marcoman - citace:
Bez urážky, ale zdá se, že jsi starého pána trochu podcenil
Je možné, že mu u toho syn nebo vnuk radí, což je správné. Důležitý je tu potvoru srozumitelně
umlátit. Musím dávat bacha co a jak vysvětluji.Počítač sám odesílá hromadu emailů
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Počítač sám odesílá hromadu emailů
Je možné, že mu u toho syn nebo vnuk radí, což je správné. Důležitý je tu potvoru srozumitelně
umlátit. Musím dávat bacha co a jak vysvětluji.Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Počítač sám odesílá hromadu emailů
A jde ti to dost dobře - jen jsem si trošinku rejpnul, tož se nezlob.
Z velkých problémů udělej malé, z malých pak žádné.
-
Pic
- Moderátor
-
Guru Level 13
- Příspěvky: 23292
- Registrován: září 06
- Bydliště: Východní Čechy
- Pohlaví:
- Stav:
Offline
Re: Počítač sám odesílá hromadu emailů
V určitém věku mívají děti snahu považovat své rodiče i prarodiče za největší blbce, které znají. Naštěstí s přibývajícím věkem dostanou dětičky rozum a životní zkušenost je poučí, že měly své nejbližší více poslouchat. Doporučuji nepodceňovat seniory. Kdo chce zvládne i ve vysokém věku si osvojit techniku, která v jeho dětství i mládí vůbec neexistovala, tedy i počítače. Kdo si přečetl pozorně dotaz, pochopil již ze stylu psaní a popisu problému (což mimochodem nezvládá značná většina tazatelů), že se nejedná o žádného laika. Takže klobouk dolů!
Přečti si pravidla tohoto fóra! Přečetl jsi si nejprve manuál? Piš tak, abychom Ti rozuměli! Na SZ neodpovídám na požadavky řešení Vašich problémů s PC!
Nic není dokonalé, ani člověk!
Nic není dokonalé, ani člověk!
Re: Počítač sám odesílá hromadu emailů
Už jsem to tady jednou psal, můj strýc v osmdesáti letech teprve začal s počítačem.
Věkové složení učastníků počítačových kurzů pro začátečníky by asi mnohého překvapilo.
Věkové složení učastníků počítačových kurzů pro začátečníky by asi mnohého překvapilo.
Re: Počítač sám odesílá hromadu emailů
Můj bývalý kolega si koupil počítač po odchodu do důchodu. První rok se občas na něco zeptal, ale pak už jsem mu prostě nestačil, takže teď to už řeší s jinými. Což je jen dobře, páč se mnou by to tedy nevyhrál. 
Z velkých problémů udělej malé, z malých pak žádné.
Re: Počítač sám odesílá hromadu emailů
Vážení pánoivé, potěšili jste mne, ale zase tak úplnej začátečník nejsem, totiž děl jsem ještě na sálových počítačích 1033 ap. někdy kolem r. 1978 a dokonce programoval v jazyce PL1 pro spec. tiskařský stroj 6-stopou děr, pásku pro odlévání tiskových řádků a docela to chodilo, udělal jsem k tomu tenkrát Příručku programátora. Do důchodu jsem odešel k 1.1.84, už jsem z toho začal bláznit, pak jsem si dal pauzu a nechtěl o PC slyšet, až r. 1992 jsem si koupil laptop Olivetti (moc hezký, už nechodí) s Olidos -ČB displej, moc jsem si vyhrál a také vyrobil slušnou hru, no a pak jsem měl ještě několik PC od Windows 95 výše. No a teď už paměť tolik neslouží, anglicky ještě neumím, už si posloupnost příkazů - algoritmus nezapamatuju, tak musí pomáhat 15 letý vnuk. Děkuji za Vaši pomoc, budem se snažit.
K věci - test na Virustotalu vyšel negativní, ten soubor je čistý. Přikládám log.
ComboFix 09-06-10.02 - Děda 12.06.2009 14:50.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.1022.525 [GMT 2:00]
Spuštěný z: c:\documents and settings\Děda\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Děda\Desktop\CFScript.txt
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FILE ::
"c:\windows\Internet Logs\tvDebug.Zip"
"c:\windows\Internet Logs\xDB14.tmp"
"c:\windows\Internet Logs\xDB3.tmp"
"c:\windows\Internet Logs\xDB4.tmp"
"c:\windows\Internet Logs\xDB5.tmp"
"c:\windows\Internet Logs\xDB6.tmp"
"c:\windows\Internet Logs\xDB7.tmp"
"c:\windows\Internet Logs\xDB8.tmp"
"c:\windows\Internet Logs\xDB9.tmp"
"c:\windows\Internet Logs\xDBA.tmp"
"c:\windows\Internet Logs\xDBB.tmp"
"c:\windows\Internet Logs\xDBC.tmp"
"c:\windows\Internet Logs\xDBD.tmp"
"c:\windows\Internet Logs\xDBE.tmp"
"c:\windows\Internet Logs\xDBF.tmp"
"c:\windows\system32\674835336.dat"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\IE4 Error Log.txt
c:\windows\Internet Logs\tvDebug.Zip
c:\windows\Internet Logs\xDB14.tmp
c:\windows\Internet Logs\xDB3.tmp
c:\windows\Internet Logs\xDB4.tmp
c:\windows\Internet Logs\xDB5.tmp
c:\windows\Internet Logs\xDB6.tmp
c:\windows\Internet Logs\xDB7.tmp
c:\windows\Internet Logs\xDB8.tmp
c:\windows\Internet Logs\xDB9.tmp
c:\windows\Internet Logs\xDBA.tmp
c:\windows\Internet Logs\xDBB.tmp
c:\windows\Internet Logs\xDBC.tmp
c:\windows\Internet Logs\xDBD.tmp
c:\windows\Internet Logs\xDBE.tmp
c:\windows\Internet Logs\xDBF.tmp
c:\windows\system32\674835336.dat
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-12 do 2009-06-12 )))))))))))))))))))))))))))))))
.
2009-06-10 19:48 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-10 19:47 . 2009-06-10 19:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-10 19:47 . 2009-06-10 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-10 19:47 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-10 18:25 . 2009-06-10 18:25 -------- d-----w- c:\program files\CCleaner
2009-06-10 18:09 . 2009-06-10 18:09 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-06-10 15:44 . 2009-06-11 13:10 -------- d-----w- C:\HiJackThis
2009-06-10 11:10 . 2009-06-10 11:10 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-06-10 07:50 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 07:50 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-01 08:12 . 2009-06-01 08:12 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-05-31 21:30 . 2009-05-31 21:30 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-05-31 21:23 . 2009-06-10 11:19 -------- d-----w- c:\windows\ie8updates
2009-05-31 21:22 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-05-31 21:19 . 2009-05-31 21:22 -------- dc-h--w- c:\windows\ie8
2009-05-26 22:07 . 2009-05-26 22:07 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-05-26 22:01 . 2009-05-26 22:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-05-26 21:53 . 2009-06-10 19:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-26 21:45 . 2008-11-20 19:19 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-05-26 21:45 . 2008-11-20 19:19 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-05-26 21:45 . 2009-05-26 21:45 -------- d-----w- c:\windows\system32\IOSUBSYS
2009-05-26 21:44 . 2009-05-26 21:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-05-26 21:44 . 2009-05-26 21:44 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-26 21:43 . 2009-06-05 13:00 -------- d-----w- c:\program files\Norton Security Scan
2009-05-26 21:40 . 2009-05-26 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-05-22 22:00 . 2009-05-22 23:59 -------- d-----w- c:\program files\PJsoft
2009-05-22 21:26 . 2009-05-22 21:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-12 09:33 . 2008-12-30 23:50 9 ----a-w- c:\windows\im32st.dat
2009-06-10 18:58 . 2008-12-17 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-10 11:20 . 2008-12-17 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-10 11:17 . 2008-12-19 22:04 -------- d-----w- c:\program files\Windows Desktop Search
2009-05-26 21:52 . 2005-12-20 23:43 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-26 21:48 . 2008-12-17 23:57 -------- d-----w- c:\program files\Google
2009-05-24 22:24 . 2008-05-26 21:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-17 22:47 . 2009-03-28 14:54 -------- d-----w- c:\program files\vanBasco's Karaoke Player
2009-05-13 05:15 . 2005-12-20 07:15 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 17:12 . 2005-12-20 23:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-12 13:12 . 2005-12-20 23:14 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-09 21:18 . 2009-05-09 21:03 19451 ----a-w- c:\windows\system32\msdx92.dll
2009-05-09 21:03 . 2009-05-09 21:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Software4u
2009-05-09 21:02 . 2009-05-09 21:02 -------- d-----w- c:\program files\Software4u
2009-05-07 21:13 . 2009-05-07 21:13 -------- d-----w- c:\program files\Lexmark 510 Series
2009-05-07 15:32 . 2005-12-20 07:15 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-27 16:00 . 2009-01-03 04:25 158068 ----a-w- c:\windows\hpoins14.dat
2009-04-19 23:39 . 2009-03-21 22:29 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-04-17 12:26 . 2005-12-20 07:15 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2005-12-20 07:15 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-08 21:25 . 2009-04-08 21:25 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-03 00:35 . 2005-12-20 23:57 73936 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-18 20:55 . 2009-03-18 20:55 143252 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_03_18_21_55_04_small.dmp.zip
2009-03-18 09:12 . 2009-03-18 09:12 144565 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_03_18_10_11_32_small.dmp.zip
2009-02-12 13:51 . 2009-02-12 13:51 173747 ----a-w- c:\program files\dtv_zmeny-1208_UPC.htm
2009-02-12 13:45 . 2009-02-12 13:45 4982 ----a-w- c:\program files\UPC27logo.htm
2009-02-12 13:44 . 2009-02-12 13:44 9334 ----a-w- c:\program files\UPC27korunka.htm
2009-02-12 13:44 . 2009-02-12 13:44 19338 ----a-w- c:\program files\UPC27hodnoceni.htm
2009-02-12 13:43 . 2009-02-12 13:43 66 ----a-w- c:\program files\UPC27cara.htm
2009-02-05 00:19 . 2009-02-05 00:19 512680 ----a-w- c:\program files\ChromeSetup.exe
2009-01-16 00:19 . 2009-01-16 00:19 33981616 ----a-w- c:\program files\Nokia_PC_Suite_7_1_18_0_cze_web.exe
2009-05-26 21:42 . 2009-05-26 21:42 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-06-11_12.58.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-12 10:35 . 2009-06-12 10:35 16384 c:\windows\Temp\Perflib_Perfdata_fc.dat
+ 2009-06-11 15:29 . 2009-06-11 15:29 89102 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
- 2008-12-17 21:27 . 2008-12-17 21:27 89102 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-02-03 02:07 . 2009-02-03 02:07 240544 c:\windows\system32\Macromed\Flash\FlashUtil10b.exe
+ 2009-02-02 16:07 . 2009-02-02 16:07 1914440 c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-17 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\progra~1\MESSEN~1\Msmsgs.exe" [2005-08-31 1658592]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"Google Update"="c:\documents and settings\Děda\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-30 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-12-17 949376]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-08-21 981904]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-13 185872]
"PMCRemote"="c:\program files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe" [2005-11-07 73728]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-05-26 30192]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-06-28 16248320]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\DŘda\Start Menu\Programs\Startup\
Internet Explorer.lnk - c:\program files\Internet Explorer\iexplore.exe [2005-12-21 638816]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-8-12 45056]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\Msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [17.12.2008 21:24 15424]
R3 3xHybrid;Pinnacle PCTV 110i service;c:\windows\system32\drivers\3xHybrid.sys [20.12.2005 9:22 827008]
R3 usb2vcom;USB to Serial Bridge Controller;c:\windows\system32\drivers\usb2vcom.sys [29.1.2009 22:50 30368]
S2 gupdate1c9de4b2552ed78;Služba Google Update (gupdate1c9de4b2552ed78);c:\program files\Google\Update\GoogleUpdate.exe [26.5.2009 23:44 133104]
S3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [26.5.2009 23:41 30192]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-06-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]
2009-06-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-17 21:40]
2009-06-12 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 21:44]
2009-06-05 c:\windows\Tasks\Norton Security Scan for Děda.job
- c:\program files\Norton Security Scan\Nss.exe [2008-11-14 18:20]
2009-06-11 c:\windows\Tasks\User_Feed_Synchronization-{30E34931-3E73-4A0E-8B3C-2459457D3122}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download All by FlashGet - c:\documents and settings\Děda\My Documents\Kopie Flash 26.3.07\PROGRAMY\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\documents and settings\Děda\My Documents\Kopie Flash 26.3.07\PROGRAMY\FlashGet\jc_link.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\program files\PC Translator 2005\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\PC Translator 2005\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\PC Translator 2005\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files\PC Translator 2005\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files\PC Translator 2005\WEBIE.DLL
LSP: c:\windows\system32\imon.dll
TCP: {777B4112-513E-42BE-899C-A0C841E0ECFE} = 213.46.172.36,192.168.0.1
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath -
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-12 14:54
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,55,4a,2d,6a,bc,
eb,62,4a,c8,28,51,af,b0,29,a3,98,82,0a,cc,ab,ba,22,d7,4e,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,bd,ef,e4,a9,93,
fd,89,8b,71,3b,04,66,8b,46,0d,96,98,0d,4a,1f,e3,7c,38,ac,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,f8,38,e3,fb,35,
b2,8c,76,25,da,ec,7e,55,20,c9,26,07,21,53,56,fe,e2,fa,7e,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,d0,bb,48,76,65,
a8,6e,87,3e,1e,9e,e0,57,5a,93,61,3a,24,db,4b,8b,3a,27,d0,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,a5,c1,93,3f,3a,
34,9a,7b,cd,44,cd,b9,a6,33,6c,cd,32,c8,8c,81,b6,20,cf,f6,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,63,02,68,7e,18,
2c,2d,70,b0,18,ed,a7,3f,8d,37,a4,4f,9f,7c,bf,22,78,47,3c,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,c4,24,b2,c8,a2,
6d,b9,b5,31,77,e1,ba,b1,f8,68,02,b8,b2,39,fc,b2,09,e6,da,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,2a,18,9b,73,99,
d4,57,ff,83,6c,56,8b,a0,85,96,ab,b6,ed,f6,2f,b4,c1,1d,28,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,d3,25,85,71,02,
a2,a8,6d,51,fa,6e,91,28,9e,14,cc,f0,bc,cc,09,01,4d,95,57,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,78,f8,35,a7,e6,
5f,87,03,b1,cd,45,5a,a8,c4,f8,b9,8f,92,9d,79,4a,1e,2a,09,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,36,b0,70,84,8e,
ba,41,33,e3,0e,66,d5,eb,bc,2f,6b,f5,06,7f,7a,fb,db,74,be,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,0a,f4,65,db,44,
04,f4,60,fa,ea,66,7f,d4,3b,6b,70,0d,0b,05,16,c3,27,19,0b,6c,43,2d,1e,aa,22,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(872)
c:\windows\system32\imon.dll
.
Celkový čas: 2009-06-12 14:56
ComboFix-quarantined-files.txt 2009-06-12 12:56
ComboFix2.txt 2009-06-11 13:01
Před spuštěním: 218 804 084 736 bytes free
Po spuštění: Volných bajtů: 218 851 229 696
294 --- E O F --- 2009-06-10 11:20
K věci - test na Virustotalu vyšel negativní, ten soubor je čistý. Přikládám log.
ComboFix 09-06-10.02 - Děda 12.06.2009 14:50.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.1022.525 [GMT 2:00]
Spuštěný z: c:\documents and settings\Děda\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Děda\Desktop\CFScript.txt
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FILE ::
"c:\windows\Internet Logs\tvDebug.Zip"
"c:\windows\Internet Logs\xDB14.tmp"
"c:\windows\Internet Logs\xDB3.tmp"
"c:\windows\Internet Logs\xDB4.tmp"
"c:\windows\Internet Logs\xDB5.tmp"
"c:\windows\Internet Logs\xDB6.tmp"
"c:\windows\Internet Logs\xDB7.tmp"
"c:\windows\Internet Logs\xDB8.tmp"
"c:\windows\Internet Logs\xDB9.tmp"
"c:\windows\Internet Logs\xDBA.tmp"
"c:\windows\Internet Logs\xDBB.tmp"
"c:\windows\Internet Logs\xDBC.tmp"
"c:\windows\Internet Logs\xDBD.tmp"
"c:\windows\Internet Logs\xDBE.tmp"
"c:\windows\Internet Logs\xDBF.tmp"
"c:\windows\system32\674835336.dat"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\IE4 Error Log.txt
c:\windows\Internet Logs\tvDebug.Zip
c:\windows\Internet Logs\xDB14.tmp
c:\windows\Internet Logs\xDB3.tmp
c:\windows\Internet Logs\xDB4.tmp
c:\windows\Internet Logs\xDB5.tmp
c:\windows\Internet Logs\xDB6.tmp
c:\windows\Internet Logs\xDB7.tmp
c:\windows\Internet Logs\xDB8.tmp
c:\windows\Internet Logs\xDB9.tmp
c:\windows\Internet Logs\xDBA.tmp
c:\windows\Internet Logs\xDBB.tmp
c:\windows\Internet Logs\xDBC.tmp
c:\windows\Internet Logs\xDBD.tmp
c:\windows\Internet Logs\xDBE.tmp
c:\windows\Internet Logs\xDBF.tmp
c:\windows\system32\674835336.dat
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-12 do 2009-06-12 )))))))))))))))))))))))))))))))
.
2009-06-10 19:48 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-10 19:47 . 2009-06-10 19:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-10 19:47 . 2009-06-10 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-10 19:47 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-10 18:25 . 2009-06-10 18:25 -------- d-----w- c:\program files\CCleaner
2009-06-10 18:09 . 2009-06-10 18:09 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-06-10 15:44 . 2009-06-11 13:10 -------- d-----w- C:\HiJackThis
2009-06-10 11:10 . 2009-06-10 11:10 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-06-10 07:50 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 07:50 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-01 08:12 . 2009-06-01 08:12 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-05-31 21:30 . 2009-05-31 21:30 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-05-31 21:23 . 2009-06-10 11:19 -------- d-----w- c:\windows\ie8updates
2009-05-31 21:22 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-05-31 21:19 . 2009-05-31 21:22 -------- dc-h--w- c:\windows\ie8
2009-05-26 22:07 . 2009-05-26 22:07 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-05-26 22:01 . 2009-05-26 22:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-05-26 21:53 . 2009-06-10 19:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-26 21:45 . 2008-11-20 19:19 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-05-26 21:45 . 2008-11-20 19:19 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-05-26 21:45 . 2009-05-26 21:45 -------- d-----w- c:\windows\system32\IOSUBSYS
2009-05-26 21:44 . 2009-05-26 21:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-05-26 21:44 . 2009-05-26 21:44 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-26 21:43 . 2009-06-05 13:00 -------- d-----w- c:\program files\Norton Security Scan
2009-05-26 21:40 . 2009-05-26 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-05-22 22:00 . 2009-05-22 23:59 -------- d-----w- c:\program files\PJsoft
2009-05-22 21:26 . 2009-05-22 21:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-12 09:33 . 2008-12-30 23:50 9 ----a-w- c:\windows\im32st.dat
2009-06-10 18:58 . 2008-12-17 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-10 11:20 . 2008-12-17 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-10 11:17 . 2008-12-19 22:04 -------- d-----w- c:\program files\Windows Desktop Search
2009-05-26 21:52 . 2005-12-20 23:43 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-26 21:48 . 2008-12-17 23:57 -------- d-----w- c:\program files\Google
2009-05-24 22:24 . 2008-05-26 21:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-17 22:47 . 2009-03-28 14:54 -------- d-----w- c:\program files\vanBasco's Karaoke Player
2009-05-13 05:15 . 2005-12-20 07:15 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 17:12 . 2005-12-20 23:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-12 13:12 . 2005-12-20 23:14 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-09 21:18 . 2009-05-09 21:03 19451 ----a-w- c:\windows\system32\msdx92.dll
2009-05-09 21:03 . 2009-05-09 21:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Software4u
2009-05-09 21:02 . 2009-05-09 21:02 -------- d-----w- c:\program files\Software4u
2009-05-07 21:13 . 2009-05-07 21:13 -------- d-----w- c:\program files\Lexmark 510 Series
2009-05-07 15:32 . 2005-12-20 07:15 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-27 16:00 . 2009-01-03 04:25 158068 ----a-w- c:\windows\hpoins14.dat
2009-04-19 23:39 . 2009-03-21 22:29 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-04-17 12:26 . 2005-12-20 07:15 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2005-12-20 07:15 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-08 21:25 . 2009-04-08 21:25 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-03 00:35 . 2005-12-20 23:57 73936 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-18 20:55 . 2009-03-18 20:55 143252 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_03_18_21_55_04_small.dmp.zip
2009-03-18 09:12 . 2009-03-18 09:12 144565 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_03_18_10_11_32_small.dmp.zip
2009-02-12 13:51 . 2009-02-12 13:51 173747 ----a-w- c:\program files\dtv_zmeny-1208_UPC.htm
2009-02-12 13:45 . 2009-02-12 13:45 4982 ----a-w- c:\program files\UPC27logo.htm
2009-02-12 13:44 . 2009-02-12 13:44 9334 ----a-w- c:\program files\UPC27korunka.htm
2009-02-12 13:44 . 2009-02-12 13:44 19338 ----a-w- c:\program files\UPC27hodnoceni.htm
2009-02-12 13:43 . 2009-02-12 13:43 66 ----a-w- c:\program files\UPC27cara.htm
2009-02-05 00:19 . 2009-02-05 00:19 512680 ----a-w- c:\program files\ChromeSetup.exe
2009-01-16 00:19 . 2009-01-16 00:19 33981616 ----a-w- c:\program files\Nokia_PC_Suite_7_1_18_0_cze_web.exe
2009-05-26 21:42 . 2009-05-26 21:42 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-06-11_12.58.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-12 10:35 . 2009-06-12 10:35 16384 c:\windows\Temp\Perflib_Perfdata_fc.dat
+ 2009-06-11 15:29 . 2009-06-11 15:29 89102 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
- 2008-12-17 21:27 . 2008-12-17 21:27 89102 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-02-03 02:07 . 2009-02-03 02:07 240544 c:\windows\system32\Macromed\Flash\FlashUtil10b.exe
+ 2009-02-02 16:07 . 2009-02-02 16:07 1914440 c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-17 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\progra~1\MESSEN~1\Msmsgs.exe" [2005-08-31 1658592]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"Google Update"="c:\documents and settings\Děda\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-30 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-12-17 949376]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-08-21 981904]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-13 185872]
"PMCRemote"="c:\program files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe" [2005-11-07 73728]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-05-26 30192]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-06-28 16248320]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\DŘda\Start Menu\Programs\Startup\
Internet Explorer.lnk - c:\program files\Internet Explorer\iexplore.exe [2005-12-21 638816]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-8-12 45056]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\Msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [17.12.2008 21:24 15424]
R3 3xHybrid;Pinnacle PCTV 110i service;c:\windows\system32\drivers\3xHybrid.sys [20.12.2005 9:22 827008]
R3 usb2vcom;USB to Serial Bridge Controller;c:\windows\system32\drivers\usb2vcom.sys [29.1.2009 22:50 30368]
S2 gupdate1c9de4b2552ed78;Služba Google Update (gupdate1c9de4b2552ed78);c:\program files\Google\Update\GoogleUpdate.exe [26.5.2009 23:44 133104]
S3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [26.5.2009 23:41 30192]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-06-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]
2009-06-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-17 21:40]
2009-06-12 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 21:44]
2009-06-05 c:\windows\Tasks\Norton Security Scan for Děda.job
- c:\program files\Norton Security Scan\Nss.exe [2008-11-14 18:20]
2009-06-11 c:\windows\Tasks\User_Feed_Synchronization-{30E34931-3E73-4A0E-8B3C-2459457D3122}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download All by FlashGet - c:\documents and settings\Děda\My Documents\Kopie Flash 26.3.07\PROGRAMY\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\documents and settings\Děda\My Documents\Kopie Flash 26.3.07\PROGRAMY\FlashGet\jc_link.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\program files\PC Translator 2005\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\PC Translator 2005\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\PC Translator 2005\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files\PC Translator 2005\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files\PC Translator 2005\WEBIE.DLL
LSP: c:\windows\system32\imon.dll
TCP: {777B4112-513E-42BE-899C-A0C841E0ECFE} = 213.46.172.36,192.168.0.1
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath -
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-12 14:54
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,55,4a,2d,6a,bc,
eb,62,4a,c8,28,51,af,b0,29,a3,98,82,0a,cc,ab,ba,22,d7,4e,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,bd,ef,e4,a9,93,
fd,89,8b,71,3b,04,66,8b,46,0d,96,98,0d,4a,1f,e3,7c,38,ac,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,f8,38,e3,fb,35,
b2,8c,76,25,da,ec,7e,55,20,c9,26,07,21,53,56,fe,e2,fa,7e,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,d0,bb,48,76,65,
a8,6e,87,3e,1e,9e,e0,57,5a,93,61,3a,24,db,4b,8b,3a,27,d0,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,a5,c1,93,3f,3a,
34,9a,7b,cd,44,cd,b9,a6,33,6c,cd,32,c8,8c,81,b6,20,cf,f6,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,63,02,68,7e,18,
2c,2d,70,b0,18,ed,a7,3f,8d,37,a4,4f,9f,7c,bf,22,78,47,3c,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,c4,24,b2,c8,a2,
6d,b9,b5,31,77,e1,ba,b1,f8,68,02,b8,b2,39,fc,b2,09,e6,da,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,2a,18,9b,73,99,
d4,57,ff,83,6c,56,8b,a0,85,96,ab,b6,ed,f6,2f,b4,c1,1d,28,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,d3,25,85,71,02,
a2,a8,6d,51,fa,6e,91,28,9e,14,cc,f0,bc,cc,09,01,4d,95,57,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,78,f8,35,a7,e6,
5f,87,03,b1,cd,45,5a,a8,c4,f8,b9,8f,92,9d,79,4a,1e,2a,09,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,36,b0,70,84,8e,
ba,41,33,e3,0e,66,d5,eb,bc,2f,6b,f5,06,7f,7a,fb,db,74,be,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,0a,f4,65,db,44,
04,f4,60,fa,ea,66,7f,d4,3b,6b,70,0d,0b,05,16,c3,27,19,0b,6c,43,2d,1e,aa,22,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(872)
c:\windows\system32\imon.dll
.
Celkový čas: 2009-06-12 14:56
ComboFix-quarantined-files.txt 2009-06-12 12:56
ComboFix2.txt 2009-06-11 13:01
Před spuštěním: 218 804 084 736 bytes free
Po spuštění: Volných bajtů: 218 851 229 696
294 --- E O F --- 2009-06-10 11:20
Windows XP Media Center Edition SP2, ATI Radeon X1550 512 MB, Intel Pentium D820 2,8Ghz Dual Core, 1024 MB RAM.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43290
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Počítač sám odesílá hromadu emailů
Jen vsuvka:
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
File::
c:\windows\im32st.dat
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000000Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Počítač sám odesílá hromadu emailů
Tak nejdříve CF a pak HJT
ComboFix 09-06-10.02 - Děda 12.06.2009 17:06.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.1022.393 [GMT 2:00]
Spuštěný z: c:\documents and settings\Děda\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Děda\Desktop\CFScript.txt
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FILE ::
"c:\windows\im32st.dat"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\im32st.dat
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-12 do 2009-06-12 )))))))))))))))))))))))))))))))
.
2009-06-10 19:48 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-10 19:47 . 2009-06-10 19:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-10 19:47 . 2009-06-10 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-10 19:47 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-10 18:25 . 2009-06-10 18:25 -------- d-----w- c:\program files\CCleaner
2009-06-10 18:09 . 2009-06-10 18:09 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-06-10 15:44 . 2009-06-11 13:10 -------- d-----w- C:\HiJackThis
2009-06-10 11:10 . 2009-06-10 11:10 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-06-10 07:50 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 07:50 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-01 08:12 . 2009-06-01 08:12 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-05-31 21:30 . 2009-05-31 21:30 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-05-31 21:23 . 2009-06-10 11:19 -------- d-----w- c:\windows\ie8updates
2009-05-31 21:22 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-05-31 21:19 . 2009-05-31 21:22 -------- dc-h--w- c:\windows\ie8
2009-05-26 22:07 . 2009-05-26 22:07 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-05-26 22:01 . 2009-05-26 22:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-05-26 21:53 . 2009-06-10 19:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-26 21:45 . 2008-11-20 19:19 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-05-26 21:45 . 2008-11-20 19:19 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-05-26 21:45 . 2009-05-26 21:45 -------- d-----w- c:\windows\system32\IOSUBSYS
2009-05-26 21:44 . 2009-05-26 21:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-05-26 21:44 . 2009-05-26 21:44 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-26 21:43 . 2009-06-05 13:00 -------- d-----w- c:\program files\Norton Security Scan
2009-05-26 21:40 . 2009-05-26 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-05-22 22:00 . 2009-05-22 23:59 -------- d-----w- c:\program files\PJsoft
2009-05-22 21:26 . 2009-05-22 21:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 18:58 . 2008-12-17 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-10 11:20 . 2008-12-17 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-10 11:17 . 2008-12-19 22:04 -------- d-----w- c:\program files\Windows Desktop Search
2009-05-26 21:52 . 2005-12-20 23:43 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-26 21:48 . 2008-12-17 23:57 -------- d-----w- c:\program files\Google
2009-05-24 22:24 . 2008-05-26 21:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-17 22:47 . 2009-03-28 14:54 -------- d-----w- c:\program files\vanBasco's Karaoke Player
2009-05-13 05:15 . 2005-12-20 07:15 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 17:12 . 2005-12-20 23:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-12 13:12 . 2005-12-20 23:14 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-09 21:18 . 2009-05-09 21:03 19451 ----a-w- c:\windows\system32\msdx92.dll
2009-05-09 21:03 . 2009-05-09 21:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Software4u
2009-05-09 21:02 . 2009-05-09 21:02 -------- d-----w- c:\program files\Software4u
2009-05-07 21:13 . 2009-05-07 21:13 -------- d-----w- c:\program files\Lexmark 510 Series
2009-05-07 15:32 . 2005-12-20 07:15 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-27 16:00 . 2009-01-03 04:25 158068 ----a-w- c:\windows\hpoins14.dat
2009-04-19 23:39 . 2009-03-21 22:29 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-04-17 12:26 . 2005-12-20 07:15 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2005-12-20 07:15 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-08 21:25 . 2009-04-08 21:25 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-03 00:35 . 2005-12-20 23:57 73936 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-18 20:55 . 2009-03-18 20:55 143252 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_03_18_21_55_04_small.dmp.zip
2009-03-18 09:12 . 2009-03-18 09:12 144565 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_03_18_10_11_32_small.dmp.zip
2009-02-12 13:51 . 2009-02-12 13:51 173747 ----a-w- c:\program files\dtv_zmeny-1208_UPC.htm
2009-02-12 13:45 . 2009-02-12 13:45 4982 ----a-w- c:\program files\UPC27logo.htm
2009-02-12 13:44 . 2009-02-12 13:44 9334 ----a-w- c:\program files\UPC27korunka.htm
2009-02-12 13:44 . 2009-02-12 13:44 19338 ----a-w- c:\program files\UPC27hodnoceni.htm
2009-02-12 13:43 . 2009-02-12 13:43 66 ----a-w- c:\program files\UPC27cara.htm
2009-02-05 00:19 . 2009-02-05 00:19 512680 ----a-w- c:\program files\ChromeSetup.exe
2009-01-16 00:19 . 2009-01-16 00:19 33981616 ----a-w- c:\program files\Nokia_PC_Suite_7_1_18_0_cze_web.exe
2009-05-26 21:42 . 2009-05-26 21:42 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-06-11_12.58.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-12 15:13 . 2009-06-12 15:13 16384 c:\windows\temp\Perflib_Perfdata_98.dat
+ 2009-06-11 15:29 . 2009-06-11 15:29 89102 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
- 2008-12-17 21:27 . 2008-12-17 21:27 89102 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-02-03 02:07 . 2009-02-03 02:07 240544 c:\windows\system32\Macromed\Flash\FlashUtil10b.exe
+ 2009-02-02 16:07 . 2009-02-02 16:07 1914440 c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-17 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\progra~1\MESSEN~1\Msmsgs.exe" [2005-08-31 1658592]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"Google Update"="c:\documents and settings\Děda\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-30 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-12-17 949376]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-08-21 981904]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-13 185872]
"PMCRemote"="c:\program files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe" [2005-11-07 73728]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-05-26 30192]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-06-28 16248320]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\DŘda\Start Menu\Programs\Startup\
Internet Explorer.lnk - c:\program files\Internet Explorer\iexplore.exe [2005-12-21 638816]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-8-12 45056]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\Msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [17.12.2008 21:24 15424]
R3 3xHybrid;Pinnacle PCTV 110i service;c:\windows\system32\drivers\3xHybrid.sys [20.12.2005 9:22 827008]
R3 usb2vcom;USB to Serial Bridge Controller;c:\windows\system32\drivers\usb2vcom.sys [29.1.2009 22:50 30368]
S2 gupdate1c9de4b2552ed78;Služba Google Update (gupdate1c9de4b2552ed78);c:\program files\Google\Update\GoogleUpdate.exe [26.5.2009 23:44 133104]
S3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [26.5.2009 23:41 30192]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-06-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]
2009-06-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-17 21:40]
2009-06-12 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 21:44]
2009-06-05 c:\windows\Tasks\Norton Security Scan for Děda.job
- c:\program files\Norton Security Scan\Nss.exe [2008-11-14 18:20]
2009-06-12 c:\windows\Tasks\User_Feed_Synchronization-{30E34931-3E73-4A0E-8B3C-2459457D3122}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download All by FlashGet - c:\documents and settings\Děda\My Documents\Kopie Flash 26.3.07\PROGRAMY\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\documents and settings\Děda\My Documents\Kopie Flash 26.3.07\PROGRAMY\FlashGet\jc_link.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\program files\PC Translator 2005\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\PC Translator 2005\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\PC Translator 2005\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files\PC Translator 2005\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files\PC Translator 2005\WEBIE.DLL
LSP: c:\windows\system32\imon.dll
TCP: {777B4112-513E-42BE-899C-A0C841E0ECFE} = 213.46.172.36,192.168.0.1
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath -
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-12 17:17
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,55,4a,2d,6a,bc,
eb,62,4a,c8,28,51,af,b0,29,a3,98,82,0a,cc,ab,ba,22,d7,4e,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,bd,ef,e4,a9,93,
fd,89,8b,71,3b,04,66,8b,46,0d,96,98,0d,4a,1f,e3,7c,38,ac,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,f8,38,e3,fb,35,
b2,8c,76,25,da,ec,7e,55,20,c9,26,07,21,53,56,fe,e2,fa,7e,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,d0,bb,48,76,65,
a8,6e,87,3e,1e,9e,e0,57,5a,93,61,3a,24,db,4b,8b,3a,27,d0,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,a5,c1,93,3f,3a,
34,9a,7b,cd,44,cd,b9,a6,33,6c,cd,32,c8,8c,81,b6,20,cf,f6,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,63,02,68,7e,18,
2c,2d,70,b0,18,ed,a7,3f,8d,37,a4,4f,9f,7c,bf,22,78,47,3c,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,c4,24,b2,c8,a2,
6d,b9,b5,31,77,e1,ba,b1,f8,68,02,b8,b2,39,fc,b2,09,e6,da,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,2a,18,9b,73,99,
d4,57,ff,83,6c,56,8b,a0,85,96,ab,b6,ed,f6,2f,b4,c1,1d,28,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,d3,25,85,71,02,
a2,a8,6d,51,fa,6e,91,28,9e,14,cc,f0,bc,cc,09,01,4d,95,57,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,78,f8,35,a7,e6,
5f,87,03,b1,cd,45,5a,a8,c4,f8,b9,8f,92,9d,79,4a,1e,2a,09,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,36,b0,70,84,8e,
ba,41,33,e3,0e,66,d5,eb,bc,2f,6b,f5,06,7f,7a,fb,db,74,be,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,0a,f4,65,db,44,
04,f4,60,fa,ea,66,7f,d4,3b,6b,70,0d,0b,05,16,c3,27,19,0b,6c,43,2d,1e,aa,22,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(872)
c:\windows\system32\imon.dll
- - - - - - - > 'explorer.exe'(4848)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\ESET\nod32krn.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\documents and settings\Dc:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2009-06-12 17:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-06-12 15:21
ComboFix2.txt 2009-06-12 12:56
ComboFix3.txt 2009-06-11 13:01
Před spuštěním: 218 797 903 872 bytes free
Po spuštění: Volných bajtů: 218 771 484 672
298 --- E O F --- 2009-06-10 11:20
-----------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:23:05, on 12.6.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MESSEN~1\Msmsgs.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Documents and Settings\Děda\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Program Files\PC Translator 2005\WEBIE.DLL
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\PC Translator 2005\WEBIE.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "c:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Děda\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Internet Explorer.lnk = C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download All by FlashGet - C:\Documents and Settings\Děda\My Documents\Kopie Flash 26.3.07\PROGRAMY\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Documents and Settings\Děda\My Documents\Kopie Flash 26.3.07\PROGRAMY\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Kniha klipů HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Chytrý výběr - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Program Files\PC Translator 2005\WEBIE.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {bfc32e1d-ee75-4a48-bc60-104e11ee2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Program Files\PC Translator 2005\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Program Files\PC Translator 2005\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\PC Translator 2005\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\PC Translator 2005\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\PC Translator 2005\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\PC Translator 2005\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\PC Translator 2005\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\PC Translator 2005\WEBIE.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9542333843
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{777B4112-513E-42BE-899C-A0C841E0ECFE}: NameServer = 213.46.172.36,192.168.0.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate1c9de4b2552ed78) (gupdate1c9de4b2552ed78) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 13415 bytes
ComboFix 09-06-10.02 - Děda 12.06.2009 17:06.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.1022.393 [GMT 2:00]
Spuštěný z: c:\documents and settings\Děda\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Děda\Desktop\CFScript.txt
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FILE ::
"c:\windows\im32st.dat"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\im32st.dat
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-12 do 2009-06-12 )))))))))))))))))))))))))))))))
.
2009-06-10 19:48 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-10 19:47 . 2009-06-10 19:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-10 19:47 . 2009-06-10 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-10 19:47 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-10 18:25 . 2009-06-10 18:25 -------- d-----w- c:\program files\CCleaner
2009-06-10 18:09 . 2009-06-10 18:09 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-06-10 15:44 . 2009-06-11 13:10 -------- d-----w- C:\HiJackThis
2009-06-10 11:10 . 2009-06-10 11:10 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-06-10 07:50 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 07:50 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-01 08:12 . 2009-06-01 08:12 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-05-31 21:30 . 2009-05-31 21:30 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-05-31 21:23 . 2009-06-10 11:19 -------- d-----w- c:\windows\ie8updates
2009-05-31 21:22 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-05-31 21:19 . 2009-05-31 21:22 -------- dc-h--w- c:\windows\ie8
2009-05-26 22:07 . 2009-05-26 22:07 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-05-26 22:01 . 2009-05-26 22:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-05-26 21:53 . 2009-06-10 19:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-26 21:45 . 2008-11-20 19:19 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-05-26 21:45 . 2008-11-20 19:19 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-05-26 21:45 . 2009-05-26 21:45 -------- d-----w- c:\windows\system32\IOSUBSYS
2009-05-26 21:44 . 2009-05-26 21:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-05-26 21:44 . 2009-05-26 21:44 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-26 21:43 . 2009-06-05 13:00 -------- d-----w- c:\program files\Norton Security Scan
2009-05-26 21:40 . 2009-05-26 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-05-22 22:00 . 2009-05-22 23:59 -------- d-----w- c:\program files\PJsoft
2009-05-22 21:26 . 2009-05-22 21:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 18:58 . 2008-12-17 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-10 11:20 . 2008-12-17 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-10 11:17 . 2008-12-19 22:04 -------- d-----w- c:\program files\Windows Desktop Search
2009-05-26 21:52 . 2005-12-20 23:43 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-26 21:48 . 2008-12-17 23:57 -------- d-----w- c:\program files\Google
2009-05-24 22:24 . 2008-05-26 21:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-17 22:47 . 2009-03-28 14:54 -------- d-----w- c:\program files\vanBasco's Karaoke Player
2009-05-13 05:15 . 2005-12-20 07:15 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 17:12 . 2005-12-20 23:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-12 13:12 . 2005-12-20 23:14 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-09 21:18 . 2009-05-09 21:03 19451 ----a-w- c:\windows\system32\msdx92.dll
2009-05-09 21:03 . 2009-05-09 21:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Software4u
2009-05-09 21:02 . 2009-05-09 21:02 -------- d-----w- c:\program files\Software4u
2009-05-07 21:13 . 2009-05-07 21:13 -------- d-----w- c:\program files\Lexmark 510 Series
2009-05-07 15:32 . 2005-12-20 07:15 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-27 16:00 . 2009-01-03 04:25 158068 ----a-w- c:\windows\hpoins14.dat
2009-04-19 23:39 . 2009-03-21 22:29 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-04-17 12:26 . 2005-12-20 07:15 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2005-12-20 07:15 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-08 21:25 . 2009-04-08 21:25 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-03 00:35 . 2005-12-20 23:57 73936 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-18 20:55 . 2009-03-18 20:55 143252 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_03_18_21_55_04_small.dmp.zip
2009-03-18 09:12 . 2009-03-18 09:12 144565 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_03_18_10_11_32_small.dmp.zip
2009-02-12 13:51 . 2009-02-12 13:51 173747 ----a-w- c:\program files\dtv_zmeny-1208_UPC.htm
2009-02-12 13:45 . 2009-02-12 13:45 4982 ----a-w- c:\program files\UPC27logo.htm
2009-02-12 13:44 . 2009-02-12 13:44 9334 ----a-w- c:\program files\UPC27korunka.htm
2009-02-12 13:44 . 2009-02-12 13:44 19338 ----a-w- c:\program files\UPC27hodnoceni.htm
2009-02-12 13:43 . 2009-02-12 13:43 66 ----a-w- c:\program files\UPC27cara.htm
2009-02-05 00:19 . 2009-02-05 00:19 512680 ----a-w- c:\program files\ChromeSetup.exe
2009-01-16 00:19 . 2009-01-16 00:19 33981616 ----a-w- c:\program files\Nokia_PC_Suite_7_1_18_0_cze_web.exe
2009-05-26 21:42 . 2009-05-26 21:42 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-06-11_12.58.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-12 15:13 . 2009-06-12 15:13 16384 c:\windows\temp\Perflib_Perfdata_98.dat
+ 2009-06-11 15:29 . 2009-06-11 15:29 89102 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
- 2008-12-17 21:27 . 2008-12-17 21:27 89102 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-02-03 02:07 . 2009-02-03 02:07 240544 c:\windows\system32\Macromed\Flash\FlashUtil10b.exe
+ 2009-02-02 16:07 . 2009-02-02 16:07 1914440 c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-17 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\progra~1\MESSEN~1\Msmsgs.exe" [2005-08-31 1658592]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"Google Update"="c:\documents and settings\Děda\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-30 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-12-17 949376]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-08-21 981904]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-13 185872]
"PMCRemote"="c:\program files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe" [2005-11-07 73728]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-05-26 30192]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-06-28 16248320]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\DŘda\Start Menu\Programs\Startup\
Internet Explorer.lnk - c:\program files\Internet Explorer\iexplore.exe [2005-12-21 638816]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-8-12 45056]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\Msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [17.12.2008 21:24 15424]
R3 3xHybrid;Pinnacle PCTV 110i service;c:\windows\system32\drivers\3xHybrid.sys [20.12.2005 9:22 827008]
R3 usb2vcom;USB to Serial Bridge Controller;c:\windows\system32\drivers\usb2vcom.sys [29.1.2009 22:50 30368]
S2 gupdate1c9de4b2552ed78;Služba Google Update (gupdate1c9de4b2552ed78);c:\program files\Google\Update\GoogleUpdate.exe [26.5.2009 23:44 133104]
S3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [26.5.2009 23:41 30192]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-06-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]
2009-06-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-17 21:40]
2009-06-12 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 21:44]
2009-06-05 c:\windows\Tasks\Norton Security Scan for Děda.job
- c:\program files\Norton Security Scan\Nss.exe [2008-11-14 18:20]
2009-06-12 c:\windows\Tasks\User_Feed_Synchronization-{30E34931-3E73-4A0E-8B3C-2459457D3122}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download All by FlashGet - c:\documents and settings\Děda\My Documents\Kopie Flash 26.3.07\PROGRAMY\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\documents and settings\Děda\My Documents\Kopie Flash 26.3.07\PROGRAMY\FlashGet\jc_link.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\program files\PC Translator 2005\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\PC Translator 2005\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\PC Translator 2005\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files\PC Translator 2005\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files\PC Translator 2005\WEBIE.DLL
LSP: c:\windows\system32\imon.dll
TCP: {777B4112-513E-42BE-899C-A0C841E0ECFE} = 213.46.172.36,192.168.0.1
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath -
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-12 17:17
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,55,4a,2d,6a,bc,
eb,62,4a,c8,28,51,af,b0,29,a3,98,82,0a,cc,ab,ba,22,d7,4e,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,bd,ef,e4,a9,93,
fd,89,8b,71,3b,04,66,8b,46,0d,96,98,0d,4a,1f,e3,7c,38,ac,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,f8,38,e3,fb,35,
b2,8c,76,25,da,ec,7e,55,20,c9,26,07,21,53,56,fe,e2,fa,7e,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,d0,bb,48,76,65,
a8,6e,87,3e,1e,9e,e0,57,5a,93,61,3a,24,db,4b,8b,3a,27,d0,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,a5,c1,93,3f,3a,
34,9a,7b,cd,44,cd,b9,a6,33,6c,cd,32,c8,8c,81,b6,20,cf,f6,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,63,02,68,7e,18,
2c,2d,70,b0,18,ed,a7,3f,8d,37,a4,4f,9f,7c,bf,22,78,47,3c,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,c4,24,b2,c8,a2,
6d,b9,b5,31,77,e1,ba,b1,f8,68,02,b8,b2,39,fc,b2,09,e6,da,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,2a,18,9b,73,99,
d4,57,ff,83,6c,56,8b,a0,85,96,ab,b6,ed,f6,2f,b4,c1,1d,28,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,d3,25,85,71,02,
a2,a8,6d,51,fa,6e,91,28,9e,14,cc,f0,bc,cc,09,01,4d,95,57,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,78,f8,35,a7,e6,
5f,87,03,b1,cd,45,5a,a8,c4,f8,b9,8f,92,9d,79,4a,1e,2a,09,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,36,b0,70,84,8e,
ba,41,33,e3,0e,66,d5,eb,bc,2f,6b,f5,06,7f,7a,fb,db,74,be,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,0a,f4,65,db,44,
04,f4,60,fa,ea,66,7f,d4,3b,6b,70,0d,0b,05,16,c3,27,19,0b,6c,43,2d,1e,aa,22,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(872)
c:\windows\system32\imon.dll
- - - - - - - > 'explorer.exe'(4848)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\ESET\nod32krn.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\documents and settings\Dc:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2009-06-12 17:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-06-12 15:21
ComboFix2.txt 2009-06-12 12:56
ComboFix3.txt 2009-06-11 13:01
Před spuštěním: 218 797 903 872 bytes free
Po spuštění: Volných bajtů: 218 771 484 672
298 --- E O F --- 2009-06-10 11:20
-----------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:23:05, on 12.6.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MESSEN~1\Msmsgs.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Documents and Settings\Děda\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Program Files\PC Translator 2005\WEBIE.DLL
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\PC Translator 2005\WEBIE.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "c:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Děda\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Internet Explorer.lnk = C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download All by FlashGet - C:\Documents and Settings\Děda\My Documents\Kopie Flash 26.3.07\PROGRAMY\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Documents and Settings\Děda\My Documents\Kopie Flash 26.3.07\PROGRAMY\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Kniha klipů HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Chytrý výběr - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Program Files\PC Translator 2005\WEBIE.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {bfc32e1d-ee75-4a48-bc60-104e11ee2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Program Files\PC Translator 2005\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Program Files\PC Translator 2005\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\PC Translator 2005\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\PC Translator 2005\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\PC Translator 2005\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\PC Translator 2005\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\PC Translator 2005\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\PC Translator 2005\WEBIE.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9542333843
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{777B4112-513E-42BE-899C-A0C841E0ECFE}: NameServer = 213.46.172.36,192.168.0.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate1c9de4b2552ed78) (gupdate1c9de4b2552ed78) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 13415 bytes
Windows XP Media Center Edition SP2, ATI Radeon X1550 512 MB, Intel Pentium D820 2,8Ghz Dual Core, 1024 MB RAM.
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Počítač sám odesílá hromadu emailů
Spusť HJT a fixni (zatrhnout políčko před hodnotou zmáčknout "Fix checked"):
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O9 - Extra button: (no name) - {bfc32e1d-ee75-4a48-bc60-104e11ee2431} - (no file)
Jinak tam nic už nevidím, spamy už by jste neměl posílat.
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O9 - Extra button: (no name) - {bfc32e1d-ee75-4a48-bc60-104e11ee2431} - (no file)
Jinak tam nic už nevidím, spamy už by jste neměl posílat.
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Počítač sám odesílá hromadu emailů
Vážení přátelé, jsem šťasten, že se podařilo zachovat obsah PC a moc Vám všem za spolupráci a pomoc děkuji.
Windows XP Media Center Edition SP2, ATI Radeon X1550 512 MB, Intel Pentium D820 2,8Ghz Dual Core, 1024 MB RAM.
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Počítač sám odesílá hromadu emailů
Výborně. Odinstalujte CimboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš
(pozn.Pokud máš AVG, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, následně T-Cleaner smaž
a zapni si AVG.)
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache,
cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer,
Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Označ topic za vyřešený (zelená fajfka) a měj se.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš
(pozn.Pokud máš AVG, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, následně T-Cleaner smaž
a zapni si AVG.)
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache,
cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer,
Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Označ topic za vyřešený (zelená fajfka) a měj se.
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
-
- Mohlo by vás zajímat
- Odpovědi
- Zobrazení
- Poslední příspěvek
-
- 7
- 3159
-
od šulda
Zobrazit poslední příspěvek
13 zář 2024 14:18
-
- 4
- 1913
-
od rykatyka
Zobrazit poslední příspěvek
09 lis 2024 19:17
-
- 1
- 2006
-
od Hangli
Zobrazit poslední příspěvek
22 lis 2024 19:20
-
-
Počítač do 30k- změny Příloha(y)
od Dejvik2323 » 18 bře 2025 15:32 » v Rady s výběrem hw a sestavením PC - 11
- 5656
-
od DragonX
Zobrazit poslední příspěvek
24 bře 2025 12:50
-
-
- 6
- 3651
-
od Laniga
Zobrazit poslední příspěvek
14 úno 2025 14:07
Zpět na “Windows 11, 10, 8...”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 4 hosti