Ahoj, Jaro mohl bych tě poprosit o zkouknutí logů? Děkuju
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:53, on 29.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Avast\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avast\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.idnes.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [gemstrmw] C:\WINDOWS\system32\gemstrmw.exe /r
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {1AE23F24-D3E4-4C57-8468-6618B9B8B70F} (ICASign Class) - https://ib24.csob.cz/Comp/IcaSignerCZ.cab
O16 - DPF: {461A37E7-17B3-40E3-B6BB-7CAEC732C9E4} (CSOBEnroll Class) - https://ib24.csob.cz/comp/CSOBEnroll.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4121181187
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
--
End of file - 5582 bytes
ComboFix 09-04-28.02 - PC 29.04.2009 12:49.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.583 [GMT 2:00]
Spuštěný z: c:\documents and settings\PC\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090427-0] *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\PC\Data aplikací\inst.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-28 do 2009-4-29 )))))))))))))))))))))))))))))))
.
2009-04-16 15:20 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 15:20 . 2009-03-06 14:23 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-16 15:20 . 2009-02-09 11:25 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-16 15:20 . 2009-02-09 10:56 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 15:20 . 2009-02-09 10:56 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 15:20 . 2009-02-09 10:56 684032 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 15:20 . 2009-02-09 10:56 728064 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 15:20 . 2009-02-09 10:56 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 15:20 . 2009-02-09 10:56 709632 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 15:19 . 2008-04-21 21:15 216576 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-15 14:02 . 2002-12-10 00:20 102439 ----a-w c:\windows\system32\sipr3260.dll
2009-04-15 14:02 . 2006-09-29 10:24 217127 ----a-w c:\windows\system32\drv43260.dll
2009-04-15 14:02 . 2006-09-29 10:25 208935 ----a-w c:\windows\system32\drv33260.dll
2009-04-15 14:02 . 2006-09-29 10:26 176165 ----a-w c:\windows\system32\drv23260.dll
2009-04-15 14:02 . 2007-03-18 18:37 65602 ----a-w c:\windows\system32\cook3260.dll
2009-04-14 16:46 . 2009-04-14 16:46 -------- d-----w c:\documents and settings\PC\Data aplikací\DivX
2009-04-14 15:35 . 2009-03-18 17:54 39440 ----a-w c:\windows\system32\drivers\csdf.sys
2009-04-14 15:35 . 2009-03-19 17:38 7928 ----a-w c:\windows\system32\cnat.exe
2009-04-14 15:35 . 2009-03-18 17:53 36624 ----a-w c:\windows\system32\drivers\crpf.sys
2009-04-14 15:35 . 2009-04-15 10:39 3010 ----a-w c:\windows\crpf.bin
2009-04-12 09:57 . 2009-04-29 10:36 -------- d-----w c:\program files\Poker
2009-04-10 16:31 . 2009-04-10 16:31 -------- d-----w c:\documents and settings\LocalService\Plocha
2009-04-10 16:26 . 2009-04-10 16:33 -------- dc----w c:\windows\system32\DRVSTORE
2009-04-07 16:30 . 2009-04-07 16:30 -------- d-----w c:\documents and settings\PC\Data aplikací\VOWSoft
2009-04-05 06:41 . 2009-04-05 06:41 -------- d-----w c:\program files\Java
2009-04-04 09:19 . 2009-04-04 09:19 -------- d-----w c:\documents and settings\PC\Data aplikací\gtk-2.0
2009-04-01 14:40 . 2003-01-26 11:41 40960 ----a-w c:\windows\system32\ssubtmr6.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-26 14:53 . 2008-03-03 15:19 -------- d-----w c:\program files\TeamSpeak
2009-04-26 09:48 . 2009-03-04 11:36 -------- d-----w c:\program files\Advanced SystemCare
2009-04-25 09:41 . 2009-03-04 12:29 -------- d-----w c:\program files\K-Lite Codec Pack
2009-04-16 15:39 . 2002-09-23 12:00 514646 ----a-w c:\windows\system32\perfh005.dat
2009-04-16 15:39 . 2002-09-23 12:00 112432 ----a-w c:\windows\system32\perfc005.dat
2009-04-15 14:12 . 2008-06-18 16:22 47360 ----a-w c:\documents and settings\PC\Data aplikací\pcouffin.sys
2009-04-15 14:02 . 2008-06-18 16:22 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-04-11 11:43 . 2008-02-27 13:31 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-10 16:34 . 2008-03-19 13:34 -------- d-----w c:\program files\Avast
2009-04-07 13:09 . 2009-03-01 16:36 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-06 13:32 . 2009-03-01 16:36 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-03-01 16:36 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-05 06:41 . 2009-02-17 17:46 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-02 15:32 . 2008-02-27 13:48 142336 ----a-w c:\documents and settings\PC\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2009-03-16 18:08 . 2009-03-16 18:08 -------- d-----w c:\program files\QIP
2009-03-14 17:27 . 2009-03-14 17:27 -------- d-----w c:\windows\Fonts\AdvUninstal
2009-03-14 15:15 . 2008-09-02 10:29 -------- d-----w c:\program files\Numericon
2009-03-14 15:15 . 2008-03-04 13:07 -------- d-----w c:\program files\Windows Media Connect 2
2009-03-13 16:07 . 2008-10-21 15:19 -------- d-----w c:\program files\Autodesk
2009-03-10 19:12 . 2008-06-12 19:06 -------- d-----w c:\program files\MSBuild
2009-03-10 18:28 . 2008-02-27 13:21 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-07 09:29 . 2008-03-15 18:07 -------- d-----w c:\program files\Canon
2009-03-07 09:28 . 2008-06-19 15:30 -------- d-----w c:\program files\CyberLink
2009-03-06 18:03 . 2008-09-26 14:11 189072 ----a-w c:\windows\system32\PnkBstrB.exe
2009-03-06 14:23 . 2004-08-17 13:49 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-04 12:55 . 2008-11-15 08:55 -------- d-----w c:\program files\MIKROPROG
2009-03-04 11:52 . 2008-05-02 09:42 -------- d-----w c:\program files\Sony
2009-03-03 17:32 . 2009-03-03 17:30 56 --sha-r c:\windows\system32\1FE38C32D6.sys
2009-03-03 17:32 . 2009-03-03 17:30 10022 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-03-03 00:14 . 2004-08-17 13:49 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-02 16:50 . 2008-03-28 14:46 22328 ----a-w c:\documents and settings\PC\Data aplikací\PnkBstrK.sys
2009-02-24 23:26 . 2009-03-04 12:30 2255360 ----a-w c:\windows\system32\x264vfw.dll
2009-02-20 17:13 . 2004-08-17 13:49 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 18:56 . 2009-03-04 12:29 67584 ----a-w c:\windows\system32\ff_vfw.dll
2009-02-09 14:07 . 2009-03-10 17:26 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:26 . 2009-03-10 17:26 2025984 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:26 . 2009-03-10 17:26 2147328 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:25 . 2009-03-10 17:26 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:56 . 2009-03-10 17:26 728064 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:56 . 2004-08-17 13:49 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:56 . 2009-03-10 17:26 684032 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:56 . 2009-03-10 17:26 709632 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2002-09-23 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:58 . 2004-08-17 13:49 56832 ----a-w c:\windows\system32\secur32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"avast!"="c:\progra~1\Avast\ashDisp.exe" [2009-02-05 81000]
"gemstrmw"="c:\windows\system32\gemstrmw.exe" [2003-08-29 24576]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Cenega Czech\\VIETCONG\\vietcong.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Total Commander\\TOTALCMD.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Cenega Czech\\VIETCONG\\vcded.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\PC\\Local Settings\\Data aplikací\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Adobe\\Adobe After Effects CS3\\Support Files\\AfterFX.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12124:TCP"= 12124:TCP:*:Disabled:BitComet 12124 TCP
"12124:UDP"= 12124:UDP:*:Disabled:BitComet 12124 UDP
"18482:TCP"= 18482:TCP:*:Disabled:BitComet 18482 TCP
"18482:UDP"= 18482:UDP:*:Disabled:BitComet 18482 UDP
R2 YOZPZUBM;YOZPZUBM; [x]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2prt.sys [2006-05-09 13824]
R3 NCHSSVAD;SoundTap Recorder;c:\windows\system32\drivers\nchssvad.sys [2008-09-21 21120]
S0 csdf;cdsf;c:\windows\System32\drivers\csdf.sys [2009-03-18 39440]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S3 GEMPC430;GEMPLUS GemPC430 USB Smart Card Reader;c:\windows\system32\DRIVERS\grclass.sys [2001-10-24 82432]
S3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2008-04-13 69120]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.idnes.cz/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: csob.cz\ib24
DPF: {1AE23F24-D3E4-4C57-8468-6618B9B8B70F} - hxxps://ib24.csob.cz/Comp/IcaSignerCZ.cab
DPF: {461A37E7-17B3-40E3-B6BB-7CAEC732C9E4} - hxxps://ib24.csob.cz/comp/CSOBEnroll.dll
FF - ProfilePath - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\b5mcnbn1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.pc-help.cz/
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-29 12:51
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="FB98FDB7BA8CF785D9E274B4E92661928BA388EC0247C39877DB979D424EAD69A2FC41914F366AFD36656A145E1D632D48F210732B5E6B78839B6E934131BE6614A0751016E6E76B67CB0BED6CAD66E7BE3EA1DF93E6AE2F91CB1A19EA90F522356D7B2E3DB5CDDAE9C0F605677D92E822913960D1BAA399FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A6A0AC4980AC7933A6171C11EC38DE3DE1A3344B8F39F21A68308373F12AD3DBF7F38BE9D5E058E56ED97FB52E6F837895520AD80AE7EDF1776D17560A6F7C93786C7C3F2C6CEB614B7A715A62B4B28AB4E3CED67B582CE393EA260A5BF70FF0CAA0A24583AAC301E95642B86DF2F6D8B29BD9E22FCA8D6C674EE396F6B2DC2A6D35AB8CD25BBA533B324085C9DE566B977F347A4383E62DAFFD39E3BE15A519F3137E0760C5A00C47196B5DC42E4EED015B1D04A94A016ABE2740BE6C17213B8468320BCAB3B70129587A407F1BCEB09DBE86C72BE91B0EF83AC8D98A367833D726145281F1382D1184D59170E43C2733FA98F2E0B2E3A3D6E9D64AF97249C63D8024FAC9D14BB041EF9C97624DEC69192A2C933AF8015DE6B022896CD0A5DE17F1178A3DA911CC91379FFEF01CAEB43C2550A07A110D8EC9499574EBDA158A5B36D56347539DE9EC3863D58F1BC1661D8CC771B7DA92B1B5B351CCD39B8F7C14CFFAD1292C759153942391049959834EC10941DBB314E173B3A73953A484086004D90478169574D633CA08E66A9C357AED3EB2270086625F53A2C0EC0AD5A8725AF58C9D76EBE3203EFD74A663A845DB7AC5C82CA6D2176C5C7AD17BE459FC10A08762D337DC5669238FF585DE8DA5C297B3EB519455879EE021BE28D1584592E8FA5EAEC43E6882138B1219BC4FE715B7CCE8D1B760628E33393B737112E86A0870BF11125BD84E86AD2EC9DFE446CA928C703C0537F76B6E9A6132E838F01816BDA9B395F309C3376996D72D3B1CEE24A116F273953DF5EBD0AF0BDFEF0CB3716A2123C6B881EFA1627AD2903367A22A6D52ACFE254B82CB9A867A83D40A653B33124225D4EB708972EDA179A04E9A280782F428895EFAF36CAA4F8473E2EBD788C943B0DE1878F327E6FD5849181E65B9E52AF056D85D8CEC47AD974E301B708FFAB1F0E8F7D02C4341F5A4EBB0896D03A17F62153DB900F8680EF45BAF5872A03BE76EF4A452403BBC69D9B6A74E0E96BE7A07C33635009F00BBD985431D8F478616B6F8D5EE0138FD90F64EB06F5C59A7F66FD1900B7F2363D606A970783C453A445B62EB28051989F3FC4B2406ADE62FA3AE253C86B7FCCB53BF9A620D328E9949F28E6B16A8EDCD717339FEBD1F8E87835C96CE89A4D656F6CE1DE490ED4CC951965078"
"OODEFRAG11.00.00.01WORKSTATION"="44F42D268D7A43144D45BF0A9B03856DDCEAEFCDB1085BF1FBB7E808BF1906A5DEDD4B3F01AF12EF1BA873926677889541CE8F87CC236AC5375100D288537D2EEB6A0DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933FEBC9E127BECC74CA2D97226D213B5553CEB6330261098FB987CC17BE4885417335E118C1631F8D2E8D48847EBCE9FB99D95D050AA0510D3135567D7C109B2D9472116B9721E90B9E9817CE211E85AEA5B772215C9131193C345A1707F342C7CB00459CDB1985D54CD8D37727BCFDB479E360D011C0CC4DF5B53F6D110520ABFCB95D1073E006CA0382DC07E301411A8F6C9490B5FD49991735DEF800BBED81BD5B5F893A8C18B52B3652605595BA71FD47D931B75E9C0B384149BF22C666D37F21CCD9824E44E4D2A137576C0DD176F0DF1AD1264D7AD08ECFB8B94CFCEDCF02C52552D0A7F8B2FED6342B7DAE9158E5919DA3F57C11B82EFEC54C4FB108059EAB512DD543D60C53158A52339E01EABD63D63EA99DC05CCB294905554D177B80078922AA3E029918E4B390497B7F2A287F795CD1F75AD41C074DC8EA65723859E1F6307BB3D0A4B80E59E9B50F71809503A41957DE79AF20960DB2B5FF12BEE5C85175B063B6B5CE9A5F8A0E6BD5426FB473BE56D271324DB02B259930877D6B6D7C4040C56F6E40DDEEE3AFEBBB474B5B6DBD3CE3AA4CEF0540BBC799638D00D980851009F1C3513B7AD85DFB70A258FF400E821BAA11F63AA93EC6BACDE28A11DFD86B43A0FD488AB63157988E71B80C288248CD69FF4AF277CF4E8EC21D91C8E4A5BA0DFC57F5D08C4EB5B9D25ECDFB15AF65AD075663AC4FB52148FF91888EC137D62DBFAA066718985B9F7DF67ECA95D47767EC23AC74FCBF934DD2646D508038B380F2FDEDBDC6C4CEE2BF68948E87EEEF54B67ED0466A951B4B8A9015706C89986EC258CD916AC2376621086F57C2EBC0D358832FB80D6B3A3934913C461972FD3FE63B7613B8F5E72DA114761CAE1F395CE0FE9A3679971B4758F00B966264A4E61369C57C0DCC6A6E4A765570911C60E3CA8B0D035BACC3E79CA7BB4B82E59C4422B2E026B5E1A7CE54431894439E2973B4750BD5C89FC3C4E0D7099CCEEC12C6817148FD7650981D71A2E0C5B5A64F8171E4A0920552BCBB82D7C31ECAAD91AAA1128907344B765472215D904F9DD1B332853349B75F8B08EC3702437A86E4C767278F781D341FC56984FCE4421558D852154A6B943F8D23BB0D1041DB23FA14B5C4820976FB043B97C7EAD78DA4500998BE7AABB1CB03C3E94DAC36318819F3D308D44237687D3B912F49B50399BC90C2CE16E37E19C9A2CD678B9262C5B6CF496F204DFCC3CEDB5633A21504FB865108B430513FAAB43"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-04-29 12:52
ComboFix-quarantined-files.txt 2009-04-29 10:52
Před spuštěním: Volných bajtů: 185 767 686 144
Po spuštění: Volných bajtů: 185 803 948 032
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
188 --- E O F --- 2009-04-16 15:33
Preventivka - HJT + Combo Vyřešeno
-
Martimos
- Level 2.5
- Příspěvky: 337
- Registrován: listopad 08
- Bydliště: Praha
- Pohlaví:
- Stav:
Offline
- Kontakt:
Preventivka - HJT + Combo
Jednoduchost je maximální propracovanost. - Leonardo da Vinci
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Preventivka - HJT + Combo
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
File::
c:\windows\system32\1FE38C32D6.sys
c:\windows\system32\KGyGaAvL.sys
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
Martimos
- Level 2.5
- Příspěvky: 337
- Registrován: listopad 08
- Bydliště: Praha
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Preventivka - HJT + Combo
Zde je log z CF:
ComboFix 09-04-28.02 - PC 29.04.2009 19:15.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.529 [GMT 2:00]
Spuštěný z: c:\documents and settings\PC\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\PC\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090428-0] *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
FILE ::
c:\windows\system32\1FE38C32D6.sys
c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\1FE38C32D6.sys
c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-28 do 2009-4-29 )))))))))))))))))))))))))))))))
.
2009-04-16 15:20 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 15:20 . 2009-03-06 14:23 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-16 15:20 . 2009-02-09 11:25 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-16 15:20 . 2009-02-09 10:56 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 15:20 . 2009-02-09 10:56 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 15:20 . 2009-02-09 10:56 684032 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 15:20 . 2009-02-09 10:56 728064 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 15:20 . 2009-02-09 10:56 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 15:20 . 2009-02-09 10:56 709632 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 15:19 . 2008-04-21 21:15 216576 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-15 14:02 . 2002-12-10 00:20 102439 ----a-w c:\windows\system32\sipr3260.dll
2009-04-15 14:02 . 2006-09-29 10:24 217127 ----a-w c:\windows\system32\drv43260.dll
2009-04-15 14:02 . 2006-09-29 10:25 208935 ----a-w c:\windows\system32\drv33260.dll
2009-04-15 14:02 . 2006-09-29 10:26 176165 ----a-w c:\windows\system32\drv23260.dll
2009-04-15 14:02 . 2007-03-18 18:37 65602 ----a-w c:\windows\system32\cook3260.dll
2009-04-14 16:46 . 2009-04-14 16:46 -------- d-----w c:\documents and settings\PC\Data aplikací\DivX
2009-04-14 15:35 . 2009-03-18 17:54 39440 ----a-w c:\windows\system32\drivers\csdf.sys
2009-04-14 15:35 . 2009-03-19 17:38 7928 ----a-w c:\windows\system32\cnat.exe
2009-04-14 15:35 . 2009-03-18 17:53 36624 ----a-w c:\windows\system32\drivers\crpf.sys
2009-04-14 15:35 . 2009-04-15 10:39 3010 ----a-w c:\windows\crpf.bin
2009-04-12 09:57 . 2009-04-29 14:02 -------- d-----w c:\program files\Poker
2009-04-10 16:31 . 2009-04-10 16:31 -------- d-----w c:\documents and settings\LocalService\Plocha
2009-04-10 16:26 . 2009-04-10 16:33 -------- dc----w c:\windows\system32\DRVSTORE
2009-04-07 16:30 . 2009-04-07 16:30 -------- d-----w c:\documents and settings\PC\Data aplikací\VOWSoft
2009-04-05 06:41 . 2009-04-05 06:41 -------- d-----w c:\program files\Java
2009-04-04 09:19 . 2009-04-04 09:19 -------- d-----w c:\documents and settings\PC\Data aplikací\gtk-2.0
2009-04-01 14:40 . 2003-01-26 11:41 40960 ----a-w c:\windows\system32\ssubtmr6.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-26 14:53 . 2008-03-03 15:19 -------- d-----w c:\program files\TeamSpeak
2009-04-26 09:48 . 2009-03-04 11:36 -------- d-----w c:\program files\Advanced SystemCare
2009-04-25 09:41 . 2009-03-04 12:29 -------- d-----w c:\program files\K-Lite Codec Pack
2009-04-16 15:39 . 2002-09-23 12:00 514646 ----a-w c:\windows\system32\perfh005.dat
2009-04-16 15:39 . 2002-09-23 12:00 112432 ----a-w c:\windows\system32\perfc005.dat
2009-04-15 14:12 . 2008-06-18 16:22 47360 ----a-w c:\documents and settings\PC\Data aplikací\pcouffin.sys
2009-04-15 14:02 . 2008-06-18 16:22 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-04-11 11:43 . 2008-02-27 13:31 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-10 16:34 . 2008-03-19 13:34 -------- d-----w c:\program files\Avast
2009-04-07 13:09 . 2009-03-01 16:36 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-06 13:32 . 2009-03-01 16:36 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-03-01 16:36 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-05 06:41 . 2009-02-17 17:46 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-02 15:32 . 2008-02-27 13:48 142336 ----a-w c:\documents and settings\PC\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2009-03-16 18:08 . 2009-03-16 18:08 -------- d-----w c:\program files\QIP
2009-03-14 17:27 . 2009-03-14 17:27 -------- d-----w c:\windows\Fonts\AdvUninstal
2009-03-14 15:15 . 2008-09-02 10:29 -------- d-----w c:\program files\Numericon
2009-03-14 15:15 . 2008-03-04 13:07 -------- d-----w c:\program files\Windows Media Connect 2
2009-03-13 16:07 . 2008-10-21 15:19 -------- d-----w c:\program files\Autodesk
2009-03-10 19:12 . 2008-06-12 19:06 -------- d-----w c:\program files\MSBuild
2009-03-10 18:28 . 2008-02-27 13:21 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-07 09:29 . 2008-03-15 18:07 -------- d-----w c:\program files\Canon
2009-03-07 09:28 . 2008-06-19 15:30 -------- d-----w c:\program files\CyberLink
2009-03-06 18:03 . 2008-09-26 14:11 189072 ----a-w c:\windows\system32\PnkBstrB.exe
2009-03-06 14:23 . 2004-08-17 13:49 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-04 12:55 . 2008-11-15 08:55 -------- d-----w c:\program files\MIKROPROG
2009-03-04 11:52 . 2008-05-02 09:42 -------- d-----w c:\program files\Sony
2009-03-03 00:14 . 2004-08-17 13:49 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-02 16:50 . 2008-03-28 14:46 22328 ----a-w c:\documents and settings\PC\Data aplikací\PnkBstrK.sys
2009-02-24 23:26 . 2009-03-04 12:30 2255360 ----a-w c:\windows\system32\x264vfw.dll
2009-02-20 17:13 . 2004-08-17 13:49 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 18:56 . 2009-03-04 12:29 67584 ----a-w c:\windows\system32\ff_vfw.dll
2009-02-09 14:07 . 2009-03-10 17:26 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:26 . 2009-03-10 17:26 2025984 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:26 . 2009-03-10 17:26 2147328 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:25 . 2009-03-10 17:26 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:56 . 2009-03-10 17:26 728064 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:56 . 2004-08-17 13:49 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:56 . 2009-03-10 17:26 684032 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:56 . 2009-03-10 17:26 709632 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2002-09-23 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:58 . 2004-08-17 13:49 56832 ----a-w c:\windows\system32\secur32.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-04-29_10.51.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-29 10:59 . 2009-04-29 10:59 16384 c:\windows\Temp\Perflib_Perfdata_5ec.dat
- 2009-04-28 15:20 . 2009-04-28 15:20 16384 c:\windows\Temp\Perflib_Perfdata_5ec.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"avast!"="c:\progra~1\Avast\ashDisp.exe" [2009-02-05 81000]
"gemstrmw"="c:\windows\system32\gemstrmw.exe" [2003-08-29 24576]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Cenega Czech\\VIETCONG\\vietcong.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Total Commander\\TOTALCMD.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Cenega Czech\\VIETCONG\\vcded.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\PC\\Local Settings\\Data aplikací\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Adobe\\Adobe After Effects CS3\\Support Files\\AfterFX.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12124:TCP"= 12124:TCP:*:Disabled:BitComet 12124 TCP
"12124:UDP"= 12124:UDP:*:Disabled:BitComet 12124 UDP
"18482:TCP"= 18482:TCP:*:Disabled:BitComet 18482 TCP
"18482:UDP"= 18482:UDP:*:Disabled:BitComet 18482 UDP
R2 YOZPZUBM;YOZPZUBM; [x]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2prt.sys [2006-05-09 13824]
R3 NCHSSVAD;SoundTap Recorder;c:\windows\system32\drivers\nchssvad.sys [2008-09-21 21120]
S0 csdf;cdsf;c:\windows\System32\drivers\csdf.sys [2009-03-18 39440]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S3 GEMPC430;GEMPLUS GemPC430 USB Smart Card Reader;c:\windows\system32\DRIVERS\grclass.sys [2001-10-24 82432]
S3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2008-04-13 69120]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.idnes.cz/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: csob.cz\ib24
DPF: {1AE23F24-D3E4-4C57-8468-6618B9B8B70F} - hxxps://ib24.csob.cz/Comp/IcaSignerCZ.cab
DPF: {461A37E7-17B3-40E3-B6BB-7CAEC732C9E4} - hxxps://ib24.csob.cz/comp/CSOBEnroll.dll
FF - ProfilePath - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\b5mcnbn1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.pc-help.cz/
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-29 19:16
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="FB98FDB7BA8CF785D9E274B4E92661928BA388EC0247C39877DB979D424EAD69A2FC41914F366AFD36656A145E1D632D48F210732B5E6B78839B6E934131BE6614A0751016E6E76B67CB0BED6CAD66E7BE3EA1DF93E6AE2F91CB1A19EA90F522356D7B2E3DB5CDDAE9C0F605677D92E822913960D1BAA399FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A6A0AC4980AC7933A6171C11EC38DE3DE1A3344B8F39F21A68308373F12AD3DBF7F38BE9D5E058E56ED97FB52E6F837895520AD80AE7EDF1776D17560A6F7C93786C7C3F2C6CEB614B7A715A62B4B28AB4E3CED67B582CE393EA260A5BF70FF0CAA0A24583AAC301E95642B86DF2F6D8B29BD9E22FCA8D6C674EE396F6B2DC2A6D35AB8CD25BBA533B324085C9DE566B977F347A4383E62DAFFD39E3BE15A519F3137E0760C5A00C47196B5DC42E4EED015B1D04A94A016ABE2740BE6C17213B8468320BCAB3B70129587A407F1BCEB09DBE86C72BE91B0EF83AC8D98A367833D726145281F1382D1184D59170E43C2733FA98F2E0B2E3A3D6E9D64AF97249C63D8024FAC9D14BB041EF9C97624DEC69192A2C933AF8015DE6B022896CD0A5DE17F1178A3DA911CC91379FFEF01CAEB43C2550A07A110D8EC9499574EBDA158A5B36D56347539DE9EC3863D58F1BC1661D8CC771B7DA92B1B5B351CCD39B8F7C14CFFAD1292C759153942391049959834EC10941DBB314E173B3A73953A484086004D90478169574D633CA08E66A9C357AED3EB2270086625F53A2C0EC0AD5A8725AF58C9D76EBE3203EFD74A663A845DB7AC5C82CA6D2176C5C7AD17BE459FC10A08762D337DC5669238FF585DE8DA5C297B3EB519455879EE021BE28D1584592E8FA5EAEC43E6882138B1219BC4FE715B7CCE8D1B760628E33393B737112E86A0870BF11125BD84E86AD2EC9DFE446CA928C703C0537F76B6E9A6132E838F01816BDA9B395F309C3376996D72D3B1CEE24A116F273953DF5EBD0AF0BDFEF0CB3716A2123C6B881EFA1627AD2903367A22A6D52ACFE254B82CB9A867A83D40A653B33124225D4EB708972EDA179A04E9A280782F428895EFAF36CAA4F8473E2EBD788C943B0DE1878F327E6FD5849181E65B9E52AF056D85D8CEC47AD974E301B708FFAB1F0E8F7D02C4341F5A4EBB0896D03A17F62153DB900F8680EF45BAF5872A03BE76EF4A452403BBC69D9B6A74E0E96BE7A07C33635009F00BBD985431D8F478616B6F8D5EE0138FD90F64EB06F5C59A7F66FD1900B7F2363D606A970783C453A445B62EB28051989F3FC4B2406ADE62FA3AE253C86B7FCCB53BF9A620D328E9949F28E6B16A8EDCD717339FEBD1F8E87835C96CE89A4D656F6CE1DE490ED4CC951965078"
"OODEFRAG11.00.00.01WORKSTATION"="44F42D268D7A43144D45BF0A9B03856DDCEAEFCDB1085BF1FBB7E808BF1906A5DEDD4B3F01AF12EF1BA873926677889541CE8F87CC236AC5375100D288537D2EEB6A0DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933FEBC9E127BECC74CA2D97226D213B5553CEB6330261098FB987CC17BE4885417335E118C1631F8D2E8D48847EBCE9FB99D95D050AA0510D3135567D7C109B2D9472116B9721E90B9E9817CE211E85AEA5B772215C9131193C345A1707F342C7CB00459CDB1985D54CD8D37727BCFDB479E360D011C0CC4DF5B53F6D110520ABFCB95D1073E006CA0382DC07E301411A8F6C9490B5FD49991735DEF800BBED81BD5B5F893A8C18B52B3652605595BA71FD47D931B75E9C0B384149BF22C666D37F21CCD9824E44E4D2A137576C0DD176F0DF1AD1264D7AD08ECFB8B94CFCEDCF02C52552D0A7F8B2FED6342B7DAE9158E5919DA3F57C11B82EFEC54C4FB108059EAB512DD543D60C53158A52339E01EABD63D63EA99DC05CCB294905554D177B80078922AA3E029918E4B390497B7F2A287F795CD1F75AD41C074DC8EA65723859E1F6307BB3D0A4B80E59E9B50F71809503A41957DE79AF20960DB2B5FF12BEE5C85175B063B6B5CE9A5F8A0E6BD5426FB473BE56D271324DB02B259930877D6B6D7C4040C56F6E40DDEEE3AFEBBB474B5B6DBD3CE3AA4CEF0540BBC799638D00D980851009F1C3513B7AD85DFB70A258FF400E821BAA11F63AA93EC6BACDE28A11DFD86B43A0FD488AB63157988E71B80C288248CD69FF4AF277CF4E8EC21D91C8E4A5BA0DFC57F5D08C4EB5B9D25ECDFB15AF65AD075663AC4FB52148FF91888EC137D62DBFAA066718985B9F7DF67ECA95D47767EC23AC74FCBF934DD2646D508038B380F2FDEDBDC6C4CEE2BF68948E87EEEF54B67ED0466A951B4B8A9015706C89986EC258CD916AC2376621086F57C2EBC0D358832FB80D6B3A3934913C461972FD3FE63B7613B8F5E72DA114761CAE1F395CE0FE9A3679971B4758F00B966264A4E61369C57C0DCC6A6E4A765570911C60E3CA8B0D035BACC3E79CA7BB4B82E59C4422B2E026B5E1A7CE54431894439E2973B4750BD5C89FC3C4E0D7099CCEEC12C6817148FD7650981D71A2E0C5B5A64F8171E4A0920552BCBB82D7C31ECAAD91AAA1128907344B765472215D904F9DD1B332853349B75F8B08EC3702437A86E4C767278F781D341FC56984FCE4421558D852154A6B943F8D23BB0D1041DB23FA14B5C4820976FB043B97C7EAD78DA4500998BE7AABB1CB03C3E94DAC36318819F3D308D44237687D3B912F49B50399BC90C2CE16E37E19C9A2CD678B9262C5B6CF496F204DFCC3CEDB5633A21504FB865108B430513FAAB43"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-04-29 19:18
ComboFix-quarantined-files.txt 2009-04-29 17:18
ComboFix2.txt 2009-04-29 10:52
Před spuštěním: Volných bajtů: 186 578 780 160
Po spuštění: Volných bajtů: 186 582 294 528
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
197 --- E O F --- 2009-04-16 15:33
A tady HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:19:45, on 29.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Avast\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avast\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.idnes.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [gemstrmw] C:\WINDOWS\system32\gemstrmw.exe /r
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {1AE23F24-D3E4-4C57-8468-6618B9B8B70F} (ICASign Class) - https://ib24.csob.cz/Comp/IcaSignerCZ.cab
O16 - DPF: {461A37E7-17B3-40E3-B6BB-7CAEC732C9E4} (CSOBEnroll Class) - https://ib24.csob.cz/comp/CSOBEnroll.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4121181187
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
--
End of file - 5615 bytes
ComboFix 09-04-28.02 - PC 29.04.2009 19:15.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.529 [GMT 2:00]
Spuštěný z: c:\documents and settings\PC\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\PC\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090428-0] *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
FILE ::
c:\windows\system32\1FE38C32D6.sys
c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\1FE38C32D6.sys
c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-28 do 2009-4-29 )))))))))))))))))))))))))))))))
.
2009-04-16 15:20 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 15:20 . 2009-03-06 14:23 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-16 15:20 . 2009-02-09 11:25 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-16 15:20 . 2009-02-09 10:56 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 15:20 . 2009-02-09 10:56 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 15:20 . 2009-02-09 10:56 684032 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 15:20 . 2009-02-09 10:56 728064 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 15:20 . 2009-02-09 10:56 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 15:20 . 2009-02-09 10:56 709632 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 15:19 . 2008-04-21 21:15 216576 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-15 14:02 . 2002-12-10 00:20 102439 ----a-w c:\windows\system32\sipr3260.dll
2009-04-15 14:02 . 2006-09-29 10:24 217127 ----a-w c:\windows\system32\drv43260.dll
2009-04-15 14:02 . 2006-09-29 10:25 208935 ----a-w c:\windows\system32\drv33260.dll
2009-04-15 14:02 . 2006-09-29 10:26 176165 ----a-w c:\windows\system32\drv23260.dll
2009-04-15 14:02 . 2007-03-18 18:37 65602 ----a-w c:\windows\system32\cook3260.dll
2009-04-14 16:46 . 2009-04-14 16:46 -------- d-----w c:\documents and settings\PC\Data aplikací\DivX
2009-04-14 15:35 . 2009-03-18 17:54 39440 ----a-w c:\windows\system32\drivers\csdf.sys
2009-04-14 15:35 . 2009-03-19 17:38 7928 ----a-w c:\windows\system32\cnat.exe
2009-04-14 15:35 . 2009-03-18 17:53 36624 ----a-w c:\windows\system32\drivers\crpf.sys
2009-04-14 15:35 . 2009-04-15 10:39 3010 ----a-w c:\windows\crpf.bin
2009-04-12 09:57 . 2009-04-29 14:02 -------- d-----w c:\program files\Poker
2009-04-10 16:31 . 2009-04-10 16:31 -------- d-----w c:\documents and settings\LocalService\Plocha
2009-04-10 16:26 . 2009-04-10 16:33 -------- dc----w c:\windows\system32\DRVSTORE
2009-04-07 16:30 . 2009-04-07 16:30 -------- d-----w c:\documents and settings\PC\Data aplikací\VOWSoft
2009-04-05 06:41 . 2009-04-05 06:41 -------- d-----w c:\program files\Java
2009-04-04 09:19 . 2009-04-04 09:19 -------- d-----w c:\documents and settings\PC\Data aplikací\gtk-2.0
2009-04-01 14:40 . 2003-01-26 11:41 40960 ----a-w c:\windows\system32\ssubtmr6.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-26 14:53 . 2008-03-03 15:19 -------- d-----w c:\program files\TeamSpeak
2009-04-26 09:48 . 2009-03-04 11:36 -------- d-----w c:\program files\Advanced SystemCare
2009-04-25 09:41 . 2009-03-04 12:29 -------- d-----w c:\program files\K-Lite Codec Pack
2009-04-16 15:39 . 2002-09-23 12:00 514646 ----a-w c:\windows\system32\perfh005.dat
2009-04-16 15:39 . 2002-09-23 12:00 112432 ----a-w c:\windows\system32\perfc005.dat
2009-04-15 14:12 . 2008-06-18 16:22 47360 ----a-w c:\documents and settings\PC\Data aplikací\pcouffin.sys
2009-04-15 14:02 . 2008-06-18 16:22 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-04-11 11:43 . 2008-02-27 13:31 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-10 16:34 . 2008-03-19 13:34 -------- d-----w c:\program files\Avast
2009-04-07 13:09 . 2009-03-01 16:36 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-06 13:32 . 2009-03-01 16:36 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-03-01 16:36 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-05 06:41 . 2009-02-17 17:46 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-02 15:32 . 2008-02-27 13:48 142336 ----a-w c:\documents and settings\PC\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2009-03-16 18:08 . 2009-03-16 18:08 -------- d-----w c:\program files\QIP
2009-03-14 17:27 . 2009-03-14 17:27 -------- d-----w c:\windows\Fonts\AdvUninstal
2009-03-14 15:15 . 2008-09-02 10:29 -------- d-----w c:\program files\Numericon
2009-03-14 15:15 . 2008-03-04 13:07 -------- d-----w c:\program files\Windows Media Connect 2
2009-03-13 16:07 . 2008-10-21 15:19 -------- d-----w c:\program files\Autodesk
2009-03-10 19:12 . 2008-06-12 19:06 -------- d-----w c:\program files\MSBuild
2009-03-10 18:28 . 2008-02-27 13:21 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-07 09:29 . 2008-03-15 18:07 -------- d-----w c:\program files\Canon
2009-03-07 09:28 . 2008-06-19 15:30 -------- d-----w c:\program files\CyberLink
2009-03-06 18:03 . 2008-09-26 14:11 189072 ----a-w c:\windows\system32\PnkBstrB.exe
2009-03-06 14:23 . 2004-08-17 13:49 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-04 12:55 . 2008-11-15 08:55 -------- d-----w c:\program files\MIKROPROG
2009-03-04 11:52 . 2008-05-02 09:42 -------- d-----w c:\program files\Sony
2009-03-03 00:14 . 2004-08-17 13:49 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-02 16:50 . 2008-03-28 14:46 22328 ----a-w c:\documents and settings\PC\Data aplikací\PnkBstrK.sys
2009-02-24 23:26 . 2009-03-04 12:30 2255360 ----a-w c:\windows\system32\x264vfw.dll
2009-02-20 17:13 . 2004-08-17 13:49 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 18:56 . 2009-03-04 12:29 67584 ----a-w c:\windows\system32\ff_vfw.dll
2009-02-09 14:07 . 2009-03-10 17:26 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:26 . 2009-03-10 17:26 2025984 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:26 . 2009-03-10 17:26 2147328 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:25 . 2009-03-10 17:26 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:56 . 2009-03-10 17:26 728064 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:56 . 2004-08-17 13:49 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:56 . 2009-03-10 17:26 684032 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:56 . 2009-03-10 17:26 709632 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2002-09-23 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:58 . 2004-08-17 13:49 56832 ----a-w c:\windows\system32\secur32.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-04-29_10.51.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-29 10:59 . 2009-04-29 10:59 16384 c:\windows\Temp\Perflib_Perfdata_5ec.dat
- 2009-04-28 15:20 . 2009-04-28 15:20 16384 c:\windows\Temp\Perflib_Perfdata_5ec.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"avast!"="c:\progra~1\Avast\ashDisp.exe" [2009-02-05 81000]
"gemstrmw"="c:\windows\system32\gemstrmw.exe" [2003-08-29 24576]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Cenega Czech\\VIETCONG\\vietcong.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Total Commander\\TOTALCMD.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Cenega Czech\\VIETCONG\\vcded.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\PC\\Local Settings\\Data aplikací\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Adobe\\Adobe After Effects CS3\\Support Files\\AfterFX.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12124:TCP"= 12124:TCP:*:Disabled:BitComet 12124 TCP
"12124:UDP"= 12124:UDP:*:Disabled:BitComet 12124 UDP
"18482:TCP"= 18482:TCP:*:Disabled:BitComet 18482 TCP
"18482:UDP"= 18482:UDP:*:Disabled:BitComet 18482 UDP
R2 YOZPZUBM;YOZPZUBM; [x]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2prt.sys [2006-05-09 13824]
R3 NCHSSVAD;SoundTap Recorder;c:\windows\system32\drivers\nchssvad.sys [2008-09-21 21120]
S0 csdf;cdsf;c:\windows\System32\drivers\csdf.sys [2009-03-18 39440]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S3 GEMPC430;GEMPLUS GemPC430 USB Smart Card Reader;c:\windows\system32\DRIVERS\grclass.sys [2001-10-24 82432]
S3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2008-04-13 69120]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.idnes.cz/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: csob.cz\ib24
DPF: {1AE23F24-D3E4-4C57-8468-6618B9B8B70F} - hxxps://ib24.csob.cz/Comp/IcaSignerCZ.cab
DPF: {461A37E7-17B3-40E3-B6BB-7CAEC732C9E4} - hxxps://ib24.csob.cz/comp/CSOBEnroll.dll
FF - ProfilePath - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\b5mcnbn1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.pc-help.cz/
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-29 19:16
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="FB98FDB7BA8CF785D9E274B4E92661928BA388EC0247C39877DB979D424EAD69A2FC41914F366AFD36656A145E1D632D48F210732B5E6B78839B6E934131BE6614A0751016E6E76B67CB0BED6CAD66E7BE3EA1DF93E6AE2F91CB1A19EA90F522356D7B2E3DB5CDDAE9C0F605677D92E822913960D1BAA399FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A6A0AC4980AC7933A6171C11EC38DE3DE1A3344B8F39F21A68308373F12AD3DBF7F38BE9D5E058E56ED97FB52E6F837895520AD80AE7EDF1776D17560A6F7C93786C7C3F2C6CEB614B7A715A62B4B28AB4E3CED67B582CE393EA260A5BF70FF0CAA0A24583AAC301E95642B86DF2F6D8B29BD9E22FCA8D6C674EE396F6B2DC2A6D35AB8CD25BBA533B324085C9DE566B977F347A4383E62DAFFD39E3BE15A519F3137E0760C5A00C47196B5DC42E4EED015B1D04A94A016ABE2740BE6C17213B8468320BCAB3B70129587A407F1BCEB09DBE86C72BE91B0EF83AC8D98A367833D726145281F1382D1184D59170E43C2733FA98F2E0B2E3A3D6E9D64AF97249C63D8024FAC9D14BB041EF9C97624DEC69192A2C933AF8015DE6B022896CD0A5DE17F1178A3DA911CC91379FFEF01CAEB43C2550A07A110D8EC9499574EBDA158A5B36D56347539DE9EC3863D58F1BC1661D8CC771B7DA92B1B5B351CCD39B8F7C14CFFAD1292C759153942391049959834EC10941DBB314E173B3A73953A484086004D90478169574D633CA08E66A9C357AED3EB2270086625F53A2C0EC0AD5A8725AF58C9D76EBE3203EFD74A663A845DB7AC5C82CA6D2176C5C7AD17BE459FC10A08762D337DC5669238FF585DE8DA5C297B3EB519455879EE021BE28D1584592E8FA5EAEC43E6882138B1219BC4FE715B7CCE8D1B760628E33393B737112E86A0870BF11125BD84E86AD2EC9DFE446CA928C703C0537F76B6E9A6132E838F01816BDA9B395F309C3376996D72D3B1CEE24A116F273953DF5EBD0AF0BDFEF0CB3716A2123C6B881EFA1627AD2903367A22A6D52ACFE254B82CB9A867A83D40A653B33124225D4EB708972EDA179A04E9A280782F428895EFAF36CAA4F8473E2EBD788C943B0DE1878F327E6FD5849181E65B9E52AF056D85D8CEC47AD974E301B708FFAB1F0E8F7D02C4341F5A4EBB0896D03A17F62153DB900F8680EF45BAF5872A03BE76EF4A452403BBC69D9B6A74E0E96BE7A07C33635009F00BBD985431D8F478616B6F8D5EE0138FD90F64EB06F5C59A7F66FD1900B7F2363D606A970783C453A445B62EB28051989F3FC4B2406ADE62FA3AE253C86B7FCCB53BF9A620D328E9949F28E6B16A8EDCD717339FEBD1F8E87835C96CE89A4D656F6CE1DE490ED4CC951965078"
"OODEFRAG11.00.00.01WORKSTATION"="44F42D268D7A43144D45BF0A9B03856DDCEAEFCDB1085BF1FBB7E808BF1906A5DEDD4B3F01AF12EF1BA873926677889541CE8F87CC236AC5375100D288537D2EEB6A0DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933FEBC9E127BECC74CA2D97226D213B5553CEB6330261098FB987CC17BE4885417335E118C1631F8D2E8D48847EBCE9FB99D95D050AA0510D3135567D7C109B2D9472116B9721E90B9E9817CE211E85AEA5B772215C9131193C345A1707F342C7CB00459CDB1985D54CD8D37727BCFDB479E360D011C0CC4DF5B53F6D110520ABFCB95D1073E006CA0382DC07E301411A8F6C9490B5FD49991735DEF800BBED81BD5B5F893A8C18B52B3652605595BA71FD47D931B75E9C0B384149BF22C666D37F21CCD9824E44E4D2A137576C0DD176F0DF1AD1264D7AD08ECFB8B94CFCEDCF02C52552D0A7F8B2FED6342B7DAE9158E5919DA3F57C11B82EFEC54C4FB108059EAB512DD543D60C53158A52339E01EABD63D63EA99DC05CCB294905554D177B80078922AA3E029918E4B390497B7F2A287F795CD1F75AD41C074DC8EA65723859E1F6307BB3D0A4B80E59E9B50F71809503A41957DE79AF20960DB2B5FF12BEE5C85175B063B6B5CE9A5F8A0E6BD5426FB473BE56D271324DB02B259930877D6B6D7C4040C56F6E40DDEEE3AFEBBB474B5B6DBD3CE3AA4CEF0540BBC799638D00D980851009F1C3513B7AD85DFB70A258FF400E821BAA11F63AA93EC6BACDE28A11DFD86B43A0FD488AB63157988E71B80C288248CD69FF4AF277CF4E8EC21D91C8E4A5BA0DFC57F5D08C4EB5B9D25ECDFB15AF65AD075663AC4FB52148FF91888EC137D62DBFAA066718985B9F7DF67ECA95D47767EC23AC74FCBF934DD2646D508038B380F2FDEDBDC6C4CEE2BF68948E87EEEF54B67ED0466A951B4B8A9015706C89986EC258CD916AC2376621086F57C2EBC0D358832FB80D6B3A3934913C461972FD3FE63B7613B8F5E72DA114761CAE1F395CE0FE9A3679971B4758F00B966264A4E61369C57C0DCC6A6E4A765570911C60E3CA8B0D035BACC3E79CA7BB4B82E59C4422B2E026B5E1A7CE54431894439E2973B4750BD5C89FC3C4E0D7099CCEEC12C6817148FD7650981D71A2E0C5B5A64F8171E4A0920552BCBB82D7C31ECAAD91AAA1128907344B765472215D904F9DD1B332853349B75F8B08EC3702437A86E4C767278F781D341FC56984FCE4421558D852154A6B943F8D23BB0D1041DB23FA14B5C4820976FB043B97C7EAD78DA4500998BE7AABB1CB03C3E94DAC36318819F3D308D44237687D3B912F49B50399BC90C2CE16E37E19C9A2CD678B9262C5B6CF496F204DFCC3CEDB5633A21504FB865108B430513FAAB43"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-04-29 19:18
ComboFix-quarantined-files.txt 2009-04-29 17:18
ComboFix2.txt 2009-04-29 10:52
Před spuštěním: Volných bajtů: 186 578 780 160
Po spuštění: Volných bajtů: 186 582 294 528
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
197 --- E O F --- 2009-04-16 15:33
A tady HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:19:45, on 29.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Avast\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avast\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.idnes.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [gemstrmw] C:\WINDOWS\system32\gemstrmw.exe /r
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {1AE23F24-D3E4-4C57-8468-6618B9B8B70F} (ICASign Class) - https://ib24.csob.cz/Comp/IcaSignerCZ.cab
O16 - DPF: {461A37E7-17B3-40E3-B6BB-7CAEC732C9E4} (CSOBEnroll Class) - https://ib24.csob.cz/comp/CSOBEnroll.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4121181187
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
--
End of file - 5615 bytes
Jednoduchost je maximální propracovanost. - Leonardo da Vinci
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Preventivka - HJT + Combo
Log O.K:
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Pokud nejsou problémy , je to vše.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Pokud nejsou problémy , je to vše.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
Martimos
- Level 2.5
- Příspěvky: 337
- Registrován: listopad 08
- Bydliště: Praha
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Preventivka - HJT + Combo Vyřešeno
Dobře, díky.
Jednoduchost je maximální propracovanost. - Leonardo da Vinci
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 88 hostů