Mám spomalené pc a internet teď seto trochu zlepšilo,cf něco vymazal prosím mrknite někdo jestli tam něco nezůstalo děkuji předem.
ComboFix 09-03-22.01 - Administrator 2009-03-22 22:49:54.10 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.2046.1426 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET personal firewall *enabled*
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Data aplikací\inst.exe
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
----- BITS: Možné infikované stránky -----
hxxp://sunmicro.ht.rd.llnw.net
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-22 do 2009-03-22 )))))))))))))))))))))))))))))))
.
2009-03-21 21:34 . 2009-03-21 21:41 318 --a------ c:\windows\SWFConverter.INI
2009-03-21 19:59 . 2009-03-21 19:59 <DIR> d-------- c:\program files\OJOsoft
2009-03-21 19:59 . 2009-03-21 19:59 <DIR> d-------- c:\program files\Common Files\Common Share
2009-03-21 19:59 . 2008-12-18 13:38 1,700,352 --a------ c:\windows\system32\gdiplus.dll
2009-03-20 21:54 . 2009-03-21 11:49 <DIR> d-------- c:\windows\NV4012948.TMP
2009-03-19 16:26 . 2009-03-19 16:26 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-07 14:11 . 1998-10-29 14:45 306,688 --a------ c:\windows\IsUninst.exe
2009-02-25 19:24 . 2009-02-25 19:31 <DIR> dr-h----- c:\program files\rnamfler
2009-02-25 15:36 . 2009-01-09 20:19 1,089,883 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-02-23 21:19 . 2009-02-23 21:21 <DIR> d-------- c:\windows\NV21082876.TMP
2009-02-23 19:03 . 2009-03-20 18:09 <DIR> d-------- c:\program files\Pool Sharks
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-22 21:53 --------- d-----w c:\program files\Mozilla Thunderbird
2009-03-22 21:47 --------- d-----w c:\documents and settings\Administrator\Data aplikací\DMCache
2009-03-22 00:25 241 ----a-w c:\documents and settings\Administrator\SR.vbs
2009-03-22 00:25 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-03-21 18:02 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Vso
2009-03-20 19:59 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Spyware Terminator
2009-03-18 19:02 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-03-17 17:09 --------- d-----w c:\program files\Spyware Terminator
2009-03-16 19:13 --------- d-----w c:\documents and settings\All Users\Data aplikací\River Past G5
2009-03-12 18:57 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-04 20:56 --------- d-----w c:\program files\SUPERAntiSpyware
2009-02-27 17:01 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-26 16:53 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Winamp
2009-02-23 20:20 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-21 17:29 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2009-02-21 17:29 --------- d-----w c:\documents and settings\Administrator\Data aplikací\SmitfraudFix
2009-02-21 14:55 --------- d-----w c:\program files\Winamp
2009-02-18 19:40 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-18 13:44 6,308,224 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2009-02-11 18:38 --------- d-----w c:\program files\DVDFab 5
2009-02-11 18:34 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-02-11 18:34 47,360 ----a-w c:\documents and settings\Administrator\Data aplikací\pcouffin.sys
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-10 20:00 --------- d-----w c:\documents and settings\Administrator\Data aplikací\NeroDigital™
2009-02-09 19:55 --------- d-----w c:\program files\Avanquest update
2009-02-09 17:20 --------- d-----w c:\program files\AviSynth 2.5
2009-02-09 16:38 --------- d-----w c:\documents and settings\Administrator\Data aplikací\dvdcss
2009-02-08 12:29 --------- d-----w c:\program files\Internet Download Manager
2009-02-03 18:45 --------- d-----w c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2009-02-03 18:45 --------- d-----w c:\documents and settings\Administrator\Data aplikací\SUPERAntiSpyware.com
2009-02-03 16:06 --------- d-----w c:\documents and settings\Administrator\Data aplikací\IDM
2009-02-02 20:59 --------- d-----w c:\program files\Rapidown
2009-01-30 14:41 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-29 07:34 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-01-25 02:14 --------- d-----w c:\program files\Any Video Converter Professional
2009-01-25 02:14 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Any Video Converter Professional
2009-01-25 02:12 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-01-25 02:07 --------- d-----w c:\program files\Video Convert Master
2009-01-25 01:55 81,920 ----a-w c:\documents and settings\Administrator\Data aplikací\ezpinst.exe
2009-01-24 18:42 319,488 ----a-w c:\windows\HideWin.exe
2009-01-24 18:42 --------- d-----w c:\program files\Realtek
2009-01-24 15:42 --------- d-----w c:\program files\Crawler
2009-01-08 15:32 127,034 ------r c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-01-08 13:36 22,328 ----a-w c:\documents and settings\Administrator\Data aplikací\PnkBstrK.sys
2009-01-04 20:30 15,600 ----a-w c:\windows\gdrv.sys
2009-01-04 19:33 728,858 ----a-w c:\program files\Common Files\unins000.exe
2009-01-04 19:33 2,540 ----a-w c:\program files\Common Files\unins000.dat
2008-03-16 15:43 32 ----a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
2008-03-09 06:25 236 ---ha-w c:\program files\Common Files\dx.reg
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1966080]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-08-18 1447168]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-09-04 2524416]
"TrueImageMonitor.exe"="d:\zálohy\TrueImageMonitor.exe" [2007-10-23 2615624]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-23 140568]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"Thunderbird"="c:\program files\Mozilla Thunderbird\thunderbird.exe" [2009-03-19 8500328]
"AcronisTimounterMonitor"="d:\zálohy\TimounterMonitor.exe" [2007-10-23 906648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"nwiz"="nwiz.exe" [2009-02-18 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-01-08 809488]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-11-07 16:41 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ sremcon.exe\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"NMIndexingService"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sony Ericsson PC Suite"="d:\sony\pc suite\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"RTHDCPL"=RTHDCPL.EXE
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
"OODefragTray"=c:\windows\system32\oodtray.exe
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\hry\\GTA 4\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\hry\\GTA 4\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Express Talk RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Express Talk RTP Incoming Audio (UDP)
"8005:UDP"= 8005:UDP:Express Talk RTP Incoming Audio (UDP)
"8006:UDP"= 8006:UDP:Express Talk RTP Incoming Audio (UDP)
"8007:UDP"= 8007:UDP:Express Talk RTP Incoming Audio (UDP)
"8008:UDP"= 8008:UDP:Express Talk RTP Incoming Audio (UDP)
"8009:UDP"= 8009:UDP:Express Talk RTP Incoming Audio (UDP)
"5070:UDP"= 5070:UDP:Express Talk Sip Incoming Calls (UDP)
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-09-18 141312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-08-18 468224]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]
S3 NCHSSVAD;SoundTap Recorder;c:\windows\system32\drivers\nchssvad.sys [2008-03-06 26112]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [2009-01-08 23600]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2008-10-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-20 14:02]
2009-02-18 c:\windows\Tasks\User_Feed_Synchronization-{6B9B20E7-E7CE-4740-99F8-480B41BB38BC}.job
- c:\windows\system32\msfeedssync.exe [2009-01-15 02:01]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/ig?hl=cs
uInternet Settings,ProxyOverride = *.local
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel
IE: Převést cíl vazby do Adobe PDF
IE: Převést cíl vazby do existujícího PDF
IE: Převést do Adobe PDF
IE: Převést vybrané vazby do Adobe PDF
IE: Převést vybrané vazby do existujícího PDF
IE: Převést výběr do Adobe PDF
IE: Převést výběr do existujícího PDF
IE: Přidat do stávajícího PDF
IE: Stáhnout pomocí Net Transportu
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout vše pomocí &Net Transportu
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\5cospgox.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/sli ... pab&query=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.max-connections-per-server - 8
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-22 22:54:15
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-343818398-1275210071-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,50,a1,43,7f,ef,af,bf,4b,a9,a0,ca,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,50,a1,43,7f,ef,af,bf,4b,a9,a0,ca,\
[HKEY_USERS\S-1-5-21-343818398-1275210071-839522115-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-343818398-1275210071-839522115-500\Software\SecuROM\License information*]
"datasecu"=hex:46,91,c1,37,d7,c9,4a,0f,06,02,94,a9,8d,f2,f9,60,58,85,b7,c3,f3,
fe,7a,e1,1c,88,9b,e1,2e,7c,67,68,e4,a8,39,71,19,56,49,55,4d,ef,3b,9f,ea,de,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{729b4298-f053-4a8b-a0e1-dec3367162a0}]
@Denied: (Full) (Everyone)
"Model"=dword:00000097
"Therad"=dword:0000000f
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,63,cc,e8,9a,8d,
51,30,46,05,98,32,02,34,2b,da,61,21,f7,85,e3,14,89,63,bb,e0,35,84,97,48,c2,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):0b,d2,e0,1b,43,e1,af,71,cc,52,b3,f6,f6,43,20,87,d3,04,60,b9,d9,
86,e7,cc,ae,d8,d3,eb,07,6e,08,4c,0e,97,5f,3e,6d,ef,ae,37,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="4DC73A0802A9730F5E3336053F5839BEF8E6F4EED98ED62A62C0666A1D3C88EFBDCB7F4DD51FB9F9653FBC338B0820158E17E52115BA3128BCB1A4C3EC5561EA078373AE61CB323AA9D84D3492F296F371ADBF50B918A06468063B98CDB004475EEA404A660FE5553F65575800B0F860321658990498F786125381FA29B75B6D31E065C399E8F091ECAC1EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A9C6AECB7A5D14078EDD5E5BE2F6E667E6F278D09C36C6C68C2622F75E612472283704DB4A46C5438B19FE194B50D68209568A184029125136B4AF9AC44D0963C3B8939F9271F386E86F9291F0B8947A5187EAC6AC362B19AC46F354B0C1F350BB3BECA99B213EE80050D509F3F38DA16BA7D8BEE17FCA95ABC8C739834108F4FB162264C6D1D18B0FA3325ED79B159E064B3AF3235C0D92739C29F361FD48607499694E38B53CE1D7443885E1FDE16AD27795EE76D772ADC616384133DEA0F69A861C7958306E369F819A851D9C115308AA17CBA82FE05A6D7FBAF2A3005DF0E614388B56D9C024319EAEF9D6AC9F79E1548E3AC6D51E5E3495976DA331AFD9D56BDFBF237EEC1DD8D1EF11A19772559ED8EF7EA572D7D469095D2BE676AD12E82AD8E372A01166E8C6FE10547B512E808E53725CDE1FADE0FEBD386606CF4BA3E28D5A3EF3AF17369C9C4C08A966234E4375014529E7AAF2110B365E4BF3108E1C0B18C3DFAF9D9A6631B19B2742A45337B3AA001609E2F9CBC0DA4EE65B3A38CE842A04025AB975A9463F302ED7FADB9D14836F1AC1C057AF796F792CABF92EE94EACC42A600127630C892DABFC3DBD1E3E343ADF30046EB2785069A26E52884F62520E5D515C148155B53B41EFDA4D557DF84D47593EA53D216F6A05919DDC54E062ACD4250828E717024A45CE15E653422256E126D669ACFC528BC364844AC30A36B3FB36144FEC6EBA8BC09C82E71B9F944875E2872952371222821F0AEFDB42BC77F242E57D5B1AC375EF410CB3A64FC6DA7DBFE0D87123DB469758FE72CD96761090EB372573FB16C1C5876EAF602B470A29D0C4F046B470D2108F0C7B3F337B5CDABA93C1669B3B6E689F3D4829B43493D90F69EA7A052768AA252E374CE8F5FC8F98DB515CA354BEAF1CDDEA548D437A2756DAC7315166EB5ADE335601AFA3551FD146D571E292B7AAF4890B2B003C88DA68770BFE79AD8548E6C10DDF2157912E9BD952B24DBE2419864F9FE877FA46F2E7F1BC6C820D20CE494E94DE7AF59C148BF3D324F73212728E8EA1BC037082A25D50E77795A96DFCF62729E89D7CA85F9BC5653C9EDE535F3000904B572252D037ED1D10803EDF9747E98C5B90F5A94E2AD29AE621C57DBC752B70ADCCA58B"
"OODEFRAG11.00.00.01WORKSTATION"="43E8A82F86D565F9750BD3322F72B26B404856CB1760307693791E3EC3A393B007590859225AD2BF8BD95406661C09AE7D0DFAE03CE9A7CBF098C46248AA019F663EB5197A3615ED3A714D78277D3C46F1FE923001309929D441EC1555FC5F39CFE956209AE3E17D33D551F3D2110136B9F2BBFABD4CD5BADD3B6692D5773D7087358441259DA74C000FE68460124063BE44092A5C1DE28E7CCF6EBBCAB85C1F227B4CF74F65039B7B2B075D59049699C24F03465B44FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933FEBC9E127BECC74CA2D97226D213B55567F589893A29DE7ECC323D32083BC8934A61BA1B87F1E8BBC10F3C154B7916D5EAA466FEDAE47D8A2C41D41F854ED7BBD819F126F9FAE27DAEE81E2DB196382DAE772A51350068883E2A9CD59F2270601FA44EDF00E177D4B100503905905D260A06A6257A012090D48C4A4D12998ABC8B4F0D310602B0BDF7683731FC5E469D895004A45098BC01FAF0EDFD92BBB0CF45C7C0036ADC31F5E49A871247174A346CB53FFBD297E67A6C41E66646B28259A5A34FC384152C810E73CCDA0379CF4C257B275B8DF35C6219CAE887C94EB36239D772E699736A273FB3E68EC864560F5DCCE078044771602641FDE7A9828B334340B76366634772767E86B41EDC6DE96EB5620A2BCF0C63EBBA03106B63E4D9381D00B29BF4B4B1E55CB45B020D3C0AE8A7784E6EEEA49C7731288E06ADAEA942128353DCDB3579F43BCA8FE4C1F9661078C1862B2BCA008883737563C06DB83D25494AC0EF6220BDE9F765ABEAF636DB61B375B32EA14814F33B59629D37DF3C43311BD52DE7400E9DBE75309E1174770015E34DC6DD70C1A82F54566DB73E053AEAD31BB4053969EDF5D93E14BEE24355029FB2E44ABBEFACCD8306782D358F3F7E80044890AE06D84934172A8A05D1C6E9F9909F45AEAD6DEB89ADB06D6C0B6844B3F85070884E3D362771DF10236A1E91458BB14291C0BD340C7C275D4C57B16A85D5DA22EFE05F905AF3DB02C988090F5C377745F11FD5233213127A048C79F2906B94B5D590E87EF93D66A4C75D18501B9EF36921F7CC07AD8A4ED1867184B372FC54CF6DE2667B34DCEBD1B2CAC092E140CB5E35ABA307ADEC59070805F956CE4290272C13C655BED97D756168DDEB940C4A6406CDBA9B68BAD6D284F7E4D74B676489CD105F2F50AB50937103ABC21DEBDC5431A5DA1196658DFE38B0358A938D915852FB687F24C03D3EC1984AD268B5959598332C8777D3E76C27483E9455C8FA05FCADFE1279F84121785DC1ADE53AA9276023BE75CBE1758C950D36EFC31F2898D32F220595A97CF8FAB9F9B48B3A739CF0DC042259DE69E78F0039E9168EC531A23FB6"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1252)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
- - - - - - - > 'lsass.exe'(1308)
c:\windows\system32\relog_ap.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-03-22 22:56:33 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-03-22 21:56:21
Před spuštěním: Volných bajtů: 115 871 973 376
Po spuštění: Volných bajtů: 115,829,923,840
306 --- E O F --- 2009-03-14 19:02:27
Prosím o kontrolu logu Vyřešeno
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43293
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
File::
c:\program files\Common Files\unins000.exe
c:\program files\Common Files\unins000.dat
c:\program files\Common Files\dx.reg
c:\windows\system32\flvDX.dll
c:\windows\system32\msfDX.dll
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu
ComboFix 09-03-22.01 - Administrator 2009-03-23 15:31:16.11 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.2046.1581 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET personal firewall *disabled*
* Vytvořen nový Bod Obnovení
FILE ::
c:\program files\Common Files\dx.reg
c:\program files\Common Files\unins000.dat
c:\program files\Common Files\unins000.exe
c:\windows\system32\flvDX.dll
c:\windows\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Common Files\dx.reg
c:\program files\Common Files\unins000.dat
c:\program files\Common Files\unins000.exe
c:\windows\system32\flvDX.dll
c:\windows\system32\msfDX.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-23 do 2009-03-23 )))))))))))))))))))))))))))))))
.
2009-03-21 21:34 . 2009-03-21 21:41 318 --a------ c:\windows\SWFConverter.INI
2009-03-21 19:59 . 2009-03-21 19:59 <DIR> d-------- c:\program files\OJOsoft
2009-03-21 19:59 . 2009-03-21 19:59 <DIR> d-------- c:\program files\Common Files\Common Share
2009-03-21 19:59 . 2008-12-18 13:38 1,700,352 --a------ c:\windows\system32\gdiplus.dll
2009-03-20 21:54 . 2009-03-21 11:49 <DIR> d-------- c:\windows\NV4012948.TMP
2009-03-19 16:26 . 2009-03-19 16:26 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-07 14:11 . 1998-10-29 14:45 306,688 --a------ c:\windows\IsUninst.exe
2009-02-25 19:24 . 2009-02-25 19:31 <DIR> dr-h----- c:\program files\rnamfler
2009-02-25 15:36 . 2009-01-09 20:19 1,089,883 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-02-23 21:19 . 2009-02-23 21:21 <DIR> d-------- c:\windows\NV21082876.TMP
2009-02-23 19:03 . 2009-03-20 18:09 <DIR> d-------- c:\program files\Pool Sharks
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-23 14:34 --------- d-----w c:\program files\Mozilla Thunderbird
2009-03-22 23:04 --------- d-----w c:\documents and settings\Administrator\Data aplikací\DMCache
2009-03-22 23:03 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-03-22 22:47 --------- d-----w c:\program files\Spyware Terminator
2009-03-22 22:35 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-22 22:35 --------- d-----w c:\documents and settings\Administrator\Data aplikací\SUPERAntiSpyware.com
2009-03-22 22:31 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2009-03-22 22:29 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Spyware Terminator
2009-03-22 00:25 241 ----a-w c:\documents and settings\Administrator\SR.vbs
2009-03-21 18:02 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Vso
2009-03-18 19:02 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-03-16 19:13 --------- d-----w c:\documents and settings\All Users\Data aplikací\River Past G5
2009-03-12 18:57 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-27 17:01 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-26 16:53 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Winamp
2009-02-21 17:29 --------- d-----w c:\documents and settings\Administrator\Data aplikací\SmitfraudFix
2009-02-21 14:55 --------- d-----w c:\program files\Winamp
2009-02-18 19:40 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-18 13:44 6,308,224 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2009-02-11 18:38 --------- d-----w c:\program files\DVDFab 5
2009-02-11 18:34 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-02-11 18:34 47,360 ----a-w c:\documents and settings\Administrator\Data aplikací\pcouffin.sys
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-10 20:00 --------- d-----w c:\documents and settings\Administrator\Data aplikací\NeroDigital™
2009-02-09 19:55 --------- d-----w c:\program files\Avanquest update
2009-02-09 17:20 --------- d-----w c:\program files\AviSynth 2.5
2009-02-09 16:38 --------- d-----w c:\documents and settings\Administrator\Data aplikací\dvdcss
2009-02-08 12:29 --------- d-----w c:\program files\Internet Download Manager
2009-02-03 18:45 --------- d-----w c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2009-02-03 16:06 --------- d-----w c:\documents and settings\Administrator\Data aplikací\IDM
2009-02-02 20:59 --------- d-----w c:\program files\Rapidown
2009-01-30 14:41 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-29 07:34 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-01-25 02:14 --------- d-----w c:\program files\Any Video Converter Professional
2009-01-25 02:14 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Any Video Converter Professional
2009-01-25 02:12 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-01-25 02:07 --------- d-----w c:\program files\Video Convert Master
2009-01-25 01:55 81,920 ----a-w c:\documents and settings\Administrator\Data aplikací\ezpinst.exe
2009-01-24 18:42 319,488 ----a-w c:\windows\HideWin.exe
2009-01-24 18:42 --------- d-----w c:\program files\Realtek
2009-01-24 15:42 --------- d-----w c:\program files\Crawler
2009-01-08 15:32 127,034 ------r c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-01-08 13:36 22,328 ----a-w c:\documents and settings\Administrator\Data aplikací\PnkBstrK.sys
2009-01-04 20:30 15,600 ----a-w c:\windows\gdrv.sys
2008-03-16 15:43 32 ----a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1966080]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-08-18 1447168]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-09-04 2524416]
"TrueImageMonitor.exe"="d:\zálohy\TrueImageMonitor.exe" [2007-10-23 2615624]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-23 140568]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"Thunderbird"="c:\program files\Mozilla Thunderbird\thunderbird.exe" [2009-03-19 8500328]
"AcronisTimounterMonitor"="d:\zálohy\TimounterMonitor.exe" [2007-10-23 906648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"nwiz"="nwiz.exe" [2009-02-18 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-01-08 809488]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-11-07 16:41 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ sremcon.exe\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"NMIndexingService"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sony Ericsson PC Suite"="d:\sony\pc suite\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"RTHDCPL"=RTHDCPL.EXE
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
"OODefragTray"=c:\windows\system32\oodtray.exe
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\hry\\GTA 4\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\hry\\GTA 4\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Express Talk RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Express Talk RTP Incoming Audio (UDP)
"8005:UDP"= 8005:UDP:Express Talk RTP Incoming Audio (UDP)
"8006:UDP"= 8006:UDP:Express Talk RTP Incoming Audio (UDP)
"8007:UDP"= 8007:UDP:Express Talk RTP Incoming Audio (UDP)
"8008:UDP"= 8008:UDP:Express Talk RTP Incoming Audio (UDP)
"8009:UDP"= 8009:UDP:Express Talk RTP Incoming Audio (UDP)
"5070:UDP"= 5070:UDP:Express Talk Sip Incoming Calls (UDP)
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-09-18 141312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-08-18 468224]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]
S3 NCHSSVAD;SoundTap Recorder;c:\windows\system32\drivers\nchssvad.sys [2008-03-06 26112]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [2009-01-08 23600]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2008-10-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-20 14:02]
2009-03-22 c:\windows\Tasks\User_Feed_Synchronization-{6B9B20E7-E7CE-4740-99F8-480B41BB38BC}.job
- c:\windows\system32\msfeedssync.exe [2009-01-15 02:01]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/ig?hl=cs
uInternet Settings,ProxyOverride = *.local
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel
IE: Převést cíl vazby do Adobe PDF
IE: Převést cíl vazby do existujícího PDF
IE: Převést do Adobe PDF
IE: Převést vybrané vazby do Adobe PDF
IE: Převést vybrané vazby do existujícího PDF
IE: Převést výběr do Adobe PDF
IE: Převést výběr do existujícího PDF
IE: Přidat do stávajícího PDF
IE: Stáhnout pomocí Net Transportu
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout vše pomocí &Net Transportu
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\5cospgox.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/sli ... pab&query=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.max-connections-per-server - 8
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-23 15:35:22
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-343818398-1275210071-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,50,a1,43,7f,ef,af,bf,4b,a9,a0,ca,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,50,a1,43,7f,ef,af,bf,4b,a9,a0,ca,\
[HKEY_USERS\S-1-5-21-343818398-1275210071-839522115-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-343818398-1275210071-839522115-500\Software\SecuROM\License information*]
"datasecu"=hex:46,91,c1,37,d7,c9,4a,0f,06,02,94,a9,8d,f2,f9,60,58,85,b7,c3,f3,
fe,7a,e1,1c,88,9b,e1,2e,7c,67,68,e4,a8,39,71,19,56,49,55,4d,ef,3b,9f,ea,de,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{729b4298-f053-4a8b-a0e1-dec3367162a0}]
@Denied: (Full) (Everyone)
"Model"=dword:00000097
"Therad"=dword:0000000f
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,63,cc,e8,9a,8d,
51,30,46,05,98,32,02,34,2b,da,61,21,f7,85,e3,14,89,63,bb,e0,35,84,97,48,c2,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):0b,d2,e0,1b,43,e1,af,71,cc,52,b3,f6,f6,43,20,87,d3,04,60,b9,d9,
86,e7,cc,ae,d8,d3,eb,07,6e,08,4c,0e,97,5f,3e,6d,ef,ae,37,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="4DC73A0802A9730F5E3336053F5839BEF8E6F4EED98ED62A62C0666A1D3C88EFBDCB7F4DD51FB9F9653FBC338B0820158E17E52115BA3128BCB1A4C3EC5561EA078373AE61CB323AA9D84D3492F296F371ADBF50B918A06468063B98CDB004475EEA404A660FE5553F65575800B0F860321658990498F786125381FA29B75B6D31E065C399E8F091ECAC1EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A9C6AECB7A5D14078EDD5E5BE2F6E667E6F278D09C36C6C68C2622F75E612472283704DB4A46C5438B19FE194B50D68209568A184029125136B4AF9AC44D0963C3B8939F9271F386E86F9291F0B8947A5187EAC6AC362B19AC46F354B0C1F350BB3BECA99B213EE80050D509F3F38DA16BA7D8BEE17FCA95ABC8C739834108F4FB162264C6D1D18B0FA3325ED79B159E064B3AF3235C0D92739C29F361FD48607499694E38B53CE1D7443885E1FDE16AD27795EE76D772ADC616384133DEA0F69A861C7958306E369F819A851D9C115308AA17CBA82FE05A6D7FBAF2A3005DF0E614388B56D9C024319EAEF9D6AC9F79E1548E3AC6D51E5E3495976DA331AFD9D56BDFBF237EEC1DD8D1EF11A19772559ED8EF7EA572D7D469095D2BE676AD12E82AD8E372A01166E8C6FE10547B512E808E53725CDE1FADE0FEBD386606CF4BA3E28D5A3EF3AF17369C9C4C08A966234E4375014529E7AAF2110B365E4BF3108E1C0B18C3DFAF9D9A6631B19B2742A45337B3AA001609E2F9CBC0DA4EE65B3A38CE842A04025AB975A9463F302ED7FADB9D14836F1AC1C057AF796F792CABF92EE94EACC42A600127630C892DABFC3DBD1E3E343ADF30046EB2785069A26E52884F62520E5D515C148155B53B41EFDA4D557DF84D47593EA53D216F6A05919DDC54E062ACD4250828E717024A45CE15E653422256E126D669ACFC528BC364844AC30A36B3FB36144FEC6EBA8BC09C82E71B9F944875E2872952371222821F0AEFDB42BC77F242E57D5B1AC375EF410CB3A64FC6DA7DBFE0D87123DB469758FE72CD96761090EB372573FB16C1C5876EAF602B470A29D0C4F046B470D2108F0C7B3F337B5CDABA93C1669B3B6E689F3D4829B43493D90F69EA7A052768AA252E374CE8F5FC8F98DB515CA354BEAF1CDDEA548D437A2756DAC7315166EB5ADE335601AFA3551FD146D571E292B7AAF4890B2B003C88DA68770BFE79AD8548E6C10DDF2157912E9BD952B24DBE2419864F9FE877FA46F2E7F1BC6C820D20CE494E94DE7AF59C148BF3D324F73212728E8EA1BC037082A25D50E77795A96DFCF62729E89D7CA85F9BC5653C9EDE535F3000904B572252D037ED1D10803EDF9747E98C5B90F5A94E2AD29AE621C57DBC752B70ADCCA58B"
"OODEFRAG11.00.00.01WORKSTATION"="43E8A82F86D565F9750BD3322F72B26B404856CB1760307693791E3EC3A393B007590859225AD2BF8BD95406661C09AE7D0DFAE03CE9A7CBF098C46248AA019F663EB5197A3615ED3A714D78277D3C46F1FE923001309929D441EC1555FC5F39CFE956209AE3E17D33D551F3D2110136B9F2BBFABD4CD5BADD3B6692D5773D7087358441259DA74C000FE68460124063BE44092A5C1DE28E7CCF6EBBCAB85C1F227B4CF74F65039B7B2B075D59049699C24F03465B44FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933FEBC9E127BECC74CA2D97226D213B55567F589893A29DE7ECC323D32083BC8934A61BA1B87F1E8BBC10F3C154B7916D5EAA466FEDAE47D8A2C41D41F854ED7BBD819F126F9FAE27DAEE81E2DB196382DAE772A51350068883E2A9CD59F2270601FA44EDF00E177D4B100503905905D260A06A6257A012090D48C4A4D12998ABC8B4F0D310602B0BDF7683731FC5E469D895004A45098BC01FAF0EDFD92BBB0CF45C7C0036ADC31F5E49A871247174A346CB53FFBD297E67A6C41E66646B28259A5A34FC384152C810E73CCDA0379CF4C257B275B8DF35C6219CAE887C94EB36239D772E699736A273FB3E68EC864560F5DCCE078044771602641FDE7A9828B334340B76366634772767E86B41EDC6DE96EB5620A2BCF0C63EBBA03106B63E4D9381D00B29BF4B4B1E55CB45B020D3C0AE8A7784E6EEEA49C7731288E06ADAEA942128353DCDB3579F43BCA8FE4C1F9661078C1862B2BCA008883737563C06DB83D25494AC0EF6220BDE9F765ABEAF636DB61B375B32EA14814F33B59629D37DF3C43311BD52DE7400E9DBE75309E1174770015E34DC6DD70C1A82F54566DB73E053AEAD31BB4053969EDF5D93E14BEE24355029FB2E44ABBEFACCD8306782D358F3F7E80044890AE06D84934172A8A05D1C6E9F9909F45AEAD6DEB89ADB06D6C0B6844B3F85070884E3D362771DF10236A1E91458BB14291C0BD340C7C275D4C57B16A85D5DA22EFE05F905AF3DB02C988090F5C377745F11FD5233213127A048C79F2906B94B5D590E87EF93D66A4C75D18501B9EF36921F7CC07AD8A4ED1867184B372FC54CF6DE2667B34DCEBD1B2CAC092E140CB5E35ABA307ADEC59070805F956CE4290272C13C655BED97D756168DDEB940C4A6406CDBA9B68BAD6D284F7E4D74B676489CD105F2F50AB50937103ABC21DEBDC5431A5DA1196658DFE38B0358A938D915852FB687F24C03D3EC1984AD268B5959598332C8777D3E76C27483E9455C8FA05FCADFE1279F84121785DC1ADE53AA9276023BE75CBE1758C950D36EFC31F2898D32F220595A97CF8FAB9F9B48B3A739CF0DC042259DE69E78F0039E9168EC531A23FB6"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1252)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
- - - - - - - > 'lsass.exe'(1308)
c:\windows\system32\relog_ap.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-03-23 15:37:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-03-23 14:37:27
Před spuštěním: Volných bajtů: 115 915 231 232
Po spuštění: Volných bajtů: 115,897,413,632
298 --- E O F --- 2009-03-14 19:02:27
------------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:39:36, on 23.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
D:\Zálohy\TrueImageMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
D:\Zálohy\TimounterMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\utility\totalcmd\TOTALCMD.EXE
C:\Hijackthis\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/ig?hl=cs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Zálohy\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [Thunderbird] "C:\Program Files\Mozilla Thunderbird\thunderbird.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Zálohy\TimounterMonitor.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3174704178
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 10557 bytes
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.2046.1581 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET personal firewall *disabled*
* Vytvořen nový Bod Obnovení
FILE ::
c:\program files\Common Files\dx.reg
c:\program files\Common Files\unins000.dat
c:\program files\Common Files\unins000.exe
c:\windows\system32\flvDX.dll
c:\windows\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Common Files\dx.reg
c:\program files\Common Files\unins000.dat
c:\program files\Common Files\unins000.exe
c:\windows\system32\flvDX.dll
c:\windows\system32\msfDX.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-23 do 2009-03-23 )))))))))))))))))))))))))))))))
.
2009-03-21 21:34 . 2009-03-21 21:41 318 --a------ c:\windows\SWFConverter.INI
2009-03-21 19:59 . 2009-03-21 19:59 <DIR> d-------- c:\program files\OJOsoft
2009-03-21 19:59 . 2009-03-21 19:59 <DIR> d-------- c:\program files\Common Files\Common Share
2009-03-21 19:59 . 2008-12-18 13:38 1,700,352 --a------ c:\windows\system32\gdiplus.dll
2009-03-20 21:54 . 2009-03-21 11:49 <DIR> d-------- c:\windows\NV4012948.TMP
2009-03-19 16:26 . 2009-03-19 16:26 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-07 14:11 . 1998-10-29 14:45 306,688 --a------ c:\windows\IsUninst.exe
2009-02-25 19:24 . 2009-02-25 19:31 <DIR> dr-h----- c:\program files\rnamfler
2009-02-25 15:36 . 2009-01-09 20:19 1,089,883 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-02-23 21:19 . 2009-02-23 21:21 <DIR> d-------- c:\windows\NV21082876.TMP
2009-02-23 19:03 . 2009-03-20 18:09 <DIR> d-------- c:\program files\Pool Sharks
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-23 14:34 --------- d-----w c:\program files\Mozilla Thunderbird
2009-03-22 23:04 --------- d-----w c:\documents and settings\Administrator\Data aplikací\DMCache
2009-03-22 23:03 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-03-22 22:47 --------- d-----w c:\program files\Spyware Terminator
2009-03-22 22:35 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-22 22:35 --------- d-----w c:\documents and settings\Administrator\Data aplikací\SUPERAntiSpyware.com
2009-03-22 22:31 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2009-03-22 22:29 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Spyware Terminator
2009-03-22 00:25 241 ----a-w c:\documents and settings\Administrator\SR.vbs
2009-03-21 18:02 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Vso
2009-03-18 19:02 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-03-16 19:13 --------- d-----w c:\documents and settings\All Users\Data aplikací\River Past G5
2009-03-12 18:57 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-27 17:01 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-26 16:53 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Winamp
2009-02-21 17:29 --------- d-----w c:\documents and settings\Administrator\Data aplikací\SmitfraudFix
2009-02-21 14:55 --------- d-----w c:\program files\Winamp
2009-02-18 19:40 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-18 13:44 6,308,224 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2009-02-11 18:38 --------- d-----w c:\program files\DVDFab 5
2009-02-11 18:34 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-02-11 18:34 47,360 ----a-w c:\documents and settings\Administrator\Data aplikací\pcouffin.sys
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-10 20:00 --------- d-----w c:\documents and settings\Administrator\Data aplikací\NeroDigital™
2009-02-09 19:55 --------- d-----w c:\program files\Avanquest update
2009-02-09 17:20 --------- d-----w c:\program files\AviSynth 2.5
2009-02-09 16:38 --------- d-----w c:\documents and settings\Administrator\Data aplikací\dvdcss
2009-02-08 12:29 --------- d-----w c:\program files\Internet Download Manager
2009-02-03 18:45 --------- d-----w c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2009-02-03 16:06 --------- d-----w c:\documents and settings\Administrator\Data aplikací\IDM
2009-02-02 20:59 --------- d-----w c:\program files\Rapidown
2009-01-30 14:41 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-29 07:34 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-01-25 02:14 --------- d-----w c:\program files\Any Video Converter Professional
2009-01-25 02:14 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Any Video Converter Professional
2009-01-25 02:12 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-01-25 02:07 --------- d-----w c:\program files\Video Convert Master
2009-01-25 01:55 81,920 ----a-w c:\documents and settings\Administrator\Data aplikací\ezpinst.exe
2009-01-24 18:42 319,488 ----a-w c:\windows\HideWin.exe
2009-01-24 18:42 --------- d-----w c:\program files\Realtek
2009-01-24 15:42 --------- d-----w c:\program files\Crawler
2009-01-08 15:32 127,034 ------r c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-01-08 13:36 22,328 ----a-w c:\documents and settings\Administrator\Data aplikací\PnkBstrK.sys
2009-01-04 20:30 15,600 ----a-w c:\windows\gdrv.sys
2008-03-16 15:43 32 ----a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1966080]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-08-18 1447168]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-09-04 2524416]
"TrueImageMonitor.exe"="d:\zálohy\TrueImageMonitor.exe" [2007-10-23 2615624]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-23 140568]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"Thunderbird"="c:\program files\Mozilla Thunderbird\thunderbird.exe" [2009-03-19 8500328]
"AcronisTimounterMonitor"="d:\zálohy\TimounterMonitor.exe" [2007-10-23 906648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"nwiz"="nwiz.exe" [2009-02-18 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-01-08 809488]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-11-07 16:41 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ sremcon.exe\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"NMIndexingService"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sony Ericsson PC Suite"="d:\sony\pc suite\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"RTHDCPL"=RTHDCPL.EXE
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
"OODefragTray"=c:\windows\system32\oodtray.exe
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\hry\\GTA 4\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\hry\\GTA 4\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Express Talk RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Express Talk RTP Incoming Audio (UDP)
"8005:UDP"= 8005:UDP:Express Talk RTP Incoming Audio (UDP)
"8006:UDP"= 8006:UDP:Express Talk RTP Incoming Audio (UDP)
"8007:UDP"= 8007:UDP:Express Talk RTP Incoming Audio (UDP)
"8008:UDP"= 8008:UDP:Express Talk RTP Incoming Audio (UDP)
"8009:UDP"= 8009:UDP:Express Talk RTP Incoming Audio (UDP)
"5070:UDP"= 5070:UDP:Express Talk Sip Incoming Calls (UDP)
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-09-18 141312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-08-18 468224]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]
S3 NCHSSVAD;SoundTap Recorder;c:\windows\system32\drivers\nchssvad.sys [2008-03-06 26112]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [2009-01-08 23600]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2008-10-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-20 14:02]
2009-03-22 c:\windows\Tasks\User_Feed_Synchronization-{6B9B20E7-E7CE-4740-99F8-480B41BB38BC}.job
- c:\windows\system32\msfeedssync.exe [2009-01-15 02:01]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/ig?hl=cs
uInternet Settings,ProxyOverride = *.local
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel
IE: Převést cíl vazby do Adobe PDF
IE: Převést cíl vazby do existujícího PDF
IE: Převést do Adobe PDF
IE: Převést vybrané vazby do Adobe PDF
IE: Převést vybrané vazby do existujícího PDF
IE: Převést výběr do Adobe PDF
IE: Převést výběr do existujícího PDF
IE: Přidat do stávajícího PDF
IE: Stáhnout pomocí Net Transportu
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout vše pomocí &Net Transportu
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\5cospgox.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/sli ... pab&query=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.max-connections-per-server - 8
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-23 15:35:22
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-343818398-1275210071-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,50,a1,43,7f,ef,af,bf,4b,a9,a0,ca,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,50,a1,43,7f,ef,af,bf,4b,a9,a0,ca,\
[HKEY_USERS\S-1-5-21-343818398-1275210071-839522115-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-343818398-1275210071-839522115-500\Software\SecuROM\License information*]
"datasecu"=hex:46,91,c1,37,d7,c9,4a,0f,06,02,94,a9,8d,f2,f9,60,58,85,b7,c3,f3,
fe,7a,e1,1c,88,9b,e1,2e,7c,67,68,e4,a8,39,71,19,56,49,55,4d,ef,3b,9f,ea,de,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{729b4298-f053-4a8b-a0e1-dec3367162a0}]
@Denied: (Full) (Everyone)
"Model"=dword:00000097
"Therad"=dword:0000000f
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,63,cc,e8,9a,8d,
51,30,46,05,98,32,02,34,2b,da,61,21,f7,85,e3,14,89,63,bb,e0,35,84,97,48,c2,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):0b,d2,e0,1b,43,e1,af,71,cc,52,b3,f6,f6,43,20,87,d3,04,60,b9,d9,
86,e7,cc,ae,d8,d3,eb,07,6e,08,4c,0e,97,5f,3e,6d,ef,ae,37,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="4DC73A0802A9730F5E3336053F5839BEF8E6F4EED98ED62A62C0666A1D3C88EFBDCB7F4DD51FB9F9653FBC338B0820158E17E52115BA3128BCB1A4C3EC5561EA078373AE61CB323AA9D84D3492F296F371ADBF50B918A06468063B98CDB004475EEA404A660FE5553F65575800B0F860321658990498F786125381FA29B75B6D31E065C399E8F091ECAC1EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A9C6AECB7A5D14078EDD5E5BE2F6E667E6F278D09C36C6C68C2622F75E612472283704DB4A46C5438B19FE194B50D68209568A184029125136B4AF9AC44D0963C3B8939F9271F386E86F9291F0B8947A5187EAC6AC362B19AC46F354B0C1F350BB3BECA99B213EE80050D509F3F38DA16BA7D8BEE17FCA95ABC8C739834108F4FB162264C6D1D18B0FA3325ED79B159E064B3AF3235C0D92739C29F361FD48607499694E38B53CE1D7443885E1FDE16AD27795EE76D772ADC616384133DEA0F69A861C7958306E369F819A851D9C115308AA17CBA82FE05A6D7FBAF2A3005DF0E614388B56D9C024319EAEF9D6AC9F79E1548E3AC6D51E5E3495976DA331AFD9D56BDFBF237EEC1DD8D1EF11A19772559ED8EF7EA572D7D469095D2BE676AD12E82AD8E372A01166E8C6FE10547B512E808E53725CDE1FADE0FEBD386606CF4BA3E28D5A3EF3AF17369C9C4C08A966234E4375014529E7AAF2110B365E4BF3108E1C0B18C3DFAF9D9A6631B19B2742A45337B3AA001609E2F9CBC0DA4EE65B3A38CE842A04025AB975A9463F302ED7FADB9D14836F1AC1C057AF796F792CABF92EE94EACC42A600127630C892DABFC3DBD1E3E343ADF30046EB2785069A26E52884F62520E5D515C148155B53B41EFDA4D557DF84D47593EA53D216F6A05919DDC54E062ACD4250828E717024A45CE15E653422256E126D669ACFC528BC364844AC30A36B3FB36144FEC6EBA8BC09C82E71B9F944875E2872952371222821F0AEFDB42BC77F242E57D5B1AC375EF410CB3A64FC6DA7DBFE0D87123DB469758FE72CD96761090EB372573FB16C1C5876EAF602B470A29D0C4F046B470D2108F0C7B3F337B5CDABA93C1669B3B6E689F3D4829B43493D90F69EA7A052768AA252E374CE8F5FC8F98DB515CA354BEAF1CDDEA548D437A2756DAC7315166EB5ADE335601AFA3551FD146D571E292B7AAF4890B2B003C88DA68770BFE79AD8548E6C10DDF2157912E9BD952B24DBE2419864F9FE877FA46F2E7F1BC6C820D20CE494E94DE7AF59C148BF3D324F73212728E8EA1BC037082A25D50E77795A96DFCF62729E89D7CA85F9BC5653C9EDE535F3000904B572252D037ED1D10803EDF9747E98C5B90F5A94E2AD29AE621C57DBC752B70ADCCA58B"
"OODEFRAG11.00.00.01WORKSTATION"="43E8A82F86D565F9750BD3322F72B26B404856CB1760307693791E3EC3A393B007590859225AD2BF8BD95406661C09AE7D0DFAE03CE9A7CBF098C46248AA019F663EB5197A3615ED3A714D78277D3C46F1FE923001309929D441EC1555FC5F39CFE956209AE3E17D33D551F3D2110136B9F2BBFABD4CD5BADD3B6692D5773D7087358441259DA74C000FE68460124063BE44092A5C1DE28E7CCF6EBBCAB85C1F227B4CF74F65039B7B2B075D59049699C24F03465B44FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933FEBC9E127BECC74CA2D97226D213B55567F589893A29DE7ECC323D32083BC8934A61BA1B87F1E8BBC10F3C154B7916D5EAA466FEDAE47D8A2C41D41F854ED7BBD819F126F9FAE27DAEE81E2DB196382DAE772A51350068883E2A9CD59F2270601FA44EDF00E177D4B100503905905D260A06A6257A012090D48C4A4D12998ABC8B4F0D310602B0BDF7683731FC5E469D895004A45098BC01FAF0EDFD92BBB0CF45C7C0036ADC31F5E49A871247174A346CB53FFBD297E67A6C41E66646B28259A5A34FC384152C810E73CCDA0379CF4C257B275B8DF35C6219CAE887C94EB36239D772E699736A273FB3E68EC864560F5DCCE078044771602641FDE7A9828B334340B76366634772767E86B41EDC6DE96EB5620A2BCF0C63EBBA03106B63E4D9381D00B29BF4B4B1E55CB45B020D3C0AE8A7784E6EEEA49C7731288E06ADAEA942128353DCDB3579F43BCA8FE4C1F9661078C1862B2BCA008883737563C06DB83D25494AC0EF6220BDE9F765ABEAF636DB61B375B32EA14814F33B59629D37DF3C43311BD52DE7400E9DBE75309E1174770015E34DC6DD70C1A82F54566DB73E053AEAD31BB4053969EDF5D93E14BEE24355029FB2E44ABBEFACCD8306782D358F3F7E80044890AE06D84934172A8A05D1C6E9F9909F45AEAD6DEB89ADB06D6C0B6844B3F85070884E3D362771DF10236A1E91458BB14291C0BD340C7C275D4C57B16A85D5DA22EFE05F905AF3DB02C988090F5C377745F11FD5233213127A048C79F2906B94B5D590E87EF93D66A4C75D18501B9EF36921F7CC07AD8A4ED1867184B372FC54CF6DE2667B34DCEBD1B2CAC092E140CB5E35ABA307ADEC59070805F956CE4290272C13C655BED97D756168DDEB940C4A6406CDBA9B68BAD6D284F7E4D74B676489CD105F2F50AB50937103ABC21DEBDC5431A5DA1196658DFE38B0358A938D915852FB687F24C03D3EC1984AD268B5959598332C8777D3E76C27483E9455C8FA05FCADFE1279F84121785DC1ADE53AA9276023BE75CBE1758C950D36EFC31F2898D32F220595A97CF8FAB9F9B48B3A739CF0DC042259DE69E78F0039E9168EC531A23FB6"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1252)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
- - - - - - - > 'lsass.exe'(1308)
c:\windows\system32\relog_ap.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-03-23 15:37:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-03-23 14:37:27
Před spuštěním: Volných bajtů: 115 915 231 232
Po spuštění: Volných bajtů: 115,897,413,632
298 --- E O F --- 2009-03-14 19:02:27
------------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:39:36, on 23.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
D:\Zálohy\TrueImageMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
D:\Zálohy\TimounterMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\utility\totalcmd\TOTALCMD.EXE
C:\Hijackthis\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/ig?hl=cs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Zálohy\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [Thunderbird] "C:\Program Files\Mozilla Thunderbird\thunderbird.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Zálohy\TimounterMonitor.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3174704178
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 10557 bytes
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43293
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Aktualizuj javu:
Java SE Runtime Environment 6u12
Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u12-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.
Pokud nejsou problémy , je to vše.
Kód: Vybrat vše
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file) takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Aktualizuj javu:
Java SE Runtime Environment 6u12
Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u12-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.
Pokud nejsou problémy , je to vše.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu Vyřešeno
Perfektní práce PC teď jede jak noví 
.Díííky moc za tvou pomoc a čas.
.Díííky moc za tvou pomoc a čas.Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 74 hostů