Prosím o kontrolu logu

Damned · Příspěvekod **Damned** » 10 čer 2009 19:54

V těchto složkách je co? Znáš je?

C:\Downloads
C:\extensions

Reklama

Amylie · Příspěvekod **Amylie** » 10 čer 2009 20:01

extensions - tahle složka zbyla po odinstalování int. prohlížeče CHROME a ta downloads se vytvořila sama, když něco stahuju z netu, automaticky se mi to stahovalo do ní, nic důležitého, jak to mám odstranit?

Damned · Příspěvekod **Damned** » 10 čer 2009 20:17

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Folder::
C:\Downloads
C:\extensions
c:\program files\Crawler
c:\program files\Garena
c:\program files\ICQ6Toolbar
c:\program files\Krtecek
c:\program files\DAEMON Tools Toolbar
c:\program files\Opera

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Amylie · Příspěvekod **Amylie** » 10 čer 2009 20:34

Tak, mám to tu:

ComboFix 09-06-09.06 - lucie 10.06.2009 20:21.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2037.1584 [GMT 2:00]
Spuštěný z: c:\documents and settings\lucie.AMYLIE\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\lucie.AMYLIE\Plocha\CFScript.txt.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-05-10 do 2009-06-10 )))))))))))))))))))))))))))))))
.

2009-06-10 14:24 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-10 14:24 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-10 14:24 . 2009-06-10 14:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-08 21:07 . 2009-06-09 00:10 -------- d-----w- C:\Downloads
2009-06-08 21:07 . 2009-06-08 21:07 -------- d-----w- C:\extensions
2009-06-08 21:06 . 2009-06-10 18:16 -------- d-----w- c:\program files\BitComet
2009-06-08 13:43 . 2009-06-08 13:52 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-06-08 13:43 . 2009-06-08 13:52 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-06-08 13:43 . 2009-06-08 13:52 12067 ----atw- c:\windows\system32\SIntf16.dll
2009-06-08 13:42 . 2009-06-08 13:52 25835 ----a-w- c:\windows\DIIUnin.dat
2009-06-08 13:42 . 2009-06-08 13:42 2829 ----a-w- c:\windows\DIIUnin.pif
2009-06-08 13:42 . 2009-06-08 13:42 94208 ----a-w- c:\windows\DIIUnin.exe
2009-05-24 19:19 . 2009-05-24 19:19 -------- d-----w- c:\windows\system32\wbem\Repository
2009-05-24 19:18 . 2009-05-24 19:18 -------- d-----w- c:\program files\GTA San Andreas
2009-05-24 19:18 . 2009-05-24 19:18 -------- d-----w- c:\program files\Opera
2009-05-24 19:18 . 2009-05-24 19:18 -------- d-----w- c:\program files\OpenOffice.org 3
2009-05-24 19:18 . 2009-05-24 19:18 -------- d-----w- c:\program files\OpenOffice.org 2.3
2009-05-23 21:02 . 2009-05-23 21:02 -------- d-----w- c:\documents and settings\lucie.AMYLIE\PrivacIE
2009-05-23 20:55 . 2009-05-23 20:55 -------- d-----w- c:\documents and settings\NetworkService\IETldCache
2009-05-23 20:50 . 2009-05-23 20:50 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-05-23 20:45 . 2009-05-23 20:45 -------- d-----w- c:\documents and settings\lucie.AMYLIE\IETldCache
2009-05-23 20:43 . 2009-05-23 20:43 -------- d-----w- c:\windows\ie8updates
2009-05-23 20:36 . 2009-05-24 19:17 -------- dc----w- c:\windows\ie8
2009-05-23 17:47 . 2009-05-24 19:17 -------- d-----w- c:\program files\The KMPlayer
2009-05-21 19:16 . 2009-05-21 19:16 -------- d-----w- c:\program files\Trend Micro
2009-05-17 19:20 . 2004-08-18 08:34 442368 ----a-r- c:\windows\system32\vp6vfw.dll
2009-05-15 20:56 . 2009-05-15 20:56 -------- d-----w- c:\program files\Common Files\DirectX
2009-05-14 20:16 . 2009-05-14 20:16 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-05-14 20:12 . 2009-05-15 20:53 -------- d-----w- c:\program files\Codemasters

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 17:47 . 2009-05-08 17:47 -------- d-----w- c:\program files\Crawler
2009-06-10 17:10 . 2009-04-29 12:18 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-06-10 14:49 . 2009-05-08 17:47 -------- d-----w- c:\program files\Spyware Terminator
2009-06-08 21:16 . 2009-01-31 10:42 -------- d-----w- c:\program files\Garena
2009-06-08 21:16 . 2008-08-29 15:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-08 21:00 . 2009-04-19 17:35 -------- d-----w- c:\program files\BitTorrent
2009-06-08 12:35 . 2009-05-08 21:07 -------- d-----w- c:\program files\WinClamAVShield
2009-05-24 19:17 . 2009-05-08 15:04 -------- d-----w- c:\program files\GRETECH
2009-05-22 10:59 . 2009-02-11 11:49 -------- d-----w- c:\program files\Java
2009-05-22 10:58 . 2009-05-22 10:58 1610 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-05-22 10:58 . 2008-08-29 23:25 70794 ----a-w- c:\windows\system32\perfc005.dat
2009-05-22 10:58 . 2008-08-29 23:25 394270 ----a-w- c:\windows\system32\perfh005.dat
2009-05-17 20:12 . 2008-08-29 15:53 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-11 21:19 . 2009-05-08 15:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-11 18:34 . 2009-02-08 14:48 -------- d-----w- c:\program files\MyPlayCity.com
2009-05-08 17:47 . 2009-05-08 17:47 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-05-08 17:39 . 2009-05-08 17:10 -------- d-----w- c:\program files\Lavasoft
2009-05-08 17:20 . 2009-05-08 17:20 7994 ---ha-w- C:\aaw7boot.cmd
2009-05-08 16:48 . 2009-02-21 07:13 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-08 16:48 . 2009-04-29 12:21 -------- d-----w- c:\program files\Grand Theft Auto Vice City - PC
2009-05-08 16:48 . 2009-01-09 00:14 -------- d-----w- c:\program files\ICQ6Toolbar
2009-05-08 16:46 . 2009-02-09 14:12 -------- d-----w- c:\program files\RealArcade
2009-05-08 16:28 . 2009-05-08 16:28 -------- d-----w- c:\program files\IObit
2009-05-08 15:09 . 2009-01-30 00:04 -------- d-----w- c:\program files\Krtecek
2009-05-08 14:13 . 2009-05-08 14:13 -------- d-----w- c:\program files\MSI
2009-05-08 13:58 . 2009-02-09 14:06 -------- d-----w- c:\program files\GameTop.com
2009-05-08 11:49 . 2009-05-08 11:49 -------- d-----w- c:\program files\Microsoft.NET
2009-05-07 19:00 . 2009-05-07 19:00 -------- d-----w- c:\program files\Tycoon.City.New.York-CLONECD
2009-05-06 17:30 . 2009-05-06 17:30 -------- d-----w- c:\program files\IGO-8
2009-05-06 14:30 . 2009-05-06 14:26 -------- d-----w- c:\program files\3DO
2009-05-06 14:27 . 2009-05-06 14:26 -------- d-----w- c:\program files\Common Files\3DO Shared
2009-05-03 19:57 . 2009-04-29 12:17 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-04-29 12:39 . 2009-04-29 12:38 -------- d-----w- c:\program files\Hunting Unlimited 2009
2009-04-29 12:25 . 2009-01-26 16:02 -------- d-----w- c:\program files\Rockstar Games
2009-04-29 12:15 . 2009-04-29 12:15 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-06-10_14.56.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-10 17:49 . 2009-06-10 17:49 16384 c:\windows\Temp\Perflib_Perfdata_10c.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"BitComet"="c:\program files\BitComet\BitComet.exe" [2009-03-09 2564408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2008-07-29 684032]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-11 148888]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-05-08 2176000]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-08 16862208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7653:TCP"= 7653:TCP:BitComet 7653 TCP
"7653:UDP"= 7653:UDP:BitComet 7653 UDP

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [1.7.2008 10:04 34312]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [8.5.2009 19:47 142592]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [1.7.2008 10:02 468224]
R2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [29.8.2008 18:03 159744]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [29.8.2008 17:59 156160]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [9.1.2009 0:45 625792]
S3 rtl8187Se;Realtek RTL8187SE Wireless LAN PCIE Network Adapter;c:\windows\system32\drivers\rtl8187Se.sys [29.8.2008 18:01 306176]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-10 20:23
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3584)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2009-06-10 20:25
ComboFix-quarantined-files.txt 2009-06-10 18:25
ComboFix2.txt 2009-06-10 14:57

Před spuštěním: 6 613 639 168
Po spuštění: 6 646 292 480

158 --- E O F --- 2009-05-13 12:12

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:26:22, on 10.6.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\System Control Manager\MSIService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\internet explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.msi.com.tw
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Micro Star SCM - Unknown owner - C:\Program Files\System Control Manager\MSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 6836 bytes

Amylie · Příspěvekod **Amylie** » 10 čer 2009 20:37

no něco jsem musela ale udělat špatně, protože automaticky se mi ten ComboFix nespustil, po přetažení toho uložené dokumentu na ikonu combofixu...musela jsem zadat spustit, odsouhlasit a pak se teprve spustil, tak tedy nevím, ty věci tam zůstaly (garena, opera) a vypla jsem zase před tím štíty....ach jo :(

Damned · Příspěvekod **Damned** » 10 čer 2009 20:51

Zkopíruj POUZE tozelené

A soubor ulož jako CFSript.txt .

Ty si ho uložila jako CFScript.txt.txt a to je špatně.

Znovu tedy, správně uložit a oba logy.

Amylie · Příspěvekod **Amylie** » 10 čer 2009 21:05

no jooo, spolupracuješ se slečnou bloňdˇatou :lol:

......tak snad užžž :

ComboFix 09-06-09.06 - lucie 10.06.2009 20:51.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2037.1550 [GMT 2:00]
Spuštěný z: c:\documents and settings\lucie.AMYLIE\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\lucie.AMYLIE\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Downloads
c:\downloads\diablo 3\Diablo3-ArtworkTrailer_EU.avi.bc!
c:\downloads\diablo 3\Diablo3-CinematicTrailer_EU_EN.avi.bc!
c:\downloads\diablo 3\diablo3-gameplay-en-GB.flv.bc!
c:\downloads\Enrico Cruiz - In The Best.avi.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.nfo.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r00.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r01.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r02.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r03.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r04.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r05.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r06.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r07.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r08.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r09.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r10.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r11.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r12.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r13.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r14.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r15.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r16.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r17.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r18.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r19.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r20.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r21.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r22.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r23.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r24.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r25.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r26.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r27.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r28.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r29.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r30.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r31.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r32.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r33.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r34.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r35.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r36.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r37.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r38.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r39.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r40.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r41.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r42.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r43.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r44.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r45.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r46.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r47.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r48.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r49.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r50.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r51.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r52.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r53.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r54.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r55.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r56.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r57.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r58.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r59.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r60.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r61.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r62.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r63.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r64.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r65.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r66.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r67.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r68.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r69.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.r70.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.rar.bc!
c:\downloads\Hellgate.London.CLONEDVD-AVENGED\avd-hgl.sfv.bc!
C:\extensions
c:\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
c:\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.xpt
c:\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\defaults\preferences\bc_context_menu.js
c:\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\chrome.manifest
c:\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\chrome\content\bc_context_menu.js
c:\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\chrome\content\bc_context_menu.xul
c:\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\chrome\content\bc_media_capture.js
c:\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\chrome\content\bc_media_capture.xul
c:\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\chrome\content\unknownContentTypeSaveAs.js
c:\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\chrome\content\unknownContentTypeSaveAs.xul
c:\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\chrome\locale\en-US\bc_context_menu.dtd
c:\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\chrome\locale\en-US\bc_media_capture.dtd
c:\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\chrome\locale\zh-CN\bc_context_menu.dtd
c:\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\chrome\locale\zh-CN\bc_media_capture.dtd
c:\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\chrome\skin\download_all.png
c:\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\chrome\skin\download_link.png
c:\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\chrome\skin\download_media.png
c:\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\chrome\skin\icon.png
c:\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\install.rdf
c:\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\META-INF\manifest.mf
c:\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\META-INF\zigbert.rsa
c:\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\META-INF\zigbert.sf
c:\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\readme.txt
c:\program files\Crawler
c:\program files\Crawler\Toolbar\WSGData\domains\index.dat
c:\program files\DAEMON Tools Toolbar
c:\program files\DAEMON Tools Toolbar\_DTLite.xml
c:\program files\Garena
c:\program files\Garena\clients.dat
c:\program files\Garena\CommonLib.dll
c:\program files\Garena\dlls\GFireMan.dll
c:\program files\Garena\files\files.ggz
c:\program files\Garena\GameConfig.xml
c:\program files\Garena\Gn.ggz
c:\program files\Garena\gs.dat
c:\program files\Garena\hc.xml
c:\program files\Garena\Languages\languages.glf
c:\program files\Garena\layout\layout.ggz
c:\program files\Garena\lib\common\Language.dll
c:\program files\Garena\lib\GarenaRoomSystem.dll
c:\program files\Garena\lib\LibPlugin.ggz
c:\program files\Garena\lib\MessagePumpLib.dll
c:\program files\Garena\plugins\Plugins.ggz
c:\program files\Garena\plugins\UI\AvoidCrackPlugin.dll
c:\program files\Garena\plugins\UI\FavListUIPlugin.dll
c:\program files\Garena\plugins\UI\Chenyx.dll
c:\program files\Garena\shop\items\150.gif
c:\program files\Garena\user\11175833\ban.dat
c:\program files\Garena\user\11175833\data.dat
c:\program files\Garena\user\11175833\fps.dat
c:\program files\Garena\user\11175833\recent.txt
c:\program files\Garena\web\embed_garenafire_ZH.jpg
c:\program files\Garena\web\embed_gfire.jpg
c:\program files\Garena\web\gfire.cn.html
c:\program files\Garena\web\gfire.en.html
c:\program files\Garena\web\gfire.tw.html
c:\program files\Garena\YYFileSystem.dll
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service(3).exe
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\program files\Krtecek
c:\program files\Krtecek\db\amylie\krtekdb.gdb
c:\program files\Krtecek\PosledniUzivatel.ini
c:\program files\Krtecek\unins000.exe
c:\program files\Krtecek\update\zaloha\config.ini
c:\program files\Krtecek\update\zaloha\cti_me.txt
c:\program files\Krtecek\update\zaloha\krtecek.exe
c:\program files\Krtecek\update\zaloha\krtek_help.chm
c:\program files\Krtecek\update\zaloha\obnov.exe
c:\program files\Opera
c:\program files\Opera\operadef6.ini

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-10 do 2009-06-10 )))))))))))))))))))))))))))))))
.

2009-06-10 14:24 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-10 14:24 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-10 14:24 . 2009-06-10 14:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-08 21:06 . 2009-06-10 18:16 -------- d-----w- c:\program files\BitComet
2009-06-08 13:43 . 2009-06-08 13:52 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-06-08 13:43 . 2009-06-08 13:52 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-06-08 13:43 . 2009-06-08 13:52 12067 ----atw- c:\windows\system32\SIntf16.dll
2009-06-08 13:42 . 2009-06-08 13:52 25835 ----a-w- c:\windows\DIIUnin.dat
2009-06-08 13:42 . 2009-06-08 13:42 2829 ----a-w- c:\windows\DIIUnin.pif
2009-06-08 13:42 . 2009-06-08 13:42 94208 ----a-w- c:\windows\DIIUnin.exe
2009-05-24 19:19 . 2009-05-24 19:19 -------- d-----w- c:\windows\system32\wbem\Repository
2009-05-24 19:18 . 2009-05-24 19:18 -------- d-----w- c:\program files\GTA San Andreas
2009-05-24 19:18 . 2009-05-24 19:18 -------- d-----w- c:\program files\OpenOffice.org 3
2009-05-24 19:18 . 2009-05-24 19:18 -------- d-----w- c:\program files\OpenOffice.org 2.3
2009-05-23 21:02 . 2009-05-23 21:02 -------- d-----w- c:\documents and settings\lucie.AMYLIE\PrivacIE
2009-05-23 20:55 . 2009-05-23 20:55 -------- d-----w- c:\documents and settings\NetworkService\IETldCache
2009-05-23 20:50 . 2009-05-23 20:50 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-05-23 20:45 . 2009-05-23 20:45 -------- d-----w- c:\documents and settings\lucie.AMYLIE\IETldCache
2009-05-23 20:43 . 2009-05-23 20:43 -------- d-----w- c:\windows\ie8updates
2009-05-23 20:36 . 2009-05-24 19:17 -------- dc----w- c:\windows\ie8
2009-05-23 17:47 . 2009-05-24 19:17 -------- d-----w- c:\program files\The KMPlayer
2009-05-21 19:16 . 2009-05-21 19:16 -------- d-----w- c:\program files\Trend Micro
2009-05-17 19:20 . 2004-08-18 08:34 442368 ----a-r- c:\windows\system32\vp6vfw.dll
2009-05-15 20:56 . 2009-05-15 20:56 -------- d-----w- c:\program files\Common Files\DirectX
2009-05-14 20:16 . 2009-05-14 20:16 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-05-14 20:12 . 2009-05-15 20:53 -------- d-----w- c:\program files\Codemasters

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 14:49 . 2009-05-08 17:47 -------- d-----w- c:\program files\Spyware Terminator
2009-06-08 21:16 . 2008-08-29 15:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-08 21:00 . 2009-04-19 17:35 -------- d-----w- c:\program files\BitTorrent
2009-06-08 12:35 . 2009-05-08 21:07 -------- d-----w- c:\program files\WinClamAVShield
2009-05-24 19:17 . 2009-05-08 15:04 -------- d-----w- c:\program files\GRETECH
2009-05-22 10:59 . 2009-02-11 11:49 -------- d-----w- c:\program files\Java
2009-05-22 10:58 . 2009-05-22 10:58 1610 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-05-22 10:58 . 2008-08-29 23:25 70794 ----a-w- c:\windows\system32\perfc005.dat
2009-05-22 10:58 . 2008-08-29 23:25 394270 ----a-w- c:\windows\system32\perfh005.dat
2009-05-17 20:12 . 2008-08-29 15:53 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-11 21:19 . 2009-05-08 15:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-11 18:34 . 2009-02-08 14:48 -------- d-----w- c:\program files\MyPlayCity.com
2009-05-08 17:47 . 2009-05-08 17:47 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-05-08 17:39 . 2009-05-08 17:10 -------- d-----w- c:\program files\Lavasoft
2009-05-08 17:20 . 2009-05-08 17:20 7994 ---ha-w- C:\aaw7boot.cmd
2009-05-08 16:48 . 2009-02-21 07:13 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-08 16:48 . 2009-04-29 12:21 -------- d-----w- c:\program files\Grand Theft Auto Vice City - PC
2009-05-08 16:46 . 2009-02-09 14:12 -------- d-----w- c:\program files\RealArcade
2009-05-08 16:28 . 2009-05-08 16:28 -------- d-----w- c:\program files\IObit
2009-05-08 14:13 . 2009-05-08 14:13 -------- d-----w- c:\program files\MSI
2009-05-08 13:58 . 2009-02-09 14:06 -------- d-----w- c:\program files\GameTop.com
2009-05-08 11:49 . 2009-05-08 11:49 -------- d-----w- c:\program files\Microsoft.NET
2009-05-07 19:00 . 2009-05-07 19:00 -------- d-----w- c:\program files\Tycoon.City.New.York-CLONECD
2009-05-06 17:30 . 2009-05-06 17:30 -------- d-----w- c:\program files\IGO-8
2009-05-06 14:30 . 2009-05-06 14:26 -------- d-----w- c:\program files\3DO
2009-05-06 14:27 . 2009-05-06 14:26 -------- d-----w- c:\program files\Common Files\3DO Shared
2009-05-03 19:57 . 2009-04-29 12:17 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-04-29 12:39 . 2009-04-29 12:38 -------- d-----w- c:\program files\Hunting Unlimited 2009
2009-04-29 12:25 . 2009-01-26 16:02 -------- d-----w- c:\program files\Rockstar Games
2009-04-29 12:15 . 2009-04-29 12:15 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-06-10_14.56.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-10 17:49 . 2009-06-10 17:49 16384 c:\windows\Temp\Perflib_Perfdata_10c.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"BitComet"="c:\program files\BitComet\BitComet.exe" [2009-03-09 2564408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2008-07-29 684032]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-11 148888]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-05-08 2176000]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-08 16862208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7653:TCP"= 7653:TCP:BitComet 7653 TCP
"7653:UDP"= 7653:UDP:BitComet 7653 UDP

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [1.7.2008 10:04 34312]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [8.5.2009 19:47 142592]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [1.7.2008 10:02 468224]
R2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [29.8.2008 18:03 159744]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [29.8.2008 17:59 156160]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [9.1.2009 0:45 625792]
S3 rtl8187Se;Realtek RTL8187SE Wireless LAN PCIE Network Adapter;c:\windows\system32\drivers\rtl8187Se.sys [29.8.2008 18:01 306176]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-10 20:54
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2009-06-10 20:55
ComboFix-quarantined-files.txt 2009-06-10 18:55
ComboFix2.txt 2009-06-10 18:25
ComboFix3.txt 2009-06-10 14:57

Před spuštěním: 6 654 996 480
Po spuštění: 6 626 631 680

307 --- E O F --- 2009-05-13 12:12

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:58:47, on 10.6.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\System Control Manager\MSIService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.msi.com.tw
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Micro Star SCM - Unknown owner - C:\Program Files\System Control Manager\MSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 6836 bytes

Damned · Příspěvekod **Damned** » 10 čer 2009 21:23

Co se dá dělat, ale zatím co ty budeš stále blonďatá, já za chvíli budu plešatej :lol:

Spusť HJT a fixni (zatrhnout políčko před hodnotou zmáčknout "Fix checked"):

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60341
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

To bude vše.

Odinstaluj ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš

(pozn.Pokud máš AVG, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, následně T-Cleaner smaž
a zapni si AVG.)

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache,
cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer,
Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Označ topic za vyřešený (zelená fajfka) a měj se. :bigups:

Prosím o kontrolu logu Vyřešeno

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu Vyřešeno

Kdo je online