Prosím o kontrolu logu z HJT + MBAM (zasekávání PC)

boomsta89 · Příspěvekod **boomsta89** » 26 srp 2009 09:37

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:36:46, on 26.8.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Nexus Radio\Nexus Radio.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\program files\steam-cs\steam.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\All Users\Data aplikací\Sukoku\sukoku113.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sukoku\sukoku.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ta/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\1.5.6.910\HPIEAddOn.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.7.0.4550\NPIEAddOn.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.4.0.970\ssd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Nexus Radio] C:\Program Files\Nexus Radio\Nexus Radio.exe -0
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "c:\program files\steam-cs\steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{06A27AFE-CF59-4724-A195-D8C76C57AFCB}: NameServer = 213.180.32.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{06A27AFE-CF59-4724-A195-D8C76C57AFCB}: NameServer = 213.180.32.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{06A27AFE-CF59-4724-A195-D8C76C57AFCB}: NameServer = 213.180.32.2
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sukoku Service - Unknown owner - C:\Documents and Settings\All Users\Data aplikací\Sukoku\sukoku113.exe

--
End of file - 6587 bytes

Reklama

boomsta89 · Příspěvekod **boomsta89** » 26 srp 2009 09:50

zde je ještě log z MBAMu
______________________________________

Malwarebytes' Anti-Malware 1.39
Verze databáze: 2462
Windows 5.1.2600 Service Pack 2

26.8.2009 9:49:31
mbam-log-2009-08-26 (09-49-23).txt

Typ skenu: Rychlý sken
Objektu skenováno: 88906
Uplynulý cas: 7 minute(s), 9 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 4
Infikované klíce registru: 20
Infikované hodnoty registru: 1
Infikované položky dat registru: 0
Infikované složky: 19
Infikované soubory: 35

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
C:\Program Files\Media Access Startup\1.5.6.910\HPCommon.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.6.910\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.7.0.4550\NPCommon.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.7.0.4550\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> No action taken.

Infikované klíce registru:
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
C:\Program Files\DoubleD (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.6.910 (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.6.910\Data (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.6.910\FF (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.6.910\FF\chrome (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.6.910\FF\chrome\content (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.6.910\FF\components (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.7.0.4550 (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.7.0.4550\Data (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.7.0.4550\FF (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.7.0.4550\FF\chrome (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.7.0.4550\FF\chrome\content (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.7.0.4550\FF\components (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> No action taken.
c:\program files\system search dispatcher\1.4.0.970 (Adware.DoubleD) -> No action taken.
c:\program files\system search dispatcher\1.4.0.970\Data (Adware.DoubleD) -> No action taken.

Infikované soubory:
C:\Program Files\Media Access Startup\1.5.6.910\HPIEAddOn.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.4.0.970\ssd.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.7.0.4550\NPIEAddOn.dll (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.6.910\HPCommon.dll (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.6.910\hppx.exe (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.6.910\MAHelper.exe (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.6.910\unins000.dat (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.6.910\unins000.exe (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.6.910\Data\config.md (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.6.910\FF\chrome.manifest (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.6.910\FF\install.rdf (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.6.910\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.6.910\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.6.910\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.6.910\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.6.910\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.6.910\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.7.0.4550\adwpx.exe (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.7.0.4550\NPCommon.dll (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.7.0.4550\unins000.dat (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.7.0.4550\unins000.exe (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.7.0.4550\Data\config.md (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.7.0.4550\FF\chrome.manifest (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.7.0.4550\FF\install.rdf (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.7.0.4550\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.7.0.4550\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.7.0.4550\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.7.0.4550\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.7.0.4550\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.7.0.4550\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> No action taken.
c:\program files\system search dispatcher\1.4.0.970\unins000.dat (Adware.DoubleD) -> No action taken.
c:\program files\system search dispatcher\1.4.0.970\unins000.exe (Adware.DoubleD) -> No action taken.
c:\program files\system search dispatcher\1.4.0.970\Data\eacore.mx (Adware.DoubleD) -> No action taken.
c:\program files\system search dispatcher\1.4.0.970\Data\URLDynamic.mx (Adware.DoubleD) -> No action taken.
c:\program files\system search dispatcher\1.4.0.970\Data\URLStatic.mx (Adware.DoubleD) -> No action taken.

boomsta89 · Příspěvekod **boomsta89** » 26 srp 2009 22:40

mohl by mi někdo pomoci?

Damned · Příspěvekod **Damned** » 26 srp 2009 22:50

Takže spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

boomsta89 · Příspěvekod **boomsta89** » 27 srp 2009 10:11

Dobrý den, děkuji za pomoc.
Všechny soubory, které MBAM našel, jsem již dříve odstranil, proto sem nemůžu dát ten správný log.

Zde je log z ComboFixu

____________________________________________________

ComboFix 09-08-26.05 - Tony 27.08.2009 10:03.8.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.767.519 [GMT 2:00]
Spuštěný z: c:\documents and settings\Tony\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090826-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\regedit.com
c:\windows\system32\ieuinit.inf
c:\windows\system32\nerocheck.exe
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-27 do 2009-08-27 )))))))))))))))))))))))))))))))
.

2009-08-26 16:18 . 2009-08-26 16:24 -------- d-----w- c:\program files\TmNationsForever
2009-08-26 08:17 . 2009-08-26 08:17 -------- d-----w- C:\_OTL
2009-08-25 09:23 . 2009-08-25 09:23 -------- d-----w- c:\program files\Sector69
2009-08-23 08:39 . 2009-08-23 08:39 8 ----a-w- c:\windows\system32\nvModes.dat
2009-08-22 20:45 . 2009-08-27 07:38 -------- d-----w- c:\program files\Steam-CS
2009-08-22 20:09 . 2009-08-22 20:11 -------- d-----w- c:\windows\nview
2009-08-22 20:09 . 2006-10-22 10:22 208896 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-22 20:08 . 2006-10-22 13:06 208896 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-08-22 20:08 . 2009-08-22 20:08 -------- d-----w- C:\NVIDIA
2009-08-19 08:45 . 2009-08-27 08:01 -------- d-----w- c:\program files\Nexus Radio
2009-08-19 08:45 . 2009-08-19 08:45 -------- d-----w- c:\windows\system32\Nexus Radio
2009-08-19 08:45 . 2009-08-19 08:45 -------- d-----w- C:\My Saved Files
2009-08-19 08:45 . 2009-08-19 08:45 -------- d-----w- C:\My Recorded Files
2009-08-18 14:27 . 2009-08-18 14:27 -------- d-----w- c:\program files\Gabest
2009-07-30 19:20 . 2009-08-05 12:59 -------- d-----w- c:\program files\Crayon Physics Deluxe
2009-07-29 19:04 . 2009-07-29 19:04 -------- d-----w- c:\program files\LimeWire
2009-07-29 18:41 . 2009-07-29 18:41 -------- d-----w- c:\program files\Clickster

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-17 16:10 . 2009-07-10 15:37 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-07-10 15:37 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-07-10 15:37 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-07-10 15:37 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-07-10 15:37 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-07-10 15:37 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-07-10 15:37 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-07-10 15:37 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-07-10 15:37 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-25 19:23 . 2009-07-25 18:52 -------- d-----w- c:\program files\Counter-Strike Source
2009-07-25 15:29 . 2009-07-24 18:26 -------- d-----w- c:\program files\Mafia
2009-07-24 19:25 . 2009-07-24 19:25 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-07-24 18:44 . 2009-07-24 18:44 -------- d-----w- c:\program files\Creative
2009-07-23 15:29 . 2001-10-25 14:00 76696 ----a-w- c:\windows\system32\perfc005.dat
2009-07-23 15:29 . 2001-10-25 14:00 424356 ----a-w- c:\windows\system32\perfh005.dat
2009-07-21 15:34 . 2009-07-21 15:34 626688 ----a-w- c:\windows\system32\msvcr80.dll
2009-07-21 15:34 . 2009-07-21 15:34 548864 ----a-w- c:\windows\system32\msvcp80.dll
2009-07-21 15:34 . 2009-07-21 15:34 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-07-19 16:27 . 2009-03-24 19:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-19 13:29 . 2009-04-24 16:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-18 12:18 . 2009-07-18 12:17 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-07-16 14:14 . 2009-03-15 11:36 -------- d-----w- c:\program files\IObit
2009-07-15 16:07 . 2009-06-15 11:14 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-07-13 11:36 . 2009-04-24 16:37 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 11:36 . 2009-04-24 16:37 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-11 14:29 . 2009-07-11 14:29 -------- d-----w- c:\program files\7-Zip
2009-07-09 16:58 . 2009-05-25 17:38 -------- d-----w- c:\program files\eMule
2009-07-09 16:23 . 2009-03-24 22:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-06 18:52 . 2009-03-15 00:10 137928 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-06 18:52 . 2009-03-15 00:10 189768 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-04 17:22 . 2009-03-24 19:11 -------- d-----w- c:\program files\RegScrubXP
2009-07-04 15:40 . 2004-08-03 21:14 359040 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-07-04 14:05 . 2009-07-04 14:05 -------- d-----w- c:\program files\VALVe
2009-07-03 23:01 . 2009-07-02 15:29 -------- d-----w- c:\program files\FlashGet
2009-07-01 09:29 . 2009-06-30 18:32 -------- d-----w- c:\program files\TeamViewer
.

------- Sigcheck -------

[7] 2004-08-03 21:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\system32\dllcache\tcpip.sys
[-] 2009-07-04 15:40 359040 C81D6A930A7805F6DAA0C7902B99037E c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Steam"="c:\program files\steam-cs\steam.exe" [2009-08-22 1217784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"Nexus Radio"="c:\program files\Nexus Radio\Nexus Radio.exe" [2009-07-09 4688384]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2006-10-22 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck OODBS

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Tony^Nabídka Start^Programy^Po spuštění^Xfire.lnk]
backup=c:\windows\pss\Xfire.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\QIP Infium JadrisPack\\infium.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Steam-CS\\steamapps\\quinterboomsta89\\counter-strike\\hl.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10.7.2009 17:37 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.7.2009 17:37 20560]
.
Obsah adresáře 'Naplánované úlohy'

2009-08-23 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-07-15 07:22]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-NeroCheck - c:\windows\system32\\NeroCheck.exe

.
------- Doplňkový sken -------
.
uStart Page = hxxp://ta/
IE: Download Using &BitSpirit
IE: E&xportovat do aplikace Microsoft Excel
IE: ÓĂ±ČĚŘľ«ÁéĎÂÔŘ(&B)
TCP: {06A27AFE-CF59-4724-A195-D8C76C57AFCB} = 213.180.32.2
DPF: {31435657-9980-0010-8000-00AA00389B71}
FF - ProfilePath - c:\documents and settings\Tony\Data aplikací\Mozilla\Firefox\Profiles\cqpzq5o4.default\
FF - prefs.js: browser.startup.homepage - seznam.cz

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-27 10:07
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="FB3D09A11E6B48EC60711CE1D5A2A3143935C7D0ADCC3A0B1D34422D3C9A9D4E15CDE7D120B8B0EE499FBEB3EE7A34F436CCFE3BBAD5D8A7FDA1B4E420256991BB86ED3B6E437D62F3BCF895D5F447180EF2B130AC21DE7DD9A1640E3E573274B03C35AEB2A9F6941DB42516FD53B41813CA1D9B60375514BE290D0F7D1F520CDCDA1CB1FD5C6746238863F73F2D57004009401C17724A64DFC4318628BCA8DC49E1447E43249B2A0BCA16B1D66C105130F6DE07F604CBDC119015C46DC595E3A66594815818E8E7FCA464EC6551C202A6F082FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5CC038D530D6EB3452A64671D51DB481FC637639CF2A4C7FD573285ABBC42346D5634DB0D9129206AADBD9AC0DE6ABDC13E072341B76AFE2ADED31E089549E0A5256F603FCB74CD10BF65001B49D8F4706C163798EB8F851AD0CF7BE1EA3A25842360521557703B00B9E5701B824DFDD13E7C0BF249A4021760CDC72A5CD005C4640E1EA607B6243EEAB831307CCC056BDEAE7925C3F443A6D61A649CF60AE53C165DA1720DD39BABAAC4C7092617AF8CE9399D03B3AE39ABAB47DE852DC479061C9A4AB18AC7B60BA600DA7521C7921CF61F7ACC8152453C8606FC7E43908F810C5D387556BBD8D7CBE849840ADCC4010868DAC0F4DAE8949746CB1C5E0D2887F66E2DA6211BBB351F1D57B5AB928DA236AC6AB9FD351F7AFB44CC534302DCB24EA31A9D289D5544F548AD726596588DF26F1D88C8CFA69B41747F9F4FAC266384A804E3BB20D87517A0B0D26187D74E1094637EE524241D3C9FA94D005DE0D382AF6F3B45F8978F529A94B69F512E08896D99D61715E734D2AE831948A740C65691F9CDFD715E61E58189AFAE566A1F583AA3504A9AD89A6CC754091399ABFC417E71C5BD6A0A471B7ECD2EED1631E923B987F7A3230222678EA061BB0099B21F7249CCD0ABC9B5927A5A25C15935308DBE7CC6BB20C6C5929F5980B0A9FA584068898E096214403BDA08BDD7EA851C6B8404584C7092F8E0FA965BD4EDEF842EB30E2C212292F61C3A1E31153F3BB02D72F62F28414C35C0D792B137AEDC2EF8A1BA02487D3002BB64FD41ACCEF4CAF7425F46CEBBE9698B9407EEF8116C4E47729C8BAF5436C5AC9B5DB9D93B74E0BFBF59D27F63D2861E23A463D4AC3563F7AA2A7C1D13F422C5F444B484A8A2214915B556093689016060ABE68AC8B61E010B1E07480B15E2414CDC84784CC3C8E0BEE64D623BD765AD63378E0F722E4EC69E2E6175E2A3507B48ACE4E4A852500F3336BCDF95E1897BEA1559C6E6172CEE92B836D385BCDDFC1162A1497E179358A0C5D0EE10E46F757210F924647AFB2AADF5341D3"
.
Celkový čas: 2009-08-27 10:10
ComboFix-quarantined-files.txt 2009-08-27 08:10

Před spuštěním: Volných bajtů: 22 795 001 856
Po spuštění: Volných bajtů: 22 752 628 736

210 --- E O F --- 2009-03-09 08:41

Damned · Příspěvekod **Damned** » 27 srp 2009 10:42

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\system32\nvModes.dat
c:\windows\system32\d3d8caps.dat

Folder::
C:\_OTL

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

boomsta89 · Příspěvekod **boomsta89** » 27 srp 2009 11:41

Nový log z ComboFixu
______________________________________________

ComboFix 09-08-26.05 - Tony 27.08.2009 11:31.9.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.767.495 [GMT 2:00]
Spuštěný z: c:\documents and settings\Tony\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Tony\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 090826-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\system32\d3d8caps.dat"
"c:\windows\system32\nvModes.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\_OTL
c:\_otl\MovedFiles\08262009_101737.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Internet Saving Optimizer\3.7.0.4550\config.md
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Internet Saving Optimizer\3.7.0.4550\NP_20090825-112008.556.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Internet Saving Optimizer\3.7.0.4550\NP_20090825-120604.780.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Internet Saving Optimizer\3.7.0.4550\NP_20090825-124418.667.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Internet Saving Optimizer\3.7.0.4550\NP_20090825-125123.809.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Internet Saving Optimizer\3.7.0.4550\NP_20090825-133315.881.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Internet Saving Optimizer\3.7.0.4550\NP_20090825-163020.862.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Internet Saving Optimizer\3.7.0.4550\NP_20090825-170639.340.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Internet Saving Optimizer\3.7.0.4550\NP_20090825-172624.905.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Internet Saving Optimizer\3.7.0.4550\NP_20090825-172907.439.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Internet Saving Optimizer\3.7.0.4550\NP_20090825-172911.995.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Internet Saving Optimizer\3.7.0.4550\NP_20090825-173235.618.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Internet Saving Optimizer\3.7.0.4550\NP_20090825-180539.921.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Internet Saving Optimizer\3.7.0.4550\NP_20090825-180815.355.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Internet Saving Optimizer\3.7.0.4550\NP_20090825-181114.723.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Internet Saving Optimizer\3.7.0.4550\NP_20090825-182759.678.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Internet Saving Optimizer\3.7.0.4550\NP_20090825-190149.677.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Internet Saving Optimizer\3.7.0.4550\NP_20090825-200015.017.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Internet Saving Optimizer\3.7.0.4550\NP_20090825-202731.611.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Internet Saving Optimizer\3.7.0.4550\NP_20090825-222836.186.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Internet Saving Optimizer\3.7.0.4550\NP_20090825-232405.534.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Internet Saving Optimizer\3.7.0.4550\NP_20090825-233252.281.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Internet Saving Optimizer\3.7.0.4550\NP_20090825-233622.524.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Internet Saving Optimizer\3.7.0.4550\NP_20090826-000854.941.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Internet Saving Optimizer\3.7.0.4550\NP_20090826-093049.623.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Media Access Startup\1.5.6.910\config.md
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Media Access Startup\1.5.6.910\HJHP_20090825-111947.246.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Media Access Startup\1.5.6.910\HJHP_20090825-112008.426.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Media Access Startup\1.5.6.910\HJHP_20090825-120604.730.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Media Access Startup\1.5.6.910\HJHP_20090825-124418.287.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Media Access Startup\1.5.6.910\HJHP_20090825-125123.218.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Media Access Startup\1.5.6.910\HJHP_20090825-133315.611.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Media Access Startup\1.5.6.910\HJHP_20090825-163019.650.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Media Access Startup\1.5.6.910\HJHP_20090825-170638.709.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Media Access Startup\1.5.6.910\HJHP_20090825-172624.715.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Media Access Startup\1.5.6.910\HJHP_20090825-172907.399.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Media Access Startup\1.5.6.910\HJHP_20090825-172911.965.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Media Access Startup\1.5.6.910\HJHP_20090825-173235.588.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Media Access Startup\1.5.6.910\HJHP_20090825-180539.761.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Media Access Startup\1.5.6.910\HJHP_20090825-180815.315.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Media Access Startup\1.5.6.910\HJHP_20090825-181114.703.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Media Access Startup\1.5.6.910\HJHP_20090825-182759.628.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Media Access Startup\1.5.6.910\HJHP_20090825-190149.637.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Media Access Startup\1.5.6.910\HJHP_20090825-200014.947.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Media Access Startup\1.5.6.910\HJHP_20090825-202731.580.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Media Access Startup\1.5.6.910\HJHP_20090825-222836.156.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Media Access Startup\1.5.6.910\HJHP_20090825-232405.434.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Media Access Startup\1.5.6.910\HJHP_20090825-233252.221.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Media Access Startup\1.5.6.910\HJHP_20090825-233622.504.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Media Access Startup\1.5.6.910\HJHP_20090826-000854.911.log
c:\_otl\MovedFiles\08262009_101737\Documents and Settings\Tony\Local Settings\Data aplikací\Media Access Startup\1.5.6.910\HJHP_20090826-093049.593.log
c:\_otl\MovedFiles\08262009_101737\Program Files\Internet Saving Optimizer\3.7.0.4550\adwpx.exe
c:\_otl\MovedFiles\08262009_101737\Program Files\Internet Saving Optimizer\3.7.0.4550\Data\config.md
c:\_otl\MovedFiles\08262009_101737\Program Files\Internet Saving Optimizer\3.7.0.4550\FF\components\NPFFAddOn.dll
c:\_otl\MovedFiles\08262009_101737\Program Files\Internet Saving Optimizer\3.7.0.4550\FF\components\NPFFAddOn.xpt
c:\_otl\MovedFiles\08262009_101737\Program Files\Internet Saving Optimizer\3.7.0.4550\FF\components\NPFFHelperComponent.js
c:\_otl\MovedFiles\08262009_101737\Program Files\Internet Saving Optimizer\3.7.0.4550\FF\chrome.manifest
c:\_otl\MovedFiles\08262009_101737\Program Files\Internet Saving Optimizer\3.7.0.4550\FF\chrome\content\NPAddOn.js
c:\_otl\MovedFiles\08262009_101737\Program Files\Internet Saving Optimizer\3.7.0.4550\FF\chrome\content\NPAddOn.xul
c:\_otl\MovedFiles\08262009_101737\Program Files\Internet Saving Optimizer\3.7.0.4550\FF\chrome\NPAddOn.jar
c:\_otl\MovedFiles\08262009_101737\Program Files\Internet Saving Optimizer\3.7.0.4550\FF\install.rdf
c:\_otl\MovedFiles\08262009_101737\Program Files\Internet Saving Optimizer\3.7.0.4550\NPCommon.dll
c:\_otl\MovedFiles\08262009_101737\Program Files\Internet Saving Optimizer\3.7.0.4550\NPIEAddOn.dll
c:\_otl\MovedFiles\08262009_101737\Program Files\Internet Saving Optimizer\3.7.0.4550\unins000.dat
c:\_otl\MovedFiles\08262009_101737\Program Files\Internet Saving Optimizer\3.7.0.4550\unins000.exe
c:\_otl\MovedFiles\08262009_101737\Program Files\Media Access Startup\1.5.6.910\Data\config.md
c:\_otl\MovedFiles\08262009_101737\Program Files\Media Access Startup\1.5.6.910\FF\components\HPFFAddOn.dll
c:\_otl\MovedFiles\08262009_101737\Program Files\Media Access Startup\1.5.6.910\FF\components\HPFFAddOn.xpt
c:\_otl\MovedFiles\08262009_101737\Program Files\Media Access Startup\1.5.6.910\FF\components\HPFFHelperComponent.js
c:\_otl\MovedFiles\08262009_101737\Program Files\Media Access Startup\1.5.6.910\FF\chrome.manifest
c:\_otl\MovedFiles\08262009_101737\Program Files\Media Access Startup\1.5.6.910\FF\chrome\content\HPAddOn.js
c:\_otl\MovedFiles\08262009_101737\Program Files\Media Access Startup\1.5.6.910\FF\chrome\content\HPAddOn.xul
c:\_otl\MovedFiles\08262009_101737\Program Files\Media Access Startup\1.5.6.910\FF\chrome\HPAddOn.jar
c:\_otl\MovedFiles\08262009_101737\Program Files\Media Access Startup\1.5.6.910\FF\install.rdf
c:\_otl\MovedFiles\08262009_101737\Program Files\Media Access Startup\1.5.6.910\HPCommon.dll
c:\_otl\MovedFiles\08262009_101737\Program Files\Media Access Startup\1.5.6.910\HPIEAddOn.dll
c:\_otl\MovedFiles\08262009_101737\Program Files\Media Access Startup\1.5.6.910\hppx.exe
c:\_otl\MovedFiles\08262009_101737\Program Files\Media Access Startup\1.5.6.910\MAHelper.exe
c:\_otl\MovedFiles\08262009_101737\Program Files\Media Access Startup\1.5.6.910\unins000.dat
c:\_otl\MovedFiles\08262009_101737\Program Files\Media Access Startup\1.5.6.910\unins000.exe
c:\_otl\MovedFiles\08262009_101737\Program Files\System Search Dispatcher\1.4.0.970\Data\eacore.mx
c:\_otl\MovedFiles\08262009_101737\Program Files\System Search Dispatcher\1.4.0.970\Data\URLDynamic.mx
c:\_otl\MovedFiles\08262009_101737\Program Files\System Search Dispatcher\1.4.0.970\Data\URLStatic.mx
c:\_otl\MovedFiles\08262009_101737\Program Files\System Search Dispatcher\1.4.0.970\ssd.dll
c:\_otl\MovedFiles\08262009_101737\Program Files\System Search Dispatcher\1.4.0.970\unins000.dat
c:\_otl\MovedFiles\08262009_101737\Program Files\System Search Dispatcher\1.4.0.970\unins000.exe
c:\_otl\MovedFiles\08262009_101737\WINDOWS\Downloaded Program Files\CONFLICT.3\swflash.inf
c:\_otl\MovedFiles\08262009_101737\WINDOWS\Downloaded Program Files\erma.inf
c:\_otl\MovedFiles\08262009_101737\WINDOWS\Downloaded Program Files\swdir.inf
c:\_otl\MovedFiles\08262009_101737\WINDOWS\Downloaded Program Files\wvc1dmo.inf
c:\_otl\MovedFiles\08262009_101737\WINDOWS\temp\Perflib_Perfdata_5c8.dat
c:\windows\system32\d3d8caps.dat
c:\windows\system32\nvModes.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-27 do 2009-08-27 )))))))))))))))))))))))))))))))
.

2009-08-19 08:45 . 2009-08-19 08:45 -------- d-----w- c:\windows\system32\Nexus Radio
2009-08-19 08:45 . 2009-08-19 08:45 -------- d-----w- C:\My Saved Files
2009-08-19 08:45 . 2009-08-19 08:45 -------- d-----w- C:\My Recorded Files
2009-08-18 14:27 . 2009-08-18 14:27 -------- d-----w- c:\program files\Gabest
2009-07-30 19:20 . 2009-08-05 12:59 -------- d-----w- c:\program files\Crayon Physics Deluxe
2009-07-29 19:04 . 2009-07-29 19:04 -------- d-----w- c:\program files\LimeWire
2009-07-29 18:41 . 2009-07-29 18:41 -------- d-----w- c:\program files\Clickster

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-27 08:31 . 2009-08-22 20:45 -------- d-----w- c:\program files\Steam-CS
2009-08-27 08:01 . 2009-08-19 08:45 -------- d-----w- c:\program files\Nexus Radio
2009-08-26 16:24 . 2009-08-26 16:18 -------- d-----w- c:\program files\TmNationsForever
2009-08-25 09:23 . 2009-08-25 09:23 -------- d-----w- c:\program files\Sector69
2009-08-17 16:10 . 2009-07-10 15:37 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-07-10 15:37 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-07-10 15:37 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-07-10 15:37 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-07-10 15:37 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-07-10 15:37 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-07-10 15:37 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-07-10 15:37 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-07-10 15:37 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-25 19:23 . 2009-07-25 18:52 -------- d-----w- c:\program files\Counter-Strike Source
2009-07-25 15:29 . 2009-07-24 18:26 -------- d-----w- c:\program files\Mafia
2009-07-24 18:44 . 2009-07-24 18:44 -------- d-----w- c:\program files\Creative
2009-07-23 15:29 . 2001-10-25 14:00 76696 ----a-w- c:\windows\system32\perfc005.dat
2009-07-23 15:29 . 2001-10-25 14:00 424356 ----a-w- c:\windows\system32\perfh005.dat
2009-07-21 15:34 . 2009-07-21 15:34 626688 ----a-w- c:\windows\system32\msvcr80.dll
2009-07-21 15:34 . 2009-07-21 15:34 548864 ----a-w- c:\windows\system32\msvcp80.dll
2009-07-21 15:34 . 2009-07-21 15:34 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-07-19 16:27 . 2009-03-24 19:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-19 13:29 . 2009-04-24 16:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-18 12:18 . 2009-07-18 12:17 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-07-16 14:14 . 2009-03-15 11:36 -------- d-----w- c:\program files\IObit
2009-07-15 16:07 . 2009-06-15 11:14 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-07-13 11:36 . 2009-04-24 16:37 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 11:36 . 2009-04-24 16:37 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-11 14:29 . 2009-07-11 14:29 -------- d-----w- c:\program files\7-Zip
2009-07-09 16:58 . 2009-05-25 17:38 -------- d-----w- c:\program files\eMule
2009-07-09 16:23 . 2009-03-24 22:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-06 18:52 . 2009-03-15 00:10 137928 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-06 18:52 . 2009-03-15 00:10 189768 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-04 17:22 . 2009-03-24 19:11 -------- d-----w- c:\program files\RegScrubXP
2009-07-04 15:40 . 2004-08-03 21:14 359040 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-07-04 14:05 . 2009-07-04 14:05 -------- d-----w- c:\program files\VALVe
2009-07-03 23:01 . 2009-07-02 15:29 -------- d-----w- c:\program files\FlashGet
2009-07-01 09:29 . 2009-06-30 18:32 -------- d-----w- c:\program files\TeamViewer
.

------- Sigcheck -------

[7] 2004-08-03 21:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\system32\dllcache\tcpip.sys
[-] 2009-07-04 15:40 359040 C81D6A930A7805F6DAA0C7902B99037E c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Steam"="c:\program files\steam-cs\steam.exe" [2009-08-22 1217784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"Nexus Radio"="c:\program files\Nexus Radio\Nexus Radio.exe" [2009-07-09 4688384]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2006-10-22 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck OODBS

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Tony^Nabídka Start^Programy^Po spuštění^Xfire.lnk]
backup=c:\windows\pss\Xfire.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\QIP Infium JadrisPack\\infium.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Steam-CS\\steamapps\\quinterboomsta89\\counter-strike\\hl.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10.7.2009 17:37 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.7.2009 17:37 20560]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://ta/
IE: Download Using &BitSpirit
IE: E&xportovat do aplikace Microsoft Excel
IE: ÓĂ±ČĚŘľ«ÁéĎÂÔŘ(&B)
TCP: {06A27AFE-CF59-4724-A195-D8C76C57AFCB} = 213.180.32.2
DPF: {31435657-9980-0010-8000-00AA00389B71}
FF - ProfilePath - c:\documents and settings\Tony\Data aplikací\Mozilla\Firefox\Profiles\cqpzq5o4.default\
FF - prefs.js: browser.startup.homepage - seznam.cz

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-27 11:37
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="FB3D09A11E6B48EC60711CE1D5A2A3143935C7D0ADCC3A0B1D34422D3C9A9D4E15CDE7D120B8B0EE499FBEB3EE7A34F436CCFE3BBAD5D8A7FDA1B4E420256991BB86ED3B6E437D62F3BCF895D5F447180EF2B130AC21DE7DD9A1640E3E573274B03C35AEB2A9F6941DB42516FD53B41813CA1D9B60375514BE290D0F7D1F520CDCDA1CB1FD5C6746238863F73F2D57004009401C17724A64DFC4318628BCA8DC49E1447E43249B2A0BCA16B1D66C105130F6DE07F604CBDC119015C46DC595E3A66594815818E8E7FCA464EC6551C202A6F082FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5CC038D530D6EB3452A64671D51DB481FC637639CF2A4C7FD573285ABBC42346D5634DB0D9129206AADBD9AC0DE6ABDC13E072341B76AFE2ADED31E089549E0A5256F603FCB74CD10BF65001B49D8F4706C163798EB8F851AD0CF7BE1EA3A25842360521557703B00B9E5701B824DFDD13E7C0BF249A4021760CDC72A5CD005C4640E1EA607B6243EEAB831307CCC056BDEAE7925C3F443A6D61A649CF60AE53C165DA1720DD39BABAAC4C7092617AF8CE9399D03B3AE39ABAB47DE852DC479061C9A4AB18AC7B60BA600DA7521C7921CF61F7ACC8152453C8606FC7E43908F810C5D387556BBD8D7CBE849840ADCC4010868DAC0F4DAE8949746CB1C5E0D2887F66E2DA6211BBB351F1D57B5AB928DA236AC6AB9FD351F7AFB44CC534302DCB24EA31A9D289D5544F548AD726596588DF26F1D88C8CFA69B41747F9F4FAC266384A804E3BB20D87517A0B0D26187D74E1094637EE524241D3C9FA94D005DE0D382AF6F3B45F8978F529A94B69F512E08896D99D61715E734D2AE831948A740C65691F9CDFD715E61E58189AFAE566A1F583AA3504A9AD89A6CC754091399ABFC417E71C5BD6A0A471B7ECD2EED1631E923B987F7A3230222678EA061BB0099B21F7249CCD0ABC9B5927A5A25C15935308DBE7CC6BB20C6C5929F5980B0A9FA584068898E096214403BDA08BDD7EA851C6B8404584C7092F8E0FA965BD4EDEF842EB30E2C212292F61C3A1E31153F3BB02D72F62F28414C35C0D792B137AEDC2EF8A1BA02487D3002BB64FD41ACCEF4CAF7425F46CEBBE9698B9407EEF8116C4E47729C8BAF5436C5AC9B5DB9D93B74E0BFBF59D27F63D2861E23A463D4AC3563F7AA2A7C1D13F422C5F444B484A8A2214915B556093689016060ABE68AC8B61E010B1E07480B15E2414CDC84784CC3C8E0BEE64D623BD765AD63378E0F722E4EC69E2E6175E2A3507B48ACE4E4A852500F3336BCDF95E1897BEA1559C6E6172CEE92B836D385BCDDFC1162A1497E179358A0C5D0EE10E46F757210F924647AFB2AADF5341D3"
.
Celkový čas: 2009-08-27 11:39
ComboFix-quarantined-files.txt 2009-08-27 09:39
ComboFix2.txt 2009-08-27 08:10

Před spuštěním: Volných bajtů: 22 785 277 952
Po spuštění: Volných bajtů: 22 764 646 400

292 --- E O F --- 2009-03-09 08:41

boomsta89 · Příspěvekod **boomsta89** » 27 srp 2009 11:43

Nový log z HJT
__________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:30, on 27.8.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ta/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Nexus Radio] C:\Program Files\Nexus Radio\Nexus Radio.exe -0
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "c:\program files\steam-cs\steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_13) -
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{06A27AFE-CF59-4724-A195-D8C76C57AFCB}: NameServer = 213.180.32.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{06A27AFE-CF59-4724-A195-D8C76C57AFCB}: NameServer = 213.180.32.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{06A27AFE-CF59-4724-A195-D8C76C57AFCB}: NameServer = 213.180.32.2
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5584 bytes

boomsta89 · Příspěvekod **boomsta89** » 27 srp 2009 11:43

No tak Pc se zdá být rychlejší, HDD přestal "řvát". Snad to bude v pohodě. Moc krát díky za pomoc

Damned · Příspěvekod **Damned** » 27 srp 2009 12:03

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ta/
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_13) -
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
*****************************************************************************************************************************************
Odinstaluj ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš

(pozn.Pokud máš AVG nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG (i rezidenta, Aviru), následně T-Cleaner smaž a zapni si AVG (Aviru).)

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.

ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache,
cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer,
Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Kdyby něco, tak se zastav.
Označ topic za vyřešený (zelená fajfka) a měj se. :bigups:

Prosím o kontrolu logu z HJT + MBAM (zasekávání PC)

Prosím o kontrolu logu z HJT + MBAM (zasekávání PC)

Re: Prosím o kontrolu logu z HJT + MBAM (zasekávání PC)

Re: Prosím o kontrolu logu z HJT + MBAM (zasekávání PC)

Re: Prosím o kontrolu logu z HJT + MBAM (zasekávání PC)

Re: Prosím o kontrolu logu z HJT + MBAM (zasekávání PC)

Re: Prosím o kontrolu logu z HJT + MBAM (zasekávání PC)

Re: Prosím o kontrolu logu z HJT + MBAM (zasekávání PC)

Re: Prosím o kontrolu logu z HJT + MBAM (zasekávání PC)

Re: Prosím o kontrolu logu z HJT + MBAM (zasekávání PC)

Re: Prosím o kontrolu logu z HJT + MBAM (zasekávání PC)

Kdo je online