Zdravím...:)))Přidávám log z ComboFixu...ale stále se nedaří havět dostat z PC..:((
V nouzouvém režimu mi comboFix ke konci spadl-a pak už nereagoval.:(((můžete mi prosím někdo poradit.???? a ještě vyskošilo něco o administraci..:((
ComboFix 10-08-24.0C - Libas 26.08.2010 0:32.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.1023.380 [GMT 2:00]
Spuštěný z: c:\users\Libas\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\AutoRun.inf
c:\windows\system32\wininit.exe . . . je infikován!!
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-25 do 2010-08-25 )))))))))))))))))))))))))))))))
.
2010-08-25 22:40 . 2010-08-25 22:46 -------- d-----w- c:\users\Libas\AppData\Local\temp
2010-08-25 22:40 . 2010-08-25 22:40 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-25 22:40 . 2010-08-25 22:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-25 22:20 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-25 22:20 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-25 22:20 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-25 22:20 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-25 22:20 . 2010-06-28 20:32 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-08-25 22:20 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-25 22:20 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-25 22:20 . 2010-08-25 22:20 -------- d-----w- c:\programdata\Alwil Software
2010-08-25 22:20 . 2010-08-25 22:20 -------- d-----w- c:\program files\Alwil Software
2010-08-25 21:32 . 2010-08-25 21:32 53632 ----a-w- c:\users\Libas\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-25 19:58 . 2010-08-25 20:20 -------- d-----w- c:\users\Public\Filmy
2010-08-25 14:46 . 2008-08-17 20:09 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp64X.dll
2010-08-17 10:47 . 2010-08-17 10:49 -------- d-----w- c:\program files\FlatOut
2010-08-17 10:13 . 2010-08-17 10:43 -------- d-----w- c:\users\Libas\AppData\Local\Microsoft Games
2010-08-11 15:22 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-11 15:22 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-11 15:22 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 15:21 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 15:21 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 15:21 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-03 22:24 . 2010-08-03 22:24 -------- d-----w- C:\totalcmd
2010-08-03 13:49 . 2010-08-03 13:49 -------- d-----w- c:\program files\Secunia
2010-08-01 12:57 . 2010-08-01 12:57 -------- d-----w- c:\programdata\vsosdk
2010-07-30 13:40 . 2010-07-30 13:40 -------- d-----w- c:\users\Libas\AppData\Roaming\Tific
2010-07-30 11:35 . 2010-08-25 13:58 -------- d-----w- c:\program files\Microsoft.NET
2010-07-30 11:35 . 2010-07-30 11:35 -------- d-----w- c:\windows\PCHEALTH
2010-07-30 11:33 . 2010-07-30 11:33 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-07-30 11:31 . 2010-07-30 11:31 -------- d-----r- C:\MSOCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-25 22:17 . 2010-06-21 17:02 -------- d-----w- c:\program files\CCleaner
2010-08-25 21:48 . 2010-06-21 15:57 -------- d-----w- c:\programdata\Norton
2010-08-25 21:46 . 2007-05-10 10:21 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-25 21:32 . 2010-06-21 16:51 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-25 21:32 . 2010-06-21 16:52 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-25 14:03 . 2007-01-08 21:09 607232 ----a-w- c:\windows\system32\perfh005.dat
2010-08-25 14:03 . 2007-01-08 21:09 117912 ----a-w- c:\windows\system32\perfc005.dat
2010-08-11 16:09 . 2007-05-10 10:30 -------- d-----w- c:\programdata\Microsoft Help
2010-08-11 16:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-08 14:17 . 2010-07-04 08:50 153726 ----a-w- c:\windows\HPHins15.dat
2010-08-08 14:10 . 2010-06-22 13:24 -------- d-----w- c:\users\Libas\AppData\Roaming\Vso
2010-08-07 16:36 . 2007-05-10 10:31 -------- d-----w- c:\program files\Microsoft Works
2010-08-06 10:19 . 2010-07-04 12:42 -------- d-----w- c:\programdata\VistaCodecs
2010-08-03 12:20 . 2010-06-22 15:04 -------- d-----w- c:\users\Libas\AppData\Roaming\ICQ
2010-07-30 12:16 . 2010-06-21 15:20 102424 ----a-w- c:\users\Libas\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-30 11:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2010-07-30 11:23 . 2010-07-26 11:24 -------- d-----w- c:\programdata\WinZip
2010-07-26 11:27 . 2007-05-10 10:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-22 18:30 . 2010-07-22 18:30 680 ----a-w- c:\users\Libas\AppData\Local\d3d9caps.dat
2010-07-10 20:44 . 2010-07-10 20:25 -------- d-----w- c:\users\Libas\AppData\Roaming\Download Manager
2010-07-07 20:00 . 2010-06-22 21:57 -------- d-----w- c:\programdata\NortonInstaller
2010-07-07 14:05 . 2010-07-07 14:05 14904 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2010-07-06 08:59 . 2010-07-06 08:59 -------- d-----w- c:\users\Libas\AppData\Roaming\Malwarebytes
2010-07-06 08:59 . 2010-07-06 08:59 -------- d-----w- c:\programdata\Malwarebytes
2010-07-06 08:51 . 2010-07-06 08:51 -------- d-----w- c:\users\Libas\AppData\Roaming\VitySoft
2010-07-06 08:51 . 2010-07-06 08:51 -------- d-----w- c:\program files\Common Files\Java
2010-07-06 08:51 . 2010-07-06 08:51 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-06 08:51 . 2010-07-06 08:51 -------- d-----w- c:\program files\Java
2010-07-06 08:42 . 2010-07-06 08:36 -------- d-----w- c:\users\Libas\AppData\Roaming\HpUpdate
2010-07-04 12:43 . 2010-07-04 12:43 -------- d-----w- c:\users\Libas\AppData\Roaming\VistaCodecs
2010-07-04 12:43 . 2010-07-04 12:43 -------- d-----w- c:\program files\VistaCodecPack
2010-07-04 09:00 . 2010-07-04 09:00 -------- d-----w- c:\users\Libas\AppData\Roaming\HP
2010-07-04 08:59 . 2010-07-04 08:59 -------- d-----w- c:\programdata\WEBREG
2010-07-04 08:58 . 2010-07-04 08:50 -------- d-----w- c:\programdata\HP
2010-07-04 08:57 . 2010-07-04 08:57 -------- d-----w- c:\programdata\HPSSUPPLY
2010-07-04 08:57 . 2010-07-04 08:53 -------- d-----w- c:\program files\HP
2010-07-04 08:56 . 2010-07-04 08:56 -------- d-----w- c:\programdata\HP Product Assistant
2010-07-04 08:54 . 2010-07-04 08:54 -------- d-----w- c:\program files\Common Files\HP
2010-07-04 08:50 . 2010-07-04 08:50 -------- d-----w- c:\programdata\Hewlett-Packard
2010-06-26 06:05 . 2010-08-11 15:23 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 15:23 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 15:23 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 15:23 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-23 10:35 . 2010-06-23 10:35 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-06-23 10:35 . 2010-06-23 10:35 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-06-22 14:10 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-22 13:24 . 2010-06-22 13:24 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-06-22 13:24 . 2010-06-22 13:24 47360 ----a-w- c:\users\Libas\AppData\Roaming\pcouffin.sys
2010-06-22 13:24 . 2010-06-22 13:24 47360 ----a-w- c:\users\Libas\AppData\Roaming\pcouffin.sys
2010-06-22 09:57 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-06-22 09:56 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-06-22 08:06 . 2010-06-22 08:06 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-06-21 21:50 . 2010-06-21 21:50 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2010-06-21 21:50 . 2010-06-21 21:50 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll
2010-06-21 21:50 . 2010-06-21 21:50 1411072 ----a-w- c:\windows\system32\NlsLexicons0047.dll
2010-06-21 21:50 . 2010-06-21 21:50 1558016 ----a-w- c:\windows\system32\NlsLexicons0049.dll
2010-06-21 21:50 . 2010-06-21 21:50 1782272 ----a-w- c:\windows\system32\NlsLexicons0039.dll
2010-06-21 21:50 . 2010-06-21 21:50 1236992 ----a-w- c:\windows\system32\NlsLexicons0020.dll
2010-06-21 21:50 . 2010-06-21 21:50 2136064 ----a-w- c:\windows\system32\NlsLexicons0021.dll
2010-06-21 21:50 . 2010-06-21 21:50 5499904 ----a-w- c:\windows\system32\NlsLexicons0022.dll
2010-06-21 21:50 . 2010-06-21 21:50 7964672 ----a-w- c:\windows\system32\NlsLexicons0024.dll
2010-06-21 21:50 . 2010-06-21 21:50 5791232 ----a-w- c:\windows\system32\NlsLexicons0026.dll
2010-06-21 21:50 . 2010-06-21 21:50 6224896 ----a-w- c:\windows\system32\NlsLexicons0027.dll
2010-06-21 21:48 . 2010-06-21 21:48 1523712 ----a-w- c:\windows\system32\NlsData0000.dll
2010-06-21 21:36 . 2010-06-21 21:36 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-06-21 20:53 . 2010-06-21 20:53 23552 ----a-w- c:\windows\system32\lpk.dll
2010-06-21 20:53 . 2010-06-21 20:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-06-21 20:53 . 2010-06-21 20:53 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-06-21 20:53 . 2010-06-21 20:53 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-06-21 20:48 . 2010-06-21 20:48 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-06-21 20:48 . 2010-06-21 20:48 272896 ----a-w- c:\windows\system32\polstore.dll
2010-06-21 20:46 . 2010-06-21 20:46 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-21 20:41 . 2010-06-21 20:41 17920 ----a-w- c:\windows\system32\netevent.dll
2010-06-21 20:41 . 2010-06-21 20:41 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-06-21 20:41 . 2010-06-21 20:41 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-06-21 20:41 . 2010-06-21 20:41 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-06-21 20:41 . 2010-06-21 20:41 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-06-21 20:41 . 2010-06-21 20:41 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-06-21 20:41 . 2010-06-21 20:41 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-06-21 20:41 . 2010-06-21 20:41 105984 ----a-w- c:\windows\system32\netiohlp.dll
2010-06-21 20:41 . 2010-06-21 20:41 10240 ----a-w- c:\windows\system32\finger.exe
2010-06-21 20:37 . 2010-06-21 20:37 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-06-21 20:37 . 2010-06-21 20:37 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-06-21 20:37 . 2010-06-21 20:37 65024 ----a-w- c:\windows\system32\wlanapi.dll
2010-06-21 20:37 . 2010-06-21 20:37 513536 ----a-w- c:\windows\system32\wlansvc.dll
2010-06-21 20:37 . 2010-06-21 20:37 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-06-21 20:37 . 2010-06-21 20:37 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-06-21 20:37 . 2010-06-21 20:37 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2010-06-21 20:35 . 2010-06-21 20:35 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-06-21 20:35 . 2010-06-21 20:35 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-06-21 20:35 . 2010-06-21 20:35 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-06-21 20:34 . 2010-06-21 20:34 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-06-21 20:34 . 2010-06-21 20:34 9728 ----a-w- c:\windows\system32\lsass.exe
2010-06-21 20:34 . 2010-06-21 20:34 72704 ----a-w- c:\windows\system32\secur32.dll
2010-06-21 20:34 . 2010-06-21 20:34 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-06-21 20:34 . 2010-06-21 20:34 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-06-21 20:34 . 2010-06-21 20:34 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-06-21 20:33 . 2010-06-21 20:33 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-06-21 20:33 . 2010-06-21 20:33 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-06-21 20:33 . 2010-06-21 20:33 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-5-10 528384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PCM Media Sharing.lnk]
backup=c:\windows\pss\PCM Media Sharing.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Libas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
2007-01-24 08:27 319488 ----a-w- c:\acer\Empowering Technology\SysMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-03-23 11:04 4423680 ----a-w- c:\windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-03-16 07:06 1822720 ----a-w- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2006-11-05 19:48 57344 ----a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c8,cb,14,91,0b,12,cb,01
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-07-07 14904]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2006-09-19 80744]
S1 aswSP;aswSP; [x]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-04-04 266343]
S2 Acer TV Share Service;Acer TV Share Service;c:\program files\Acer Arcade Live\Acer TV Share\Kernel\DMSTV\CLMSServer.exe [2007-04-04 269424]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S3 Ph3xIB32;Philips 713x VU PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://cs.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Libas\AppData\Roaming\Mozilla\Firefox\Profiles\2f8a83c0.default\
FF - prefs.js: browser.startup.homepage - http://www.seznam.cz
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-26 00:46
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Celkový čas: 2010-08-26 00:50:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-25 22:50
ComboFix2.txt 2010-08-20 09:24
Před spuštěním: Volných bajtů: 151 433 216 000
Po spuštění: Volných bajtů: 151 561 166 848
- - End Of File - - E5121D52D9930AFECF51DA4612652037
ještě log...ComboFix-quarantined-files
2010-08-25 22:38:29 . 2010-08-23 17:02:06 3,910 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-08-25 22:29:02 . 2010-08-23 16:58:17 175 ----a-w- C:\Qoobox\Quarantine\catchme.log
2010-06-22 09:39:52 . 2008-01-19 07:33:37 96,768 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\wininit.exe.vir
2007-06-07 08:57:22 . 2007-06-07 08:57:22 486,373 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\autorun.inf.vir
System32\wininit.exe.vir Vyřešeno
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43296
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: System32\wininit.exe.vir
Nepoužívej sám Combofix!!!
Vlož log z HJT:
viewtopic.php?f=70&t=5119
+
Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit(systémové soubory), smazat, přesunout nebo přejmenovat
+
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Pokud budou problémy , spusť v nouz. režimu.
Vlož log z HJT:
viewtopic.php?f=70&t=5119
+
Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit(systémové soubory), smazat, přesunout nebo přejmenovat
+
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Pokud budou problémy , spusť v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: System32\wininit.exe.vir
Zdravím...))
Zatím log z HJT:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:43:14, on 26.8.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: Acer TV Share Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer TV Share\Kernel\DMSTV\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\PEV.cfxxe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 5063 bytes
DR.WEB-nic škodlivého nenašel.:)))
Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org
Verze databáze: 4483
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943
26.8.2010 18:56:20
mbam-log-2010-08-26 (18-56-20).txt
Typ skenu: Rychlý sken
Skenované objekty: 134971
Uplynulý čas: 7 minuta(y), 41 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
Zatím log z HJT:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:43:14, on 26.8.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: Acer TV Share Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer TV Share\Kernel\DMSTV\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\PEV.cfxxe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 5063 bytes
DR.WEB-nic škodlivého nenašel.:)))
Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org
Verze databáze: 4483
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943
26.8.2010 18:56:20
mbam-log-2010-08-26 (18-56-20).txt
Typ skenu: Rychlý sken
Skenované objekty: 134971
Uplynulý čas: 7 minuta(y), 41 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43296
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: System32\wininit.exe.vir
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast, či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast či Microsoft Security Essentials
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Návod
Kód: Vybrat vše
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast, či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast či Microsoft Security Essentials
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: System32\wininit.exe.vir
Zdravím...uff vše proběhlo ok...log vypadá čistý..:))) všechno bylo vytvořeno v nouzovém režimu.:)))
ComboFix 10-08-26.03 - Libas 27.08.2010 12:17:24.1.1 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.1023.656 [GMT 2:00]
Spuštěný z: c:\users\Libas\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-27 do 2010-08-27 )))))))))))))))))))))))))))))))
.
2010-08-26 16:47 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-26 16:47 . 2010-08-26 16:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-26 16:47 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-26 15:41 . 2010-08-26 15:41 388096 ----a-r- c:\users\Libas\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-26 15:41 . 2010-08-26 15:41 -------- d-----w- c:\program files\Trend Micro
2010-08-25 22:20 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-25 22:20 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-25 22:20 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-25 22:20 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-25 22:20 . 2010-06-28 20:32 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-08-25 22:20 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-25 22:20 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-25 22:20 . 2010-08-25 22:20 -------- d-----w- c:\programdata\Alwil Software
2010-08-25 22:20 . 2010-08-25 22:20 -------- d-----w- c:\program files\Alwil Software
2010-08-25 21:32 . 2010-08-25 21:32 53632 ----a-w- c:\users\Libas\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-25 19:58 . 2010-08-25 20:20 -------- d-----w- c:\users\Public\Filmy
2010-08-25 14:46 . 2008-08-17 20:09 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp64X.dll
2010-08-17 10:47 . 2010-08-17 10:49 -------- d-----w- c:\program files\FlatOut
2010-08-17 10:13 . 2010-08-17 10:43 -------- d-----w- c:\users\Libas\AppData\Local\Microsoft Games
2010-08-11 15:22 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-11 15:22 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-11 15:22 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 15:21 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 15:21 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 15:21 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-03 22:24 . 2010-08-03 22:24 -------- d-----w- C:\totalcmd
2010-08-03 13:49 . 2010-08-03 13:49 -------- d-----w- c:\program files\Secunia
2010-08-01 12:57 . 2010-08-01 12:57 -------- d-----w- c:\programdata\vsosdk
2010-07-30 13:40 . 2010-07-30 13:40 -------- d-----w- c:\users\Libas\AppData\Roaming\Tific
2010-07-30 11:35 . 2010-08-25 13:58 -------- d-----w- c:\program files\Microsoft.NET
2010-07-30 11:35 . 2010-07-30 11:35 -------- d-----w- c:\windows\PCHEALTH
2010-07-30 11:33 . 2010-07-30 11:33 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-07-30 11:31 . 2010-07-30 11:31 -------- d-----r- C:\MSOCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-25 22:17 . 2010-06-21 17:02 -------- d-----w- c:\program files\CCleaner
2010-08-25 21:48 . 2010-06-21 15:57 -------- d-----w- c:\programdata\Norton
2010-08-25 21:46 . 2007-05-10 10:21 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-25 21:32 . 2010-06-21 16:51 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-25 21:32 . 2010-06-21 16:52 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-25 14:03 . 2007-01-08 21:09 607232 ----a-w- c:\windows\system32\perfh005.dat
2010-08-25 14:03 . 2007-01-08 21:09 117912 ----a-w- c:\windows\system32\perfc005.dat
2010-08-11 16:09 . 2007-05-10 10:30 -------- d-----w- c:\programdata\Microsoft Help
2010-08-11 16:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-08 14:17 . 2010-07-04 08:50 153726 ----a-w- c:\windows\HPHins15.dat
2010-08-08 14:10 . 2010-06-22 13:24 -------- d-----w- c:\users\Libas\AppData\Roaming\Vso
2010-08-07 16:36 . 2007-05-10 10:31 -------- d-----w- c:\program files\Microsoft Works
2010-08-06 10:19 . 2010-07-04 12:42 -------- d-----w- c:\programdata\VistaCodecs
2010-08-03 12:20 . 2010-06-22 15:04 -------- d-----w- c:\users\Libas\AppData\Roaming\ICQ
2010-07-30 12:16 . 2010-06-21 15:20 102424 ----a-w- c:\users\Libas\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-30 11:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2010-07-30 11:23 . 2010-07-26 11:24 -------- d-----w- c:\programdata\WinZip
2010-07-26 11:27 . 2007-05-10 10:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-22 18:30 . 2010-07-22 18:30 680 ----a-w- c:\users\Libas\AppData\Local\d3d9caps.dat
2010-07-10 20:44 . 2010-07-10 20:25 -------- d-----w- c:\users\Libas\AppData\Roaming\Download Manager
2010-07-07 20:00 . 2010-06-22 21:57 -------- d-----w- c:\programdata\NortonInstaller
2010-07-07 14:05 . 2010-07-07 14:05 14904 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2010-07-06 08:59 . 2010-07-06 08:59 -------- d-----w- c:\users\Libas\AppData\Roaming\Malwarebytes
2010-07-06 08:59 . 2010-07-06 08:59 -------- d-----w- c:\programdata\Malwarebytes
2010-07-06 08:51 . 2010-07-06 08:51 -------- d-----w- c:\users\Libas\AppData\Roaming\VitySoft
2010-07-06 08:51 . 2010-07-06 08:51 -------- d-----w- c:\program files\Common Files\Java
2010-07-06 08:51 . 2010-07-06 08:51 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-06 08:51 . 2010-07-06 08:51 -------- d-----w- c:\program files\Java
2010-07-06 08:42 . 2010-07-06 08:36 -------- d-----w- c:\users\Libas\AppData\Roaming\HpUpdate
2010-07-04 12:43 . 2010-07-04 12:43 -------- d-----w- c:\users\Libas\AppData\Roaming\VistaCodecs
2010-07-04 12:43 . 2010-07-04 12:43 -------- d-----w- c:\program files\VistaCodecPack
2010-07-04 09:00 . 2010-07-04 09:00 -------- d-----w- c:\users\Libas\AppData\Roaming\HP
2010-07-04 08:59 . 2010-07-04 08:59 -------- d-----w- c:\programdata\WEBREG
2010-07-04 08:58 . 2010-07-04 08:50 -------- d-----w- c:\programdata\HP
2010-07-04 08:57 . 2010-07-04 08:57 -------- d-----w- c:\programdata\HPSSUPPLY
2010-07-04 08:57 . 2010-07-04 08:53 -------- d-----w- c:\program files\HP
2010-07-04 08:56 . 2010-07-04 08:56 -------- d-----w- c:\programdata\HP Product Assistant
2010-07-04 08:54 . 2010-07-04 08:54 -------- d-----w- c:\program files\Common Files\HP
2010-07-04 08:50 . 2010-07-04 08:50 -------- d-----w- c:\programdata\Hewlett-Packard
2010-06-26 06:05 . 2010-08-11 15:23 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 15:23 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 15:23 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 15:23 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-23 10:35 . 2010-06-23 10:35 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-06-23 10:35 . 2010-06-23 10:35 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-06-22 14:10 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-22 13:24 . 2010-06-22 13:24 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-06-22 13:24 . 2010-06-22 13:24 47360 ----a-w- c:\users\Libas\AppData\Roaming\pcouffin.sys
2010-06-22 13:24 . 2010-06-22 13:24 47360 ----a-w- c:\users\Libas\AppData\Roaming\pcouffin.sys
2010-06-22 09:57 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-06-22 09:56 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-06-22 08:06 . 2010-06-22 08:06 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-06-21 21:50 . 2010-06-21 21:50 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2010-06-21 21:50 . 2010-06-21 21:50 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll
2010-06-21 21:50 . 2010-06-21 21:50 1411072 ----a-w- c:\windows\system32\NlsLexicons0047.dll
2010-06-21 21:50 . 2010-06-21 21:50 1558016 ----a-w- c:\windows\system32\NlsLexicons0049.dll
2010-06-21 21:50 . 2010-06-21 21:50 1782272 ----a-w- c:\windows\system32\NlsLexicons0039.dll
2010-06-21 21:50 . 2010-06-21 21:50 1236992 ----a-w- c:\windows\system32\NlsLexicons0020.dll
2010-06-21 21:50 . 2010-06-21 21:50 2136064 ----a-w- c:\windows\system32\NlsLexicons0021.dll
2010-06-21 21:50 . 2010-06-21 21:50 5499904 ----a-w- c:\windows\system32\NlsLexicons0022.dll
2010-06-21 21:50 . 2010-06-21 21:50 7964672 ----a-w- c:\windows\system32\NlsLexicons0024.dll
2010-06-21 21:50 . 2010-06-21 21:50 5791232 ----a-w- c:\windows\system32\NlsLexicons0026.dll
2010-06-21 21:50 . 2010-06-21 21:50 6224896 ----a-w- c:\windows\system32\NlsLexicons0027.dll
2010-06-21 21:48 . 2010-06-21 21:48 1523712 ----a-w- c:\windows\system32\NlsData0000.dll
2010-06-21 21:36 . 2010-06-21 21:36 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-06-21 20:53 . 2010-06-21 20:53 23552 ----a-w- c:\windows\system32\lpk.dll
2010-06-21 20:53 . 2010-06-21 20:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-06-21 20:53 . 2010-06-21 20:53 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-06-21 20:53 . 2010-06-21 20:53 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-06-21 20:48 . 2010-06-21 20:48 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-06-21 20:48 . 2010-06-21 20:48 272896 ----a-w- c:\windows\system32\polstore.dll
2010-06-21 20:46 . 2010-06-21 20:46 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-21 20:41 . 2010-06-21 20:41 17920 ----a-w- c:\windows\system32\netevent.dll
2010-06-21 20:41 . 2010-06-21 20:41 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-06-21 20:41 . 2010-06-21 20:41 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-06-21 20:41 . 2010-06-21 20:41 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-06-21 20:41 . 2010-06-21 20:41 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-06-21 20:41 . 2010-06-21 20:41 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-06-21 20:41 . 2010-06-21 20:41 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-06-21 20:41 . 2010-06-21 20:41 105984 ----a-w- c:\windows\system32\netiohlp.dll
2010-06-21 20:41 . 2010-06-21 20:41 10240 ----a-w- c:\windows\system32\finger.exe
2010-06-21 20:37 . 2010-06-21 20:37 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-06-21 20:37 . 2010-06-21 20:37 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-06-21 20:37 . 2010-06-21 20:37 65024 ----a-w- c:\windows\system32\wlanapi.dll
2010-06-21 20:37 . 2010-06-21 20:37 513536 ----a-w- c:\windows\system32\wlansvc.dll
2010-06-21 20:37 . 2010-06-21 20:37 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-06-21 20:37 . 2010-06-21 20:37 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-06-21 20:37 . 2010-06-21 20:37 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2010-06-21 20:35 . 2010-06-21 20:35 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-06-21 20:35 . 2010-06-21 20:35 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-06-21 20:35 . 2010-06-21 20:35 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-06-21 20:34 . 2010-06-21 20:34 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-06-21 20:34 . 2010-06-21 20:34 9728 ----a-w- c:\windows\system32\lsass.exe
2010-06-21 20:34 . 2010-06-21 20:34 72704 ----a-w- c:\windows\system32\secur32.dll
2010-06-21 20:34 . 2010-06-21 20:34 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-06-21 20:34 . 2010-06-21 20:34 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-06-21 20:34 . 2010-06-21 20:34 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-06-21 20:33 . 2010-06-21 20:33 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-06-21 20:33 . 2010-06-21 20:33 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-06-21 20:33 . 2010-06-21 20:33 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PCM Media Sharing.lnk]
backup=c:\windows\pss\PCM Media Sharing.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Libas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
2007-01-24 08:27 319488 ----a-w- c:\acer\Empowering Technology\SysMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
2007-02-15 16:39 151552 ----a-w- c:\acer\AcerTour\Reminder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-03-23 11:04 4423680 ----a-w- c:\windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-03-16 07:06 1822720 ----a-w- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2006-11-05 19:48 57344 ----a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c8,cb,14,91,0b,12,cb,01
R1 aswSP;aswSP; [x]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-04-04 266343]
R2 Acer TV Share Service;Acer TV Share Service;c:\program files\Acer Arcade Live\Acer TV Share\Kernel\DMSTV\CLMSServer.exe [2007-04-04 269424]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Ph3xIB32;Philips 713x VU PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-07-07 14904]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2006-09-19 80744]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - ECACHE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Libas\AppData\Roaming\Mozilla\Firefox\Profiles\2f8a83c0.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-RunOnce-<NO NAME> - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-27 12:22
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(636)
c:\windows\system32\ieframe.dll
.
Celkový čas: 2010-08-27 12:25:10
ComboFix-quarantined-files.txt 2010-08-27 10:25
Před spuštěním: Volných bajtů: 150 301 446 144
Po spuštění: Volných bajtů: 150 120 534 016
- - End Of File - - 8E0A2D78B7D1BCEEAD1CAED3033BF85D
ComboFix 10-08-26.03 - Libas 27.08.2010 12:17:24.1.1 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.1023.656 [GMT 2:00]
Spuštěný z: c:\users\Libas\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-27 do 2010-08-27 )))))))))))))))))))))))))))))))
.
2010-08-26 16:47 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-26 16:47 . 2010-08-26 16:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-26 16:47 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-26 15:41 . 2010-08-26 15:41 388096 ----a-r- c:\users\Libas\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-26 15:41 . 2010-08-26 15:41 -------- d-----w- c:\program files\Trend Micro
2010-08-25 22:20 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-25 22:20 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-25 22:20 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-25 22:20 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-25 22:20 . 2010-06-28 20:32 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-08-25 22:20 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-25 22:20 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-25 22:20 . 2010-08-25 22:20 -------- d-----w- c:\programdata\Alwil Software
2010-08-25 22:20 . 2010-08-25 22:20 -------- d-----w- c:\program files\Alwil Software
2010-08-25 21:32 . 2010-08-25 21:32 53632 ----a-w- c:\users\Libas\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-25 19:58 . 2010-08-25 20:20 -------- d-----w- c:\users\Public\Filmy
2010-08-25 14:46 . 2008-08-17 20:09 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp64X.dll
2010-08-17 10:47 . 2010-08-17 10:49 -------- d-----w- c:\program files\FlatOut
2010-08-17 10:13 . 2010-08-17 10:43 -------- d-----w- c:\users\Libas\AppData\Local\Microsoft Games
2010-08-11 15:22 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-11 15:22 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-11 15:22 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 15:21 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 15:21 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 15:21 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-03 22:24 . 2010-08-03 22:24 -------- d-----w- C:\totalcmd
2010-08-03 13:49 . 2010-08-03 13:49 -------- d-----w- c:\program files\Secunia
2010-08-01 12:57 . 2010-08-01 12:57 -------- d-----w- c:\programdata\vsosdk
2010-07-30 13:40 . 2010-07-30 13:40 -------- d-----w- c:\users\Libas\AppData\Roaming\Tific
2010-07-30 11:35 . 2010-08-25 13:58 -------- d-----w- c:\program files\Microsoft.NET
2010-07-30 11:35 . 2010-07-30 11:35 -------- d-----w- c:\windows\PCHEALTH
2010-07-30 11:33 . 2010-07-30 11:33 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-07-30 11:31 . 2010-07-30 11:31 -------- d-----r- C:\MSOCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-25 22:17 . 2010-06-21 17:02 -------- d-----w- c:\program files\CCleaner
2010-08-25 21:48 . 2010-06-21 15:57 -------- d-----w- c:\programdata\Norton
2010-08-25 21:46 . 2007-05-10 10:21 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-25 21:32 . 2010-06-21 16:51 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-25 21:32 . 2010-06-21 16:52 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-25 14:03 . 2007-01-08 21:09 607232 ----a-w- c:\windows\system32\perfh005.dat
2010-08-25 14:03 . 2007-01-08 21:09 117912 ----a-w- c:\windows\system32\perfc005.dat
2010-08-11 16:09 . 2007-05-10 10:30 -------- d-----w- c:\programdata\Microsoft Help
2010-08-11 16:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-08 14:17 . 2010-07-04 08:50 153726 ----a-w- c:\windows\HPHins15.dat
2010-08-08 14:10 . 2010-06-22 13:24 -------- d-----w- c:\users\Libas\AppData\Roaming\Vso
2010-08-07 16:36 . 2007-05-10 10:31 -------- d-----w- c:\program files\Microsoft Works
2010-08-06 10:19 . 2010-07-04 12:42 -------- d-----w- c:\programdata\VistaCodecs
2010-08-03 12:20 . 2010-06-22 15:04 -------- d-----w- c:\users\Libas\AppData\Roaming\ICQ
2010-07-30 12:16 . 2010-06-21 15:20 102424 ----a-w- c:\users\Libas\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-30 11:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2010-07-30 11:23 . 2010-07-26 11:24 -------- d-----w- c:\programdata\WinZip
2010-07-26 11:27 . 2007-05-10 10:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-22 18:30 . 2010-07-22 18:30 680 ----a-w- c:\users\Libas\AppData\Local\d3d9caps.dat
2010-07-10 20:44 . 2010-07-10 20:25 -------- d-----w- c:\users\Libas\AppData\Roaming\Download Manager
2010-07-07 20:00 . 2010-06-22 21:57 -------- d-----w- c:\programdata\NortonInstaller
2010-07-07 14:05 . 2010-07-07 14:05 14904 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2010-07-06 08:59 . 2010-07-06 08:59 -------- d-----w- c:\users\Libas\AppData\Roaming\Malwarebytes
2010-07-06 08:59 . 2010-07-06 08:59 -------- d-----w- c:\programdata\Malwarebytes
2010-07-06 08:51 . 2010-07-06 08:51 -------- d-----w- c:\users\Libas\AppData\Roaming\VitySoft
2010-07-06 08:51 . 2010-07-06 08:51 -------- d-----w- c:\program files\Common Files\Java
2010-07-06 08:51 . 2010-07-06 08:51 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-06 08:51 . 2010-07-06 08:51 -------- d-----w- c:\program files\Java
2010-07-06 08:42 . 2010-07-06 08:36 -------- d-----w- c:\users\Libas\AppData\Roaming\HpUpdate
2010-07-04 12:43 . 2010-07-04 12:43 -------- d-----w- c:\users\Libas\AppData\Roaming\VistaCodecs
2010-07-04 12:43 . 2010-07-04 12:43 -------- d-----w- c:\program files\VistaCodecPack
2010-07-04 09:00 . 2010-07-04 09:00 -------- d-----w- c:\users\Libas\AppData\Roaming\HP
2010-07-04 08:59 . 2010-07-04 08:59 -------- d-----w- c:\programdata\WEBREG
2010-07-04 08:58 . 2010-07-04 08:50 -------- d-----w- c:\programdata\HP
2010-07-04 08:57 . 2010-07-04 08:57 -------- d-----w- c:\programdata\HPSSUPPLY
2010-07-04 08:57 . 2010-07-04 08:53 -------- d-----w- c:\program files\HP
2010-07-04 08:56 . 2010-07-04 08:56 -------- d-----w- c:\programdata\HP Product Assistant
2010-07-04 08:54 . 2010-07-04 08:54 -------- d-----w- c:\program files\Common Files\HP
2010-07-04 08:50 . 2010-07-04 08:50 -------- d-----w- c:\programdata\Hewlett-Packard
2010-06-26 06:05 . 2010-08-11 15:23 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 15:23 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 15:23 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 15:23 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-23 10:35 . 2010-06-23 10:35 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-06-23 10:35 . 2010-06-23 10:35 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-06-22 14:10 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-22 13:24 . 2010-06-22 13:24 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-06-22 13:24 . 2010-06-22 13:24 47360 ----a-w- c:\users\Libas\AppData\Roaming\pcouffin.sys
2010-06-22 13:24 . 2010-06-22 13:24 47360 ----a-w- c:\users\Libas\AppData\Roaming\pcouffin.sys
2010-06-22 09:57 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-06-22 09:56 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-06-22 08:06 . 2010-06-22 08:06 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-06-21 21:50 . 2010-06-21 21:50 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2010-06-21 21:50 . 2010-06-21 21:50 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll
2010-06-21 21:50 . 2010-06-21 21:50 1411072 ----a-w- c:\windows\system32\NlsLexicons0047.dll
2010-06-21 21:50 . 2010-06-21 21:50 1558016 ----a-w- c:\windows\system32\NlsLexicons0049.dll
2010-06-21 21:50 . 2010-06-21 21:50 1782272 ----a-w- c:\windows\system32\NlsLexicons0039.dll
2010-06-21 21:50 . 2010-06-21 21:50 1236992 ----a-w- c:\windows\system32\NlsLexicons0020.dll
2010-06-21 21:50 . 2010-06-21 21:50 2136064 ----a-w- c:\windows\system32\NlsLexicons0021.dll
2010-06-21 21:50 . 2010-06-21 21:50 5499904 ----a-w- c:\windows\system32\NlsLexicons0022.dll
2010-06-21 21:50 . 2010-06-21 21:50 7964672 ----a-w- c:\windows\system32\NlsLexicons0024.dll
2010-06-21 21:50 . 2010-06-21 21:50 5791232 ----a-w- c:\windows\system32\NlsLexicons0026.dll
2010-06-21 21:50 . 2010-06-21 21:50 6224896 ----a-w- c:\windows\system32\NlsLexicons0027.dll
2010-06-21 21:48 . 2010-06-21 21:48 1523712 ----a-w- c:\windows\system32\NlsData0000.dll
2010-06-21 21:36 . 2010-06-21 21:36 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-06-21 20:53 . 2010-06-21 20:53 23552 ----a-w- c:\windows\system32\lpk.dll
2010-06-21 20:53 . 2010-06-21 20:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-06-21 20:53 . 2010-06-21 20:53 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-06-21 20:53 . 2010-06-21 20:53 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-06-21 20:48 . 2010-06-21 20:48 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-06-21 20:48 . 2010-06-21 20:48 272896 ----a-w- c:\windows\system32\polstore.dll
2010-06-21 20:46 . 2010-06-21 20:46 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-21 20:41 . 2010-06-21 20:41 17920 ----a-w- c:\windows\system32\netevent.dll
2010-06-21 20:41 . 2010-06-21 20:41 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-06-21 20:41 . 2010-06-21 20:41 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-06-21 20:41 . 2010-06-21 20:41 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-06-21 20:41 . 2010-06-21 20:41 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-06-21 20:41 . 2010-06-21 20:41 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-06-21 20:41 . 2010-06-21 20:41 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-06-21 20:41 . 2010-06-21 20:41 105984 ----a-w- c:\windows\system32\netiohlp.dll
2010-06-21 20:41 . 2010-06-21 20:41 10240 ----a-w- c:\windows\system32\finger.exe
2010-06-21 20:37 . 2010-06-21 20:37 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-06-21 20:37 . 2010-06-21 20:37 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-06-21 20:37 . 2010-06-21 20:37 65024 ----a-w- c:\windows\system32\wlanapi.dll
2010-06-21 20:37 . 2010-06-21 20:37 513536 ----a-w- c:\windows\system32\wlansvc.dll
2010-06-21 20:37 . 2010-06-21 20:37 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-06-21 20:37 . 2010-06-21 20:37 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-06-21 20:37 . 2010-06-21 20:37 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2010-06-21 20:35 . 2010-06-21 20:35 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-06-21 20:35 . 2010-06-21 20:35 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-06-21 20:35 . 2010-06-21 20:35 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-06-21 20:34 . 2010-06-21 20:34 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-06-21 20:34 . 2010-06-21 20:34 9728 ----a-w- c:\windows\system32\lsass.exe
2010-06-21 20:34 . 2010-06-21 20:34 72704 ----a-w- c:\windows\system32\secur32.dll
2010-06-21 20:34 . 2010-06-21 20:34 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-06-21 20:34 . 2010-06-21 20:34 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-06-21 20:34 . 2010-06-21 20:34 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-06-21 20:33 . 2010-06-21 20:33 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-06-21 20:33 . 2010-06-21 20:33 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-06-21 20:33 . 2010-06-21 20:33 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PCM Media Sharing.lnk]
backup=c:\windows\pss\PCM Media Sharing.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Libas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
2007-01-24 08:27 319488 ----a-w- c:\acer\Empowering Technology\SysMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
2007-02-15 16:39 151552 ----a-w- c:\acer\AcerTour\Reminder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-03-23 11:04 4423680 ----a-w- c:\windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-03-16 07:06 1822720 ----a-w- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2006-11-05 19:48 57344 ----a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c8,cb,14,91,0b,12,cb,01
R1 aswSP;aswSP; [x]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-04-04 266343]
R2 Acer TV Share Service;Acer TV Share Service;c:\program files\Acer Arcade Live\Acer TV Share\Kernel\DMSTV\CLMSServer.exe [2007-04-04 269424]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Ph3xIB32;Philips 713x VU PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-07-07 14904]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2006-09-19 80744]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - ECACHE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Libas\AppData\Roaming\Mozilla\Firefox\Profiles\2f8a83c0.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-RunOnce-<NO NAME> - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-27 12:22
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(636)
c:\windows\system32\ieframe.dll
.
Celkový čas: 2010-08-27 12:25:10
ComboFix-quarantined-files.txt 2010-08-27 10:25
Před spuštěním: Volných bajtů: 150 301 446 144
Po spuštění: Volných bajtů: 150 120 534 016
- - End Of File - - 8E0A2D78B7D1BCEEAD1CAED3033BF85D
Re: System32\wininit.exe.vir
ještě log z HiJackThis...
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:25:57, on 27.8.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Safe mode
Running processes:
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: Acer TV Share Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer TV Share\Kernel\DMSTV\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 4101 bytes
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:25:57, on 27.8.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Safe mode
Running processes:
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: Acer TV Share Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer TV Share\Kernel\DMSTV\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 4101 bytes
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43296
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: System32\wininit.exe.vir
Odinstaluj:
ICQToolbar
Na zbytky po Norton/Symantec použij toto:
ftp://ftp.symantec.com/public/english_u ... l_Tool.exe
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
c:\windows\HPHins15.dat
Pokud už byl soubor testován-klikni na otestovat znovu.
Až skončí test všech antivirů, vlož sem pak odkaz na stránku s výsledky.
Normální režim Ti jde?
ICQToolbar
Na zbytky po Norton/Symantec použij toto:
ftp://ftp.symantec.com/public/english_u ... l_Tool.exe
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
File::
c:\windows\system32\perfh005.dat
c:\windows\system32\perfc005.dat
c:\users\Libas\AppData\Local\d3d9caps.dat
Folder::
c:\programdata\Norton
c:\program files\Common Files\Symantec Shared
c:\programdata\NortonInstaller
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
c:\windows\HPHins15.dat
Pokud už byl soubor testován-klikni na otestovat znovu.
Až skončí test všech antivirů, vlož sem pak odkaz na stránku s výsledky.
Normální režim Ti jde?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: System32\wininit.exe.vir
Normalní režim mi jde-já to dělám k vůli (UAC).abych to spustil z Účti Administrátora..:)))
ComboFix 10-08-26.03 - Libas 27.08.2010 14:55:22.2.1 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.1023.660 [GMT 2:00]
Spuštěný z: c:\users\Libas\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Libas\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
FILE ::
"c:\users\Libas\AppData\Local\d3d9caps.dat"
"c:\windows\system32\perfc005.dat"
"c:\windows\system32\perfh005.dat"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
c:\programdata\Norton
c:\programdata\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963}\LC.INI
c:\programdata\Norton\00000082\0000010f\000004b3\cltLMS1.dat
c:\programdata\Norton\00000082\0000010f\000004b3\cltLMS2.dat
c:\programdata\Norton\00000082\0000010f\000004b4\cltLMS1.dat
c:\programdata\Norton\00000082\0000010f\000004b4\cltLMS2.dat
c:\programdata\Norton\00000082\0000010f\000004b6\cltLMS1.dat
c:\programdata\Norton\00000082\0000010f\000004b6\cltLMS2.dat
c:\programdata\NortonInstaller
c:\programdata\NortonInstaller\Logs\2010-06-22-23h57m27s.7z
c:\programdata\NortonInstaller\Logs\2010-06-22-23h57m30s.7z
c:\programdata\NortonInstaller\Logs\2010-06-23-00h02m40s.7z
c:\programdata\NortonInstaller\Logs\2010-06-23-00h02m49s.7z
c:\programdata\NortonInstaller\Logs\2010-06-23-00h15m46s.7z
c:\programdata\NortonInstaller\Logs\2010-06-23-10h32m40s.7z
c:\programdata\NortonInstaller\Logs\2010-06-23-12h52m16s.7z
c:\programdata\NortonInstaller\Logs\2010-07-07-21h50m47s.7z
c:\programdata\NortonInstaller\Logs\2010-07-07-21h51m56s.7z
c:\programdata\NortonInstaller\Logs\2010-07-07-21h59m59s.7z
c:\programdata\NortonInstaller\Logs\2010-07-07-22h00m01s.7z
c:\programdata\NortonInstaller\Logs\2010-07-07-22h40m58s.7z
c:\programdata\NortonInstaller\Logs\2010-07-07-22h43m33s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-22h43m57s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-22h45m35s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-22h51m41s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-22h51m45s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-22h52m06s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-22h52m07s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-23h09m05s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-23h09m07s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-23h09m08s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-23h09m12s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-23h09m18s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-23h09m22s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-23h09m26s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-23h09m28s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-23h09m31s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-23h09m34s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-23h09m37s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-23h09m39s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-23h09m43s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-23h09m45s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-23h09m48s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-23h18m24s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-23h30m46s.7z
c:\programdata\NortonInstaller\Logs\2010-08-25-23h44m21s\NortonInstall-2010-08-25-23h44m21s.log
c:\programdata\NortonInstaller\Logs\2010-08-25-23h45m03s\NortonInstall-2010-08-25-23h45m03s.log
c:\programdata\NortonInstaller\Logs\2010-08-25-23h45m37s\BHCA-0x12BC.log
c:\programdata\NortonInstaller\Logs\2010-08-25-23h45m37s\Install.1.mft
c:\programdata\NortonInstaller\Logs\2010-08-25-23h45m37s\NortonInstall-2010-08-25-23h45m37s.log
c:\programdata\NortonInstaller\Logs\2010-08-25-23h45m37s\SymIMexe-0x1290.log
c:\programdata\NortonInstaller\Logs\2010-08-25-23h45m37s\WFPUninstexe-0x0794.log
c:\programdata\NortonInstaller\Logs\2010-08-25-23h47m09s\NortonInstall-2010-08-25-23h47m09s.log
c:\programdata\NortonInstaller\Logs\SymIM Install Logs.7z
c:\programdata\NortonInstaller\Logs\SymIM Install Logs_{2E9DB8E3-5061-4CED-8CF1-E973DA7C1ED1}.7z
c:\programdata\NortonInstaller\Logs\Url.txt
c:\programdata\NortonInstaller\Settings\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}.7z
c:\programdata\NortonInstaller\Settings\Norton 360\Exported\set-priv.dat
c:\users\Libas\AppData\Local\d3d9caps.dat
c:\windows\system32\perfc005.dat
c:\windows\system32\perfh005.dat
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-27 do 2010-08-27 )))))))))))))))))))))))))))))))
.
2010-08-27 13:01 . 2010-08-27 13:01 -------- d-----w- c:\users\Libas\AppData\Local\temp
2010-08-27 13:01 . 2010-08-27 13:01 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-27 13:01 . 2010-08-27 13:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-26 16:47 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-26 16:47 . 2010-08-26 16:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-26 16:47 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-26 15:41 . 2010-08-26 15:41 388096 ----a-r- c:\users\Libas\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-26 15:41 . 2010-08-26 15:41 -------- d-----w- c:\program files\Trend Micro
2010-08-25 22:20 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-25 22:20 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-25 22:20 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-25 22:20 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-25 22:20 . 2010-06-28 20:32 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-08-25 22:20 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-25 22:20 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-25 22:20 . 2010-08-25 22:20 -------- d-----w- c:\programdata\Alwil Software
2010-08-25 22:20 . 2010-08-25 22:20 -------- d-----w- c:\program files\Alwil Software
2010-08-25 21:32 . 2010-08-25 21:32 53632 ----a-w- c:\users\Libas\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-25 19:58 . 2010-08-25 20:20 -------- d-----w- c:\users\Public\Filmy
2010-08-25 14:46 . 2008-08-17 20:09 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp64X.dll
2010-08-17 10:47 . 2010-08-17 10:49 -------- d-----w- c:\program files\FlatOut
2010-08-17 10:13 . 2010-08-17 10:43 -------- d-----w- c:\users\Libas\AppData\Local\Microsoft Games
2010-08-11 15:22 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-11 15:22 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-11 15:22 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 15:21 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 15:21 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 15:21 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-03 22:24 . 2010-08-03 22:24 -------- d-----w- C:\totalcmd
2010-08-03 13:49 . 2010-08-03 13:49 -------- d-----w- c:\program files\Secunia
2010-08-01 12:57 . 2010-08-01 12:57 -------- d-----w- c:\programdata\vsosdk
2010-07-30 13:40 . 2010-07-30 13:40 -------- d-----w- c:\users\Libas\AppData\Roaming\Tific
2010-07-30 11:35 . 2010-08-25 13:58 -------- d-----w- c:\program files\Microsoft.NET
2010-07-30 11:35 . 2010-07-30 11:35 -------- d-----w- c:\windows\PCHEALTH
2010-07-30 11:33 . 2010-07-30 11:33 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-07-30 11:31 . 2010-07-30 11:31 -------- d-----r- C:\MSOCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-25 22:17 . 2010-06-21 17:02 -------- d-----w- c:\program files\CCleaner
2010-08-25 21:32 . 2010-06-21 16:51 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-25 21:32 . 2010-06-21 16:52 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-11 16:09 . 2007-05-10 10:30 -------- d-----w- c:\programdata\Microsoft Help
2010-08-11 16:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-08 14:17 . 2010-07-04 08:50 153726 ----a-w- c:\windows\HPHins15.dat
2010-08-08 14:10 . 2010-06-22 13:24 -------- d-----w- c:\users\Libas\AppData\Roaming\Vso
2010-08-07 16:36 . 2007-05-10 10:31 -------- d-----w- c:\program files\Microsoft Works
2010-08-06 10:19 . 2010-07-04 12:42 -------- d-----w- c:\programdata\VistaCodecs
2010-08-03 12:20 . 2010-06-22 15:04 -------- d-----w- c:\users\Libas\AppData\Roaming\ICQ
2010-07-30 12:16 . 2010-06-21 15:20 102424 ----a-w- c:\users\Libas\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-30 11:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2010-07-30 11:23 . 2010-07-26 11:24 -------- d-----w- c:\programdata\WinZip
2010-07-26 11:27 . 2007-05-10 10:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-10 20:44 . 2010-07-10 20:25 -------- d-----w- c:\users\Libas\AppData\Roaming\Download Manager
2010-07-07 14:05 . 2010-07-07 14:05 14904 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2010-07-06 08:59 . 2010-07-06 08:59 -------- d-----w- c:\users\Libas\AppData\Roaming\Malwarebytes
2010-07-06 08:59 . 2010-07-06 08:59 -------- d-----w- c:\programdata\Malwarebytes
2010-07-06 08:51 . 2010-07-06 08:51 -------- d-----w- c:\users\Libas\AppData\Roaming\VitySoft
2010-07-06 08:51 . 2010-07-06 08:51 -------- d-----w- c:\program files\Common Files\Java
2010-07-06 08:51 . 2010-07-06 08:51 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-06 08:51 . 2010-07-06 08:51 -------- d-----w- c:\program files\Java
2010-07-06 08:42 . 2010-07-06 08:36 -------- d-----w- c:\users\Libas\AppData\Roaming\HpUpdate
2010-07-04 12:43 . 2010-07-04 12:43 -------- d-----w- c:\users\Libas\AppData\Roaming\VistaCodecs
2010-07-04 12:43 . 2010-07-04 12:43 -------- d-----w- c:\program files\VistaCodecPack
2010-07-04 09:00 . 2010-07-04 09:00 -------- d-----w- c:\users\Libas\AppData\Roaming\HP
2010-07-04 08:59 . 2010-07-04 08:59 -------- d-----w- c:\programdata\WEBREG
2010-07-04 08:58 . 2010-07-04 08:50 -------- d-----w- c:\programdata\HP
2010-07-04 08:57 . 2010-07-04 08:57 -------- d-----w- c:\programdata\HPSSUPPLY
2010-07-04 08:57 . 2010-07-04 08:53 -------- d-----w- c:\program files\HP
2010-07-04 08:56 . 2010-07-04 08:56 -------- d-----w- c:\programdata\HP Product Assistant
2010-07-04 08:54 . 2010-07-04 08:54 -------- d-----w- c:\program files\Common Files\HP
2010-07-04 08:50 . 2010-07-04 08:50 -------- d-----w- c:\programdata\Hewlett-Packard
2010-06-26 06:05 . 2010-08-11 15:23 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 15:23 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 15:23 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 15:23 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-23 10:35 . 2010-06-23 10:35 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-06-23 10:35 . 2010-06-23 10:35 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-06-22 14:10 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-22 13:24 . 2010-06-22 13:24 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-06-22 13:24 . 2010-06-22 13:24 47360 ----a-w- c:\users\Libas\AppData\Roaming\pcouffin.sys
2010-06-22 13:24 . 2010-06-22 13:24 47360 ----a-w- c:\users\Libas\AppData\Roaming\pcouffin.sys
2010-06-22 09:57 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-06-22 09:56 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-06-22 08:06 . 2010-06-22 08:06 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-06-21 21:50 . 2010-06-21 21:50 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2010-06-21 21:50 . 2010-06-21 21:50 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll
2010-06-21 21:50 . 2010-06-21 21:50 1411072 ----a-w- c:\windows\system32\NlsLexicons0047.dll
2010-06-21 21:50 . 2010-06-21 21:50 1558016 ----a-w- c:\windows\system32\NlsLexicons0049.dll
2010-06-21 21:50 . 2010-06-21 21:50 1782272 ----a-w- c:\windows\system32\NlsLexicons0039.dll
2010-06-21 21:50 . 2010-06-21 21:50 1236992 ----a-w- c:\windows\system32\NlsLexicons0020.dll
2010-06-21 21:50 . 2010-06-21 21:50 2136064 ----a-w- c:\windows\system32\NlsLexicons0021.dll
2010-06-21 21:50 . 2010-06-21 21:50 5499904 ----a-w- c:\windows\system32\NlsLexicons0022.dll
2010-06-21 21:50 . 2010-06-21 21:50 7964672 ----a-w- c:\windows\system32\NlsLexicons0024.dll
2010-06-21 21:50 . 2010-06-21 21:50 5791232 ----a-w- c:\windows\system32\NlsLexicons0026.dll
2010-06-21 21:50 . 2010-06-21 21:50 6224896 ----a-w- c:\windows\system32\NlsLexicons0027.dll
2010-06-21 21:48 . 2010-06-21 21:48 1523712 ----a-w- c:\windows\system32\NlsData0000.dll
2010-06-21 21:36 . 2010-06-21 21:36 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-06-21 20:53 . 2010-06-21 20:53 23552 ----a-w- c:\windows\system32\lpk.dll
2010-06-21 20:53 . 2010-06-21 20:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-06-21 20:53 . 2010-06-21 20:53 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-06-21 20:53 . 2010-06-21 20:53 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-06-21 20:48 . 2010-06-21 20:48 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-06-21 20:48 . 2010-06-21 20:48 272896 ----a-w- c:\windows\system32\polstore.dll
2010-06-21 20:46 . 2010-06-21 20:46 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-21 20:41 . 2010-06-21 20:41 17920 ----a-w- c:\windows\system32\netevent.dll
2010-06-21 20:41 . 2010-06-21 20:41 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-06-21 20:41 . 2010-06-21 20:41 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-06-21 20:41 . 2010-06-21 20:41 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-06-21 20:41 . 2010-06-21 20:41 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-06-21 20:41 . 2010-06-21 20:41 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-06-21 20:41 . 2010-06-21 20:41 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-06-21 20:41 . 2010-06-21 20:41 105984 ----a-w- c:\windows\system32\netiohlp.dll
2010-06-21 20:41 . 2010-06-21 20:41 10240 ----a-w- c:\windows\system32\finger.exe
2010-06-21 20:37 . 2010-06-21 20:37 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-06-21 20:37 . 2010-06-21 20:37 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-06-21 20:37 . 2010-06-21 20:37 65024 ----a-w- c:\windows\system32\wlanapi.dll
2010-06-21 20:37 . 2010-06-21 20:37 513536 ----a-w- c:\windows\system32\wlansvc.dll
2010-06-21 20:37 . 2010-06-21 20:37 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-06-21 20:37 . 2010-06-21 20:37 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-06-21 20:37 . 2010-06-21 20:37 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2010-06-21 20:35 . 2010-06-21 20:35 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-06-21 20:35 . 2010-06-21 20:35 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-06-21 20:35 . 2010-06-21 20:35 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-06-21 20:34 . 2010-06-21 20:34 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-06-21 20:34 . 2010-06-21 20:34 9728 ----a-w- c:\windows\system32\lsass.exe
2010-06-21 20:34 . 2010-06-21 20:34 72704 ----a-w- c:\windows\system32\secur32.dll
2010-06-21 20:34 . 2010-06-21 20:34 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-06-21 20:34 . 2010-06-21 20:34 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-06-21 20:34 . 2010-06-21 20:34 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-06-21 20:33 . 2010-06-21 20:33 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-06-21 20:33 . 2010-06-21 20:33 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-06-21 20:33 . 2010-06-21 20:33 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-06-21 20:30 . 2010-06-21 20:30 98816 ----a-w- c:\windows\system32\mfps.dll
2010-06-21 20:30 . 2010-06-21 20:30 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-06-21 20:30 . 2010-06-21 20:30 2868224 ----a-w- c:\windows\system32\mf.dll
2010-06-21 20:30 . 2010-06-21 20:30 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-06-21 20:30 . 2010-06-21 20:30 2048 ----a-w- c:\windows\system32\mferror.dll
2010-06-21 20:23 . 2010-06-21 20:23 71680 ----a-w- c:\windows\system32\atl.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PCM Media Sharing.lnk]
backup=c:\windows\pss\PCM Media Sharing.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Libas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
2007-01-24 08:27 319488 ----a-w- c:\acer\Empowering Technology\SysMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
2007-02-15 16:39 151552 ----a-w- c:\acer\AcerTour\Reminder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-03-23 11:04 4423680 ----a-w- c:\windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-03-16 07:06 1822720 ----a-w- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2006-11-05 19:48 57344 ----a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c8,cb,14,91,0b,12,cb,01
R1 aswSP;aswSP; [x]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-04-04 266343]
R2 Acer TV Share Service;Acer TV Share Service;c:\program files\Acer Arcade Live\Acer TV Share\Kernel\DMSTV\CLMSServer.exe [2007-04-04 269424]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Ph3xIB32;Philips 713x VU PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-07-07 14904]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2006-09-19 80744]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - ECACHE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Libas\AppData\Roaming\Mozilla\Firefox\Profiles\2f8a83c0.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-RunOnce-<NO NAME> - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-27 15:01
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2010-08-27 15:02:58
ComboFix-quarantined-files.txt 2010-08-27 13:02
ComboFix2.txt 2010-08-27 10:25
Před spuštěním: Volných bajtů: 150 488 977 408
Po spuštění: Volných bajtů: 150 356 930 560
- - End Of File - - 6CB7865C9E98A8BA5B42439F85BA5C2B
ComboFix 10-08-26.03 - Libas 27.08.2010 14:55:22.2.1 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.1023.660 [GMT 2:00]
Spuštěný z: c:\users\Libas\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Libas\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
FILE ::
"c:\users\Libas\AppData\Local\d3d9caps.dat"
"c:\windows\system32\perfc005.dat"
"c:\windows\system32\perfh005.dat"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
c:\programdata\Norton
c:\programdata\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963}\LC.INI
c:\programdata\Norton\00000082\0000010f\000004b3\cltLMS1.dat
c:\programdata\Norton\00000082\0000010f\000004b3\cltLMS2.dat
c:\programdata\Norton\00000082\0000010f\000004b4\cltLMS1.dat
c:\programdata\Norton\00000082\0000010f\000004b4\cltLMS2.dat
c:\programdata\Norton\00000082\0000010f\000004b6\cltLMS1.dat
c:\programdata\Norton\00000082\0000010f\000004b6\cltLMS2.dat
c:\programdata\NortonInstaller
c:\programdata\NortonInstaller\Logs\2010-06-22-23h57m27s.7z
c:\programdata\NortonInstaller\Logs\2010-06-22-23h57m30s.7z
c:\programdata\NortonInstaller\Logs\2010-06-23-00h02m40s.7z
c:\programdata\NortonInstaller\Logs\2010-06-23-00h02m49s.7z
c:\programdata\NortonInstaller\Logs\2010-06-23-00h15m46s.7z
c:\programdata\NortonInstaller\Logs\2010-06-23-10h32m40s.7z
c:\programdata\NortonInstaller\Logs\2010-06-23-12h52m16s.7z
c:\programdata\NortonInstaller\Logs\2010-07-07-21h50m47s.7z
c:\programdata\NortonInstaller\Logs\2010-07-07-21h51m56s.7z
c:\programdata\NortonInstaller\Logs\2010-07-07-21h59m59s.7z
c:\programdata\NortonInstaller\Logs\2010-07-07-22h00m01s.7z
c:\programdata\NortonInstaller\Logs\2010-07-07-22h40m58s.7z
c:\programdata\NortonInstaller\Logs\2010-07-07-22h43m33s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-22h43m57s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-22h45m35s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-22h51m41s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-22h51m45s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-22h52m06s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-22h52m07s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-23h09m05s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-23h09m07s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-23h09m08s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-23h09m12s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-23h09m18s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-23h09m22s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-23h09m26s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-23h09m28s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-23h09m31s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-23h09m34s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-23h09m37s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-23h09m39s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-23h09m43s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-23h09m45s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-23h09m48s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-23h18m24s.7z
c:\programdata\NortonInstaller\Logs\2010-07-10-23h30m46s.7z
c:\programdata\NortonInstaller\Logs\2010-08-25-23h44m21s\NortonInstall-2010-08-25-23h44m21s.log
c:\programdata\NortonInstaller\Logs\2010-08-25-23h45m03s\NortonInstall-2010-08-25-23h45m03s.log
c:\programdata\NortonInstaller\Logs\2010-08-25-23h45m37s\BHCA-0x12BC.log
c:\programdata\NortonInstaller\Logs\2010-08-25-23h45m37s\Install.1.mft
c:\programdata\NortonInstaller\Logs\2010-08-25-23h45m37s\NortonInstall-2010-08-25-23h45m37s.log
c:\programdata\NortonInstaller\Logs\2010-08-25-23h45m37s\SymIMexe-0x1290.log
c:\programdata\NortonInstaller\Logs\2010-08-25-23h45m37s\WFPUninstexe-0x0794.log
c:\programdata\NortonInstaller\Logs\2010-08-25-23h47m09s\NortonInstall-2010-08-25-23h47m09s.log
c:\programdata\NortonInstaller\Logs\SymIM Install Logs.7z
c:\programdata\NortonInstaller\Logs\SymIM Install Logs_{2E9DB8E3-5061-4CED-8CF1-E973DA7C1ED1}.7z
c:\programdata\NortonInstaller\Logs\Url.txt
c:\programdata\NortonInstaller\Settings\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}.7z
c:\programdata\NortonInstaller\Settings\Norton 360\Exported\set-priv.dat
c:\users\Libas\AppData\Local\d3d9caps.dat
c:\windows\system32\perfc005.dat
c:\windows\system32\perfh005.dat
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-27 do 2010-08-27 )))))))))))))))))))))))))))))))
.
2010-08-27 13:01 . 2010-08-27 13:01 -------- d-----w- c:\users\Libas\AppData\Local\temp
2010-08-27 13:01 . 2010-08-27 13:01 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-27 13:01 . 2010-08-27 13:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-26 16:47 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-26 16:47 . 2010-08-26 16:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-26 16:47 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-26 15:41 . 2010-08-26 15:41 388096 ----a-r- c:\users\Libas\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-26 15:41 . 2010-08-26 15:41 -------- d-----w- c:\program files\Trend Micro
2010-08-25 22:20 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-25 22:20 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-25 22:20 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-25 22:20 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-25 22:20 . 2010-06-28 20:32 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-08-25 22:20 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-25 22:20 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-25 22:20 . 2010-08-25 22:20 -------- d-----w- c:\programdata\Alwil Software
2010-08-25 22:20 . 2010-08-25 22:20 -------- d-----w- c:\program files\Alwil Software
2010-08-25 21:32 . 2010-08-25 21:32 53632 ----a-w- c:\users\Libas\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-25 19:58 . 2010-08-25 20:20 -------- d-----w- c:\users\Public\Filmy
2010-08-25 14:46 . 2008-08-17 20:09 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp64X.dll
2010-08-17 10:47 . 2010-08-17 10:49 -------- d-----w- c:\program files\FlatOut
2010-08-17 10:13 . 2010-08-17 10:43 -------- d-----w- c:\users\Libas\AppData\Local\Microsoft Games
2010-08-11 15:22 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-11 15:22 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-11 15:22 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 15:21 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 15:21 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 15:21 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-03 22:24 . 2010-08-03 22:24 -------- d-----w- C:\totalcmd
2010-08-03 13:49 . 2010-08-03 13:49 -------- d-----w- c:\program files\Secunia
2010-08-01 12:57 . 2010-08-01 12:57 -------- d-----w- c:\programdata\vsosdk
2010-07-30 13:40 . 2010-07-30 13:40 -------- d-----w- c:\users\Libas\AppData\Roaming\Tific
2010-07-30 11:35 . 2010-08-25 13:58 -------- d-----w- c:\program files\Microsoft.NET
2010-07-30 11:35 . 2010-07-30 11:35 -------- d-----w- c:\windows\PCHEALTH
2010-07-30 11:33 . 2010-07-30 11:33 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-07-30 11:31 . 2010-07-30 11:31 -------- d-----r- C:\MSOCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-25 22:17 . 2010-06-21 17:02 -------- d-----w- c:\program files\CCleaner
2010-08-25 21:32 . 2010-06-21 16:51 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-25 21:32 . 2010-06-21 16:52 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-11 16:09 . 2007-05-10 10:30 -------- d-----w- c:\programdata\Microsoft Help
2010-08-11 16:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-08 14:17 . 2010-07-04 08:50 153726 ----a-w- c:\windows\HPHins15.dat
2010-08-08 14:10 . 2010-06-22 13:24 -------- d-----w- c:\users\Libas\AppData\Roaming\Vso
2010-08-07 16:36 . 2007-05-10 10:31 -------- d-----w- c:\program files\Microsoft Works
2010-08-06 10:19 . 2010-07-04 12:42 -------- d-----w- c:\programdata\VistaCodecs
2010-08-03 12:20 . 2010-06-22 15:04 -------- d-----w- c:\users\Libas\AppData\Roaming\ICQ
2010-07-30 12:16 . 2010-06-21 15:20 102424 ----a-w- c:\users\Libas\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-30 11:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2010-07-30 11:23 . 2010-07-26 11:24 -------- d-----w- c:\programdata\WinZip
2010-07-26 11:27 . 2007-05-10 10:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-10 20:44 . 2010-07-10 20:25 -------- d-----w- c:\users\Libas\AppData\Roaming\Download Manager
2010-07-07 14:05 . 2010-07-07 14:05 14904 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2010-07-06 08:59 . 2010-07-06 08:59 -------- d-----w- c:\users\Libas\AppData\Roaming\Malwarebytes
2010-07-06 08:59 . 2010-07-06 08:59 -------- d-----w- c:\programdata\Malwarebytes
2010-07-06 08:51 . 2010-07-06 08:51 -------- d-----w- c:\users\Libas\AppData\Roaming\VitySoft
2010-07-06 08:51 . 2010-07-06 08:51 -------- d-----w- c:\program files\Common Files\Java
2010-07-06 08:51 . 2010-07-06 08:51 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-06 08:51 . 2010-07-06 08:51 -------- d-----w- c:\program files\Java
2010-07-06 08:42 . 2010-07-06 08:36 -------- d-----w- c:\users\Libas\AppData\Roaming\HpUpdate
2010-07-04 12:43 . 2010-07-04 12:43 -------- d-----w- c:\users\Libas\AppData\Roaming\VistaCodecs
2010-07-04 12:43 . 2010-07-04 12:43 -------- d-----w- c:\program files\VistaCodecPack
2010-07-04 09:00 . 2010-07-04 09:00 -------- d-----w- c:\users\Libas\AppData\Roaming\HP
2010-07-04 08:59 . 2010-07-04 08:59 -------- d-----w- c:\programdata\WEBREG
2010-07-04 08:58 . 2010-07-04 08:50 -------- d-----w- c:\programdata\HP
2010-07-04 08:57 . 2010-07-04 08:57 -------- d-----w- c:\programdata\HPSSUPPLY
2010-07-04 08:57 . 2010-07-04 08:53 -------- d-----w- c:\program files\HP
2010-07-04 08:56 . 2010-07-04 08:56 -------- d-----w- c:\programdata\HP Product Assistant
2010-07-04 08:54 . 2010-07-04 08:54 -------- d-----w- c:\program files\Common Files\HP
2010-07-04 08:50 . 2010-07-04 08:50 -------- d-----w- c:\programdata\Hewlett-Packard
2010-06-26 06:05 . 2010-08-11 15:23 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 15:23 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 15:23 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 15:23 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-23 10:35 . 2010-06-23 10:35 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-06-23 10:35 . 2010-06-23 10:35 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-06-22 14:10 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-22 13:24 . 2010-06-22 13:24 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-06-22 13:24 . 2010-06-22 13:24 47360 ----a-w- c:\users\Libas\AppData\Roaming\pcouffin.sys
2010-06-22 13:24 . 2010-06-22 13:24 47360 ----a-w- c:\users\Libas\AppData\Roaming\pcouffin.sys
2010-06-22 09:57 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-06-22 09:56 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-06-22 08:06 . 2010-06-22 08:06 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-06-21 21:50 . 2010-06-21 21:50 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2010-06-21 21:50 . 2010-06-21 21:50 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll
2010-06-21 21:50 . 2010-06-21 21:50 1411072 ----a-w- c:\windows\system32\NlsLexicons0047.dll
2010-06-21 21:50 . 2010-06-21 21:50 1558016 ----a-w- c:\windows\system32\NlsLexicons0049.dll
2010-06-21 21:50 . 2010-06-21 21:50 1782272 ----a-w- c:\windows\system32\NlsLexicons0039.dll
2010-06-21 21:50 . 2010-06-21 21:50 1236992 ----a-w- c:\windows\system32\NlsLexicons0020.dll
2010-06-21 21:50 . 2010-06-21 21:50 2136064 ----a-w- c:\windows\system32\NlsLexicons0021.dll
2010-06-21 21:50 . 2010-06-21 21:50 5499904 ----a-w- c:\windows\system32\NlsLexicons0022.dll
2010-06-21 21:50 . 2010-06-21 21:50 7964672 ----a-w- c:\windows\system32\NlsLexicons0024.dll
2010-06-21 21:50 . 2010-06-21 21:50 5791232 ----a-w- c:\windows\system32\NlsLexicons0026.dll
2010-06-21 21:50 . 2010-06-21 21:50 6224896 ----a-w- c:\windows\system32\NlsLexicons0027.dll
2010-06-21 21:48 . 2010-06-21 21:48 1523712 ----a-w- c:\windows\system32\NlsData0000.dll
2010-06-21 21:36 . 2010-06-21 21:36 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-06-21 20:53 . 2010-06-21 20:53 23552 ----a-w- c:\windows\system32\lpk.dll
2010-06-21 20:53 . 2010-06-21 20:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-06-21 20:53 . 2010-06-21 20:53 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-06-21 20:53 . 2010-06-21 20:53 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-06-21 20:48 . 2010-06-21 20:48 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-06-21 20:48 . 2010-06-21 20:48 272896 ----a-w- c:\windows\system32\polstore.dll
2010-06-21 20:46 . 2010-06-21 20:46 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-21 20:41 . 2010-06-21 20:41 17920 ----a-w- c:\windows\system32\netevent.dll
2010-06-21 20:41 . 2010-06-21 20:41 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-06-21 20:41 . 2010-06-21 20:41 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-06-21 20:41 . 2010-06-21 20:41 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-06-21 20:41 . 2010-06-21 20:41 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-06-21 20:41 . 2010-06-21 20:41 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-06-21 20:41 . 2010-06-21 20:41 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-06-21 20:41 . 2010-06-21 20:41 105984 ----a-w- c:\windows\system32\netiohlp.dll
2010-06-21 20:41 . 2010-06-21 20:41 10240 ----a-w- c:\windows\system32\finger.exe
2010-06-21 20:37 . 2010-06-21 20:37 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-06-21 20:37 . 2010-06-21 20:37 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-06-21 20:37 . 2010-06-21 20:37 65024 ----a-w- c:\windows\system32\wlanapi.dll
2010-06-21 20:37 . 2010-06-21 20:37 513536 ----a-w- c:\windows\system32\wlansvc.dll
2010-06-21 20:37 . 2010-06-21 20:37 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-06-21 20:37 . 2010-06-21 20:37 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-06-21 20:37 . 2010-06-21 20:37 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2010-06-21 20:35 . 2010-06-21 20:35 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-06-21 20:35 . 2010-06-21 20:35 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-06-21 20:35 . 2010-06-21 20:35 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-06-21 20:34 . 2010-06-21 20:34 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-06-21 20:34 . 2010-06-21 20:34 9728 ----a-w- c:\windows\system32\lsass.exe
2010-06-21 20:34 . 2010-06-21 20:34 72704 ----a-w- c:\windows\system32\secur32.dll
2010-06-21 20:34 . 2010-06-21 20:34 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-06-21 20:34 . 2010-06-21 20:34 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-06-21 20:34 . 2010-06-21 20:34 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-06-21 20:33 . 2010-06-21 20:33 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-06-21 20:33 . 2010-06-21 20:33 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-06-21 20:33 . 2010-06-21 20:33 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-06-21 20:30 . 2010-06-21 20:30 98816 ----a-w- c:\windows\system32\mfps.dll
2010-06-21 20:30 . 2010-06-21 20:30 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-06-21 20:30 . 2010-06-21 20:30 2868224 ----a-w- c:\windows\system32\mf.dll
2010-06-21 20:30 . 2010-06-21 20:30 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-06-21 20:30 . 2010-06-21 20:30 2048 ----a-w- c:\windows\system32\mferror.dll
2010-06-21 20:23 . 2010-06-21 20:23 71680 ----a-w- c:\windows\system32\atl.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PCM Media Sharing.lnk]
backup=c:\windows\pss\PCM Media Sharing.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Libas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
2007-01-24 08:27 319488 ----a-w- c:\acer\Empowering Technology\SysMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
2007-02-15 16:39 151552 ----a-w- c:\acer\AcerTour\Reminder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-03-23 11:04 4423680 ----a-w- c:\windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-03-16 07:06 1822720 ----a-w- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2006-11-05 19:48 57344 ----a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c8,cb,14,91,0b,12,cb,01
R1 aswSP;aswSP; [x]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-04-04 266343]
R2 Acer TV Share Service;Acer TV Share Service;c:\program files\Acer Arcade Live\Acer TV Share\Kernel\DMSTV\CLMSServer.exe [2007-04-04 269424]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Ph3xIB32;Philips 713x VU PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-07-07 14904]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2006-09-19 80744]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - ECACHE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Libas\AppData\Roaming\Mozilla\Firefox\Profiles\2f8a83c0.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-RunOnce-<NO NAME> - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-27 15:01
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2010-08-27 15:02:58
ComboFix-quarantined-files.txt 2010-08-27 13:02
ComboFix2.txt 2010-08-27 10:25
Před spuštěním: Volných bajtů: 150 488 977 408
Po spuštění: Volných bajtů: 150 356 930 560
- - End Of File - - 6CB7865C9E98A8BA5B42439F85BA5C2B
Re: System32\wininit.exe.vir
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:04:11, on 27.8.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Safe mode
Running processes:
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: Acer TV Share Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer TV Share\Kernel\DMSTV\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 4101 bytes
Scan saved at 15:04:11, on 27.8.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Safe mode
Running processes:
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: Acer TV Share Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer TV Share\Kernel\DMSTV\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 4101 bytes
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43296
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: System32\wininit.exe.vir
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast, či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast či Microsoft Security Essentials
Jsou ještě nějaké problémy?
Start-Spustit a zadej ComboFix /Uninstall
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast, či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast či Microsoft Security Essentials
Jsou ještě nějaké problémy?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: System32\wininit.exe.vir
Problémy žádné nejsou.....))
Tady je ještě Virustotal :c:\windows\HPHins15.dat,-- trvalo to cca 10-12 min.. http://www.virustotal.com/file-scan/report.html?id=5038a539c6a2eb5c60a99a7df54d20315052b69c1fec400fbf5ba535d7cf83d1-1282914689
Tady je ještě Virustotal :c:\windows\HPHins15.dat,-- trvalo to cca 10-12 min.. http://www.virustotal.com/file-scan/report.html?id=5038a539c6a2eb5c60a99a7df54d20315052b69c1fec400fbf5ba535d7cf83d1-1282914689
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43296
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: System32\wininit.exe.vir
c:\windows\HPHins15.dat ---- ten soubor smaž.
Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 68 hostů