PC-HELP.CZ

České diskuzní fórum o počítačích
https://pc-help.cnews.cz/

Prosim o prevenci HJT, MWAW

https://pc-help.cnews.cz/viewtopic.php?f=70&t=45117

Stránka 1 z 1

Prosim o prevenci HJT, MWAW

Napsal: 27 zář 2009 14:33
od jarauris
Ahoj,
prosim o kontrolu (Malwarebytes bez nalezu), PC nevykazuje zadne problemi,
a doporuceni zda odinstalovat Spybot, jak jsem se docetl, ze v kombinaci s Avirou uz zbytecne zatezuje system, i kdyz bych uvedl, ze PC umim akorat cistit Ccleanerem, a jinak nic o tom nevim. Kdyz mi to sem tam nekdo prijde zkontrolovat, tak k je instalovan SAS.
Ochrana: Avira + Zone Alarm + Spybot \\\ Udrzba: Ccleaner + Spybot + SAS + Reg Cleaner + Aulogics DiskDefrag

\\\
Critical Objects..........4
Total Errors.............1

Object "CoreGuardAntivirus2009 Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Object "Spyware.NetScreenWatch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "CyberSitter Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "CyberSitter Spyware/Adware" found in File System! Action Taken: No Action Taken.

\\\
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:02:55, on 27.9.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 7191 bytes

Re: Prosim o prevenci HJT, MWAW

Napsal: 27 zář 2009 15:16
od Damned
Zkopíruj mi sem z logu MWAV ty dva řádky, kde přímo popisuje tu infekci. Spíše bych ale řekl, že to jsou jen záznamy v registru.

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
*****************************************************************************************************************************************
Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Re: Prosim o prevenci HJT, MWAW

Napsal: 27 zář 2009 15:27
od jarauris
Jo, jo dekuji.

Oba soubory jsou pobliz sebe v jednom odstahevcku:

26 IX 2009 18:24:38 - System found infected with
CoreGuardAntivirus2009 Corrupted Adware/Spyware (HKEY_CLASSES_ROOT\clsid\{5E2121EE-0300-11D4-8D3B-444553540000})! Action taken: No Action Taken.
26 IX 2009 18:24:40 - Offending file found: C:\Windows\iun6002.exe
26 IX 2009 18:24:40 - System found infected with
Spyware.NetScreenWatch Spyware/Adware (iun6002.exe)! Action taken: No Action Taken.

(ted dale udelam HJT a CF)

Re: Prosim o prevenci HJT, MWAW

Napsal: 27 zář 2009 15:45
od Damned
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT\clsid\{5E2121EE-0300-11D4-8D3B-444553540000})]



Ulož si ho jako na Plochu jako fix.reg a jako typ všechny soubory , najdi tento soubor na Ploše a poklepáním ho spusť. Budeš dotázán na přidání hodnoty do registru. Schval.
*****************************************************************************************************************************************
Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.

C:\Windows\iun6002.exe

Máš Codec Pack All in 1?

Re: Prosim o prevenci HJT, MWAW

Napsal: 27 zář 2009 16:01
od jarauris
- vypnul jsem co se dalo (antivir, firewall, spybot), CF sel dobre (sem cekal nejakej disaster :x )
- all in one nemam - mam cole2
- iun6002.exe ma tento popis:
nazev: SUF60Runtime, verze: 6.0.1.4, 720 kB, 9.8. 2007 - Indigo Rose Corporation

Virus Total: http://www.virustotal.com/cs/analisis/a ... 1254059602
(je tam vysledek :( Win32.Banker)
\\\

ComboFix 09-09-25.01 - Jaroslav 27.09.2009 15:33.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.1022.478 [GMT 2:00]
Spuštěný z: c:\users\Jaroslav\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-4208946421-1332506679-3958708609-500
c:\users\Jaroslav\AppData\Roaming\Microsoft\Clip Organizer\mstore10.mgc
c:\users\Jaroslav\AppData\Roaming\Microsoft\Clip Organizer\Offic10.MGC

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-08-27 do 2009-09-27 )))))))))))))))))))))))))))))))
.

2009-09-27 13:39 . 2009-09-27 13:39 -------- d-----w- c:\users\Jaroslav\AppData\Local\temp
2009-09-27 13:39 . 2009-09-27 13:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-27 12:16 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-27 12:16 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-26 16:14 . 2009-09-26 16:14 -------- d---a-w- c:\windows\VDLL.DLL
2009-09-26 16:14 . 2009-09-26 16:14 -------- d---a-w- c:\windows\system32\runouce.exe
2009-09-26 16:14 . 2009-09-26 16:14 -------- d---a-w- c:\windows\rundll16.exe
2009-09-26 16:14 . 2009-09-26 16:14 -------- d---a-w- c:\windows\RUNDL132.EXE
2009-09-26 16:14 . 2009-09-26 16:14 -------- d---a-w- c:\windows\logo1_.exe
2009-09-26 16:14 . 2009-09-26 16:14 -------- d---a-w- c:\windows\logo_1.exe
2009-09-07 15:29 . 2009-09-07 15:29 4455865 ----a-w- c:\windows\system32\libavcodec.dll
2009-09-06 14:52 . 2009-09-06 14:52 828611 ----a-w- c:\windows\system32\ff_x264.dll
2009-09-03 07:30 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-03 07:30 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-02 20:23 . 2009-09-02 20:23 183296 ----a-w- c:\windows\system32\ff_samplerate.dll
2009-09-02 20:22 . 2009-09-02 20:22 178688 ----a-w- c:\windows\system32\ff_libmad.dll
2009-09-02 20:22 . 2009-09-02 20:22 113152 ----a-w- c:\windows\system32\ff_unrar.dll
2009-09-02 20:22 . 2009-09-02 20:22 146944 ----a-w- c:\windows\system32\ff_tremor.dll
2009-09-02 20:22 . 2009-09-02 20:22 257024 ----a-w- c:\windows\system32\ff_libdts.dll
2009-09-02 20:22 . 2009-09-02 20:22 142848 ----a-w- c:\windows\system32\ff_liba52.dll
2009-09-02 20:22 . 2009-09-02 20:22 484864 ----a-w- c:\windows\system32\ff_libfaad2.dll
2009-09-02 16:45 . 2009-09-02 16:45 829781 ----a-w- c:\windows\system32\xvidcore.dll
2009-09-02 16:38 . 2009-09-02 16:38 425040 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2009-09-02 16:35 . 2009-09-02 16:35 557003 ----a-w- c:\windows\system32\libmplayer.dll
2009-09-02 16:01 . 2009-09-02 16:01 146098 ----a-w- c:\windows\system32\libmpeg2_ff.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-27 13:29 . 2008-01-07 18:55 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-27 12:16 . 2009-02-12 16:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-27 12:10 . 2008-01-07 18:54 -------- d-----w- c:\program files\CCleaner
2009-09-27 12:06 . 2009-05-30 18:43 350192 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2009-09-26 17:23 . 2007-03-21 08:51 -------- d-----w- c:\program files\ATI
2009-09-26 17:15 . 2009-05-30 19:28 -------- d-----w- c:\program files\Java
2009-09-10 13:36 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-25 18:07 . 2009-08-25 18:07 328334 ----a-w- c:\windows\system32\ff_kernelDeint.dll
2009-08-14 16:27 . 2009-09-10 08:22 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-10 08:22 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-10 08:22 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-10 08:22 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-10 08:22 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-10 08:22 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-10 08:22 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-10 08:22 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-10 08:22 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-10 08:22 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-10 08:22 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-11 20:21 . 2009-08-11 20:21 87552 ----a-w- c:\windows\system32\ac3config.exe
2009-08-05 12:10 . 2009-05-30 19:12 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-31 13:23 . 2009-02-12 19:03 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-31 10:24 . 2009-02-12 18:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-21 21:52 . 2009-07-29 05:51 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 05:51 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 05:51 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 05:51 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-14 08:50 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-17 09:10 . 2007-01-08 21:09 598600 ----a-w- c:\windows\system32\perfh005.dat
2009-07-17 09:10 . 2007-01-08 21:09 114808 ----a-w- c:\windows\system32\perfc005.dat
2009-07-15 12:40 . 2009-08-14 08:49 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-14 08:49 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-14 08:49 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-14 08:49 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-11 19:01 . 2009-09-10 08:22 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:01 . 2009-09-10 08:22 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:01 . 2009-09-10 08:22 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:01 . 2009-09-10 08:22 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-07-11 17:03 . 2009-09-10 08:22 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2007-03-19 06:43 . 2007-03-19 06:43 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 10:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):b6,4a,52,bd,d7,fe,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4208946421-1332506679-3958708609-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C4733440-1E31-439C-8CDE-A87CACBF827A}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{85EADFCF-4D10-4768-92BB-4DF69FC45E8E}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{9EAF4B97-3593-4884-A847-68EF88C48C2A}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{AFD49B80-9971-40D4-9050-16F2DE6F8CDF}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [29.2.2008 16:03 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [29.2.2008 16:03 51440]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [30.5.2009 21:12 108289]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [12.2.2009 20:34 1153368]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [3.4.2007 10:43 1131136]
R3 X10Hid;X10 Hid Device;c:\windows\System32\drivers\x10hid.sys [17.11.2006 11:31 13976]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16.2.2006 16:51 4096]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-09-26 c:\windows\Tasks\User_Feed_Synchronization-{997D3214-F058-4772-A240-B4B15F5175BC}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
FF - ProfilePath - c:\users\Jaroslav\AppData\Roaming\Mozilla\Firefox\Profiles\wlzln68b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,75,bd,91,45,38,
fc,99,25,e2,63,26,f1,3f,c8,ff,68,90,3b,26,5c,ae,6e,84,c4,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,a3,cc,d5,40,ab,
96,02,a6,6a,9c,d6,61,af,45,84,18,94,5f,6f,37,d7,a1,a9,29,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,82,6e,ba,dc,ae,
d0,5f,4f,ff,7c,85,e0,43,d4,0e,fe,b5,a7,b9,1d,20,35,11,86,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,39,bd,42,52,c7,
fe,c3,f2,86,8c,21,01,be,91,eb,e7,e9,5f,c9,fe,bc,ad,42,2a,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,1f,12,86,3f,62,
5f,e0,0c,f5,1d,4d,73,a8,13,5c,05,81,15,3b,6a,17,dc,fe,4e,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,df,e8,f3,15,16,
4d,18,94,df,20,58,62,78,6b,cf,c8,fd,57,42,60,5d,81,ab,f8,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,5f,0e,fe,13,4c,
6d,08,d6,fb,a7,78,e6,12,2f,9a,ea,a3,8d,75,0a,b5,04,8f,49,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,6d,65,ca,f2,e1,
08,10,b8,01,3a,48,fc,e8,04,4a,f1,90,cd,67,e4,36,b1,32,7a,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,54,4c,18,49,7a,
45,8f,15,f6,0f,4e,58,98,5b,89,c9,8b,cd,ea,1c,db,2c,57,9e,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,9f,bb,0e,41,7c,
88,c2,6c,3d,ce,ea,26,2d,45,aa,78,db,8a,97,10,b0,21,48,0e,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,30,27,39,14,29,
20,f3,91,2a,b7,cc,b5,b9,7f,41,e7,2c,b4,f2,d2,fd,82,d7,82,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,d9,8c,0b,17,c3,
f0,a1,9a,6c,43,2d,1e,aa,22,2f,9c,08,f7,13,a7,0a,48,8d,4d,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{66f9eb22-8cd2-4711-bebe-c60c6483f588}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0d020054
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{eb847833-f0b0-4feb-bccb-a625432c377a}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001a92
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
Celkový čas: 2009-09-27 15:42
ComboFix-quarantined-files.txt 2009-09-27 13:42

Před spuštěním: Volných bajtů: 107 024 306 176
Po spuštění: Volných bajtů: 106 522 918 912

250 --- E O F --- 2009-09-10 13:39

Re: Prosim o prevenci HJT, MWAW

Napsal: 27 zář 2009 16:17
od Damned
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
C:\Windows\iun6002.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000000

RegNull::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]




Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
Obrázek

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

Re: Prosim o prevenci HJT, MWAW

Napsal: 27 zář 2009 16:42
od jarauris
Tak toho teda je na opraveni :( dik.
PC nedelal nic neobvykleho, normalne se rozjel CF jako pred tim a na konci byla poznamka o Smazani iun.
Behem restartu se nic neobvykleho nedeje. PC najede v poradku, ikony jsou take v poradku, jen je to prehazelo, ale nic podivnejho.

(tedkom moc dekuji, a musim za povinnostma - vidim, ze take nejsi online, a tak se k tomu pripadne vratis. zatim moc dekuji)

\\\

ComboFix 09-09-25.01 - Jaroslav 27.09.2009 16:24.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.1022.486 [GMT 2:00]
Spuštěný z: c:\users\Jaroslav\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jaroslav\Desktop\CFScript.txt
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *enabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60}

FILE ::
"c:\windows\iun6002.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\iun6002.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-08-27 do 2009-09-27 )))))))))))))))))))))))))))))))
.

2009-09-27 14:30 . 2009-09-27 14:30 -------- d-----w- c:\users\Jaroslav\AppData\Local\temp
2009-09-27 14:30 . 2009-09-27 14:30 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-27 14:30 . 2009-09-27 14:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-27 12:16 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-27 12:16 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-26 16:14 . 2009-09-26 16:14 -------- d---a-w- c:\windows\VDLL.DLL
2009-09-26 16:14 . 2009-09-26 16:14 -------- d---a-w- c:\windows\system32\runouce.exe
2009-09-26 16:14 . 2009-09-26 16:14 -------- d---a-w- c:\windows\rundll16.exe
2009-09-26 16:14 . 2009-09-26 16:14 -------- d---a-w- c:\windows\RUNDL132.EXE
2009-09-26 16:14 . 2009-09-26 16:14 -------- d---a-w- c:\windows\logo1_.exe
2009-09-26 16:14 . 2009-09-26 16:14 -------- d---a-w- c:\windows\logo_1.exe
2009-09-07 15:29 . 2009-09-07 15:29 4455865 ----a-w- c:\windows\system32\libavcodec.dll
2009-09-06 14:52 . 2009-09-06 14:52 828611 ----a-w- c:\windows\system32\ff_x264.dll
2009-09-03 07:30 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-03 07:30 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-02 20:23 . 2009-09-02 20:23 183296 ----a-w- c:\windows\system32\ff_samplerate.dll
2009-09-02 20:22 . 2009-09-02 20:22 178688 ----a-w- c:\windows\system32\ff_libmad.dll
2009-09-02 20:22 . 2009-09-02 20:22 113152 ----a-w- c:\windows\system32\ff_unrar.dll
2009-09-02 20:22 . 2009-09-02 20:22 146944 ----a-w- c:\windows\system32\ff_tremor.dll
2009-09-02 20:22 . 2009-09-02 20:22 257024 ----a-w- c:\windows\system32\ff_libdts.dll
2009-09-02 20:22 . 2009-09-02 20:22 142848 ----a-w- c:\windows\system32\ff_liba52.dll
2009-09-02 20:22 . 2009-09-02 20:22 484864 ----a-w- c:\windows\system32\ff_libfaad2.dll
2009-09-02 16:45 . 2009-09-02 16:45 829781 ----a-w- c:\windows\system32\xvidcore.dll
2009-09-02 16:38 . 2009-09-02 16:38 425040 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2009-09-02 16:35 . 2009-09-02 16:35 557003 ----a-w- c:\windows\system32\libmplayer.dll
2009-09-02 16:01 . 2009-09-02 16:01 146098 ----a-w- c:\windows\system32\libmpeg2_ff.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-27 14:12 . 2009-05-30 18:43 350192 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2009-09-27 13:29 . 2008-01-07 18:55 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-27 12:16 . 2009-02-12 16:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-27 12:10 . 2008-01-07 18:54 -------- d-----w- c:\program files\CCleaner
2009-09-26 17:23 . 2007-03-21 08:51 -------- d-----w- c:\program files\ATI
2009-09-26 17:15 . 2009-05-30 19:28 -------- d-----w- c:\program files\Java
2009-09-10 13:36 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-25 18:07 . 2009-08-25 18:07 328334 ----a-w- c:\windows\system32\ff_kernelDeint.dll
2009-08-14 16:27 . 2009-09-10 08:22 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-10 08:22 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-10 08:22 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-10 08:22 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-10 08:22 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-10 08:22 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-10 08:22 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-10 08:22 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-10 08:22 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-10 08:22 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-10 08:22 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-11 20:21 . 2009-08-11 20:21 87552 ----a-w- c:\windows\system32\ac3config.exe
2009-08-05 12:10 . 2009-05-30 19:12 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-31 13:23 . 2009-02-12 19:03 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-31 10:24 . 2009-02-12 18:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-21 21:52 . 2009-07-29 05:51 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 05:51 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 05:51 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 05:51 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-14 08:50 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-17 09:10 . 2007-01-08 21:09 598600 ----a-w- c:\windows\system32\perfh005.dat
2009-07-17 09:10 . 2007-01-08 21:09 114808 ----a-w- c:\windows\system32\perfc005.dat
2009-07-15 12:40 . 2009-08-14 08:49 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-14 08:49 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-14 08:49 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-14 08:49 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-11 19:01 . 2009-09-10 08:22 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:01 . 2009-09-10 08:22 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:01 . 2009-09-10 08:22 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:01 . 2009-09-10 08:22 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-07-11 17:03 . 2009-09-10 08:22 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2007-03-19 06:43 . 2007-03-19 06:43 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-09-27_13.39.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-21 08:51 . 2009-09-27 14:14 49944 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2007-03-21 08:51 . 2009-09-27 12:08 49944 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-09-27 14:14 86698 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2007-04-03 10:30 . 2009-09-27 12:08 13938 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4208946421-1332506679-3958708609-1000_UserData.bin
+ 2007-04-03 10:30 . 2009-09-27 14:14 13938 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4208946421-1332506679-3958708609-1000_UserData.bin
+ 2007-04-03 10:26 . 2009-09-27 14:12 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-04-03 10:26 . 2009-09-27 12:11 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-04-03 10:26 . 2009-09-27 12:11 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-04-03 10:26 . 2009-09-27 14:12 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-04-03 10:26 . 2009-09-27 12:11 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-04-03 10:26 . 2009-09-27 14:12 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-27 14:12 . 2009-09-27 14:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-09-27 12:05 . 2009-09-27 12:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-09-27 14:12 . 2009-09-27 14:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-09-27 12:05 . 2009-09-27 12:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 10:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):b6,4a,52,bd,d7,fe,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4208946421-1332506679-3958708609-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C4733440-1E31-439C-8CDE-A87CACBF827A}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{85EADFCF-4D10-4768-92BB-4DF69FC45E8E}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{9EAF4B97-3593-4884-A847-68EF88C48C2A}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{AFD49B80-9971-40D4-9050-16F2DE6F8CDF}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [29.2.2008 16:03 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [29.2.2008 16:03 51440]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [30.5.2009 21:12 108289]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [12.2.2009 20:34 1153368]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [3.4.2007 10:43 1131136]
R3 X10Hid;X10 Hid Device;c:\windows\System32\drivers\x10hid.sys [17.11.2006 11:31 13976]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16.2.2006 16:51 4096]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-09-26 c:\windows\Tasks\User_Feed_Synchronization-{997D3214-F058-4772-A240-B4B15F5175BC}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
FF - ProfilePath - c:\users\Jaroslav\AppData\Roaming\Mozilla\Firefox\Profiles\wlzln68b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-27 16:30
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2009-09-27 16:32
ComboFix-quarantined-files.txt 2009-09-27 14:32
ComboFix2.txt 2009-09-27 13:42

Před spuštěním: Volných bajtů: 106 357 293 056
Po spuštění: Volných bajtů: 106 308 149 248

201 --- E O F --- 2009-09-10 13:39
\\\

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:39:03, on 27.9.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\OpenOffice.org 3\program\swriter.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 5805 bytes

Re: Prosim o prevenci HJT, MWAW

Napsal: 27 zář 2009 17:07
od Damned
3x tam máš Antispyware. Nech si zaplej jen ten z Aviry a ostatní vypni (tj: ZoneAlarm Anti-Spyware - ten není ani aktuální a Windows Defender).
Můžeš si je nechat v PC, ale měj je vyplé. Zapni jen pro kontrolu při nějakém podezření.
Jinak v logách nic již nevidím.

Odinstaluj ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

(pozn.Pokud máš AVG, avast! nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, avast! i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG,avast!, Aviru.)


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.

ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache,
cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer,
Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Kdyby něco, tak se zastav.
Označ topic za vyřešený (zelená fajfka) a měj se. :bigups:

Re: Prosim o prevenci HJT, MWAW  Vyřešeno

Napsal: 27 zář 2009 22:44
od jarauris
- Spybot je tedy pryc - aktivoval se Win Defender - V realnem case (tedy jako byl Tea Timer Spybotu), docetl jsem se, ta Avira je fakt dobra i ve free-vezi
- Zone Alarm Anti Spyware sem se docetl, ze neni aktivni, pry se vztahuje jen na zakoupenou licenci, jinak ZA alarm jeden jen v zakladnim nastaveni
- Combo Fix zmizel bez problemu, T-Cleaner - Ok, ATF pouzivam (bylo mi jiz vysvetleno)

Dekuji pekne za pomoc s tolika opravama co jsi delal :blush:
Časové pásmo: UTC+02:00
Stránka 1 z 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/