Zdravím, nejde windows update s chybou 0x80072EFF po odstranění jednoho viru, nevím jestli ještě je nějaký schovaný, jedná se o systém win xp, sp3, zkontrolováno antivirem Avira, vyčištěno ccleanerem a opraveny registry, zkontrolováno programem Malwarebytes' Anti-Malware a ad-awarem.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:49:53, on 30.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE
C:\PROGRA~1\Lenovo\PMDriver\PMHandler.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Lenovo\PMDriver\PMSveH.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\CCleaner\CCleaner.exe
C:\Documents and Settings\mmm\Plocha\hijackthis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE /c
O4 - HKLM\..\Run: [PMHandler] C:\PROGRA~1\Lenovo\PMDriver\PMHandler.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0951755562
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PMSveH - Lenovo - C:\Program Files\Lenovo\PMDriver\PMSveH.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
--
End of file - 9823 bytes
děkuju
Prosím o kontrolu
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu
Odinstaluj:
ICQ Toolbar
Daemon Tools Toolbar
AdAware - starý, zbytečný
v logu fixni:
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0951755562
ypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
ICQ Toolbar
Daemon Tools Toolbar
AdAware - starý, zbytečný
v logu fixni:
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0951755562
ypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Prosím o kontrolu
děkuju, zde je log
ComboFix 10-11-29.05 - mmm 30.11.2010 15:36:35.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3032.2608 [GMT 1:00]
Spuštěný z: c:\documents and settings\mmm\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-28 do 2010-11-30 )))))))))))))))))))))))))))))))
.
2010-11-28 17:52 . 2010-11-28 17:52 -------- d-----w- c:\documents and settings\mmm\Data aplikací\Malwarebytes
2010-11-28 17:51 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-28 17:51 . 2010-11-28 17:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-28 17:51 . 2010-11-28 17:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-11-28 17:51 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-28 17:48 . 2010-10-19 09:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-11-28 17:30 . 2010-11-28 17:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2010-11-28 17:26 . 2010-11-28 17:26 -------- d-----w- c:\program files\CCleaner
2010-11-28 17:26 . 2010-11-28 17:26 -------- d-----w- c:\documents and settings\mmm\Local Settings\Data aplikací\Temp
2010-11-28 17:26 . 2010-11-28 17:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2010-11-28 13:55 . 2010-11-28 13:55 -------- d-sh--w- c:\documents and settings\mmm\IECompatCache
2010-11-28 13:54 . 2010-11-28 13:54 -------- d-sh--w- c:\documents and settings\mmm\PrivacIE
2010-11-28 13:52 . 2010-11-28 13:52 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-11-28 13:52 . 2010-11-28 13:52 -------- d-sh--w- c:\documents and settings\mmm\IETldCache
2010-11-28 13:48 . 2010-11-28 13:48 -------- dc-h--w- c:\windows\ie8
2010-11-28 13:44 . 2010-11-28 13:44 -------- d-----w- c:\documents and settings\LocalService\Plocha
2010-11-28 13:28 . 2010-11-28 16:59 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-28 13:24 . 2010-11-28 13:24 -------- d-----w- c:\documents and settings\mmm\Local Settings\Data aplikací\Sunbelt Software
2010-11-28 13:18 . 2010-11-30 14:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Lavasoft
2010-11-24 18:02 . 2010-11-24 18:02 -------- d-----w- c:\program files\Cybertek Games
2010-11-24 17:02 . 2010-11-24 17:02 -------- d-----w- c:\documents and settings\mmm\Local Settings\Data aplikací\Help
2010-11-22 21:32 . 2010-11-22 21:32 -------- d-----w- c:\documents and settings\mmm\Data aplikací\Orneon
2010-11-22 21:28 . 2010-11-22 21:30 -------- d-----w- c:\program files\Echoes of the Past - The Castle of Shadows Collectors Edition
2010-11-21 00:29 . 2010-11-21 00:29 -------- d-----w- c:\documents and settings\mmm\Data aplikací\Elephant Games
2010-11-21 00:29 . 2010-11-21 00:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Elephant Games
2010-11-21 00:07 . 2010-11-21 00:07 -------- d-----w- c:\documents and settings\mmm\Data aplikací\EleFun Games
2010-11-20 18:29 . 2010-11-20 18:30 -------- d-----w- c:\documents and settings\mmm\Data aplikací\TeamViewer
2010-11-20 15:56 . 2010-11-28 21:55 -------- d-----w- c:\windows\system32\NtmsData
2010-11-20 15:53 . 2010-11-20 15:53 -------- d-----w- c:\documents and settings\mmm\Data aplikací\Avira
2010-11-20 15:43 . 2010-11-20 15:43 -------- d-----w- c:\documents and settings\Administrator
2010-11-19 18:26 . 2010-11-19 18:26 -------- d-----w- c:\documents and settings\mmm\Data aplikací\PlayPond
2010-11-19 18:26 . 2010-11-19 18:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Trymedia
2010-11-19 18:25 . 2010-11-19 18:25 -------- d-----w- c:\program files\Mystery Legends Phantom of the Opera
2010-11-19 17:29 . 2010-11-19 17:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\BigFishGamesCache
2010-11-18 20:15 . 2010-11-18 20:15 -------- d-----w- c:\documents and settings\mmm\Data aplikací\PlayFirst
2010-11-18 20:15 . 2010-11-18 20:15 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PlayFirst
2010-11-16 16:14 . 2010-11-16 16:17 -------- d-----w- c:\program files\ICQ7.2
2010-11-14 20:33 . 2010-11-14 20:33 -------- d-----w- c:\documents and settings\mmm\Data aplikací\Frogwares
2010-11-11 18:19 . 2010-11-11 18:19 -------- d-----w- c:\documents and settings\mmm\Data aplikací\Alawar
2010-11-11 18:14 . 2010-11-11 18:15 -------- d-----w- c:\documents and settings\mmm\Data aplikací\Land Of Runes
2010-11-11 17:59 . 2010-11-11 17:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Meridian93
2010-11-11 17:55 . 2010-11-11 17:57 -------- d-----w- c:\program files\Ztracený poklad
2010-11-06 14:03 . 2010-11-06 14:03 -------- d-----w- c:\documents and settings\mmm\Data aplikací\Canneverbe_Limited
2010-11-06 13:55 . 2010-11-10 21:20 -------- d-----w- c:\program files\Ledova kralovna
2010-11-05 20:50 . 2010-11-05 20:50 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Friday's games
2010-11-04 22:06 . 2010-11-11 18:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alawar Stargaze
2010-11-04 22:06 . 2010-11-04 22:06 -------- d-----w- c:\documents and settings\mmm\Local Settings\Data aplikací\STARGAZE_IMAGE_CACHE
2010-11-04 22:05 . 2010-11-04 22:06 -------- d-----w- c:\program files\Amulet věků - Útěk z Pompejí
2010-11-04 21:30 . 2010-11-14 02:12 -------- d-----w- c:\program files\Brana svetu - cesta za horizont
2010-11-04 19:46 . 2010-11-06 13:56 -------- d-----w- c:\documents and settings\mmm\Data aplikací\URSE Games
2010-11-04 19:45 . 2010-11-10 21:21 -------- d-----w- c:\program files\Ledova kralovna 2
2010-11-04 19:04 . 2010-11-04 21:30 -------- d-----w- c:\documents and settings\mmm\Data aplikací\Špidla Data Processing, s.r.o
2010-11-04 19:04 . 2010-11-04 19:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Špidla Data Processing, s.r.o
2010-11-04 19:04 . 2010-11-06 23:53 -------- d-----w- c:\program files\Ztracené Eldorádo
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-22 15:40 . 2009-10-07 20:50 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-26 14:08 . 2010-09-26 14:08 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\progra~1\ICQ7.2\ICQ.exe" [2010-11-16 133432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-26 163840]
"SmartAudio"="c:\program files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE" [2008-07-21 2701880]
"PMHandler"="c:\progra~1\Lenovo\PMDriver\PMHandler.exe" [2009-04-02 247080]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-04-30 1347584]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-04-30 1191936]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-06-22 4355464]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-06-22 960568]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-06-22 377248]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-15 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-15 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-15 150040]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-26 30192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-18 576104]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\UltraVNC\\winvnc.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.9.2010 15:08 436792]
R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\drivers\tdrpm228.sys [8.10.2009 15:39 902592]
R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [24.5.2006 10:48 10240]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [28.11.2010 14:28 93360]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7.10.2009 21:50 135336]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [8.10.2009 15:09 6016]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [7.8.2008 16:01 97536]
R3 vm331avs;Lenovo EasyCamera;c:\windows\system32\drivers\vm331avs.sys [1.7.2008 1:26 974336]
S2 AMService;AMService;c:\windows\TEMP\wfbw\setup.exe run --> c:\windows\TEMP\wfbw\setup.exe run [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28.11.2010 18:25 136176]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [27.12.2009 23:13 30192]
S3 ZD1211BU(TP-LINK);TL-WN322G/WN322G+ Wireless USB Adapter Driver(TP-LINK);c:\windows\system32\drivers\ZD1211BU.sys [19.1.2010 17:14 500736]
.
Obsah adresáře 'Naplánované úlohy'
2010-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 17:25]
2010-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 17:25]
.
.
------- Doplňkový sken -------
.
IE: &Google Search - c:\program files\Google\googletoolbar.dll/cmsearch.html
IE: Backward &Links - c:\program files\Google\googletoolbar.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\googletoolbar.dll/cmcache.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Si&milar Pages - c:\program files\Google\googletoolbar.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\googletoolbar.dll/cmtrans.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-30 15:43
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1120)
c:\windows\system32\netprovcredman.dll
- - - - - - - > 'explorer.exe'(2936)
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Lenovo\PMDriver\PMSveH.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-11-30 15:45:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-30 14:45
Před spuštěním: Volných bajtů: 23 286 419 456
Po spuštění: Volných bajtů: 23 203 061 760
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - C4991E3EDE921269DCE2CBCD2F9899EE
ComboFix 10-11-29.05 - mmm 30.11.2010 15:36:35.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3032.2608 [GMT 1:00]
Spuštěný z: c:\documents and settings\mmm\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-28 do 2010-11-30 )))))))))))))))))))))))))))))))
.
2010-11-28 17:52 . 2010-11-28 17:52 -------- d-----w- c:\documents and settings\mmm\Data aplikací\Malwarebytes
2010-11-28 17:51 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-28 17:51 . 2010-11-28 17:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-28 17:51 . 2010-11-28 17:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-11-28 17:51 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-28 17:48 . 2010-10-19 09:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-11-28 17:30 . 2010-11-28 17:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2010-11-28 17:26 . 2010-11-28 17:26 -------- d-----w- c:\program files\CCleaner
2010-11-28 17:26 . 2010-11-28 17:26 -------- d-----w- c:\documents and settings\mmm\Local Settings\Data aplikací\Temp
2010-11-28 17:26 . 2010-11-28 17:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2010-11-28 13:55 . 2010-11-28 13:55 -------- d-sh--w- c:\documents and settings\mmm\IECompatCache
2010-11-28 13:54 . 2010-11-28 13:54 -------- d-sh--w- c:\documents and settings\mmm\PrivacIE
2010-11-28 13:52 . 2010-11-28 13:52 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-11-28 13:52 . 2010-11-28 13:52 -------- d-sh--w- c:\documents and settings\mmm\IETldCache
2010-11-28 13:48 . 2010-11-28 13:48 -------- dc-h--w- c:\windows\ie8
2010-11-28 13:44 . 2010-11-28 13:44 -------- d-----w- c:\documents and settings\LocalService\Plocha
2010-11-28 13:28 . 2010-11-28 16:59 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-28 13:24 . 2010-11-28 13:24 -------- d-----w- c:\documents and settings\mmm\Local Settings\Data aplikací\Sunbelt Software
2010-11-28 13:18 . 2010-11-30 14:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Lavasoft
2010-11-24 18:02 . 2010-11-24 18:02 -------- d-----w- c:\program files\Cybertek Games
2010-11-24 17:02 . 2010-11-24 17:02 -------- d-----w- c:\documents and settings\mmm\Local Settings\Data aplikací\Help
2010-11-22 21:32 . 2010-11-22 21:32 -------- d-----w- c:\documents and settings\mmm\Data aplikací\Orneon
2010-11-22 21:28 . 2010-11-22 21:30 -------- d-----w- c:\program files\Echoes of the Past - The Castle of Shadows Collectors Edition
2010-11-21 00:29 . 2010-11-21 00:29 -------- d-----w- c:\documents and settings\mmm\Data aplikací\Elephant Games
2010-11-21 00:29 . 2010-11-21 00:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Elephant Games
2010-11-21 00:07 . 2010-11-21 00:07 -------- d-----w- c:\documents and settings\mmm\Data aplikací\EleFun Games
2010-11-20 18:29 . 2010-11-20 18:30 -------- d-----w- c:\documents and settings\mmm\Data aplikací\TeamViewer
2010-11-20 15:56 . 2010-11-28 21:55 -------- d-----w- c:\windows\system32\NtmsData
2010-11-20 15:53 . 2010-11-20 15:53 -------- d-----w- c:\documents and settings\mmm\Data aplikací\Avira
2010-11-20 15:43 . 2010-11-20 15:43 -------- d-----w- c:\documents and settings\Administrator
2010-11-19 18:26 . 2010-11-19 18:26 -------- d-----w- c:\documents and settings\mmm\Data aplikací\PlayPond
2010-11-19 18:26 . 2010-11-19 18:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Trymedia
2010-11-19 18:25 . 2010-11-19 18:25 -------- d-----w- c:\program files\Mystery Legends Phantom of the Opera
2010-11-19 17:29 . 2010-11-19 17:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\BigFishGamesCache
2010-11-18 20:15 . 2010-11-18 20:15 -------- d-----w- c:\documents and settings\mmm\Data aplikací\PlayFirst
2010-11-18 20:15 . 2010-11-18 20:15 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PlayFirst
2010-11-16 16:14 . 2010-11-16 16:17 -------- d-----w- c:\program files\ICQ7.2
2010-11-14 20:33 . 2010-11-14 20:33 -------- d-----w- c:\documents and settings\mmm\Data aplikací\Frogwares
2010-11-11 18:19 . 2010-11-11 18:19 -------- d-----w- c:\documents and settings\mmm\Data aplikací\Alawar
2010-11-11 18:14 . 2010-11-11 18:15 -------- d-----w- c:\documents and settings\mmm\Data aplikací\Land Of Runes
2010-11-11 17:59 . 2010-11-11 17:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Meridian93
2010-11-11 17:55 . 2010-11-11 17:57 -------- d-----w- c:\program files\Ztracený poklad
2010-11-06 14:03 . 2010-11-06 14:03 -------- d-----w- c:\documents and settings\mmm\Data aplikací\Canneverbe_Limited
2010-11-06 13:55 . 2010-11-10 21:20 -------- d-----w- c:\program files\Ledova kralovna
2010-11-05 20:50 . 2010-11-05 20:50 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Friday's games
2010-11-04 22:06 . 2010-11-11 18:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alawar Stargaze
2010-11-04 22:06 . 2010-11-04 22:06 -------- d-----w- c:\documents and settings\mmm\Local Settings\Data aplikací\STARGAZE_IMAGE_CACHE
2010-11-04 22:05 . 2010-11-04 22:06 -------- d-----w- c:\program files\Amulet věků - Útěk z Pompejí
2010-11-04 21:30 . 2010-11-14 02:12 -------- d-----w- c:\program files\Brana svetu - cesta za horizont
2010-11-04 19:46 . 2010-11-06 13:56 -------- d-----w- c:\documents and settings\mmm\Data aplikací\URSE Games
2010-11-04 19:45 . 2010-11-10 21:21 -------- d-----w- c:\program files\Ledova kralovna 2
2010-11-04 19:04 . 2010-11-04 21:30 -------- d-----w- c:\documents and settings\mmm\Data aplikací\Špidla Data Processing, s.r.o
2010-11-04 19:04 . 2010-11-04 19:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Špidla Data Processing, s.r.o
2010-11-04 19:04 . 2010-11-06 23:53 -------- d-----w- c:\program files\Ztracené Eldorádo
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-22 15:40 . 2009-10-07 20:50 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-26 14:08 . 2010-09-26 14:08 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\progra~1\ICQ7.2\ICQ.exe" [2010-11-16 133432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-26 163840]
"SmartAudio"="c:\program files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE" [2008-07-21 2701880]
"PMHandler"="c:\progra~1\Lenovo\PMDriver\PMHandler.exe" [2009-04-02 247080]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-04-30 1347584]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-04-30 1191936]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-06-22 4355464]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-06-22 960568]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-06-22 377248]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-15 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-15 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-15 150040]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-26 30192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-18 576104]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\UltraVNC\\winvnc.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.9.2010 15:08 436792]
R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\drivers\tdrpm228.sys [8.10.2009 15:39 902592]
R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [24.5.2006 10:48 10240]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [28.11.2010 14:28 93360]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7.10.2009 21:50 135336]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [8.10.2009 15:09 6016]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [7.8.2008 16:01 97536]
R3 vm331avs;Lenovo EasyCamera;c:\windows\system32\drivers\vm331avs.sys [1.7.2008 1:26 974336]
S2 AMService;AMService;c:\windows\TEMP\wfbw\setup.exe run --> c:\windows\TEMP\wfbw\setup.exe run [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28.11.2010 18:25 136176]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [27.12.2009 23:13 30192]
S3 ZD1211BU(TP-LINK);TL-WN322G/WN322G+ Wireless USB Adapter Driver(TP-LINK);c:\windows\system32\drivers\ZD1211BU.sys [19.1.2010 17:14 500736]
.
Obsah adresáře 'Naplánované úlohy'
2010-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 17:25]
2010-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 17:25]
.
.
------- Doplňkový sken -------
.
IE: &Google Search - c:\program files\Google\googletoolbar.dll/cmsearch.html
IE: Backward &Links - c:\program files\Google\googletoolbar.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\googletoolbar.dll/cmcache.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Si&milar Pages - c:\program files\Google\googletoolbar.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\googletoolbar.dll/cmtrans.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-30 15:43
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1120)
c:\windows\system32\netprovcredman.dll
- - - - - - - > 'explorer.exe'(2936)
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Lenovo\PMDriver\PMSveH.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-11-30 15:45:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-30 14:45
Před spuštěním: Volných bajtů: 23 286 419 456
Po spuštění: Volných bajtů: 23 203 061 760
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - C4991E3EDE921269DCE2CBCD2F9899EE
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
Driver::
AMService
File::
c:\windows\TEMP\wfbw\setup.exe run
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Prosím o kontrolu
ComboFix 10-11-29.05 - mmm 30.11.2010 17:39:57.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3032.2555 [GMT 1:00]
Spuštěný z: c:\documents and settings\mmm\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\mmm\Plocha\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FILE ::
"c:\windows\TEMP\wfbw\setup.exe run"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AMSERVICE
-------\Service_AMService
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-28 do 2010-11-30 )))))))))))))))))))))))))))))))
.
2010-11-30 15:05 . 2010-11-30 15:05 -------- d-----w- c:\windows\LastGood.Tmp
2010-11-30 14:55 . 2009-08-06 18:24 15072 ----a-w- c:\windows\system32\wuapi.dll.mui
2010-11-28 17:52 . 2010-11-28 17:52 -------- d-----w- c:\documents and settings\mmm\Data aplikací\Malwarebytes
2010-11-28 17:51 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-28 17:51 . 2010-11-28 17:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-28 17:51 . 2010-11-28 17:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-11-28 17:51 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-28 17:48 . 2010-10-19 09:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-11-28 17:30 . 2010-11-28 17:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2010-11-28 17:26 . 2010-11-28 17:26 -------- d-----w- c:\program files\CCleaner
2010-11-28 17:26 . 2010-11-28 17:26 -------- d-----w- c:\documents and settings\mmm\Local Settings\Data aplikací\Temp
2010-11-28 17:26 . 2010-11-28 17:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2010-11-28 13:55 . 2010-11-28 13:55 -------- d-sh--w- c:\documents and settings\mmm\IECompatCache
2010-11-28 13:54 . 2010-11-28 13:54 -------- d-sh--w- c:\documents and settings\mmm\PrivacIE
2010-11-28 13:52 . 2010-11-28 13:52 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-11-28 13:52 . 2010-11-28 13:52 -------- d-sh--w- c:\documents and settings\mmm\IETldCache
2010-11-28 13:48 . 2010-11-28 13:48 -------- dc-h--w- c:\windows\ie8
2010-11-28 13:44 . 2010-11-28 13:44 -------- d-----w- c:\documents and settings\LocalService\Plocha
2010-11-28 13:28 . 2010-11-28 16:59 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-28 13:24 . 2010-11-28 13:24 -------- d-----w- c:\documents and settings\mmm\Local Settings\Data aplikací\Sunbelt Software
2010-11-28 13:18 . 2010-11-30 14:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Lavasoft
2010-11-24 18:02 . 2010-11-24 18:02 -------- d-----w- c:\program files\Cybertek Games
2010-11-24 17:02 . 2010-11-24 17:02 -------- d-----w- c:\documents and settings\mmm\Local Settings\Data aplikací\Help
2010-11-22 21:32 . 2010-11-22 21:32 -------- d-----w- c:\documents and settings\mmm\Data aplikací\Orneon
2010-11-22 21:28 . 2010-11-22 21:30 -------- d-----w- c:\program files\Echoes of the Past - The Castle of Shadows Collectors Edition
2010-11-21 00:29 . 2010-11-21 00:29 -------- d-----w- c:\documents and settings\mmm\Data aplikací\Elephant Games
2010-11-21 00:29 . 2010-11-21 00:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Elephant Games
2010-11-21 00:07 . 2010-11-21 00:07 -------- d-----w- c:\documents and settings\mmm\Data aplikací\EleFun Games
2010-11-20 18:29 . 2010-11-20 18:30 -------- d-----w- c:\documents and settings\mmm\Data aplikací\TeamViewer
2010-11-20 15:56 . 2010-11-28 21:55 -------- d-----w- c:\windows\system32\NtmsData
2010-11-20 15:53 . 2010-11-20 15:53 -------- d-----w- c:\documents and settings\mmm\Data aplikací\Avira
2010-11-20 15:43 . 2010-11-20 15:43 -------- d-----w- c:\documents and settings\Administrator
2010-11-19 18:26 . 2010-11-19 18:26 -------- d-----w- c:\documents and settings\mmm\Data aplikací\PlayPond
2010-11-19 18:26 . 2010-11-19 18:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Trymedia
2010-11-19 18:25 . 2010-11-19 18:25 -------- d-----w- c:\program files\Mystery Legends Phantom of the Opera
2010-11-19 17:29 . 2010-11-19 17:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\BigFishGamesCache
2010-11-18 20:15 . 2010-11-18 20:15 -------- d-----w- c:\documents and settings\mmm\Data aplikací\PlayFirst
2010-11-18 20:15 . 2010-11-18 20:15 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PlayFirst
2010-11-16 16:14 . 2010-11-16 16:17 -------- d-----w- c:\program files\ICQ7.2
2010-11-14 20:33 . 2010-11-14 20:33 -------- d-----w- c:\documents and settings\mmm\Data aplikací\Frogwares
2010-11-11 18:19 . 2010-11-11 18:19 -------- d-----w- c:\documents and settings\mmm\Data aplikací\Alawar
2010-11-11 18:14 . 2010-11-11 18:15 -------- d-----w- c:\documents and settings\mmm\Data aplikací\Land Of Runes
2010-11-11 17:59 . 2010-11-11 17:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Meridian93
2010-11-11 17:55 . 2010-11-11 17:57 -------- d-----w- c:\program files\Ztracený poklad
2010-11-06 14:03 . 2010-11-06 14:03 -------- d-----w- c:\documents and settings\mmm\Data aplikací\Canneverbe_Limited
2010-11-06 13:55 . 2010-11-10 21:20 -------- d-----w- c:\program files\Ledova kralovna
2010-11-05 20:50 . 2010-11-05 20:50 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Friday's games
2010-11-04 22:06 . 2010-11-11 18:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alawar Stargaze
2010-11-04 22:06 . 2010-11-04 22:06 -------- d-----w- c:\documents and settings\mmm\Local Settings\Data aplikací\STARGAZE_IMAGE_CACHE
2010-11-04 22:05 . 2010-11-04 22:06 -------- d-----w- c:\program files\Amulet věků - Útěk z Pompejí
2010-11-04 21:30 . 2010-11-14 02:12 -------- d-----w- c:\program files\Brana svetu - cesta za horizont
2010-11-04 19:46 . 2010-11-06 13:56 -------- d-----w- c:\documents and settings\mmm\Data aplikací\URSE Games
2010-11-04 19:45 . 2010-11-10 21:21 -------- d-----w- c:\program files\Ledova kralovna 2
2010-11-04 19:04 . 2010-11-04 21:30 -------- d-----w- c:\documents and settings\mmm\Data aplikací\Špidla Data Processing, s.r.o
2010-11-04 19:04 . 2010-11-04 19:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Špidla Data Processing, s.r.o
2010-11-04 19:04 . 2010-11-06 23:53 -------- d-----w- c:\program files\Ztracené Eldorádo
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-22 15:40 . 2009-10-07 20:50 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-26 14:08 . 2010-09-26 14:08 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-11-30_14.42.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-16 12:09 . 2009-08-06 18:24 44768 c:\windows\system32\wups2.dll
+ 2009-10-07 19:59 . 2009-08-06 18:24 35552 c:\windows\system32\wups.dll
+ 2009-10-07 19:59 . 2009-08-06 18:24 53472 c:\windows\system32\wuauclt.exe
+ 2010-11-30 14:55 . 2009-08-06 18:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2010-11-30 14:55 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2009-10-07 19:59 . 2009-08-06 18:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2009-10-07 19:59 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2008-04-14 06:51 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2008-04-14 06:51 . 2009-08-06 18:24 96480 c:\windows\system32\cdm.dll
+ 2009-10-07 19:59 . 2009-08-06 18:23 209624 c:\windows\system32\wuweb.dll
+ 2009-10-07 19:59 . 2009-08-06 18:24 327896 c:\windows\system32\wucltui.dll
+ 2009-10-07 19:59 . 2009-08-06 18:23 575704 c:\windows\system32\wuapi.dll
+ 2010-11-30 14:55 . 2009-08-06 18:23 575704 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.4.7600.226\wuapi.dll
+ 2009-08-06 18:23 . 2009-08-06 18:23 215904 c:\windows\system32\muweb.dll
+ 2009-10-07 19:59 . 2009-08-06 18:23 209624 c:\windows\system32\dllcache\wuweb.dll
+ 2009-10-07 19:59 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2009-10-07 19:59 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2009-10-07 19:59 . 2009-08-06 18:23 1929952 c:\windows\system32\wuaueng.dll
+ 2008-03-20 17:06 . 2008-03-20 17:06 1480232 c:\windows\system32\LegitCheckControl.dll
+ 2009-10-07 19:59 . 2009-08-06 18:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\progra~1\ICQ7.2\ICQ.exe" [2010-11-16 133432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-26 163840]
"SmartAudio"="c:\program files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE" [2008-07-21 2701880]
"PMHandler"="c:\progra~1\Lenovo\PMDriver\PMHandler.exe" [2009-04-02 247080]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-04-30 1347584]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-04-30 1191936]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-06-22 4355464]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-06-22 960568]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-06-22 377248]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-15 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-15 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-15 150040]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-26 30192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-18 576104]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\UltraVNC\\winvnc.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.9.2010 15:08 436792]
R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\drivers\tdrpm228.sys [8.10.2009 15:39 902592]
R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [24.5.2006 10:48 10240]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [28.11.2010 14:28 93360]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7.10.2009 21:50 135336]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [8.10.2009 15:09 6016]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [7.8.2008 16:01 97536]
R3 vm331avs;Lenovo EasyCamera;c:\windows\system32\drivers\vm331avs.sys [1.7.2008 1:26 974336]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28.11.2010 18:25 136176]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [27.12.2009 23:13 30192]
S3 ZD1211BU(TP-LINK);TL-WN322G/WN322G+ Wireless USB Adapter Driver(TP-LINK);c:\windows\system32\drivers\ZD1211BU.sys [19.1.2010 17:14 500736]
.
Obsah adresáře 'Naplánované úlohy'
2010-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 17:25]
2010-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 17:25]
.
.
------- Doplňkový sken -------
.
IE: &Google Search - c:\program files\Google\googletoolbar.dll/cmsearch.html
IE: Backward &Links - c:\program files\Google\googletoolbar.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\googletoolbar.dll/cmcache.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Si&milar Pages - c:\program files\Google\googletoolbar.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\googletoolbar.dll/cmtrans.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-30 17:46
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1116)
c:\windows\system32\netprovcredman.dll
- - - - - - - > 'explorer.exe'(3476)
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Lenovo\PMDriver\PMSveH.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2010-11-30 17:48:44 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-30 16:48
ComboFix2.txt 2010-11-30 14:45
Před spuštěním: Volných bajtů: 23 161 110 528
Po spuštění: Volných bajtů: 23 148 068 864
- - End Of File - - D6787575450954F2F16022A261679891
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3032.2555 [GMT 1:00]
Spuštěný z: c:\documents and settings\mmm\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\mmm\Plocha\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FILE ::
"c:\windows\TEMP\wfbw\setup.exe run"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AMSERVICE
-------\Service_AMService
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-28 do 2010-11-30 )))))))))))))))))))))))))))))))
.
2010-11-30 15:05 . 2010-11-30 15:05 -------- d-----w- c:\windows\LastGood.Tmp
2010-11-30 14:55 . 2009-08-06 18:24 15072 ----a-w- c:\windows\system32\wuapi.dll.mui
2010-11-28 17:52 . 2010-11-28 17:52 -------- d-----w- c:\documents and settings\mmm\Data aplikací\Malwarebytes
2010-11-28 17:51 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-28 17:51 . 2010-11-28 17:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-28 17:51 . 2010-11-28 17:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-11-28 17:51 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-28 17:48 . 2010-10-19 09:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-11-28 17:30 . 2010-11-28 17:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2010-11-28 17:26 . 2010-11-28 17:26 -------- d-----w- c:\program files\CCleaner
2010-11-28 17:26 . 2010-11-28 17:26 -------- d-----w- c:\documents and settings\mmm\Local Settings\Data aplikací\Temp
2010-11-28 17:26 . 2010-11-28 17:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2010-11-28 13:55 . 2010-11-28 13:55 -------- d-sh--w- c:\documents and settings\mmm\IECompatCache
2010-11-28 13:54 . 2010-11-28 13:54 -------- d-sh--w- c:\documents and settings\mmm\PrivacIE
2010-11-28 13:52 . 2010-11-28 13:52 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-11-28 13:52 . 2010-11-28 13:52 -------- d-sh--w- c:\documents and settings\mmm\IETldCache
2010-11-28 13:48 . 2010-11-28 13:48 -------- dc-h--w- c:\windows\ie8
2010-11-28 13:44 . 2010-11-28 13:44 -------- d-----w- c:\documents and settings\LocalService\Plocha
2010-11-28 13:28 . 2010-11-28 16:59 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-28 13:24 . 2010-11-28 13:24 -------- d-----w- c:\documents and settings\mmm\Local Settings\Data aplikací\Sunbelt Software
2010-11-28 13:18 . 2010-11-30 14:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Lavasoft
2010-11-24 18:02 . 2010-11-24 18:02 -------- d-----w- c:\program files\Cybertek Games
2010-11-24 17:02 . 2010-11-24 17:02 -------- d-----w- c:\documents and settings\mmm\Local Settings\Data aplikací\Help
2010-11-22 21:32 . 2010-11-22 21:32 -------- d-----w- c:\documents and settings\mmm\Data aplikací\Orneon
2010-11-22 21:28 . 2010-11-22 21:30 -------- d-----w- c:\program files\Echoes of the Past - The Castle of Shadows Collectors Edition
2010-11-21 00:29 . 2010-11-21 00:29 -------- d-----w- c:\documents and settings\mmm\Data aplikací\Elephant Games
2010-11-21 00:29 . 2010-11-21 00:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Elephant Games
2010-11-21 00:07 . 2010-11-21 00:07 -------- d-----w- c:\documents and settings\mmm\Data aplikací\EleFun Games
2010-11-20 18:29 . 2010-11-20 18:30 -------- d-----w- c:\documents and settings\mmm\Data aplikací\TeamViewer
2010-11-20 15:56 . 2010-11-28 21:55 -------- d-----w- c:\windows\system32\NtmsData
2010-11-20 15:53 . 2010-11-20 15:53 -------- d-----w- c:\documents and settings\mmm\Data aplikací\Avira
2010-11-20 15:43 . 2010-11-20 15:43 -------- d-----w- c:\documents and settings\Administrator
2010-11-19 18:26 . 2010-11-19 18:26 -------- d-----w- c:\documents and settings\mmm\Data aplikací\PlayPond
2010-11-19 18:26 . 2010-11-19 18:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Trymedia
2010-11-19 18:25 . 2010-11-19 18:25 -------- d-----w- c:\program files\Mystery Legends Phantom of the Opera
2010-11-19 17:29 . 2010-11-19 17:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\BigFishGamesCache
2010-11-18 20:15 . 2010-11-18 20:15 -------- d-----w- c:\documents and settings\mmm\Data aplikací\PlayFirst
2010-11-18 20:15 . 2010-11-18 20:15 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PlayFirst
2010-11-16 16:14 . 2010-11-16 16:17 -------- d-----w- c:\program files\ICQ7.2
2010-11-14 20:33 . 2010-11-14 20:33 -------- d-----w- c:\documents and settings\mmm\Data aplikací\Frogwares
2010-11-11 18:19 . 2010-11-11 18:19 -------- d-----w- c:\documents and settings\mmm\Data aplikací\Alawar
2010-11-11 18:14 . 2010-11-11 18:15 -------- d-----w- c:\documents and settings\mmm\Data aplikací\Land Of Runes
2010-11-11 17:59 . 2010-11-11 17:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Meridian93
2010-11-11 17:55 . 2010-11-11 17:57 -------- d-----w- c:\program files\Ztracený poklad
2010-11-06 14:03 . 2010-11-06 14:03 -------- d-----w- c:\documents and settings\mmm\Data aplikací\Canneverbe_Limited
2010-11-06 13:55 . 2010-11-10 21:20 -------- d-----w- c:\program files\Ledova kralovna
2010-11-05 20:50 . 2010-11-05 20:50 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Friday's games
2010-11-04 22:06 . 2010-11-11 18:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alawar Stargaze
2010-11-04 22:06 . 2010-11-04 22:06 -------- d-----w- c:\documents and settings\mmm\Local Settings\Data aplikací\STARGAZE_IMAGE_CACHE
2010-11-04 22:05 . 2010-11-04 22:06 -------- d-----w- c:\program files\Amulet věků - Útěk z Pompejí
2010-11-04 21:30 . 2010-11-14 02:12 -------- d-----w- c:\program files\Brana svetu - cesta za horizont
2010-11-04 19:46 . 2010-11-06 13:56 -------- d-----w- c:\documents and settings\mmm\Data aplikací\URSE Games
2010-11-04 19:45 . 2010-11-10 21:21 -------- d-----w- c:\program files\Ledova kralovna 2
2010-11-04 19:04 . 2010-11-04 21:30 -------- d-----w- c:\documents and settings\mmm\Data aplikací\Špidla Data Processing, s.r.o
2010-11-04 19:04 . 2010-11-04 19:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Špidla Data Processing, s.r.o
2010-11-04 19:04 . 2010-11-06 23:53 -------- d-----w- c:\program files\Ztracené Eldorádo
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-22 15:40 . 2009-10-07 20:50 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-26 14:08 . 2010-09-26 14:08 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-11-30_14.42.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-16 12:09 . 2009-08-06 18:24 44768 c:\windows\system32\wups2.dll
+ 2009-10-07 19:59 . 2009-08-06 18:24 35552 c:\windows\system32\wups.dll
+ 2009-10-07 19:59 . 2009-08-06 18:24 53472 c:\windows\system32\wuauclt.exe
+ 2010-11-30 14:55 . 2009-08-06 18:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2010-11-30 14:55 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2009-10-07 19:59 . 2009-08-06 18:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2009-10-07 19:59 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2008-04-14 06:51 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2008-04-14 06:51 . 2009-08-06 18:24 96480 c:\windows\system32\cdm.dll
+ 2009-10-07 19:59 . 2009-08-06 18:23 209624 c:\windows\system32\wuweb.dll
+ 2009-10-07 19:59 . 2009-08-06 18:24 327896 c:\windows\system32\wucltui.dll
+ 2009-10-07 19:59 . 2009-08-06 18:23 575704 c:\windows\system32\wuapi.dll
+ 2010-11-30 14:55 . 2009-08-06 18:23 575704 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.4.7600.226\wuapi.dll
+ 2009-08-06 18:23 . 2009-08-06 18:23 215904 c:\windows\system32\muweb.dll
+ 2009-10-07 19:59 . 2009-08-06 18:23 209624 c:\windows\system32\dllcache\wuweb.dll
+ 2009-10-07 19:59 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2009-10-07 19:59 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2009-10-07 19:59 . 2009-08-06 18:23 1929952 c:\windows\system32\wuaueng.dll
+ 2008-03-20 17:06 . 2008-03-20 17:06 1480232 c:\windows\system32\LegitCheckControl.dll
+ 2009-10-07 19:59 . 2009-08-06 18:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\progra~1\ICQ7.2\ICQ.exe" [2010-11-16 133432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-26 163840]
"SmartAudio"="c:\program files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE" [2008-07-21 2701880]
"PMHandler"="c:\progra~1\Lenovo\PMDriver\PMHandler.exe" [2009-04-02 247080]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-04-30 1347584]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-04-30 1191936]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-06-22 4355464]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-06-22 960568]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-06-22 377248]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-15 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-15 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-15 150040]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-26 30192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-18 576104]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\UltraVNC\\winvnc.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.9.2010 15:08 436792]
R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\drivers\tdrpm228.sys [8.10.2009 15:39 902592]
R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [24.5.2006 10:48 10240]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [28.11.2010 14:28 93360]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7.10.2009 21:50 135336]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [8.10.2009 15:09 6016]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [7.8.2008 16:01 97536]
R3 vm331avs;Lenovo EasyCamera;c:\windows\system32\drivers\vm331avs.sys [1.7.2008 1:26 974336]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28.11.2010 18:25 136176]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [27.12.2009 23:13 30192]
S3 ZD1211BU(TP-LINK);TL-WN322G/WN322G+ Wireless USB Adapter Driver(TP-LINK);c:\windows\system32\drivers\ZD1211BU.sys [19.1.2010 17:14 500736]
.
Obsah adresáře 'Naplánované úlohy'
2010-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 17:25]
2010-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 17:25]
.
.
------- Doplňkový sken -------
.
IE: &Google Search - c:\program files\Google\googletoolbar.dll/cmsearch.html
IE: Backward &Links - c:\program files\Google\googletoolbar.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\googletoolbar.dll/cmcache.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Si&milar Pages - c:\program files\Google\googletoolbar.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\googletoolbar.dll/cmtrans.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-30 17:46
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1116)
c:\windows\system32\netprovcredman.dll
- - - - - - - > 'explorer.exe'(3476)
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Lenovo\PMDriver\PMSveH.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2010-11-30 17:48:44 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-30 16:48
ComboFix2.txt 2010-11-30 14:45
Před spuštěním: Volných bajtů: 23 161 110 528
Po spuštění: Volných bajtů: 23 148 068 864
- - End Of File - - D6787575450954F2F16022A261679891
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials
+HJT
Jak se chová PC?
Start-Spustit a zadej ComboFix /Uninstall
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials
+HJT
Jak se chová PC?
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 16 hostů