
2008-02-19 17:16 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((( snapshot@2008-03-22_16.47.18.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-22 16:33:23 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5e8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-02-06 12:49 19490344]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-12-19 15:48 172280]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2004-03-03 07:09 5730304]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"NWEReboot"="" []
"SensorsView"="C:\Program Files\SensorsView\sview.exe" [2005-11-28 20:24 940032]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 03:36 36975]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-10-02 02:20 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Programy\\DC++ strong\\rc10\\StrongDC.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\hry\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 pnpshark;pnpshark;C:\WINDOWS\system32\DRIVERS\pnpshark.sys [2003-10-02 03:16]
R0 st3shark;st3shark;C:\WINDOWS\system32\DRIVERS\st3shark.sys [2003-09-27 14:37]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
R3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 17:34:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2008-03-22 17:35:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-22 16:35:25
ComboFix2.txt 2008-03-22 15:47:36
.
2008-03-22 00:32:17 --- E O F ---
ComboFix 08-03-22.1 - Nugosh 2008-03-22 17:29:46.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.613 [GMT 1:00]
Running from: C:\Documents and Settings\Nugosh\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nugosh\Plocha\CFScript.txt.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\caxlkn.exe
C:\WINDOWS\system32\drivers\grande48.sys
C:\WINDOWS\system32\drivers\Qva62.sys
C:\WINDOWS\system32\drivers\riode32.sys
C:\WINDOWS\system32\wind32.exe
C:\WINDOWS\system32\WLCtrl32.dl_
C:\WINDOWS\system32\WLCtrl32.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\caxlkn.exe
C:\WINDOWS\system32\drivers\Qva62.sys
C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\system32\wind32.exe
C:\WINDOWS\system32\WLCtrl32.dl_
C:\WINDOWS\system32\WLCtrl32.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_GRANDE48
-------\Legacy_QVA62
-------\Legacy_RIODE32
-------\Service_grande48
-------\Service_Qva62
-------\Service_riode32
((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))))
.
2008-03-22 13:44 . 2008-03-22 13:44 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-22 13:08 . 2008-03-22 13:08 2,506 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-22 13:03 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-22 13:03 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-22 13:03 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-22 13:03 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-22 13:03 . 2007-09-28 14:26 25,088 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-22 12:05 . 2008-03-22 12:05 <DIR> d-------- C:\Program Files\Yahoo!
2008-03-22 12:05 . 2008-03-22 12:10 <DIR> d-------- C:\Program Files\CCleaner
2008-03-22 12:00 . 2008-03-22 12:00 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-22 01:27 . 2004-08-17 14:49 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-03-21 18:43 . 2008-03-21 18:43 390 --a------ C:\WINDOWS\ODBC.INI
2008-03-21 18:42 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-03-21 18:40 . 2008-03-21 18:41 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-03-21 18:40 . 2008-03-21 18:40 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-03-17 15:36 . 1996-11-05 16:13 299,008 --a------ C:\WINDOWS\uninst.exe
2008-03-16 19:10 . 2008-03-16 19:10 309 --a------ C:\WINDOWS\game.ini
2008-03-16 18:48 . 2008-03-16 18:48 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-03-14 15:37 . 2008-03-14 15:37 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-09 11:35 . 2008-03-22 01:31 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-03-09 11:35 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-03-08 17:26 . 2008-03-08 17:26 2 --a------ C:\-263432784
2008-03-08 14:44 . 2008-03-08 14:44 <DIR> d-------- C:\Program Files\Common Files\ParallelGraphics
2008-03-08 14:44 . 2008-03-08 14:44 1,692 --a------ C:\WINDOWS\mozver.dat
2008-03-08 11:47 . 2008-03-08 11:47 <DIR> d-------- C:\Program Files\GameSpy
2008-03-08 11:46 . 2008-03-08 11:46 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-03-08 11:44 . 2008-03-08 11:44 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-08 11:11 . 2008-03-08 11:14 <DIR> d-------- C:\downloads
2008-03-07 23:41 . 2008-03-07 23:41 <DIR> d-------- C:\Program Files\D-Tools
2008-03-01 21:15 . 2008-03-01 21:15 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-01 14:35 . 2008-03-01 14:35 <DIR> d-------- C:\Program Files\Skype
2008-03-01 13:48 . 2008-03-01 13:50 <DIR> d-------- C:\prison break 1
2008-02-26 17:39 . 2008-03-14 10:11 640 --a------ C:\settings.dat
2008-02-24 20:08 . 2008-02-24 20:08 <DIR> d-------- C:\WINDOWS\Sun
2008-02-24 20:08 . 2008-02-24 20:08 <DIR> d-------- C:\Documents and Settings\Nugosh\kbpki
2008-02-24 20:01 . 2008-02-24 20:01 <DIR> d-------- C:\Program Files\Java
2008-02-24 20:01 . 2008-02-24 20:01 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-24 20:01 . 2005-03-04 03:36 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-02-23 09:12 . 2008-02-23 09:12 0 --a------ C:\WINDOWS\XXLGSC
2008-02-22 18:02 . 2008-02-22 18:02 <DIR> d-------- C:\Program Files\Guitar Pro 5
2008-02-22 16:55 . 2008-02-22 16:55 <DIR> d-------- C:\Program Files\uTorrent
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 18:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-21 08:47 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-21 08:44 --------- d-----w C:\Program Files\epson
2008-02-21 08:42 --------- d-----w C:\Program Files\ABBYY FineReader 6.0 Sprint
2008-02-21 08:25 --------- d-----w C:\Program Files\ICQ6
2008-02-20 19:49 --------- d-----w C:\Program Files\7-Zip
2008-02-20 16:16 --------- d-----w C:\Program Files\Nero
2008-02-20 16:16 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-20 14:21 --------- d-----w C:\Program Files\Codec Pack - All In 1
2008-02-20 14:20 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-02-20 12:25 --------- d-----w C:\Program Files\SensorsView
2008-02-20 10:44 --------- d-----w C:\Program Files\Winamp
2008-02-19 18:05 --------- d-----w C:\Program Files\Alwil Software
2008-02-19 17:39 --------- d-----w C:\Program Files\ATI Technologies
2008-02-19 17:36 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2008-02-19 17:29 --------- d-----w C:\Program Files\VIAudioi
2008-02-19 17:16 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((( snapshot@2008-03-22_16.47.18.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-22 16:33:23 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5e8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-02-06 12:49 19490344]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-12-19 15:48 172280]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2004-03-03 07:09 5730304]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"NWEReboot"="" []
"SensorsView"="C:\Program Files\SensorsView\sview.exe" [2005-11-28 20:24 940032]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 03:36 36975]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-10-02 02:20 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Programy\\DC++ strong\\rc10\\StrongDC.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\hry\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 pnpshark;pnpshark;C:\WINDOWS\system32\DRIVERS\pnpshark.sys [2003-10-02 03:16]
R0 st3shark;st3shark;C:\WINDOWS\system32\DRIVERS\st3shark.sys [2003-09-27 14:37]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
R3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 17:34:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2008-03-22 17:35:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-22 16:35:25
ComboFix2.txt 2008-03-22 15:47:36
.
2008-03-22 00:32:17 --- E O F ---
Re: Kontrola logu (Win32 Dialer)
Ještě jeden script do ComboFixe.
Přesuňte Combofix na plochu (pokud ho tam ještě nemáte) - otevřete si poznámkový blok - do něj zkopírujte text z nasledujícího okna:
Text uložte jako CFScript.txt na plochu - po uložení uchopte vámi vytvořený soubor .txt levým tlačítkem myši a přesuňte jej nad ikonu ComboFixu - nad ikonou ComboFixu soubor .txt upusťte - spustí se ComboFix (možná budete muset znova potvrdit licenční podmínky kliknutím na Ano) - a CF začne znova scanovat, nakonci scanování se pokusí CF smazat zadané soubory či něco jiného, co jsme mu zadali - po provedení akce se opět zobrazí okno poznámkového bloku s textem, který sem zkopírujte a vyčkejte prosím na další rady
A pošlete i nový HijackThis.
Přesuňte Combofix na plochu (pokud ho tam ještě nemáte) - otevřete si poznámkový blok - do něj zkopírujte text z nasledujícího okna:
Kód: Vybrat vše
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]Text uložte jako CFScript.txt na plochu - po uložení uchopte vámi vytvořený soubor .txt levým tlačítkem myši a přesuňte jej nad ikonu ComboFixu - nad ikonou ComboFixu soubor .txt upusťte - spustí se ComboFix (možná budete muset znova potvrdit licenční podmínky kliknutím na Ano) - a CF začne znova scanovat, nakonci scanování se pokusí CF smazat zadané soubory či něco jiného, co jsme mu zadali - po provedení akce se opět zobrazí okno poznámkového bloku s textem, který sem zkopírujte a vyčkejte prosím na další rady
A pošlete i nový HijackThis.
Re: Kontrola logu (Win32 Dialer)
ComboFix 08-03-22.1 - Nugosh 2008-03-22 17:59:06.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.651 [GMT 1:00]
Running from: C:\Documents and Settings\Nugosh\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nugosh\Plocha\CFScript.txt.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))))
.
2008-03-22 13:44 . 2008-03-22 13:44 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-22 13:44 . 2008-03-22 14:17 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-03-22 13:17 . 2008-03-22 13:17 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Yahoo! Companion
2008-03-22 13:08 . 2008-03-22 13:08 2,506 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-22 13:03 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-22 13:03 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-22 13:03 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-22 13:03 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-22 13:03 . 2007-09-28 14:26 25,088 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-22 12:05 . 2008-03-22 12:05 <DIR> d-------- C:\Program Files\Yahoo!
2008-03-22 12:05 . 2008-03-22 12:10 <DIR> d-------- C:\Program Files\CCleaner
2008-03-22 12:00 . 2008-03-22 12:00 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-22 01:27 . 2004-08-17 14:49 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-03-21 18:43 . 2008-03-21 18:43 390 --a------ C:\WINDOWS\ODBC.INI
2008-03-21 18:42 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-03-21 18:40 . 2008-03-21 18:41 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-03-21 18:40 . 2008-03-21 18:40 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-03-17 15:36 . 1996-11-05 16:13 299,008 --a------ C:\WINDOWS\uninst.exe
2008-03-16 19:10 . 2008-03-16 19:10 309 --a------ C:\WINDOWS\game.ini
2008-03-16 18:48 . 2008-03-16 18:48 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-03-15 20:00 . 2008-03-15 20:00 <DIR> d-------- C:\Documents and Settings\Nugosh\Data aplikací\EPSON
2008-03-14 15:37 . 2008-03-14 15:37 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-14 15:37 . 2008-03-14 15:37 <DIR> d-------- C:\Documents and Settings\Nugosh\Data aplikací\Lavasoft
2008-03-09 11:35 . 2008-03-22 01:31 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-03-09 11:35 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-03-08 17:26 . 2008-03-08 17:26 2 --a------ C:\-263432784
2008-03-08 14:44 . 2008-03-08 14:44 <DIR> d-------- C:\Program Files\Common Files\ParallelGraphics
2008-03-08 14:44 . 2008-03-08 14:44 1,692 --a------ C:\WINDOWS\mozver.dat
2008-03-08 11:47 . 2008-03-08 11:47 <DIR> d-------- C:\Program Files\GameSpy
2008-03-08 11:46 . 2008-03-08 11:46 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-03-08 11:44 . 2008-03-08 11:44 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-08 11:44 . 2008-03-08 11:44 22,328 --a------ C:\Documents and Settings\Nugosh\Data aplikací\PnkBstrK.sys
2008-03-08 11:11 . 2008-03-08 11:14 <DIR> d-------- C:\downloads
2008-03-07 23:41 . 2008-03-07 23:41 <DIR> d-------- C:\Program Files\D-Tools
2008-03-02 19:14 . 2008-03-22 10:57 <DIR> d-------- C:\Documents and Settings\Nugosh\Data aplikací\AdobeUM
2008-03-01 21:15 . 2008-03-01 21:15 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-01 14:38 . 2008-03-22 17:58 <DIR> d-------- C:\Documents and Settings\Nugosh\Data aplikací\Skype
2008-03-01 14:38 . 2008-03-01 14:38 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Skype
2008-03-01 14:35 . 2008-03-01 14:35 <DIR> d-------- C:\Program Files\Skype
2008-03-01 13:48 . 2008-03-01 13:50 <DIR> d-------- C:\prison break 1
2008-02-26 17:39 . 2008-03-14 10:11 640 --a------ C:\settings.dat
2008-02-24 20:08 . 2008-02-24 20:08 <DIR> d-------- C:\WINDOWS\Sun
2008-02-24 20:08 . 2008-02-24 20:08 <DIR> d-------- C:\Documents and Settings\Nugosh\kbpki
2008-02-24 20:01 . 2008-02-24 20:01 <DIR> d-------- C:\Program Files\Java
2008-02-24 20:01 . 2008-02-24 20:01 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-24 20:01 . 2005-03-04 03:36 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-02-23 09:12 . 2008-02-23 09:12 0 --a------ C:\WINDOWS\XXLGSC
2008-02-22 18:02 . 2008-02-22 18:02 <DIR> d-------- C:\Program Files\Guitar Pro 5
2008-02-22 16:55 . 2008-02-22 16:55 <DIR> d-------- C:\Program Files\uTorrent
2008-02-22 16:55 . 2008-03-21 22:50 <DIR> d-------- C:\Documents and Settings\Nugosh\Data aplikací\uTorrent
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 18:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-08 16:26 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-03-08 10:44 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-08 10:43 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-03-08 10:43 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-02-21 08:47 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-21 08:44 --------- d-----w C:\Program Files\epson
2008-02-21 08:44 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\UDL
2008-02-21 08:42 --------- d-----w C:\Program Files\ABBYY FineReader 6.0 Sprint
2008-02-21 08:25 --------- d-----w C:\Program Files\ICQ6
2008-02-20 19:49 --------- d-----w C:\Program Files\7-Zip
2008-02-20 17:05 --------- d-----w C:\Documents and Settings\Nugosh\Data aplikací\ICQ
2008-02-20 16:19 --------- d-----w C:\Documents and Settings\Nugosh\Data aplikací\Ahead
2008-02-20 16:16 --------- d-----w C:\Program Files\Nero
2008-02-20 16:16 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-20 14:21 --------- d-----w C:\Program Files\Codec Pack - All In 1
2008-02-20 14:20 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-02-20 12:25 --------- d-----w C:\Program Files\SensorsView
2008-02-20 11:04 --------- d-----w C:\Documents and Settings\Nugosh\Data aplikací\InstallShield
2008-02-20 10:46 --------- d-----w C:\Documents and Settings\Nugosh\Data aplikací\Winamp
2008-02-20 10:44 --------- d-----w C:\Program Files\Winamp
2008-02-19 18:05 --------- d-----w C:\Program Files\Alwil Software
2008-02-19 18:03 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-02-19 17:42 --------- d-----w C:\Documents and Settings\Nugosh\Data aplikací\ATI
2008-02-19 17:42 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\ATI
2008-02-19 17:39 --------- d-----w C:\Program Files\ATI Technologies
2008-02-19 17:36 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2008-02-19 17:29 --------- d-----w C:\Program Files\VIAudioi
2008-02-19 17:16 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((( snapshot@2008-03-22_16.47.18.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-22 16:33:23 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5e8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-02-06 12:49 19490344]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-12-19 15:48 172280]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2004-03-03 07:09 5730304]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"NWEReboot"="" []
"SensorsView"="C:\Program Files\SensorsView\sview.exe" [2005-11-28 20:24 940032]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 03:36 36975]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-10-02 02:20 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Programy\\DC++ strong\\rc10\\StrongDC.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\hry\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 pnpshark;pnpshark;C:\WINDOWS\system32\DRIVERS\pnpshark.sys [2003-10-02 03:16]
R0 st3shark;st3shark;C:\WINDOWS\system32\DRIVERS\st3shark.sys [2003-09-27 14:37]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
R3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 18:00:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-22 18:00:43
ComboFix-quarantined-files.txt 2008-03-22 17:00:35
ComboFix2.txt 2008-03-22 16:35:30
ComboFix3.txt 2008-03-22 15:47:36
.
2008-03-22 00:32:17 --- E O F ---
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.651 [GMT 1:00]
Running from: C:\Documents and Settings\Nugosh\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nugosh\Plocha\CFScript.txt.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))))
.
2008-03-22 13:44 . 2008-03-22 13:44 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-22 13:44 . 2008-03-22 14:17 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-03-22 13:17 . 2008-03-22 13:17 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Yahoo! Companion
2008-03-22 13:08 . 2008-03-22 13:08 2,506 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-22 13:03 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-22 13:03 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-22 13:03 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-22 13:03 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-22 13:03 . 2007-09-28 14:26 25,088 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-22 12:05 . 2008-03-22 12:05 <DIR> d-------- C:\Program Files\Yahoo!
2008-03-22 12:05 . 2008-03-22 12:10 <DIR> d-------- C:\Program Files\CCleaner
2008-03-22 12:00 . 2008-03-22 12:00 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-22 01:27 . 2004-08-17 14:49 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-03-21 18:43 . 2008-03-21 18:43 390 --a------ C:\WINDOWS\ODBC.INI
2008-03-21 18:42 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-03-21 18:40 . 2008-03-21 18:41 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-03-21 18:40 . 2008-03-21 18:40 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-03-17 15:36 . 1996-11-05 16:13 299,008 --a------ C:\WINDOWS\uninst.exe
2008-03-16 19:10 . 2008-03-16 19:10 309 --a------ C:\WINDOWS\game.ini
2008-03-16 18:48 . 2008-03-16 18:48 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-03-15 20:00 . 2008-03-15 20:00 <DIR> d-------- C:\Documents and Settings\Nugosh\Data aplikací\EPSON
2008-03-14 15:37 . 2008-03-14 15:37 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-14 15:37 . 2008-03-14 15:37 <DIR> d-------- C:\Documents and Settings\Nugosh\Data aplikací\Lavasoft
2008-03-09 11:35 . 2008-03-22 01:31 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-03-09 11:35 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-03-08 17:26 . 2008-03-08 17:26 2 --a------ C:\-263432784
2008-03-08 14:44 . 2008-03-08 14:44 <DIR> d-------- C:\Program Files\Common Files\ParallelGraphics
2008-03-08 14:44 . 2008-03-08 14:44 1,692 --a------ C:\WINDOWS\mozver.dat
2008-03-08 11:47 . 2008-03-08 11:47 <DIR> d-------- C:\Program Files\GameSpy
2008-03-08 11:46 . 2008-03-08 11:46 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-03-08 11:44 . 2008-03-08 11:44 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-08 11:44 . 2008-03-08 11:44 22,328 --a------ C:\Documents and Settings\Nugosh\Data aplikací\PnkBstrK.sys
2008-03-08 11:11 . 2008-03-08 11:14 <DIR> d-------- C:\downloads
2008-03-07 23:41 . 2008-03-07 23:41 <DIR> d-------- C:\Program Files\D-Tools
2008-03-02 19:14 . 2008-03-22 10:57 <DIR> d-------- C:\Documents and Settings\Nugosh\Data aplikací\AdobeUM
2008-03-01 21:15 . 2008-03-01 21:15 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-01 14:38 . 2008-03-22 17:58 <DIR> d-------- C:\Documents and Settings\Nugosh\Data aplikací\Skype
2008-03-01 14:38 . 2008-03-01 14:38 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Skype
2008-03-01 14:35 . 2008-03-01 14:35 <DIR> d-------- C:\Program Files\Skype
2008-03-01 13:48 . 2008-03-01 13:50 <DIR> d-------- C:\prison break 1
2008-02-26 17:39 . 2008-03-14 10:11 640 --a------ C:\settings.dat
2008-02-24 20:08 . 2008-02-24 20:08 <DIR> d-------- C:\WINDOWS\Sun
2008-02-24 20:08 . 2008-02-24 20:08 <DIR> d-------- C:\Documents and Settings\Nugosh\kbpki
2008-02-24 20:01 . 2008-02-24 20:01 <DIR> d-------- C:\Program Files\Java
2008-02-24 20:01 . 2008-02-24 20:01 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-24 20:01 . 2005-03-04 03:36 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-02-23 09:12 . 2008-02-23 09:12 0 --a------ C:\WINDOWS\XXLGSC
2008-02-22 18:02 . 2008-02-22 18:02 <DIR> d-------- C:\Program Files\Guitar Pro 5
2008-02-22 16:55 . 2008-02-22 16:55 <DIR> d-------- C:\Program Files\uTorrent
2008-02-22 16:55 . 2008-03-21 22:50 <DIR> d-------- C:\Documents and Settings\Nugosh\Data aplikací\uTorrent
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 18:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-08 16:26 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-03-08 10:44 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-08 10:43 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-03-08 10:43 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-02-21 08:47 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-21 08:44 --------- d-----w C:\Program Files\epson
2008-02-21 08:44 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\UDL
2008-02-21 08:42 --------- d-----w C:\Program Files\ABBYY FineReader 6.0 Sprint
2008-02-21 08:25 --------- d-----w C:\Program Files\ICQ6
2008-02-20 19:49 --------- d-----w C:\Program Files\7-Zip
2008-02-20 17:05 --------- d-----w C:\Documents and Settings\Nugosh\Data aplikací\ICQ
2008-02-20 16:19 --------- d-----w C:\Documents and Settings\Nugosh\Data aplikací\Ahead
2008-02-20 16:16 --------- d-----w C:\Program Files\Nero
2008-02-20 16:16 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-20 14:21 --------- d-----w C:\Program Files\Codec Pack - All In 1
2008-02-20 14:20 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-02-20 12:25 --------- d-----w C:\Program Files\SensorsView
2008-02-20 11:04 --------- d-----w C:\Documents and Settings\Nugosh\Data aplikací\InstallShield
2008-02-20 10:46 --------- d-----w C:\Documents and Settings\Nugosh\Data aplikací\Winamp
2008-02-20 10:44 --------- d-----w C:\Program Files\Winamp
2008-02-19 18:05 --------- d-----w C:\Program Files\Alwil Software
2008-02-19 18:03 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-02-19 17:42 --------- d-----w C:\Documents and Settings\Nugosh\Data aplikací\ATI
2008-02-19 17:42 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\ATI
2008-02-19 17:39 --------- d-----w C:\Program Files\ATI Technologies
2008-02-19 17:36 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2008-02-19 17:29 --------- d-----w C:\Program Files\VIAudioi
2008-02-19 17:16 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((( snapshot@2008-03-22_16.47.18.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-22 16:33:23 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5e8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-02-06 12:49 19490344]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-12-19 15:48 172280]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2004-03-03 07:09 5730304]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"NWEReboot"="" []
"SensorsView"="C:\Program Files\SensorsView\sview.exe" [2005-11-28 20:24 940032]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 03:36 36975]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-10-02 02:20 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Programy\\DC++ strong\\rc10\\StrongDC.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\hry\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 pnpshark;pnpshark;C:\WINDOWS\system32\DRIVERS\pnpshark.sys [2003-10-02 03:16]
R0 st3shark;st3shark;C:\WINDOWS\system32\DRIVERS\st3shark.sys [2003-09-27 14:37]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
R3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 18:00:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-22 18:00:43
ComboFix-quarantined-files.txt 2008-03-22 17:00:35
ComboFix2.txt 2008-03-22 16:35:30
ComboFix3.txt 2008-03-22 15:47:36
.
2008-03-22 00:32:17 --- E O F ---
Re: Kontrola logu (Win32 Dialer)
Tak už to konečně vypadá k světu. Ještě jeden HijackThis ať můžem doladit maličkosti.
Re: Kontrola logu (Win32 Dialer)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13:25, on 22.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SensorsView\sview.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SensorsView] C:\Program Files\SensorsView\sview.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CB348A6-ABCB-40A9-A6E6-002996FFDA1B}: NameServer = 192.168.20.1,194.228.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0CB348A6-ABCB-40A9-A6E6-002996FFDA1B}: NameServer = 192.168.20.1,194.228.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0CB348A6-ABCB-40A9-A6E6-002996FFDA1B}: NameServer = 192.168.20.1,194.228.2.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 6473 bytes
Scan saved at 18:13:25, on 22.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SensorsView\sview.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SensorsView] C:\Program Files\SensorsView\sview.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CB348A6-ABCB-40A9-A6E6-002996FFDA1B}: NameServer = 192.168.20.1,194.228.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0CB348A6-ABCB-40A9-A6E6-002996FFDA1B}: NameServer = 192.168.20.1,194.228.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0CB348A6-ABCB-40A9-A6E6-002996FFDA1B}: NameServer = 192.168.20.1,194.228.2.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 6473 bytes
Re: Kontrola logu (Win32 Dialer)
Tak už to je v pořádku. Problémy máš/nemáš?
Ještě pročisti CCleanerem a T-Cleanerem.
Aktualizuj Javu:
Přejdi na webovou stránku http://java.sun.com/javase/downloads/index.jsp - odroluj kousek dolu, tam, kde je napsáno Java Runtime Environment (JRE) 6 Update 5 klikni na Download - nyní vyber svůj operační systém v kolonce Platform a jazyk v kolonce Language - potvrď licenční ujednání zatržením kolonky vedle textu I agree to the Java SE Runtime Environment 6 License Agreement - klikni na Continue - nyní vyber, jakou instalaci chceš, doporučuju vybrat Offline verzi instalačního balíčku (Windows Offline Installation)...
- Windows Offline Installation pro instalování bez nutnosti Internetového připojení
- Windows x64 executable pro instalaci na 64-bitové operační systémy
- Windows Online Installation pro instalaci za nutnosti Internetového připojení
...(následující návod je psán na Windows Offline Installation) a začni stahovat kliknutím na odkaz - soubor ulož kamkoli na disk, ale tak, aby si ho našel:) - pozavírej všechny spuštěnné programy (webový prohlížeč, messenger,...) - jdi přes Start -> Tento počítač -> Přidat nebo odebrat programy odinstaluj všechny verze Javy - smaž jejich složky v Program Files, popřípadě pročisti třeba CCleanerem - po tomto kroku restartuj počítač - po restartu už můžeš spustit instalaci nové Javy, kterou si stáhnul a uložil na začátku návodu
A zkus popřemýšlet o firewallu. Kdyby něco, tak napiš.
Ještě pročisti CCleanerem a T-Cleanerem.
Aktualizuj Javu:
Přejdi na webovou stránku http://java.sun.com/javase/downloads/index.jsp - odroluj kousek dolu, tam, kde je napsáno Java Runtime Environment (JRE) 6 Update 5 klikni na Download - nyní vyber svůj operační systém v kolonce Platform a jazyk v kolonce Language - potvrď licenční ujednání zatržením kolonky vedle textu I agree to the Java SE Runtime Environment 6 License Agreement - klikni na Continue - nyní vyber, jakou instalaci chceš, doporučuju vybrat Offline verzi instalačního balíčku (Windows Offline Installation)...
- Windows Offline Installation pro instalování bez nutnosti Internetového připojení
- Windows x64 executable pro instalaci na 64-bitové operační systémy
- Windows Online Installation pro instalaci za nutnosti Internetového připojení
...(následující návod je psán na Windows Offline Installation) a začni stahovat kliknutím na odkaz - soubor ulož kamkoli na disk, ale tak, aby si ho našel:) - pozavírej všechny spuštěnné programy (webový prohlížeč, messenger,...) - jdi přes Start -> Tento počítač -> Přidat nebo odebrat programy odinstaluj všechny verze Javy - smaž jejich složky v Program Files, popřípadě pročisti třeba CCleanerem - po tomto kroku restartuj počítač - po restartu už můžeš spustit instalaci nové Javy, kterou si stáhnul a uložil na začátku návodu
A zkus popřemýšlet o firewallu. Kdyby něco, tak napiš.
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 72 hostů