Internet uz jde, zmizela jen adresa vychozi brany. Dekuji za napad.
Ok,
provadim ten krok s VirusTotalem.
c:\windows\system32\DfSdkBt64.exe
http://www.virustotal.com/cs/analisis/1023cfbd5ecbdd27a63ea98a773df318afcedbcf749acb7cc472a65cd6315df3-1240927976
c:\windows\system32\DfSdkBt.exe
http://www.virustotal.com/cs/analisis/ec9093a1e33dabf29094b052c7639e3864a62b4a3c36c99b6deaa5c23e1129ba-1242665415
Pokracovat s tim poznamkovym blokem budu zitra, ted musim uz pryc.
Diky za spolupraci. Jacob02
Kontrola logu
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Kontrola logu: prosim o co nejrychlejsi pomoc
Fajn
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Kontrola logu
Tak je to tady:
ComboFix 09-05-25.05 - AMD 26.05.2009 11:15.3 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1250.420.1029.18.3583.2499 [GMT 2:00]
Spuštěný z: c:\users\AMD\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\AMD\Desktop\CFScript.txt
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
* Vytvořen nový Bod Obnovení
FILE ::
c:\windows\DUMP2931.tmp
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\DUMP2931.tmp
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-04-26 do 2009-05-26 )))))))))))))))))))))))))))))))
.
2009-05-26 06:30 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{9696EDD9-75B5-4AEA-BED2-BBECBE5325FC}\mpengine.dll
2009-05-25 18:07 . 2008-06-21 02:54 65576 ----a-w c:\windows\system32\drivers\SbFwIm.sys
2009-05-25 17:06 . 2009-05-25 17:06 -------- d-----w c:\users\AMD\AppData\Roaming\Malwarebytes
2009-05-25 17:06 . 2009-05-25 17:06 -------- d-----w c:\programdata\Malwarebytes
2009-05-25 08:12 . 2009-05-25 08:12 -------- d-----w c:\program files\Trend Micro
2009-05-21 16:01 . 2009-01-09 10:46 39776 ----a-w c:\windows\system32\DfSdkBt64.exe
2009-05-21 16:01 . 2009-01-09 10:46 33632 ----a-w c:\windows\system32\DfSdkBt.exe
2009-05-21 16:01 . 2009-05-21 16:01 -------- d-----w c:\program files\Ashampoo
2009-05-17 18:03 . 2009-03-19 12:03 1907712 ----a-w c:\windows\system32\BootMan.exe
2009-05-17 18:03 . 2009-02-25 18:22 9728 ----a-w c:\windows\system32\epmntdrv.sys
2009-05-17 18:03 . 2009-02-25 18:22 86408 ----a-w c:\windows\system32\setupempdrv03.exe
2009-05-17 18:03 . 2009-02-25 18:22 3072 ----a-w c:\windows\system32\EuGdiDrv.sys
2009-05-17 18:03 . 2009-02-25 18:21 14848 ----a-w c:\windows\system32\EuEpmGdi.dll
2009-05-12 16:55 . 2009-05-12 17:14 -------- d-----w c:\program files\Windows Live Safety Center
2009-05-10 17:26 . 2009-05-12 16:31 -------- d-----w c:\programdata\Spybot - Search & Destroy
2009-05-09 18:40 . 2009-05-09 18:40 -------- d-----w c:\windows\Speeditup Free
2009-05-08 11:40 . 2009-05-08 11:45 604416 ----a-w c:\windows\system32\TUProgSt.exe
2009-05-08 11:40 . 2009-05-08 11:40 -------- d-----w c:\users\AMD\AppData\Roaming\TuneUp Software
2009-05-08 11:40 . 2009-05-08 11:40 -------- d-----w c:\programdata\TuneUp Software
2009-05-08 11:39 . 2009-05-08 11:39 -------- d-sh--w c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-05-05 09:35 . 2009-05-05 09:35 -------- d-----w c:\windows\system32\IOSUBSYS
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-26 08:42 . 2008-09-09 15:26 -------- d-----w c:\users\AMD\AppData\Roaming\Skype
2009-05-26 06:32 . 2008-01-21 06:13 598594 ----a-w c:\windows\system32\perfh005.dat
2009-05-26 06:32 . 2008-01-21 06:13 114786 ----a-w c:\windows\system32\perfc005.dat
2009-05-26 06:27 . 2008-09-10 15:17 -------- d-----w c:\users\AMD\AppData\Roaming\skypePM
2009-05-25 18:32 . 2008-09-09 13:46 1356 ----a-w c:\users\AMD\AppData\Local\d3d9caps.dat
2009-05-22 13:59 . 2009-04-01 07:14 -------- d-----w c:\users\AMD\AppData\Roaming\gtk-2.0
2009-05-22 07:26 . 2008-12-26 17:18 -------- d-----w c:\program files\ESET
2009-05-21 14:28 . 2009-01-03 14:00 -------- d-----w c:\programdata\Lavasoft
2009-05-18 11:14 . 2009-04-22 14:57 -------- d-----w c:\users\AMD\AppData\Roaming\Ahead
2009-05-14 08:48 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-05-01 09:54 . 2009-04-09 18:14 1 ----a-w c:\users\AMD\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-04-22 15:08 . 2009-04-22 15:08 -------- d-----w c:\programdata\LightScribe
2009-04-22 14:59 . 2009-04-22 14:59 -------- d-----w c:\program files\Common Files\LightScribe
2009-04-22 14:56 . 2009-04-22 14:56 -------- d-----w c:\programdata\Ahead
2009-04-22 14:56 . 2009-04-22 14:53 -------- d-----w c:\program files\Common Files\Ahead
2009-04-22 14:53 . 2009-04-22 14:53 -------- d-----w c:\programdata\Nero
2009-04-22 14:29 . 2008-09-09 13:52 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-19 16:14 . 2009-04-19 16:14 -------- d-----w c:\program files\VistaCodecPack
2009-04-19 16:13 . 2009-04-19 16:13 -------- d-----w c:\programdata\VistaCodecs
2009-04-19 15:53 . 2009-04-19 15:54 737280 ----a-w c:\windows\iun6002.exe
2009-04-10 17:31 . 2008-09-09 13:46 62496 ----a-w c:\users\AMD\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-09 18:13 . 2009-04-09 18:13 -------- d-----w c:\users\AMD\AppData\Roaming\OpenOffice.org
2009-04-06 01:18 . 2009-04-06 01:18 84480 ----a-w c:\windows\system32\ff_vfw.dll
2009-04-04 13:29 . 2009-04-04 13:18 -------- d-----w c:\programdata\CyberLink
2009-04-04 13:28 . 2009-04-04 13:13 53319 ----a-w c:\programdata\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2009-04-04 13:19 . 2009-04-04 13:18 -------- d-----w c:\users\AMD\AppData\Roaming\CyberLink
2009-04-04 13:13 . 2003-03-18 18:14 505128 ----a-w c:\windows\system32\msvcp71.dll
2009-04-04 13:13 . 2003-02-21 02:42 353576 ----a-w c:\windows\system32\msvcr71.dll
2009-03-29 23:57 . 2009-03-29 23:57 62149 ----a-w c:\windows\system32\pthreadGC2.dll
2009-03-20 13:22 . 2009-03-20 13:22 413696 ----a-w c:\windows\system32\wrap_oal.dll
2009-03-20 13:22 . 2009-03-20 13:22 110592 ----a-w c:\windows\system32\OpenAL32.dll
2009-03-17 03:38 . 2009-04-16 19:58 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 19:58 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-03 04:46 . 2009-04-16 19:58 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 19:58 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-16 19:58 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-16 19:58 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 19:58 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 19:58 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 19:58 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-16 19:58 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 19:58 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-16 19:58 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-16 19:58 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 19:58 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-16 19:58 26624 ----a-w c:\windows\system32\ieUnatt.exe
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357} ----
2009-05-08 11:39 . 2009-05-08 11:39 17097728 ----a-w c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}\{29547529-F4C7-4B61-AC98-3E15F8B99F96}.msi
---- Directory of c:\windows\system32\IOSUBSYS ----
2008-07-31 22:17 . 2008-07-31 22:17 12345 ----a-w c:\windows\system32\IOSUBSYS\pxhelper.vxd
((((((((((((((((((((((((((((( SnapShot@2009-05-25_17.40.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-05-26 06:28 44920 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-05-26 06:28 69602 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-09-09 13:48 . 2009-05-26 06:28 12712 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3054663410-1792068-614891852-1000_UserData.bin
- 2008-09-09 13:48 . 2009-05-25 07:48 12712 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3054663410-1792068-614891852-1000_UserData.bin
- 2009-04-22 08:42 . 2009-04-22 08:42 57344 c:\windows\Installer\{82B1150E-9B37-49FC-83EB-D52197D900D0}\NewShortcut4_C665E66BE8EF49DBB30B81BB5E60462C.exe
+ 2009-05-25 18:07 . 2009-05-25 18:07 57344 c:\windows\Installer\{82B1150E-9B37-49FC-83EB-D52197D900D0}\NewShortcut4_C665E66BE8EF49DBB30B81BB5E60462C.exe
- 2009-04-22 08:42 . 2009-04-22 08:42 18718 c:\windows\Installer\{82B1150E-9B37-49FC-83EB-D52197D900D0}\NewShortcut1_E659E0EE10E649B7869660F38D0EB174.exe
+ 2009-05-25 18:07 . 2009-05-25 18:07 18718 c:\windows\Installer\{82B1150E-9B37-49FC-83EB-D52197D900D0}\NewShortcut1_E659E0EE10E649B7869660F38D0EB174.exe
+ 2009-05-25 18:07 . 2009-05-25 18:07 18718 c:\windows\Installer\{82B1150E-9B37-49FC-83EB-D52197D900D0}\ARPPRODUCTICON.exe
- 2009-04-22 08:42 . 2009-04-22 08:42 18718 c:\windows\Installer\{82B1150E-9B37-49FC-83EB-D52197D900D0}\ARPPRODUCTICON.exe
- 2006-11-02 10:25 . 2009-04-22 08:42 86016 c:\windows\inf\infstrng.dat
+ 2006-11-02 10:25 . 2009-05-25 18:07 86016 c:\windows\inf\infstrng.dat
+ 2006-11-02 10:25 . 2009-05-25 18:07 86016 c:\windows\inf\infstor.dat
- 2006-11-02 10:25 . 2009-04-22 08:42 86016 c:\windows\inf\infstor.dat
- 2006-11-02 10:25 . 2009-04-22 08:42 51200 c:\windows\inf\infpub.dat
+ 2006-11-02 10:25 . 2009-05-25 18:07 51200 c:\windows\inf\infpub.dat
- 2009-05-25 07:46 . 2009-05-25 07:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-26 06:26 . 2009-05-26 06:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-26 06:26 . 2009-05-26 06:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-05-25 07:46 . 2009-05-25 07:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-09-09 20:35 . 2009-05-26 08:42 277374 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 10:33 . 2009-05-25 07:52 586980 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-05-26 06:32 586980 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-25 07:52 101052 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-05-26 06:32 101052 c:\windows\System32\perfc009.dat
+ 2008-01-21 05:49 . 2009-05-25 17:57 73919755 c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="e:\skype\Phone\Skype.exe" [2008-11-07 21633320]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-13 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-13 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-13 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-17 185872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"egui"="c:\program files\ESET\egui.exe" [2009-02-06 2021400]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-07-06 4669440]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-06-15 1826816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^AMD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\AMD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Livestation"=e:\program files\Livestation.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3054663410-1792068-614891852-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [1.7.2008 9:04 34312]
R1 SbFw;SbFw;c:\windows\System32\drivers\SbFw.sys [31.10.2008 7:09 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\System32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R2 ekrn;ESET Service;c:\program files\ESET\ekrn.exe [6.2.2009 14:23 727720]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [6.2.2009 14:24 92800]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\System32\drivers\SbFwIm.sys [25.5.2009 20:07 65576]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [21.5.2009 18:01 410976]
S3 epmntdrv;epmntdrv;c:\windows\System32\epmntdrv.sys [17.5.2009 20:03 9728]
S3 EuGdiDrv;EuGdiDrv;c:\windows\System32\EuGdiDrv.sys [17.5.2009 20:03 3072]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [9.9.2008 15:41 33752]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'
2009-05-26 c:\windows\Tasks\User_Feed_Synchronization-{9F5BAAD3-46C9-4938-8E81-3276A2C5277C}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uInternet Settings,ProxyServer = ftp=192.168.0.201:253;http=192.168.201.253:69;https=255.255.0.255:443;socks=213.195.223:193
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - e:\progra~1\OFFICE11\EXCEL.EXE/3000
TCP: {1FD630F0-DC9F-42D1-A8F3-BCD1F04B98CE} = 213.195.223.193,213.195.223.194
FF - ProfilePath - c:\users\AMD\AppData\Roaming\Mozilla\Firefox\Profiles\ea8uje5c.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - component: c:\users\AMD\AppData\Roaming\Mozilla\Firefox\Profiles\ea8uje5c.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: e:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: e:\program files\DivX\DivX Web Player\npdivx32.dll
FF - plugin: e:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: e:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: e:\program files\Netscape6\nppl3260.dll
FF - plugin: e:\program files\Netscape6\nprjplug.dll
FF - plugin: e:\program files\Netscape6\nprpjplug.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin7.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-26 11:21
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2009-05-26 11:24
ComboFix-quarantined-files.txt 2009-05-26 09:24
ComboFix2.txt 2009-05-25 17:43
Před spuštěním: 7 749 480 448
Po spuštění: 7 715 389 440
239 --- E O F --- 2009-05-26 06:30
ComboFix 09-05-25.05 - AMD 26.05.2009 11:15.3 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1250.420.1029.18.3583.2499 [GMT 2:00]
Spuštěný z: c:\users\AMD\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\AMD\Desktop\CFScript.txt
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
* Vytvořen nový Bod Obnovení
FILE ::
c:\windows\DUMP2931.tmp
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\DUMP2931.tmp
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-04-26 do 2009-05-26 )))))))))))))))))))))))))))))))
.
2009-05-26 06:30 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{9696EDD9-75B5-4AEA-BED2-BBECBE5325FC}\mpengine.dll
2009-05-25 18:07 . 2008-06-21 02:54 65576 ----a-w c:\windows\system32\drivers\SbFwIm.sys
2009-05-25 17:06 . 2009-05-25 17:06 -------- d-----w c:\users\AMD\AppData\Roaming\Malwarebytes
2009-05-25 17:06 . 2009-05-25 17:06 -------- d-----w c:\programdata\Malwarebytes
2009-05-25 08:12 . 2009-05-25 08:12 -------- d-----w c:\program files\Trend Micro
2009-05-21 16:01 . 2009-01-09 10:46 39776 ----a-w c:\windows\system32\DfSdkBt64.exe
2009-05-21 16:01 . 2009-01-09 10:46 33632 ----a-w c:\windows\system32\DfSdkBt.exe
2009-05-21 16:01 . 2009-05-21 16:01 -------- d-----w c:\program files\Ashampoo
2009-05-17 18:03 . 2009-03-19 12:03 1907712 ----a-w c:\windows\system32\BootMan.exe
2009-05-17 18:03 . 2009-02-25 18:22 9728 ----a-w c:\windows\system32\epmntdrv.sys
2009-05-17 18:03 . 2009-02-25 18:22 86408 ----a-w c:\windows\system32\setupempdrv03.exe
2009-05-17 18:03 . 2009-02-25 18:22 3072 ----a-w c:\windows\system32\EuGdiDrv.sys
2009-05-17 18:03 . 2009-02-25 18:21 14848 ----a-w c:\windows\system32\EuEpmGdi.dll
2009-05-12 16:55 . 2009-05-12 17:14 -------- d-----w c:\program files\Windows Live Safety Center
2009-05-10 17:26 . 2009-05-12 16:31 -------- d-----w c:\programdata\Spybot - Search & Destroy
2009-05-09 18:40 . 2009-05-09 18:40 -------- d-----w c:\windows\Speeditup Free
2009-05-08 11:40 . 2009-05-08 11:45 604416 ----a-w c:\windows\system32\TUProgSt.exe
2009-05-08 11:40 . 2009-05-08 11:40 -------- d-----w c:\users\AMD\AppData\Roaming\TuneUp Software
2009-05-08 11:40 . 2009-05-08 11:40 -------- d-----w c:\programdata\TuneUp Software
2009-05-08 11:39 . 2009-05-08 11:39 -------- d-sh--w c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-05-05 09:35 . 2009-05-05 09:35 -------- d-----w c:\windows\system32\IOSUBSYS
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-26 08:42 . 2008-09-09 15:26 -------- d-----w c:\users\AMD\AppData\Roaming\Skype
2009-05-26 06:32 . 2008-01-21 06:13 598594 ----a-w c:\windows\system32\perfh005.dat
2009-05-26 06:32 . 2008-01-21 06:13 114786 ----a-w c:\windows\system32\perfc005.dat
2009-05-26 06:27 . 2008-09-10 15:17 -------- d-----w c:\users\AMD\AppData\Roaming\skypePM
2009-05-25 18:32 . 2008-09-09 13:46 1356 ----a-w c:\users\AMD\AppData\Local\d3d9caps.dat
2009-05-22 13:59 . 2009-04-01 07:14 -------- d-----w c:\users\AMD\AppData\Roaming\gtk-2.0
2009-05-22 07:26 . 2008-12-26 17:18 -------- d-----w c:\program files\ESET
2009-05-21 14:28 . 2009-01-03 14:00 -------- d-----w c:\programdata\Lavasoft
2009-05-18 11:14 . 2009-04-22 14:57 -------- d-----w c:\users\AMD\AppData\Roaming\Ahead
2009-05-14 08:48 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-05-01 09:54 . 2009-04-09 18:14 1 ----a-w c:\users\AMD\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-04-22 15:08 . 2009-04-22 15:08 -------- d-----w c:\programdata\LightScribe
2009-04-22 14:59 . 2009-04-22 14:59 -------- d-----w c:\program files\Common Files\LightScribe
2009-04-22 14:56 . 2009-04-22 14:56 -------- d-----w c:\programdata\Ahead
2009-04-22 14:56 . 2009-04-22 14:53 -------- d-----w c:\program files\Common Files\Ahead
2009-04-22 14:53 . 2009-04-22 14:53 -------- d-----w c:\programdata\Nero
2009-04-22 14:29 . 2008-09-09 13:52 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-19 16:14 . 2009-04-19 16:14 -------- d-----w c:\program files\VistaCodecPack
2009-04-19 16:13 . 2009-04-19 16:13 -------- d-----w c:\programdata\VistaCodecs
2009-04-19 15:53 . 2009-04-19 15:54 737280 ----a-w c:\windows\iun6002.exe
2009-04-10 17:31 . 2008-09-09 13:46 62496 ----a-w c:\users\AMD\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-09 18:13 . 2009-04-09 18:13 -------- d-----w c:\users\AMD\AppData\Roaming\OpenOffice.org
2009-04-06 01:18 . 2009-04-06 01:18 84480 ----a-w c:\windows\system32\ff_vfw.dll
2009-04-04 13:29 . 2009-04-04 13:18 -------- d-----w c:\programdata\CyberLink
2009-04-04 13:28 . 2009-04-04 13:13 53319 ----a-w c:\programdata\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2009-04-04 13:19 . 2009-04-04 13:18 -------- d-----w c:\users\AMD\AppData\Roaming\CyberLink
2009-04-04 13:13 . 2003-03-18 18:14 505128 ----a-w c:\windows\system32\msvcp71.dll
2009-04-04 13:13 . 2003-02-21 02:42 353576 ----a-w c:\windows\system32\msvcr71.dll
2009-03-29 23:57 . 2009-03-29 23:57 62149 ----a-w c:\windows\system32\pthreadGC2.dll
2009-03-20 13:22 . 2009-03-20 13:22 413696 ----a-w c:\windows\system32\wrap_oal.dll
2009-03-20 13:22 . 2009-03-20 13:22 110592 ----a-w c:\windows\system32\OpenAL32.dll
2009-03-17 03:38 . 2009-04-16 19:58 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 19:58 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-03 04:46 . 2009-04-16 19:58 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 19:58 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-16 19:58 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-16 19:58 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 19:58 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 19:58 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 19:58 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-16 19:58 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 19:58 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-16 19:58 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-16 19:58 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 19:58 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-16 19:58 26624 ----a-w c:\windows\system32\ieUnatt.exe
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357} ----
2009-05-08 11:39 . 2009-05-08 11:39 17097728 ----a-w c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}\{29547529-F4C7-4B61-AC98-3E15F8B99F96}.msi
---- Directory of c:\windows\system32\IOSUBSYS ----
2008-07-31 22:17 . 2008-07-31 22:17 12345 ----a-w c:\windows\system32\IOSUBSYS\pxhelper.vxd
((((((((((((((((((((((((((((( SnapShot@2009-05-25_17.40.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-05-26 06:28 44920 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-05-26 06:28 69602 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-09-09 13:48 . 2009-05-26 06:28 12712 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3054663410-1792068-614891852-1000_UserData.bin
- 2008-09-09 13:48 . 2009-05-25 07:48 12712 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3054663410-1792068-614891852-1000_UserData.bin
- 2009-04-22 08:42 . 2009-04-22 08:42 57344 c:\windows\Installer\{82B1150E-9B37-49FC-83EB-D52197D900D0}\NewShortcut4_C665E66BE8EF49DBB30B81BB5E60462C.exe
+ 2009-05-25 18:07 . 2009-05-25 18:07 57344 c:\windows\Installer\{82B1150E-9B37-49FC-83EB-D52197D900D0}\NewShortcut4_C665E66BE8EF49DBB30B81BB5E60462C.exe
- 2009-04-22 08:42 . 2009-04-22 08:42 18718 c:\windows\Installer\{82B1150E-9B37-49FC-83EB-D52197D900D0}\NewShortcut1_E659E0EE10E649B7869660F38D0EB174.exe
+ 2009-05-25 18:07 . 2009-05-25 18:07 18718 c:\windows\Installer\{82B1150E-9B37-49FC-83EB-D52197D900D0}\NewShortcut1_E659E0EE10E649B7869660F38D0EB174.exe
+ 2009-05-25 18:07 . 2009-05-25 18:07 18718 c:\windows\Installer\{82B1150E-9B37-49FC-83EB-D52197D900D0}\ARPPRODUCTICON.exe
- 2009-04-22 08:42 . 2009-04-22 08:42 18718 c:\windows\Installer\{82B1150E-9B37-49FC-83EB-D52197D900D0}\ARPPRODUCTICON.exe
- 2006-11-02 10:25 . 2009-04-22 08:42 86016 c:\windows\inf\infstrng.dat
+ 2006-11-02 10:25 . 2009-05-25 18:07 86016 c:\windows\inf\infstrng.dat
+ 2006-11-02 10:25 . 2009-05-25 18:07 86016 c:\windows\inf\infstor.dat
- 2006-11-02 10:25 . 2009-04-22 08:42 86016 c:\windows\inf\infstor.dat
- 2006-11-02 10:25 . 2009-04-22 08:42 51200 c:\windows\inf\infpub.dat
+ 2006-11-02 10:25 . 2009-05-25 18:07 51200 c:\windows\inf\infpub.dat
- 2009-05-25 07:46 . 2009-05-25 07:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-26 06:26 . 2009-05-26 06:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-26 06:26 . 2009-05-26 06:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-05-25 07:46 . 2009-05-25 07:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-09-09 20:35 . 2009-05-26 08:42 277374 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 10:33 . 2009-05-25 07:52 586980 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-05-26 06:32 586980 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-25 07:52 101052 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-05-26 06:32 101052 c:\windows\System32\perfc009.dat
+ 2008-01-21 05:49 . 2009-05-25 17:57 73919755 c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="e:\skype\Phone\Skype.exe" [2008-11-07 21633320]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-13 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-13 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-13 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-17 185872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"egui"="c:\program files\ESET\egui.exe" [2009-02-06 2021400]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-07-06 4669440]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-06-15 1826816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^AMD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\AMD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Livestation"=e:\program files\Livestation.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3054663410-1792068-614891852-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [1.7.2008 9:04 34312]
R1 SbFw;SbFw;c:\windows\System32\drivers\SbFw.sys [31.10.2008 7:09 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\System32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R2 ekrn;ESET Service;c:\program files\ESET\ekrn.exe [6.2.2009 14:23 727720]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [6.2.2009 14:24 92800]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\System32\drivers\SbFwIm.sys [25.5.2009 20:07 65576]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [21.5.2009 18:01 410976]
S3 epmntdrv;epmntdrv;c:\windows\System32\epmntdrv.sys [17.5.2009 20:03 9728]
S3 EuGdiDrv;EuGdiDrv;c:\windows\System32\EuGdiDrv.sys [17.5.2009 20:03 3072]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [9.9.2008 15:41 33752]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'
2009-05-26 c:\windows\Tasks\User_Feed_Synchronization-{9F5BAAD3-46C9-4938-8E81-3276A2C5277C}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uInternet Settings,ProxyServer = ftp=192.168.0.201:253;http=192.168.201.253:69;https=255.255.0.255:443;socks=213.195.223:193
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - e:\progra~1\OFFICE11\EXCEL.EXE/3000
TCP: {1FD630F0-DC9F-42D1-A8F3-BCD1F04B98CE} = 213.195.223.193,213.195.223.194
FF - ProfilePath - c:\users\AMD\AppData\Roaming\Mozilla\Firefox\Profiles\ea8uje5c.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - component: c:\users\AMD\AppData\Roaming\Mozilla\Firefox\Profiles\ea8uje5c.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: e:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: e:\program files\DivX\DivX Web Player\npdivx32.dll
FF - plugin: e:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: e:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: e:\program files\Netscape6\nppl3260.dll
FF - plugin: e:\program files\Netscape6\nprjplug.dll
FF - plugin: e:\program files\Netscape6\nprpjplug.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin7.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-26 11:21
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2009-05-26 11:24
ComboFix-quarantined-files.txt 2009-05-26 09:24
ComboFix2.txt 2009-05-25 17:43
Před spuštěním: 7 749 480 448
Po spuštění: 7 715 389 440
239 --- E O F --- 2009-05-26 06:30
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Kontrola logu
Červený soubor zkontroluj na Virustotalu .
c:\windows\system32\IOSUBSYS\pxhelper.vxd
Dej sem potom odkaz na výsledek.
c:\windows\system32\IOSUBSYS\pxhelper.vxd
Dej sem potom odkaz na výsledek.
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu
Stáhni si program OTMoveIt3 (by OldTimer) a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE
- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.
Ten soubor testovat nemusíš.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE
Kód: Vybrat vše
:Processes
explorer.exe
:Services
:Reg
:Files
c:\users\AMD\AppData\Local\d3d9caps.dat
c:\windows\iun6002.exe
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.
Ten soubor testovat nemusíš.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Kontrola logu
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
c:\users\AMD\AppData\Local\d3d9caps.dat moved successfully.
File move failed. c:\windows\iun6002.exe scheduled to be moved on reboot.
========== COMMANDS ==========
File delete failed. C:\Users\AMD\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\AMD\AppData\Local\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\AMD\AppData\Local\Temp\Cookies\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\AMD\AppData\Local\Temp\etilqs_JwwpI0l1oVMYNPuzFSda scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Users\AMD\AppData\Local\Mozilla\Firefox\Profiles\ea8uje5c.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\AMD\AppData\Local\Mozilla\Firefox\Profiles\ea8uje5c.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\AMD\AppData\Local\Mozilla\Firefox\Profiles\ea8uje5c.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\AMD\AppData\Local\Mozilla\Firefox\Profiles\ea8uje5c.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\AMD\AppData\Local\Mozilla\Firefox\Profiles\ea8uje5c.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\AMD\AppData\Local\Mozilla\Firefox\Profiles\ea8uje5c.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05272009_135951
Damned: Soubor jsem ani otestovat nemohl, protoze uz nebyl k nalezeni - pravdepodobne jej Ccleaner smazal.
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
c:\users\AMD\AppData\Local\d3d9caps.dat moved successfully.
File move failed. c:\windows\iun6002.exe scheduled to be moved on reboot.
========== COMMANDS ==========
File delete failed. C:\Users\AMD\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\AMD\AppData\Local\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\AMD\AppData\Local\Temp\Cookies\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\AMD\AppData\Local\Temp\etilqs_JwwpI0l1oVMYNPuzFSda scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Users\AMD\AppData\Local\Mozilla\Firefox\Profiles\ea8uje5c.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\AMD\AppData\Local\Mozilla\Firefox\Profiles\ea8uje5c.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\AMD\AppData\Local\Mozilla\Firefox\Profiles\ea8uje5c.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\AMD\AppData\Local\Mozilla\Firefox\Profiles\ea8uje5c.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\AMD\AppData\Local\Mozilla\Firefox\Profiles\ea8uje5c.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\AMD\AppData\Local\Mozilla\Firefox\Profiles\ea8uje5c.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05272009_135951
Damned: Soubor jsem ani otestovat nemohl, protoze uz nebyl k nalezeni - pravdepodobne jej Ccleaner smazal.
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Kontrola logu
Dobrá, pokračovat bude jaro3, Visty zná lépe než já. 
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Kontrola logu
Ne v pohode, to ja jsem vdecny skutecne za jakoukoliv radu.
Tak tedy pockam na jaro :-)
Tak tedy pockam na jaro :-)
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu
Vlož sem nový log z HJT+ info o chování compu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Kontrola logu
Bohuzel jsem se k tomu nedostal driv:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:52, on 4.6.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\egui.exe
E:\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
E:\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=192.168.0.201:253;http=192.168.201.253:69;https=255.255.0.255:443;socks=213.195.223:193
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKCU\..\Run: [Skype] "E:\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://E:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resour ... cctrl2.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FD630F0-DC9F-42D1-A8F3-BCD1F04B98CE}: NameServer = 213.195.223.193,213.195.223.194
O17 - HKLM\System\CS1\Services\Tcpip\..\{1FD630F0-DC9F-42D1-A8F3-BCD1F04B98CE}: NameServer = 213.195.223.193,213.195.223.194
O17 - HKLM\System\CS2\Services\Tcpip\..\{1FD630F0-DC9F-42D1-A8F3-BCD1F04B98CE}: NameServer = 213.195.223.193,213.195.223.194
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ekrn.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - E:\Program Files\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
--
End of file - 6410 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:52, on 4.6.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\egui.exe
E:\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
E:\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=192.168.0.201:253;http=192.168.201.253:69;https=255.255.0.255:443;socks=213.195.223:193
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKCU\..\Run: [Skype] "E:\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://E:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resour ... cctrl2.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FD630F0-DC9F-42D1-A8F3-BCD1F04B98CE}: NameServer = 213.195.223.193,213.195.223.194
O17 - HKLM\System\CS1\Services\Tcpip\..\{1FD630F0-DC9F-42D1-A8F3-BCD1F04B98CE}: NameServer = 213.195.223.193,213.195.223.194
O17 - HKLM\System\CS2\Services\Tcpip\..\{1FD630F0-DC9F-42D1-A8F3-BCD1F04B98CE}: NameServer = 213.195.223.193,213.195.223.194
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ekrn.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - E:\Program Files\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
--
End of file - 6410 bytes
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu
1* používáš proxy?
Pokud ne , fixni:
2* Odinstaluj :
pdfforge Toolbar
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
3* Použij znovu OTMoveIt3 (by OldTimer)
s tímto scriptem:
Postup stejný jako výše.Zase log z pravé strany.
4* Stáhni si :Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit, smazat, přesunout nebo přejmenovat
5*
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
6* Vlož nový log z HJT..
Pokud ne , fixni:
Kód: Vybrat vše
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=192.168.0.201:253;http=192.168.201.253:69;https=255.255.0.255:443;socks=213. 195.223:193 2* Odinstaluj :
pdfforge Toolbar
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Kód: Vybrat vše
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O13 - Gopher Prefix:
3* Použij znovu OTMoveIt3 (by OldTimer)
s tímto scriptem:
Kód: Vybrat vše
:Processes
explorer.exe
:Services
:Reg
:Files
C:\Program Files\pdfforge Toolbar
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
Postup stejný jako výše.Zase log z pravé strany.
4* Stáhni si :Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit, smazat, přesunout nebo přejmenovat
5*
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
6* Vlož nový log z HJT..
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Kontrola logu
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File/Folder C:\Program Files\pdfforge Toolbar not found.
========== COMMANDS ==========
File delete failed. C:\Users\AMD\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\AMD\AppData\Local\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\AMD\AppData\Local\Temp\Cookies\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\AMD\AppData\Local\Temp\JET3959.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 06042009_202934
Files moved on Reboot...
File C:\Users\AMD\AppData\Local\Temp\JET3959.tmp not found!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:52, on 4.6.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\egui.exe
E:\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
E:\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=192.168.0.201:253;http=192.168.201.253:69;https=255.255.0.255:443;socks=213.195.223:193
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKCU\..\Run: [Skype] "E:\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://E:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resour ... cctrl2.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FD630F0-DC9F-42D1-A8F3-BCD1F04B98CE}: NameServer = 213.195.223.193,213.195.223.194
O17 - HKLM\System\CS1\Services\Tcpip\..\{1FD630F0-DC9F-42D1-A8F3-BCD1F04B98CE}: NameServer = 213.195.223.193,213.195.223.194
O17 - HKLM\System\CS2\Services\Tcpip\..\{1FD630F0-DC9F-42D1-A8F3-BCD1F04B98CE}: NameServer = 213.195.223.193,213.195.223.194
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ekrn.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - E:\Program Files\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
--
End of file - 6410 bytes
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File/Folder C:\Program Files\pdfforge Toolbar not found.
========== COMMANDS ==========
File delete failed. C:\Users\AMD\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\AMD\AppData\Local\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\AMD\AppData\Local\Temp\Cookies\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\AMD\AppData\Local\Temp\JET3959.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 06042009_202934
Files moved on Reboot...
File C:\Users\AMD\AppData\Local\Temp\JET3959.tmp not found!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:52, on 4.6.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\egui.exe
E:\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
E:\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=192.168.0.201:253;http=192.168.201.253:69;https=255.255.0.255:443;socks=213.195.223:193
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKCU\..\Run: [Skype] "E:\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://E:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resour ... cctrl2.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FD630F0-DC9F-42D1-A8F3-BCD1F04B98CE}: NameServer = 213.195.223.193,213.195.223.194
O17 - HKLM\System\CS1\Services\Tcpip\..\{1FD630F0-DC9F-42D1-A8F3-BCD1F04B98CE}: NameServer = 213.195.223.193,213.195.223.194
O17 - HKLM\System\CS2\Services\Tcpip\..\{1FD630F0-DC9F-42D1-A8F3-BCD1F04B98CE}: NameServer = 213.195.223.193,213.195.223.194
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ekrn.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - E:\Program Files\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
--
End of file - 6410 bytes
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 117 hostů