Prosím zkontrolovat log

Alliner · Příspěvekod **Alliner** » 14 srp 2009 16:56

Dobry den,
Prosím zkontrolovat log, v PC mám asi nějaké trojské koně a malware ale antivir nic nehlasi. Přikládám log z hijackthis, díky.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:48:25, on 14.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\Armen\Plocha\hijackthis(2).exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/ig?hl=cs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8440975906
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Zasílání zpráv o chybách ERSvcMpfService (ERSvcMpfService) - Unknown owner - C:\WINDOWS\system32\12520437n.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe

--
End of file - 9907 bytes

Reklama

Damned · Příspěvekod **Damned** » 14 srp 2009 17:13

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Alliner · Příspěvekod **Alliner** » 14 srp 2009 18:01

Malwarebytes' Anti-Malware 1.40
Verze databáze: 2623
Windows 5.1.2600 Service Pack 3

14.8.2009 18:00:41
mbam-log-2009-08-14 (18-00-30).txt

Typ skenu: Rychlý sken
Objektu skenováno: 96019
Uplynulý cas: 4 minute(s), 40 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 90
Infikované hodnoty registru: 0
Infikované položky dat registru: 3
Infikované složky: 0
Infikované soubory: 1

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGNT.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGUARD.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCAN.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdAgent.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASecurityCENTER.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdAgent.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KavStart.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSTUB.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyDBG.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regtool.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll (Security.Hijack) -> No action taken.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\WINDOWS\system32\12520437n.exe (Trojan.Agent) -> No action taken.

Damned · Příspěvekod **Damned** » 14 srp 2009 18:08

Si zkoušel šest antivirů najednou?

Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Alliner · Příspěvekod **Alliner** » 14 srp 2009 19:10

Malwarebytes' Anti-Malware 1.40
Verze databáze: 2623
Windows 5.1.2600 Service Pack 3

14.8.2009 18:42:47
mbam-log-2009-08-14 (18-42-47).txt

Typ skenu: Rychlý sken
Objektu skenováno: 95843
Uplynulý cas: 6 minute(s), 44 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

*************************************ComboFix*********************************************

ComboFix 09-08-10.06 - Armen 14.08.2009 19:00.2.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.591 [GMT 2:00]
Spuštěný z: c:\documents and settings\Armen\Plocha\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\patchw32.dll
c:\windows\pw32a.dll
c:\windows\system32\auto.exe
c:\windows\ystem3~1

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ERSVCMPFSERVICE
-------\Service_ERSvcMpfService

((((((((((((((((((((((((( Soubory vytvořené od 2009-07-14 do 2009-08-14 )))))))))))))))))))))))))))))))
.

2009-08-14 15:49 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-14 15:49 . 2009-08-14 15:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-14 15:49 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-13 17:57 . 2009-08-13 17:57 -------- d-----w- c:\documents and settings\Armen\WINDOWS
2009-08-13 17:06 . 2009-08-13 17:06 -------- d-----w- C:\?ind?ws
2009-08-13 17:06 . 2009-08-13 17:06 -------- d-----w- C:\?ind?ws
2009-08-13 17:06 . 2009-08-13 17:06 -------- d-----w- C:\?ind?ws
2009-08-13 17:06 . 2009-08-13 17:06 -------- d-----w- C:\?ind?ws
2009-08-13 16:48 . 2009-08-13 16:48 -------- d-----w- C:\?ind?ws
2009-08-13 16:41 . 2009-08-13 16:41 -------- d-----w- c:\windows\?yst?m32
2009-08-13 16:41 . 2009-08-13 16:41 -------- d-----w- C:\?ind?ws
2009-08-13 16:41 . 2009-08-13 16:41 -------- d-----w- C:\?ind?ws
2009-08-13 16:37 . 2009-08-13 16:37 -------- d-----w- C:\?ind?ws
2009-08-13 16:36 . 2009-08-13 17:06 -------- d-----w- C:\wind?ws
2009-08-13 16:36 . 2009-08-13 16:36 -------- d-----w- c:\windows\?ystem32
2009-08-13 16:36 . 2009-08-13 16:36 -------- d-----w- c:\windows\?yst?m32?dri?ers
2009-08-13 16:36 . 2009-08-13 16:36 -------- d-----w- c:\windows\?yst?m32?dri?ers
2009-08-13 16:36 . 2009-08-13 16:36 -------- d-----w- C:\?indows
2009-08-13 16:36 . 2009-08-13 16:36 -------- d-----w- C:\?ind?ws
2009-08-13 16:36 . 2009-08-13 16:36 -------- d-----w- C:\?indows
2009-08-13 16:36 . 2009-08-13 16:36 -------- d-----w- C:\?ind?ws
2009-08-13 16:36 . 2009-08-13 16:36 -------- d-----w- C:\?ind?ws
2009-08-13 16:36 . 2009-08-13 16:36 -------- d-----w- C:\?ind?ws
2009-08-12 14:47 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 13:48 . 2009-08-13 16:36 -------- d-----w- C:\?indows
2009-08-12 13:47 . 2009-08-12 13:47 -------- d-----w- C:\?ind?ws
2009-08-12 13:47 . 2009-08-12 13:47 -------- d-----w- C:\?ind?ws
2009-08-12 13:47 . 2009-08-12 13:47 -------- d-----w- C:\?ind?ws
2009-08-12 13:42 . 2009-08-12 13:42 -------- d-----w- C:\?ind?ws
2009-08-08 11:11 . 2008-04-14 06:51 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2009-08-08 11:11 . 2008-04-14 06:51 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-08-08 11:11 . 2008-04-14 05:59 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-08-08 11:11 . 2008-04-14 05:59 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-08-08 11:11 . 2008-04-13 22:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-08-08 11:11 . 2008-04-13 22:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-08-05 09:01 . 2009-08-05 09:01 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-29 14:25 . 2009-07-03 16:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-29 14:25 . 2009-07-03 16:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-19 12:39 . 2009-07-19 12:39 -------- d-----w- c:\program files\Luxand
2009-07-19 12:38 . 2009-07-19 12:38 -------- d-----w- c:\program files\Common Files\Java
2009-07-17 19:04 . 2009-07-17 19:04 58880 -c----w- c:\windows\system32\dllcache\atl.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-14 16:33 . 2009-03-29 16:00 94208 ----a-w- c:\windows\DUMP3cf9.tmp
2009-08-14 16:32 . 2009-03-29 16:00 94208 ----a-w- c:\windows\DUMP3b05.tmp
2009-08-14 14:50 . 2009-04-02 12:37 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-13 18:01 . 2009-06-21 12:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-06 11:59 . 2009-03-30 19:11 -------- d-----w- c:\program files\Java
2009-08-05 19:03 . 2009-06-23 19:17 -------- d-----w- c:\program files\McAfee
2009-08-05 09:01 . 2004-08-18 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 18:19 . 2009-04-06 18:19 -------- d-----w- c:\program files\bwin
2009-07-31 10:54 . 2009-03-29 16:00 94208 ----a-w- c:\windows\DUMP4630.tmp
2009-07-31 10:51 . 2009-03-29 16:00 94208 ----a-w- c:\windows\DUMP4650.tmp
2009-07-31 10:48 . 2009-03-29 16:00 94208 ----a-w- c:\windows\DUMP467e.tmp
2009-07-25 03:23 . 2009-03-30 18:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-23 18:53 . 2009-04-02 17:01 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-07-17 19:04 . 2004-08-18 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 13:45 . 2009-05-16 12:31 -------- d-----w- c:\program files\DivX
2009-07-13 21:43 . 2004-08-18 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 18:54 . 2009-03-29 16:00 94208 ----a-w- c:\windows\DUMP449a.tmp
2009-07-04 08:44 . 2009-03-29 16:00 94208 ----a-w- c:\windows\DUMP46dc.tmp
2009-07-04 08:42 . 2009-03-29 16:00 94208 ----a-w- c:\windows\DUMP4a76.tmp
2009-07-03 16:59 . 2004-08-18 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-23 19:18 . 2009-06-23 19:17 -------- d-----w- c:\program files\Common Files\McAfee
2009-06-23 19:17 . 2009-06-23 19:17 -------- d-----w- c:\program files\McAfee.com
2009-06-21 11:41 . 2009-06-21 11:41 -------- d-----w- c:\program files\Uniblue
2009-06-21 11:29 . 2009-06-04 10:47 -------- d-----w- c:\program files\ThreatFire
2009-06-21 11:12 . 2009-06-21 09:57 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-21 10:55 . 2009-06-21 10:55 -------- d-----w- c:\program files\Driver-Soft
2009-06-19 17:01 . 2009-06-19 17:01 -------- d-----w- c:\program files\ImgBurn
2009-06-16 14:40 . 2004-08-18 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2004-08-18 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:45 . 2004-08-18 12:00 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:45 . 2004-08-18 12:00 81408 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 14:15 . 2004-08-18 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2009-03-29 15:02 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:16 . 2004-08-18 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:11 . 2004-08-18 12:00 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-06-03 11:19 . 2009-05-27 15:01 100 --s-a-w- c:\windows\system32\1488658540.dat
2009-05-22 08:26 . 2009-05-22 08:26 32854 ----a-w- c:\windows\iniLS.dat
2009-05-22 08:26 . 2009-05-22 08:26 14368 ----a-w- c:\windows\skype.dat
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-24 339968]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-25 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-08-15 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-2 110592]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [23.6.2009 21:20 203280]
R3 RT2400;ASUS Wireless Driver;c:\windows\system32\drivers\RT2400.sys [31.3.2009 15:29 51712]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 LuaPhisbut;LuaPhisbut;c:\windows\System32\svchost.exe -k netsvcs [18.8.2004 14:00 14336]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
LuaPhisbut

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-06-23 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-23 08:53]

2009-06-23 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-23 08:53]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/ig?hl=cs
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
FF - ProfilePath - c:\documents and settings\Armen\Data aplikací\Mozilla\Firefox\Profiles\l8nfp0sm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/ig?hl=cs&source=iglk
FF - component: c:\documents and settings\Armen\Data aplikací\Mozilla\Firefox\Profiles\l8nfp0sm.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\documents and settings\Armen\Data aplikací\Mozilla\Firefox\Profiles\l8nfp0sm.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-14 19:04
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2952)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\program files\Photodex\ProShowProducer\scsiaccess.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-08-14 19:07 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-14 17:07

Před spuštěním: Volných bajtů: 22 099 906 560
Po spuštění: Volných bajtů: 22 158 921 728

224 --- E O F --- 2009-08-12 20:48

Damned · Příspěvekod **Damned** » 14 srp 2009 19:34

Tyto složky:
C:\?ind?ws
c:\windows\?yst?m32
c:\windows\?yst?m32?dri?ers

máš skutečně v PC?
*****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\DUMP3cf9.tmp
c:\windows\DUMP3b05.tmp
c:\windows\DUMP4630.tmp
c:\windows\DUMP4650.tmp
c:\windows\DUMP467e.tmp
c:\windows\system32\KGyGaAvL.sys
c:\windows\DUMP449a.tmp
c:\windows\DUMP46dc.tmp
c:\windows\DUMP4a76.tmp
c:\windows\system32\1488658540.dat
c:\windows\iniLS.dat
c:\windows\skype.dat

Folder::
c:\windows\DUMP3cf9.tmp
c:\windows\DUMP3b05.tmp
c:\windows\DUMP4630.tmp
c:\windows\DUMP4650.tmp
c:\windows\DUMP467e.tmp
c:\windows\DUMP449a.tmp
c:\windows\DUMP46dc.tmp
c:\windows\DUMP4a76.tmp

Driver::
KGyGaAvL
TfFsMon;TfFsMon
TfFsMon
TfSysMon;TfSysMon
TfSysMon
TfNetMon
TfNetMon;TfNetMon

NetSvc::
LuaPhisbut

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

Alliner · Příspěvekod **Alliner** » 16 srp 2009 11:19

Ano mam ty složky na C a jsou prazdny, mam to smazat? Diky

Alliner · Příspěvekod **Alliner** » 16 srp 2009 11:54

počitač jakoby chova se dobre, už sam furt restatartuje, pri startu už nejsou nejaky hlašky o ukončeni programu. Diky

************************************ComboFix***************************************************************

ComboFix 09-08-10.06 - Armen 16.08.2009 11:26.3.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.604 [GMT 2:00]
Spuštěný z: c:\documents and settings\Armen\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Armen\Plocha\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Vytvořen nový Bod Obnovení

FILE ::
"c:\windows\DUMP3b05.tmp"
"c:\windows\DUMP3cf9.tmp"
"c:\windows\DUMP449a.tmp"
"c:\windows\DUMP4630.tmp"
"c:\windows\DUMP4650.tmp"
"c:\windows\DUMP467e.tmp"
"c:\windows\DUMP46dc.tmp"
"c:\windows\DUMP4a76.tmp"
"c:\windows\iniLS.dat"
"c:\windows\skype.dat"
"c:\windows\system32\1488658540.dat"
"c:\windows\system32\KGyGaAvL.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\DUMP3b05.tmp
c:\windows\DUMP3cf9.tmp
c:\windows\DUMP449a.tmp
c:\windows\DUMP4630.tmp
c:\windows\DUMP4650.tmp
c:\windows\DUMP467e.tmp
c:\windows\DUMP46dc.tmp
c:\windows\DUMP4a76.tmp
c:\windows\iniLS.dat
c:\windows\skype.dat
c:\windows\system32\1488658540.dat
c:\windows\system32\KGyGaAvL.sys

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TFFSMON
-------\Legacy_TFNETMON
-------\Legacy_TFSYSMON
-------\Service_TfFsMon
-------\Service_TfNetMon
-------\Service_TfSysMon

((((((((((((((((((((((((( Soubory vytvořené od 2009-07-16 do 2009-08-16 )))))))))))))))))))))))))))))))
.

2009-08-14 15:49 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-14 15:49 . 2009-08-14 15:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-14 15:49 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-13 17:57 . 2009-08-13 17:57 -------- d-----w- c:\documents and settings\Armen\WINDOWS
2009-08-13 17:06 . 2009-08-13 17:06 -------- d-----w- C:\?ind?ws
2009-08-13 17:06 . 2009-08-13 17:06 -------- d-----w- C:\?ind?ws
2009-08-13 17:06 . 2009-08-13 17:06 -------- d-----w- C:\?ind?ws
2009-08-13 17:06 . 2009-08-13 17:06 -------- d-----w- C:\?ind?ws
2009-08-13 16:48 . 2009-08-13 16:48 -------- d-----w- C:\?ind?ws
2009-08-13 16:41 . 2009-08-13 16:41 -------- d-----w- c:\windows\?yst?m32
2009-08-13 16:41 . 2009-08-13 16:41 -------- d-----w- C:\?ind?ws
2009-08-13 16:41 . 2009-08-13 16:41 -------- d-----w- C:\?ind?ws
2009-08-13 16:37 . 2009-08-13 16:37 -------- d-----w- C:\?ind?ws
2009-08-13 16:36 . 2009-08-13 17:06 -------- d-----w- C:\wind?ws
2009-08-13 16:36 . 2009-08-13 16:36 -------- d-----w- c:\windows\?ystem32
2009-08-13 16:36 . 2009-08-13 16:36 -------- d-----w- c:\windows\?yst?m32?dri?ers
2009-08-13 16:36 . 2009-08-13 16:36 -------- d-----w- c:\windows\?yst?m32?dri?ers
2009-08-13 16:36 . 2009-08-13 16:36 -------- d-----w- C:\?indows
2009-08-13 16:36 . 2009-08-13 16:36 -------- d-----w- C:\?ind?ws
2009-08-13 16:36 . 2009-08-13 16:36 -------- d-----w- C:\?indows
2009-08-13 16:36 . 2009-08-13 16:36 -------- d-----w- C:\?ind?ws
2009-08-13 16:36 . 2009-08-13 16:36 -------- d-----w- C:\?ind?ws
2009-08-13 16:36 . 2009-08-13 16:36 -------- d-----w- C:\?ind?ws
2009-08-12 14:47 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 13:48 . 2009-08-13 16:36 -------- d-----w- C:\?indows
2009-08-12 13:47 . 2009-08-12 13:47 -------- d-----w- C:\?ind?ws
2009-08-12 13:47 . 2009-08-12 13:47 -------- d-----w- C:\?ind?ws
2009-08-12 13:47 . 2009-08-12 13:47 -------- d-----w- C:\?ind?ws
2009-08-12 13:42 . 2009-08-12 13:42 -------- d-----w- C:\?ind?ws
2009-08-08 11:11 . 2008-04-14 06:51 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2009-08-08 11:11 . 2008-04-14 06:51 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-08-08 11:11 . 2008-04-14 05:59 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-08-08 11:11 . 2008-04-14 05:59 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-08-08 11:11 . 2008-04-13 22:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-08-08 11:11 . 2008-04-13 22:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-08-05 09:01 . 2009-08-05 09:01 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-29 14:25 . 2009-07-03 16:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-29 14:25 . 2009-07-03 16:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-19 12:39 . 2009-07-19 12:39 -------- d-----w- c:\program files\Luxand
2009-07-19 12:38 . 2009-07-19 12:38 -------- d-----w- c:\program files\Common Files\Java
2009-07-17 19:04 . 2009-07-17 19:04 58880 -c----w- c:\windows\system32\dllcache\atl.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-14 14:50 . 2009-04-02 12:37 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-13 18:01 . 2009-06-21 12:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-06 11:59 . 2009-03-30 19:11 -------- d-----w- c:\program files\Java
2009-08-05 19:03 . 2009-06-23 19:17 -------- d-----w- c:\program files\McAfee
2009-08-05 09:01 . 2004-08-18 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 18:19 . 2009-04-06 18:19 -------- d-----w- c:\program files\bwin
2009-07-25 03:23 . 2009-03-30 18:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:04 . 2004-08-18 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 13:45 . 2009-05-16 12:31 -------- d-----w- c:\program files\DivX
2009-07-13 21:43 . 2004-08-18 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:59 . 2004-08-18 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-23 19:18 . 2009-06-23 19:17 -------- d-----w- c:\program files\Common Files\McAfee
2009-06-23 19:17 . 2009-06-23 19:17 -------- d-----w- c:\program files\McAfee.com
2009-06-21 11:41 . 2009-06-21 11:41 -------- d-----w- c:\program files\Uniblue
2009-06-21 11:29 . 2009-06-04 10:47 -------- d-----w- c:\program files\ThreatFire
2009-06-21 11:12 . 2009-06-21 09:57 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-21 10:55 . 2009-06-21 10:55 -------- d-----w- c:\program files\Driver-Soft
2009-06-19 17:01 . 2009-06-19 17:01 -------- d-----w- c:\program files\ImgBurn
2009-06-16 14:40 . 2004-08-18 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2004-08-18 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:45 . 2004-08-18 12:00 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:45 . 2004-08-18 12:00 81408 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 14:15 . 2004-08-18 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2009-03-29 15:02 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:16 . 2004-08-18 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:11 . 2004-08-18 12:00 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-14_17.04.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-16 09:32 . 2009-08-16 09:32 16384 c:\windows\Temp\Perflib_Perfdata_4a8.dat
- 2009-03-29 15:17 . 2009-08-14 14:27 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-29 15:17 . 2009-08-16 09:17 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-29 15:17 . 2009-08-16 09:17 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-29 15:17 . 2009-08-14 14:27 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-08-14 17:02 . 2009-08-14 17:02 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-16 09:30 . 2009-08-16 09:30 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-16 09:30 . 2009-08-16 09:30 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
- 2009-08-14 17:02 . 2009-08-14 17:02 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
- 2009-06-10 14:33 . 2009-08-14 14:27 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-06-10 14:33 . 2009-08-16 09:17 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-08-14 17:02 . 2009-08-14 17:02 274432 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
+ 2009-08-16 09:30 . 2009-08-16 09:30 274432 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
- 2009-08-14 17:02 . 2009-08-14 17:02 229376 c:\windows\ERDNT\subs\Users\00000003\ntuser.dat
+ 2009-08-16 09:30 . 2009-08-16 09:30 229376 c:\windows\ERDNT\subs\Users\00000003\ntuser.dat
- 2009-08-14 17:02 . 2009-08-14 17:02 229376 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-16 09:30 . 2009-08-16 09:30 229376 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-16 09:30 . 2009-08-16 09:30 7544832 c:\windows\ERDNT\subs\Users\00000005\ntuser.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-24 339968]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-25 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-08-15 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-2 110592]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [23.6.2009 21:20 203280]
R3 RT2400;ASUS Wireless Driver;c:\windows\system32\drivers\RT2400.sys [31.3.2009 15:29 51712]
S2 LuaPhisbut;LuaPhisbut;c:\windows\System32\svchost.exe -k netsvcs [18.8.2004 14:00 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-06-23 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-23 08:53]

2009-06-23 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-23 08:53]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/ig?hl=cs
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
FF - ProfilePath - c:\documents and settings\Armen\Data aplikací\Mozilla\Firefox\Profiles\l8nfp0sm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/ig?hl=cs&source=iglk
FF - component: c:\documents and settings\Armen\Data aplikací\Mozilla\Firefox\Profiles\l8nfp0sm.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\documents and settings\Armen\Data aplikací\Mozilla\Firefox\Profiles\l8nfp0sm.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-16 11:32
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2676)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\program files\Photodex\ProShowProducer\scsiaccess.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-08-16 11:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-16 09:35
ComboFix2.txt 2009-08-14 17:07

Před spuštěním: Volných bajtů: 22 116 188 160
Po spuštění: Volných bajtů: 22 066 016 256

256 --- E O F --- 2009-08-12 20:48
_______________________________________________________________________

*****************************************hijackthis*********************************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:45, on 16.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Armen\Plocha\hijackthis(2).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/ig?hl=cs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8440975906
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe

--
End of file - 8731 bytes

-----------------------------------------------------------------------------------------------

Damned · Příspěvekod **Damned** » 16 srp 2009 17:38

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

Collect::
C:\wind?ws
c:\windows\?ystem32
c:\windows\?yst?m32?dri?ers

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Na Ploše se ti objeví soubor s názvem ve tvaru submit[datum-čas].zip

V něm budou tyto složky: C:\wind?ws;c:\windows\?ystem32;c:\windows\?yst?m32?dri?ers .
Pokud to nebude překážet v chodu PC, zip smaž.

Alliner · Příspěvekod **Alliner** » 16 srp 2009 20:37

Dobry večer,
žadny soubor .zip na ploše neobjevil, dole dal jsem vše složky co mam na .C. Diky

*******************ComboFix********************

ComboFix 09-08-10.06 - Armen 16.08.2009 20:21.4.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.660 [GMT 2:00]
Spuštěný z: c:\documents and settings\Armen\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Armen\Plocha\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-07-16 do 2009-08-16 )))))))))))))))))))))))))))))))
.

2009-08-14 15:49 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-14 15:49 . 2009-08-14 15:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-14 15:49 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-13 17:57 . 2009-08-13 17:57 -------- d-----w- c:\documents and settings\Armen\WINDOWS
2009-08-13 17:06 . 2009-08-13 17:06 -------- d-----w- C:\?ind?ws
2009-08-13 17:06 . 2009-08-13 17:06 -------- d-----w- C:\?ind?ws
2009-08-13 17:06 . 2009-08-13 17:06 -------- d-----w- C:\?ind?ws
2009-08-13 17:06 . 2009-08-13 17:06 -------- d-----w- C:\?ind?ws
2009-08-13 16:48 . 2009-08-13 16:48 -------- d-----w- C:\?ind?ws
2009-08-13 16:41 . 2009-08-13 16:41 -------- d-----w- c:\windows\?yst?m32
2009-08-13 16:41 . 2009-08-13 16:41 -------- d-----w- C:\?ind?ws
2009-08-13 16:41 . 2009-08-13 16:41 -------- d-----w- C:\?ind?ws
2009-08-13 16:37 . 2009-08-13 16:37 -------- d-----w- C:\?ind?ws
2009-08-13 16:36 . 2009-08-13 17:06 -------- d-----w- C:\wind?ws
2009-08-13 16:36 . 2009-08-13 16:36 -------- d-----w- c:\windows\?ystem32
2009-08-13 16:36 . 2009-08-13 16:36 -------- d-----w- c:\windows\?yst?m32?dri?ers
2009-08-13 16:36 . 2009-08-13 16:36 -------- d-----w- c:\windows\?yst?m32?dri?ers
2009-08-13 16:36 . 2009-08-13 16:36 -------- d-----w- C:\?indows
2009-08-13 16:36 . 2009-08-13 16:36 -------- d-----w- C:\?ind?ws
2009-08-13 16:36 . 2009-08-13 16:36 -------- d-----w- C:\?indows
2009-08-13 16:36 . 2009-08-13 16:36 -------- d-----w- C:\?ind?ws
2009-08-13 16:36 . 2009-08-13 16:36 -------- d-----w- C:\?ind?ws
2009-08-13 16:36 . 2009-08-13 16:36 -------- d-----w- C:\?ind?ws
2009-08-12 14:47 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 13:48 . 2009-08-13 16:36 -------- d-----w- C:\?indows
2009-08-12 13:47 . 2009-08-12 13:47 -------- d-----w- C:\?ind?ws
2009-08-12 13:47 . 2009-08-12 13:47 -------- d-----w- C:\?ind?ws
2009-08-12 13:47 . 2009-08-12 13:47 -------- d-----w- C:\?ind?ws
2009-08-12 13:42 . 2009-08-12 13:42 -------- d-----w- C:\?ind?ws
2009-08-08 11:11 . 2008-04-14 06:51 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2009-08-08 11:11 . 2008-04-14 06:51 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-08-08 11:11 . 2008-04-14 05:59 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-08-08 11:11 . 2008-04-14 05:59 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-08-08 11:11 . 2008-04-13 22:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-08-08 11:11 . 2008-04-13 22:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-08-05 09:01 . 2009-08-05 09:01 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-29 14:25 . 2009-07-03 16:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-29 14:25 . 2009-07-03 16:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-19 12:39 . 2009-07-19 12:39 -------- d-----w- c:\program files\Luxand
2009-07-19 12:38 . 2009-07-19 12:38 -------- d-----w- c:\program files\Common Files\Java
2009-07-17 19:04 . 2009-07-17 19:04 58880 -c----w- c:\windows\system32\dllcache\atl.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-16 12:17 . 2009-04-02 12:37 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-13 18:01 . 2009-06-21 12:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-06 11:59 . 2009-03-30 19:11 -------- d-----w- c:\program files\Java
2009-08-05 19:03 . 2009-06-23 19:17 -------- d-----w- c:\program files\McAfee
2009-08-05 09:01 . 2004-08-18 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 18:19 . 2009-04-06 18:19 -------- d-----w- c:\program files\bwin
2009-07-25 03:23 . 2009-03-30 18:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:04 . 2004-08-18 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 13:45 . 2009-05-16 12:31 -------- d-----w- c:\program files\DivX
2009-07-13 21:43 . 2004-08-18 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:59 . 2004-08-18 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-23 19:18 . 2009-06-23 19:17 -------- d-----w- c:\program files\Common Files\McAfee
2009-06-23 19:17 . 2009-06-23 19:17 -------- d-----w- c:\program files\McAfee.com
2009-06-21 11:41 . 2009-06-21 11:41 -------- d-----w- c:\program files\Uniblue
2009-06-21 11:29 . 2009-06-04 10:47 -------- d-----w- c:\program files\ThreatFire
2009-06-21 11:12 . 2009-06-21 09:57 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-21 10:55 . 2009-06-21 10:55 -------- d-----w- c:\program files\Driver-Soft
2009-06-19 17:01 . 2009-06-19 17:01 -------- d-----w- c:\program files\ImgBurn
2009-06-16 14:40 . 2004-08-18 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2004-08-18 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:45 . 2004-08-18 12:00 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:45 . 2004-08-18 12:00 81408 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 14:15 . 2004-08-18 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2009-03-29 15:02 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:16 . 2004-08-18 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:11 . 2004-08-18 12:00 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-14_17.04.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-16 18:06 . 2009-08-16 18:06 16384 c:\windows\Temp\Perflib_Perfdata_3ec.dat
- 2009-03-29 15:17 . 2009-08-14 14:27 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-29 15:17 . 2009-08-16 18:12 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-29 15:17 . 2009-08-16 18:12 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-29 15:17 . 2009-08-14 14:27 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-08-14 17:02 . 2009-08-14 17:02 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-16 09:30 . 2009-08-16 09:30 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-16 09:30 . 2009-08-16 09:30 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
- 2009-08-14 17:02 . 2009-08-14 17:02 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
- 2009-06-10 14:33 . 2009-08-14 14:27 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-06-10 14:33 . 2009-08-16 18:12 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-08-14 17:02 . 2009-08-14 17:02 274432 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
+ 2009-08-16 09:30 . 2009-08-16 09:30 274432 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
- 2009-08-14 17:02 . 2009-08-14 17:02 229376 c:\windows\ERDNT\subs\Users\00000003\ntuser.dat
+ 2009-08-16 09:30 . 2009-08-16 09:30 229376 c:\windows\ERDNT\subs\Users\00000003\ntuser.dat
- 2009-08-14 17:02 . 2009-08-14 17:02 229376 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-16 09:30 . 2009-08-16 09:30 229376 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-16 09:30 . 2009-08-16 09:30 7544832 c:\windows\ERDNT\subs\Users\00000005\ntuser.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-24 339968]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-25 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-08-15 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-2 110592]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [23.6.2009 21:20 203280]
R3 RT2400;ASUS Wireless Driver;c:\windows\system32\drivers\RT2400.sys [31.3.2009 15:29 51712]
S2 LuaPhisbut;LuaPhisbut;c:\windows\System32\svchost.exe -k netsvcs [18.8.2004 14:00 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-06-23 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-23 08:53]

2009-06-23 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-23 08:53]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/ig?hl=cs
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
FF - ProfilePath - c:\documents and settings\Armen\Data aplikací\Mozilla\Firefox\Profiles\l8nfp0sm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/ig?hl=cs&source=iglk
FF - component: c:\documents and settings\Armen\Data aplikací\Mozilla\Firefox\Profiles\l8nfp0sm.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\documents and settings\Armen\Data aplikací\Mozilla\Firefox\Profiles\l8nfp0sm.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-16 20:24
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(484)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2009-08-16 20:26
ComboFix-quarantined-files.txt 2009-08-16 18:26
ComboFix2.txt 2009-08-16 09:35
ComboFix3.txt 2009-08-14 17:07

Před spuštěním: Volných bajtů: 22 131 216 384
Po spuštění: Volných bajtů: 22 083 530 752

194 --- E O F --- 2009-08-12 20:48

*********************HijackThis**************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:31:39, on 16.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE
C:\WINDOWS\system32\WISPTIS.EXE
C:\Documents and Settings\Armen\Plocha\hijackthis(2).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/ig?hl=cs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8440975906
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe

--
End of file - 8974 bytes

****************************obsah C***********************************

[≷ind≯ws]
[≷indows]
[≷ind⁯ws]
[≷ind は ws]
[≷ind㉯ws]
[⁷indows]
[⁷indůws]
[⁷indၯws]
[⁷ind⁯ws]
[ⅷindɯws]
[ⅷindows]
[ⅷind⁯ws]
[ⅷind は ws]
[AHCache]
[ATI]
[cmdcons]
[ComboFix]
[divx]
[Documents
[Drupal]
[㍷ind≯ws]
[ͷind⍯ws]
[ͷindⅯws]
[ͷindows]
[ၷindows]
[ቷindows]
[፷indows]
[㍷indows]
[㍷indůws]
[㍷indͯws]
[ɷindows]
[ɷind⁯ws]
[ɷind は ws]
[ɷindㅯws]
[ɷindᅯws]
[Prestashop]
[Program Files]
[Qoobox]
[ၰrogram files]
[System Volume
[Űrogram Ⅶiles]
[wind≯ws]
[wind⍯ws]
[windⅯws]
[windɯws]
[WINDOWS]
[windůws]
[windၯws]
[wind፯ws]
[wind⁯ws]
[wind は ws]
[windㅯws]
[windᅯws]
[Wordpress]
[www]
[ŷind≯ws]
[ŷindows]
[ ぷ indⅯws]
[ ぷ indows]
[ ぷ indၯws]
[ ぷ indቯws]
[ ぷ ind㍯ws]
[ㅷindɯws]
[ㅷindows]
[ㅷindͯws]
[ㅷindቯws]
[ᅷind≯ws]
[ᅷindows]
[㉷indows]

Damned · Příspěvekod **Damned** » 16 srp 2009 20:58

Poprosil bych o ty logy.

Alliner · Příspěvekod **Alliner** » 16 srp 2009 21:36

logy jsem poslal.

Prosím zkontrolovat log Vyřešeno

Prosím zkontrolovat log

Re: Prosím zkontrolovat log

Re: Prosím zkontrolovat log

Re: Prosím zkontrolovat log

Re: Prosím zkontrolovat log

Re: Prosím zkontrolovat log

Re: Prosím zkontrolovat log

Re: Prosím zkontrolovat log

Re: Prosím zkontrolovat log

Re: Prosím zkontrolovat log

Re: Prosím zkontrolovat log

Re: Prosím zkontrolovat log

Kdo je online