Zdravím, můžete mi prosím zkontrolovat logy z HJT? Mám podezdření na nějakýho trojana co odesílá spam z mého pc a tím pádem mám bloklý odesílání emailů přes SMTP servery.
Děkuji.
Logfile of HijackThis v1.99.1
Scan saved at 17:11:21, on 21.7.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\Svoboda.92U2RQFPPL\Svoboda.92U2RQFPPL.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\WLAN\WLAN\wlanutil.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Mozilla Firefox\firefox.exe
H:\NET\Antiviry,Firewally\hijackthis_199\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.138.64.143:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Svoboda] C:\Documents and Settings\Svoboda.92U2RQFPPL\Svoboda.92U2RQFPPL.exe /i
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: rncsys32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Wireless LAN Utility.lnk = C:\Program Files\WLAN\WLAN\wlanutil.exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Stáhnout vše pomocí FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05DC7F28-A3E9-4151-A736-7841074CFB02}: NameServer = 85.255.116.70,85.255.112.201
O17 - HKLM\System\CCS\Services\Tcpip\..\{17B7601D-60FD-4CA7-91E5-AE120A13814F}: NameServer = 85.255.116.70,85.255.112.201
O17 - HKLM\System\CCS\Services\Tcpip\..\{3AA8F0FA-F7E1-42C0-B207-3A42F1B91D0E}: NameServer = 85.255.116.70,85.255.112.201
O17 - HKLM\System\CCS\Services\Tcpip\..\{55B30046-996C-4633-B661-75C0E277D07F}: NameServer = 85.255.116.70,85.255.112.201
O17 - HKLM\System\CCS\Services\Tcpip\..\{790EB38F-AA1D-4853-A436-E7CB0A01FF58}: NameServer = 85.255.116.70,85.255.112.201
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8A9C184-073D-47D8-9F60-1569C2D73127}: NameServer = 85.255.116.70,85.255.112.201
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.70 85.255.112.201
O17 - HKLM\System\CS1\Services\Tcpip\..\{05DC7F28-A3E9-4151-A736-7841074CFB02}: NameServer = 85.255.116.70,85.255.112.201
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.70 85.255.112.201
O17 - HKLM\System\CS3\Services\Tcpip\..\{05DC7F28-A3E9-4151-A736-7841074CFB02}: NameServer = 85.255.116.70,85.255.112.201
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.70 85.255.112.201
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Dále sem v netstatu objevil tohle, takže se určitě jedná o nějakého trojana, který ten spam rozesílá, ale nevím o co se přesně jedná, NOD 32 ho nenajde.
TCP 5UCK:14603 mx0.gmx.net:smtp SYN_SENT
TCP 5UCK:14604 mailin.rzone.de:smtp SYN_SENT
TCP 5UCK:14606 mailin.rzone.de:smtp SYN_SENT
TCP 5UCK:14607 vw01.uk-bw.de:smtp SYN_SENT
TCP 5UCK:14608 mail.meade.de:smtp SYN_SENT
TCP 5UCK:14609 mx0.gmx.net:smtp SYN_SENT
TCP 5UCK:14610 mx0.gmx.net:smtp SYN_SENT
TCP 5UCK:14611 mx.arcor.de:smtp SYN_SENT
TCP 5UCK:14612 click.alfabank.ru:https CLOSE_WAIT
TCP 5UCK:14613 mail02.jamba.de:smtp SYN_SENT
TCP 5UCK:14614 mta-v1.mail.vip.ac4.yahoo.com:smtp SYN_SENT
TCP 5UCK:14615 mta-v1.mail.vip.ac4.yahoo.com:smtp SYN_SENT
TCP 5UCK:14618 mx1.vr-web.de:smtp SYN_SENT
TCP 5UCK:14619 mx1.vr-web.de:smtp SYN_SENT
TCP 5UCK:14622 thekla.de.clara.net:smtp SYN_SENT
TCP 5UCK:14623 mail2.issociate.net:smtp SYN_SENT
TCP 5UCK:14626 statdsl-085-016-074-068.ewe-ip-backbone.de:smtp
SYN_SENT
//Nevkládej logy do code! upraveno
jaro3
Prosím o zkontrolovaní logů Vyřešeno
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Prosím o zkontrolovaní logů
Odinstaluj si ICQ6 toolbar, Megaupload Toolbar,.
Spusť HJT, vypni prohlížeče, odpoj se od internetu a fixni (zatrhnout políčko před hodnotou, zmáčknout
"Fix checked"):
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKCU\..\Run: [Svoboda] C:\Documents and Settings\Svoboda.92U2RQFPPL\Svoboda.92U2RQFPPL.exe /i
O4 - Startup: rncsys32.exe
O11 - Options group: [INTERNATIONAL] International*
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Spusť HJT, vypni prohlížeče, odpoj se od internetu a fixni (zatrhnout políčko před hodnotou, zmáčknout
"Fix checked"):
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKCU\..\Run: [Svoboda] C:\Documents and Settings\Svoboda.92U2RQFPPL\Svoboda.92U2RQFPPL.exe /i
O4 - Startup: rncsys32.exe
O11 - Options group: [INTERNATIONAL] International*
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Prosím o zkontrolovaní logů
Tady je ten log z Malwarebytes
Malwarebytes' Anti-Malware 1.39
Verze databáze: 2421
Windows 5.1.2600 Service Pack 2
22.7.2009 9:40:45
mbam-log-2009-07-22 (09-40-41).txt
Typ skenu: Rychlý sken
Objektu skenováno: 95275
Uplynulý cas: 10 minute(s), 49 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 8
Infikované hodnoty registru: 0
Infikované položky dat registru: 33
Infikované složky: 0
Infikované soubory: 4
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{87fd33c2-7891-45d5-acd1-7935f9aea26b} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\{def85c80-216a-43ab-af70-1665edbe2780} (Spyware.Sinowal) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ksi32sk (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\amd64si (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\bhonew.bho (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\bhonew.bho.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ws2_32sik (Rootkit.Agent) -> No action taken.
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{05dc7f28-a3e9-4151-a736-7841074cfb02}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{17b7601d-60fd-4ca7-91e5-ae120a13814f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{17b7601d-60fd-4ca7-91e5-ae120a13814f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3aa8f0fa-f7e1-42c0-b207-3a42f1b91d0e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3aa8f0fa-f7e1-42c0-b207-3a42f1b91d0e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{55b30046-996c-4633-b661-75c0e277d07f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{55b30046-996c-4633-b661-75c0e277d07f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{790eb38f-aa1d-4853-a436-e7cb0a01ff58}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d659a006-9ac5-4c95-891b-3c79812b3a9e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f8a9c184-073d-47d8-9f60-1569c2d73127}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f8a9c184-073d-47d8-9f60-1569c2d73127}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{05dc7f28-a3e9-4151-a736-7841074cfb02}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{17b7601d-60fd-4ca7-91e5-ae120a13814f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{17b7601d-60fd-4ca7-91e5-ae120a13814f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3aa8f0fa-f7e1-42c0-b207-3a42f1b91d0e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3aa8f0fa-f7e1-42c0-b207-3a42f1b91d0e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{55b30046-996c-4633-b661-75c0e277d07f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{55b30046-996c-4633-b661-75c0e277d07f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{790eb38f-aa1d-4853-a436-e7cb0a01ff58}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d659a006-9ac5-4c95-891b-3c79812b3a9e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f8a9c184-073d-47d8-9f60-1569c2d73127}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f8a9c184-073d-47d8-9f60-1569c2d73127}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{05dc7f28-a3e9-4151-a736-7841074cfb02}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{17b7601d-60fd-4ca7-91e5-ae120a13814f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{17b7601d-60fd-4ca7-91e5-ae120a13814f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{3aa8f0fa-f7e1-42c0-b207-3a42f1b91d0e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{3aa8f0fa-f7e1-42c0-b207-3a42f1b91d0e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{55b30046-996c-4633-b661-75c0e277d07f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{55b30046-996c-4633-b661-75c0e277d07f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{790eb38f-aa1d-4853-a436-e7cb0a01ff58}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{d659a006-9ac5-4c95-891b-3c79812b3a9e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f8a9c184-073d-47d8-9f60-1569c2d73127}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f8a9c184-073d-47d8-9f60-1569c2d73127}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
c:\documents and settings\svoboda.92u2rqfppl\local settings\temporary internet files\Content.IE5\QNQ42NH3\load[1].exe (Trojan.Agent) -> No action taken.
c:\documents and settings\svoboda.92u2rqfppl\nabídka start\Programy\po spuštění\rncsys32.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Svoboda.92U2RQFPPL\Data aplikací\wiaserva.log (Malware.Trace) -> No action taken.
C:\Documents and Settings\Svoboda.92U2RQFPPL\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> No action taken.
Malwarebytes' Anti-Malware 1.39
Verze databáze: 2421
Windows 5.1.2600 Service Pack 2
22.7.2009 9:40:45
mbam-log-2009-07-22 (09-40-41).txt
Typ skenu: Rychlý sken
Objektu skenováno: 95275
Uplynulý cas: 10 minute(s), 49 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 8
Infikované hodnoty registru: 0
Infikované položky dat registru: 33
Infikované složky: 0
Infikované soubory: 4
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{87fd33c2-7891-45d5-acd1-7935f9aea26b} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\{def85c80-216a-43ab-af70-1665edbe2780} (Spyware.Sinowal) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ksi32sk (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\amd64si (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\bhonew.bho (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\bhonew.bho.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ws2_32sik (Rootkit.Agent) -> No action taken.
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{05dc7f28-a3e9-4151-a736-7841074cfb02}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{17b7601d-60fd-4ca7-91e5-ae120a13814f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{17b7601d-60fd-4ca7-91e5-ae120a13814f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3aa8f0fa-f7e1-42c0-b207-3a42f1b91d0e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3aa8f0fa-f7e1-42c0-b207-3a42f1b91d0e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{55b30046-996c-4633-b661-75c0e277d07f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{55b30046-996c-4633-b661-75c0e277d07f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{790eb38f-aa1d-4853-a436-e7cb0a01ff58}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d659a006-9ac5-4c95-891b-3c79812b3a9e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f8a9c184-073d-47d8-9f60-1569c2d73127}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f8a9c184-073d-47d8-9f60-1569c2d73127}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{05dc7f28-a3e9-4151-a736-7841074cfb02}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{17b7601d-60fd-4ca7-91e5-ae120a13814f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{17b7601d-60fd-4ca7-91e5-ae120a13814f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3aa8f0fa-f7e1-42c0-b207-3a42f1b91d0e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3aa8f0fa-f7e1-42c0-b207-3a42f1b91d0e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{55b30046-996c-4633-b661-75c0e277d07f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{55b30046-996c-4633-b661-75c0e277d07f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{790eb38f-aa1d-4853-a436-e7cb0a01ff58}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d659a006-9ac5-4c95-891b-3c79812b3a9e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f8a9c184-073d-47d8-9f60-1569c2d73127}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f8a9c184-073d-47d8-9f60-1569c2d73127}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{05dc7f28-a3e9-4151-a736-7841074cfb02}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{17b7601d-60fd-4ca7-91e5-ae120a13814f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{17b7601d-60fd-4ca7-91e5-ae120a13814f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{3aa8f0fa-f7e1-42c0-b207-3a42f1b91d0e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{3aa8f0fa-f7e1-42c0-b207-3a42f1b91d0e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{55b30046-996c-4633-b661-75c0e277d07f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{55b30046-996c-4633-b661-75c0e277d07f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{790eb38f-aa1d-4853-a436-e7cb0a01ff58}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{d659a006-9ac5-4c95-891b-3c79812b3a9e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f8a9c184-073d-47d8-9f60-1569c2d73127}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f8a9c184-073d-47d8-9f60-1569c2d73127}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> No action taken.
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
c:\documents and settings\svoboda.92u2rqfppl\local settings\temporary internet files\Content.IE5\QNQ42NH3\load[1].exe (Trojan.Agent) -> No action taken.
c:\documents and settings\svoboda.92u2rqfppl\nabídka start\Programy\po spuštění\rncsys32.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Svoboda.92U2RQFPPL\Data aplikací\wiaserva.log (Malware.Trace) -> No action taken.
C:\Documents and Settings\Svoboda.92U2RQFPPL\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> No action taken.
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Prosím o zkontrolovaní logů
Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Potom si stáhni z mého podpisu novější verzi HijackThis (2.0.2) a verzi 1.99.1 smaž.
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Potom si stáhni z mého podpisu novější verzi HijackThis (2.0.2) a verzi 1.99.1 smaž.
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Prosím o zkontrolovaní logů
ok,
Log z Malwarebytes
Malwarebytes' Anti-Malware 1.39
Verze databáze: 2421
Windows 5.1.2600 Service Pack 2
22.7.2009 13:04:18
mbam-log-2009-07-22 (13-04-18).txt
Typ skenu: Rychlý sken
Objektu skenováno: 95275
Uplynulý cas: 10 minute(s), 49 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 8
Infikované hodnoty registru: 0
Infikované položky dat registru: 33
Infikované složky: 0
Infikované soubory: 4
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{87fd33c2-7891-45d5-acd1-7935f9aea26b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\{def85c80-216a-43ab-af70-1665edbe2780} (Spyware.Sinowal) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ksi32sk (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\amd64si (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bhonew.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bhonew.bho.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ws2_32sik (Rootkit.Agent) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{05dc7f28-a3e9-4151-a736-7841074cfb02}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{17b7601d-60fd-4ca7-91e5-ae120a13814f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{17b7601d-60fd-4ca7-91e5-ae120a13814f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3aa8f0fa-f7e1-42c0-b207-3a42f1b91d0e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3aa8f0fa-f7e1-42c0-b207-3a42f1b91d0e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{55b30046-996c-4633-b661-75c0e277d07f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{55b30046-996c-4633-b661-75c0e277d07f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{790eb38f-aa1d-4853-a436-e7cb0a01ff58}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d659a006-9ac5-4c95-891b-3c79812b3a9e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f8a9c184-073d-47d8-9f60-1569c2d73127}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f8a9c184-073d-47d8-9f60-1569c2d73127}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{05dc7f28-a3e9-4151-a736-7841074cfb02}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{17b7601d-60fd-4ca7-91e5-ae120a13814f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{17b7601d-60fd-4ca7-91e5-ae120a13814f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3aa8f0fa-f7e1-42c0-b207-3a42f1b91d0e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3aa8f0fa-f7e1-42c0-b207-3a42f1b91d0e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{55b30046-996c-4633-b661-75c0e277d07f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{55b30046-996c-4633-b661-75c0e277d07f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{790eb38f-aa1d-4853-a436-e7cb0a01ff58}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d659a006-9ac5-4c95-891b-3c79812b3a9e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f8a9c184-073d-47d8-9f60-1569c2d73127}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f8a9c184-073d-47d8-9f60-1569c2d73127}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{05dc7f28-a3e9-4151-a736-7841074cfb02}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{17b7601d-60fd-4ca7-91e5-ae120a13814f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{17b7601d-60fd-4ca7-91e5-ae120a13814f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{3aa8f0fa-f7e1-42c0-b207-3a42f1b91d0e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{3aa8f0fa-f7e1-42c0-b207-3a42f1b91d0e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{55b30046-996c-4633-b661-75c0e277d07f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{55b30046-996c-4633-b661-75c0e277d07f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{790eb38f-aa1d-4853-a436-e7cb0a01ff58}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{d659a006-9ac5-4c95-891b-3c79812b3a9e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f8a9c184-073d-47d8-9f60-1569c2d73127}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f8a9c184-073d-47d8-9f60-1569c2d73127}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
c:\documents and settings\svoboda.92u2rqfppl\local settings\temporary internet files\Content.IE5\QNQ42NH3\load[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\svoboda.92u2rqfppl\nabídka start\Programy\po spuštění\rncsys32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Svoboda.92U2RQFPPL\Data aplikací\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Svoboda.92U2RQFPPL\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.
_______________________________________________
A log COMBOfix
ComboFix 09-07-21.03 - Svoboda 22.07.2009 13:21.1.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.570 [GMT 2:00]
Spuštěný z: c:\documents and settings\Svoboda.92U2RQFPPL\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Kerio Personal Firewall *enabled* {333BECA0-DED8-4139-A516-8D9E44E22669}
* Rezidentní štít AV je zapnutý
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-746137067-1409082233-725345543-1003
C:\text.txt
c:\windows\Installer\2a6e82.msi
c:\windows\system32\Drivers\lxeb.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_frltcoc
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-22 do 2009-07-22 )))))))))))))))))))))))))))))))
.
2009-07-22 07:26 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-22 07:26 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-22 07:26 . 2009-07-22 07:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-21 17:15 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-21 16:58 . 2009-07-21 16:58 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Plocha
2009-07-21 16:25 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-21 15:44 . 2009-07-21 15:44 -------- d-----w- C:\!KillBox
2009-07-21 15:34 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-07-21 15:34 . 2009-04-03 09:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-07-21 15:34 . 2008-12-18 10:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-07-21 15:33 . 2009-07-21 15:35 -------- d-----w- c:\program files\Common Files\PC Tools
2009-07-21 15:33 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-07-21 15:33 . 2009-07-21 15:35 -------- d-----w- c:\program files\Spyware Doctor
2009-07-21 11:18 . 2009-07-21 11:25 -------- d-----w- c:\program files\Wireshark
2009-07-15 20:18 . 2009-07-15 20:18 -------- d-----w- c:\program files\ICQ6Toolbar
2009-07-15 20:16 . 2009-07-15 20:20 -------- d-----w- c:\program files\ICQ6.5
2009-07-09 13:17 . 2009-07-09 13:17 -------- d-----w- C:\Nová složka
2009-07-06 12:15 . 2009-07-06 12:15 -------- d-----w- c:\program files\MSECache
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-22 10:23 . 2006-07-10 23:21 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-07-21 17:14 . 2007-11-10 13:05 2928722 ----a-w- c:\windows\system32\drivers\fwdrv.err
2009-07-21 16:28 . 2008-02-03 15:12 -------- d-----w- c:\program files\MegauploadToolbar
2009-07-21 16:22 . 2006-05-24 18:21 -------- d-----w- c:\program files\Lavasoft
2009-07-21 13:30 . 2006-06-26 10:33 -------- d-----w- c:\program files\Trillian
2009-07-21 11:24 . 2006-03-03 19:28 -------- d-----w- c:\program files\WinPcap
2009-07-21 11:00 . 2006-07-09 19:13 -------- d-----w- c:\program files\HJB
2009-07-21 10:55 . 2006-05-24 18:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-20 06:40 . 2006-04-01 17:07 -------- d-----w- c:\program files\FlashFXP
2009-07-19 18:49 . 2006-04-14 13:35 -------- d-----w- c:\program files\FlashGet
2009-07-15 20:17 . 2008-07-01 16:26 -------- d-----w- c:\program files\ICQ6
2009-06-10 16:42 . 2008-10-17 14:18 -------- d-----w- c:\program files\XStandard
2009-05-03 16:36 . 2006-03-23 20:58 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-06-14 11:51 . 2008-07-04 14:35 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-01-16 15:05 . 2009-01-16 15:05 1056 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2006-03-18 917504]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-04-15 77824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\Svoboda.92U2RQFPPL\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
c:\documents and settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Wireless LAN Utility.lnk - c:\program files\WLAN\WLAN\wlanutil.exe [2006-3-18 106496]
ZDWLan Utility.lnk - c:\program files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2006-5-5 466944]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\e:\0autocheck autochk *\0lsdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^GetRight - Tray Icon.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\GetRight - Tray Icon.lnk
backup=c:\windows\pss\GetRight - Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Privoxy.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Privoxy.lnk
backup=c:\windows\pss\Privoxy.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Svoboda.92U2RQFPPL^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\Svoboda.92U2RQFPPL\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Svoboda.92U2RQFPPL^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Svoboda.92U2RQFPPL\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Svoboda.92U2RQFPPL^Nabídka Start^Programy^Po spuštění^WASTE.lnk]
path=c:\documents and settings\Svoboda.92U2RQFPPL\Nabídka Start\Programy\Po spuštění\WASTE.lnk
backup=c:\windows\pss\WASTE.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RSS Point 2
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"helpsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"OpenVPNService"=3 (0x3)
"OpenSSHd"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"h:\\Hry\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [21.7.2009 18:25 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [21.7.2009 17:34 130936]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26.9.2005 12:05 286720]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26.9.2005 12:05 81920]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3.7.2009 16:49 1029456]
R3 WLAN; Wireless LAN Driver;c:\windows\system32\drivers\nb825NDS.sys [18.3.2006 20:35 54784]
S3 ddsxeiservice;ddsxeiservice2;c:\program files\sXe Injected\ddsxei.sys [21.11.2007 9:11 28672]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [23.12.2008 17:35 50704]
S3 RET45;RET45 Protocol Driver;\??\c:\progra~1\Retina\modules\retina\Scanner\RET45.SYS --> c:\progra~1\Retina\modules\retina\Scanner\RET45.SYS [?]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [1.11.2008 15:23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [1.11.2008 15:23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [1.11.2008 15:23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [1.11.2008 15:24 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [1.11.2008 15:23 98568]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [21.7.2009 17:33 348752]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [1.10.2006 14:37 26624]
S4 OpenSSHd;OpenSSH Server;c:\program files\OpenSSH\bin\cygrunsrv.exe [18.4.2004 13:11 36864]
.
Obsah adresáře 'Naplánované úlohy'
2009-07-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Stáhnout pomocí FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Stáhnout vše pomocí FlashGet - c:\program files\FlashGet\jc_all.htm
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\www
Name-Space Handler: ftp\JetCarIEClickCatcher - {FB5DA722-162B-11D3-8B9B-AA70B4B0B524} - c:\progra~1\FlashGet\Jccatch.dll
Name-Space Handler: http\JetCarIEClickCatcher - {FB5DA722-162B-11D3-8B9B-AA70B4B0B524} - c:\progra~1\FlashGet\Jccatch.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {50E43D86-A74D-11D0-98CE-004005249458} - hxxps://www.mojebanka.cz/jars/confwiz/MVSGif.cab
FF - ProfilePath - c:\documents and settings\Svoboda.92U2RQFPPL\Data aplikací\Mozilla\Firefox\Profiles\1z0zm6ye.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - prefs.js: keyword.enabled - false
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\XStandard\Bin\NPXStandard.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-22 13:34
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1036)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(4004)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\Crypserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kerio\Personal Firewall 4\kpf4ss.exe
c:\program files\ESET\nod32krn.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Celkový čas: 2009-07-22 13:44 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-07-22 11:44
Před spuštěním: 3 222 695 936
Po spuštění: 3 785 539 584
232 --- E O F --- 2008-03-25 21:27
__________________________________________________________________________________-
A tady log z HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:34:04, on 22.7.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\WLAN\WLAN\wlanutil.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
H:\NET\NEW PC\HiJackThis(2).exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Wireless LAN Utility.lnk = C:\Program Files\WLAN\WLAN\wlanutil.exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Stáhnout vše pomocí FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{790EB38F-AA1D-4853-A436-E7CB0A01FF58}: NameServer = 85.255.116.70,85.255.112.201
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 8842 bytes
Log z Malwarebytes
Malwarebytes' Anti-Malware 1.39
Verze databáze: 2421
Windows 5.1.2600 Service Pack 2
22.7.2009 13:04:18
mbam-log-2009-07-22 (13-04-18).txt
Typ skenu: Rychlý sken
Objektu skenováno: 95275
Uplynulý cas: 10 minute(s), 49 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 8
Infikované hodnoty registru: 0
Infikované položky dat registru: 33
Infikované složky: 0
Infikované soubory: 4
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{87fd33c2-7891-45d5-acd1-7935f9aea26b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\{def85c80-216a-43ab-af70-1665edbe2780} (Spyware.Sinowal) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ksi32sk (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\amd64si (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bhonew.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bhonew.bho.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ws2_32sik (Rootkit.Agent) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{05dc7f28-a3e9-4151-a736-7841074cfb02}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{17b7601d-60fd-4ca7-91e5-ae120a13814f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{17b7601d-60fd-4ca7-91e5-ae120a13814f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3aa8f0fa-f7e1-42c0-b207-3a42f1b91d0e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3aa8f0fa-f7e1-42c0-b207-3a42f1b91d0e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{55b30046-996c-4633-b661-75c0e277d07f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{55b30046-996c-4633-b661-75c0e277d07f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{790eb38f-aa1d-4853-a436-e7cb0a01ff58}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d659a006-9ac5-4c95-891b-3c79812b3a9e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f8a9c184-073d-47d8-9f60-1569c2d73127}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f8a9c184-073d-47d8-9f60-1569c2d73127}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{05dc7f28-a3e9-4151-a736-7841074cfb02}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{17b7601d-60fd-4ca7-91e5-ae120a13814f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{17b7601d-60fd-4ca7-91e5-ae120a13814f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3aa8f0fa-f7e1-42c0-b207-3a42f1b91d0e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3aa8f0fa-f7e1-42c0-b207-3a42f1b91d0e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{55b30046-996c-4633-b661-75c0e277d07f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{55b30046-996c-4633-b661-75c0e277d07f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{790eb38f-aa1d-4853-a436-e7cb0a01ff58}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d659a006-9ac5-4c95-891b-3c79812b3a9e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f8a9c184-073d-47d8-9f60-1569c2d73127}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f8a9c184-073d-47d8-9f60-1569c2d73127}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{05dc7f28-a3e9-4151-a736-7841074cfb02}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{17b7601d-60fd-4ca7-91e5-ae120a13814f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{17b7601d-60fd-4ca7-91e5-ae120a13814f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{3aa8f0fa-f7e1-42c0-b207-3a42f1b91d0e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{3aa8f0fa-f7e1-42c0-b207-3a42f1b91d0e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{55b30046-996c-4633-b661-75c0e277d07f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{55b30046-996c-4633-b661-75c0e277d07f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{790eb38f-aa1d-4853-a436-e7cb0a01ff58}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{d659a006-9ac5-4c95-891b-3c79812b3a9e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f8a9c184-073d-47d8-9f60-1569c2d73127}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f8a9c184-073d-47d8-9f60-1569c2d73127}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70,85.255.112.201 -> Quarantined and deleted successfully.
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
c:\documents and settings\svoboda.92u2rqfppl\local settings\temporary internet files\Content.IE5\QNQ42NH3\load[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\svoboda.92u2rqfppl\nabídka start\Programy\po spuštění\rncsys32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Svoboda.92U2RQFPPL\Data aplikací\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Svoboda.92U2RQFPPL\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.
_______________________________________________
A log COMBOfix
ComboFix 09-07-21.03 - Svoboda 22.07.2009 13:21.1.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.570 [GMT 2:00]
Spuštěný z: c:\documents and settings\Svoboda.92U2RQFPPL\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Kerio Personal Firewall *enabled* {333BECA0-DED8-4139-A516-8D9E44E22669}
* Rezidentní štít AV je zapnutý
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-746137067-1409082233-725345543-1003
C:\text.txt
c:\windows\Installer\2a6e82.msi
c:\windows\system32\Drivers\lxeb.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_frltcoc
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-22 do 2009-07-22 )))))))))))))))))))))))))))))))
.
2009-07-22 07:26 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-22 07:26 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-22 07:26 . 2009-07-22 07:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-21 17:15 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-21 16:58 . 2009-07-21 16:58 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Plocha
2009-07-21 16:25 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-21 15:44 . 2009-07-21 15:44 -------- d-----w- C:\!KillBox
2009-07-21 15:34 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-07-21 15:34 . 2009-04-03 09:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-07-21 15:34 . 2008-12-18 10:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-07-21 15:33 . 2009-07-21 15:35 -------- d-----w- c:\program files\Common Files\PC Tools
2009-07-21 15:33 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-07-21 15:33 . 2009-07-21 15:35 -------- d-----w- c:\program files\Spyware Doctor
2009-07-21 11:18 . 2009-07-21 11:25 -------- d-----w- c:\program files\Wireshark
2009-07-15 20:18 . 2009-07-15 20:18 -------- d-----w- c:\program files\ICQ6Toolbar
2009-07-15 20:16 . 2009-07-15 20:20 -------- d-----w- c:\program files\ICQ6.5
2009-07-09 13:17 . 2009-07-09 13:17 -------- d-----w- C:\Nová složka
2009-07-06 12:15 . 2009-07-06 12:15 -------- d-----w- c:\program files\MSECache
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-22 10:23 . 2006-07-10 23:21 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-07-21 17:14 . 2007-11-10 13:05 2928722 ----a-w- c:\windows\system32\drivers\fwdrv.err
2009-07-21 16:28 . 2008-02-03 15:12 -------- d-----w- c:\program files\MegauploadToolbar
2009-07-21 16:22 . 2006-05-24 18:21 -------- d-----w- c:\program files\Lavasoft
2009-07-21 13:30 . 2006-06-26 10:33 -------- d-----w- c:\program files\Trillian
2009-07-21 11:24 . 2006-03-03 19:28 -------- d-----w- c:\program files\WinPcap
2009-07-21 11:00 . 2006-07-09 19:13 -------- d-----w- c:\program files\HJB
2009-07-21 10:55 . 2006-05-24 18:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-20 06:40 . 2006-04-01 17:07 -------- d-----w- c:\program files\FlashFXP
2009-07-19 18:49 . 2006-04-14 13:35 -------- d-----w- c:\program files\FlashGet
2009-07-15 20:17 . 2008-07-01 16:26 -------- d-----w- c:\program files\ICQ6
2009-06-10 16:42 . 2008-10-17 14:18 -------- d-----w- c:\program files\XStandard
2009-05-03 16:36 . 2006-03-23 20:58 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-06-14 11:51 . 2008-07-04 14:35 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-01-16 15:05 . 2009-01-16 15:05 1056 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2006-03-18 917504]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-04-15 77824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\Svoboda.92U2RQFPPL\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
c:\documents and settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Wireless LAN Utility.lnk - c:\program files\WLAN\WLAN\wlanutil.exe [2006-3-18 106496]
ZDWLan Utility.lnk - c:\program files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2006-5-5 466944]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\e:\0autocheck autochk *\0lsdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^GetRight - Tray Icon.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\GetRight - Tray Icon.lnk
backup=c:\windows\pss\GetRight - Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Privoxy.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Privoxy.lnk
backup=c:\windows\pss\Privoxy.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Svoboda.92U2RQFPPL^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\Svoboda.92U2RQFPPL\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Svoboda.92U2RQFPPL^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Svoboda.92U2RQFPPL\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Svoboda.92U2RQFPPL^Nabídka Start^Programy^Po spuštění^WASTE.lnk]
path=c:\documents and settings\Svoboda.92U2RQFPPL\Nabídka Start\Programy\Po spuštění\WASTE.lnk
backup=c:\windows\pss\WASTE.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RSS Point 2
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"helpsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"OpenVPNService"=3 (0x3)
"OpenSSHd"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"h:\\Hry\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [21.7.2009 18:25 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [21.7.2009 17:34 130936]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26.9.2005 12:05 286720]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26.9.2005 12:05 81920]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3.7.2009 16:49 1029456]
R3 WLAN; Wireless LAN Driver;c:\windows\system32\drivers\nb825NDS.sys [18.3.2006 20:35 54784]
S3 ddsxeiservice;ddsxeiservice2;c:\program files\sXe Injected\ddsxei.sys [21.11.2007 9:11 28672]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [23.12.2008 17:35 50704]
S3 RET45;RET45 Protocol Driver;\??\c:\progra~1\Retina\modules\retina\Scanner\RET45.SYS --> c:\progra~1\Retina\modules\retina\Scanner\RET45.SYS [?]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [1.11.2008 15:23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [1.11.2008 15:23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [1.11.2008 15:23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [1.11.2008 15:24 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [1.11.2008 15:23 98568]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [21.7.2009 17:33 348752]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [1.10.2006 14:37 26624]
S4 OpenSSHd;OpenSSH Server;c:\program files\OpenSSH\bin\cygrunsrv.exe [18.4.2004 13:11 36864]
.
Obsah adresáře 'Naplánované úlohy'
2009-07-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Stáhnout pomocí FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Stáhnout vše pomocí FlashGet - c:\program files\FlashGet\jc_all.htm
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\www
Name-Space Handler: ftp\JetCarIEClickCatcher - {FB5DA722-162B-11D3-8B9B-AA70B4B0B524} - c:\progra~1\FlashGet\Jccatch.dll
Name-Space Handler: http\JetCarIEClickCatcher - {FB5DA722-162B-11D3-8B9B-AA70B4B0B524} - c:\progra~1\FlashGet\Jccatch.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {50E43D86-A74D-11D0-98CE-004005249458} - hxxps://www.mojebanka.cz/jars/confwiz/MVSGif.cab
FF - ProfilePath - c:\documents and settings\Svoboda.92U2RQFPPL\Data aplikací\Mozilla\Firefox\Profiles\1z0zm6ye.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - prefs.js: keyword.enabled - false
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\XStandard\Bin\NPXStandard.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-22 13:34
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1036)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(4004)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\Crypserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kerio\Personal Firewall 4\kpf4ss.exe
c:\program files\ESET\nod32krn.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Celkový čas: 2009-07-22 13:44 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-07-22 11:44
Před spuštěním: 3 222 695 936
Po spuštění: 3 785 539 584
232 --- E O F --- 2008-03-25 21:27
__________________________________________________________________________________-
A tady log z HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:34:04, on 22.7.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\WLAN\WLAN\wlanutil.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
H:\NET\NEW PC\HiJackThis(2).exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Wireless LAN Utility.lnk = C:\Program Files\WLAN\WLAN\wlanutil.exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Stáhnout vše pomocí FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{790EB38F-AA1D-4853-A436-E7CB0A01FF58}: NameServer = 85.255.116.70,85.255.112.201
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 8842 bytes
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Prosím o zkontrolovaní logů
Co tam máš od PC Tools? Máš tam Spybota a Spyware Doctor, toho odinstaluj, Spybot je lepší.
*****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"BootExecute"=hex(7):61,00,75,00,74,00,6f,00,63,00,68,00,65,00,63,00,6b,00,20,\
00,61,00,75,00,74,00,6f,00,63,00,68,00,6b,00,20,00,2a,00,00,00,00,00
Ulož si ho jako na Plochu jako fix.reg a jako typ všechny soubory , najdi tento soubor na Ploše a poklepáním ho spusť. Budeš dotázán na přidání hodnoty do registru. Schval.
*****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:
File::
c:\progra~1\Retina\modules\retina\Scanner\RET45.SYS
Folder::
C:\!KillBox
c:\program files\ICQ6Toolbar
c:\program files\MegauploadToolbar
Driver::
RET45;RET45 Protocol Driver
RET45
Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^Svoboda.92U2RQFPPL^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.0.lnk]
[-HKLM\~\startupfolder\C:^Documents and Settings^Svoboda.92U2RQFPPL^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
[-HKLM\~\startupfolder\C:^Documents and Settings^Svoboda.92U2RQFPPL^Nabídka Start^Programy^Po spuštění^WASTE.lnk]
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače
*****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"BootExecute"=hex(7):61,00,75,00,74,00,6f,00,63,00,68,00,65,00,63,00,6b,00,20,\
00,61,00,75,00,74,00,6f,00,63,00,68,00,6b,00,20,00,2a,00,00,00,00,00
Ulož si ho jako na Plochu jako fix.reg a jako typ všechny soubory , najdi tento soubor na Ploše a poklepáním ho spusť. Budeš dotázán na přidání hodnoty do registru. Schval.
*****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:
File::
c:\progra~1\Retina\modules\retina\Scanner\RET45.SYS
Folder::
C:\!KillBox
c:\program files\ICQ6Toolbar
c:\program files\MegauploadToolbar
Driver::
RET45;RET45 Protocol Driver
RET45
Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^Svoboda.92U2RQFPPL^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.0.lnk]
[-HKLM\~\startupfolder\C:^Documents and Settings^Svoboda.92U2RQFPPL^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
[-HKLM\~\startupfolder\C:^Documents and Settings^Svoboda.92U2RQFPPL^Nabídka Start^Programy^Po spuštění^WASTE.lnk]
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Prosím o zkontrolovaní logů
Toho spy doctora, sem tam mel, protoze sem snim chtel odebrat jeden spyware.
COMBOfix log:
ComboFix 09-07-21.03 - Svoboda 22.07.2009 15:18.2.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.588 [GMT 2:00]
Spuštěný z: c:\documents and settings\Svoboda.92U2RQFPPL\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Svoboda.92U2RQFPPL\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Kerio Personal Firewall *enabled* {333BECA0-DED8-4139-A516-8D9E44E22669}
* Rezidentní štít AV je zapnutý
FILE ::
"c:\progra~1\Retina\modules\retina\Scanner\RET45.SYS"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\!KillBox
c:\!killbox\Logs\kb.log
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\program files\MegauploadToolbar
c:\program files\MegauploadToolbar\tbuninstall.exe
c:\program files\MegauploadToolbar\toolbar.ini
c:\program files\MegauploadToolbar\uninstall.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_RET45
-------\Service_RET45
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-22 do 2009-07-22 )))))))))))))))))))))))))))))))
.
2009-07-22 07:26 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-22 07:26 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-22 07:26 . 2009-07-22 07:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-21 17:15 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-21 16:58 . 2009-07-21 16:58 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Plocha
2009-07-21 16:25 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-21 11:18 . 2009-07-21 11:25 -------- d-----w- c:\program files\Wireshark
2009-07-15 20:16 . 2009-07-15 20:20 -------- d-----w- c:\program files\ICQ6.5
2009-07-09 13:17 . 2009-07-09 13:17 -------- d-----w- C:\Nová složka
2009-07-06 12:15 . 2009-07-06 12:15 -------- d-----w- c:\program files\MSECache
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-22 12:21 . 2006-07-10 23:21 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-07-21 17:14 . 2007-11-10 13:05 2928722 ----a-w- c:\windows\system32\drivers\fwdrv.err
2009-07-21 16:22 . 2006-05-24 18:21 -------- d-----w- c:\program files\Lavasoft
2009-07-21 13:30 . 2006-06-26 10:33 -------- d-----w- c:\program files\Trillian
2009-07-21 11:24 . 2006-03-03 19:28 -------- d-----w- c:\program files\WinPcap
2009-07-21 11:00 . 2006-07-09 19:13 -------- d-----w- c:\program files\HJB
2009-07-21 10:55 . 2006-05-24 18:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-20 06:40 . 2006-04-01 17:07 -------- d-----w- c:\program files\FlashFXP
2009-07-19 18:49 . 2006-04-14 13:35 -------- d-----w- c:\program files\FlashGet
2009-07-15 20:17 . 2008-07-01 16:26 -------- d-----w- c:\program files\ICQ6
2009-06-10 16:42 . 2008-10-17 14:18 -------- d-----w- c:\program files\XStandard
2009-05-03 16:36 . 2006-03-23 20:58 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-06-14 11:51 . 2008-07-04 14:35 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-01-16 15:05 . 2009-01-16 15:05 1056 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-07-22_11.35.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-22 13:28 . 2009-07-22 13:28 16384 c:\windows\Temp\Perflib_Perfdata_578.dat
+ 2006-03-18 18:16 . 2009-07-22 12:05 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-03-18 18:16 . 2009-07-21 17:15 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-03-18 18:16 . 2009-07-22 12:05 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-03-18 18:16 . 2009-07-21 17:15 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-03-18 18:16 . 2009-07-22 12:05 147456 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-03-18 18:16 . 2009-07-21 17:15 147456 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2006-03-18 917504]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-04-15 77824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\Svoboda.92U2RQFPPL\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
c:\documents and settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Wireless LAN Utility.lnk - c:\program files\WLAN\WLAN\wlanutil.exe [2006-3-18 106496]
ZDWLan Utility.lnk - c:\program files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2006-5-5 466944]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^GetRight - Tray Icon.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\GetRight - Tray Icon.lnk
backup=c:\windows\pss\GetRight - Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Privoxy.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Privoxy.lnk
backup=c:\windows\pss\Privoxy.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"helpsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"OpenVPNService"=3 (0x3)
"OpenSSHd"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"h:\\Hry\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [21.7.2009 18:25 64160]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26.9.2005 12:05 286720]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26.9.2005 12:05 81920]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3.7.2009 16:49 1029456]
R3 WLAN; Wireless LAN Driver;c:\windows\system32\drivers\nb825NDS.sys [18.3.2006 20:35 54784]
S3 ddsxeiservice;ddsxeiservice2;c:\program files\sXe Injected\ddsxei.sys [21.11.2007 9:11 28672]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [23.12.2008 17:35 50704]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [1.11.2008 15:23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [1.11.2008 15:23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [1.11.2008 15:23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [1.11.2008 15:24 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [1.11.2008 15:23 98568]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [1.10.2006 14:37 26624]
S4 OpenSSHd;OpenSSH Server;c:\program files\OpenSSH\bin\cygrunsrv.exe [18.4.2004 13:11 36864]
.
Obsah adresáře 'Naplánované úlohy'
2009-07-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Stáhnout pomocí FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Stáhnout vše pomocí FlashGet - c:\program files\FlashGet\jc_all.htm
LSP: imon.dll
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\www
Name-Space Handler: ftp\JetCarIEClickCatcher - {FB5DA722-162B-11D3-8B9B-AA70B4B0B524} - c:\progra~1\FlashGet\Jccatch.dll
Name-Space Handler: http\JetCarIEClickCatcher - {FB5DA722-162B-11D3-8B9B-AA70B4B0B524} - c:\progra~1\FlashGet\Jccatch.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {50E43D86-A74D-11D0-98CE-004005249458} - hxxps://www.mojebanka.cz/jars/confwiz/MVSGif.cab
FF - ProfilePath - c:\documents and settings\Svoboda.92U2RQFPPL\Data aplikací\Mozilla\Firefox\Profiles\1z0zm6ye.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - prefs.js: keyword.enabled - false
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\XStandard\Bin\NPXStandard.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-22 15:30
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1020)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(1100)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(2916)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\Crypserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kerio\Personal Firewall 4\kpf4ss.exe
c:\program files\ESET\nod32krn.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Celkový čas: 2009-07-22 15:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-07-22 13:40
ComboFix2.txt 2009-07-22 11:44
Před spuštěním: 3 833 450 496
Po spuštění: 3 789 291 520
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
238 --- E O F --- 2008-03-25 21:27
____________________________________________________________________________________________________________
log z HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:45:45, on 22.7.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\WLAN\WLAN\wlanutil.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Mozilla Firefox\firefox.exe
H:\NET\NEW PC\HiJackThis(2).exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Wireless LAN Utility.lnk = C:\Program Files\WLAN\WLAN\wlanutil.exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Stáhnout vše pomocí FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{790EB38F-AA1D-4853-A436-E7CB0A01FF58}: NameServer = 85.255.116.70,85.255.112.201
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 8507 bytes
PC se chová už celkem ok, akorát jak sem našel nějaký ten spyware, jak jsi psal, že to mám odebrat, tak mezi tím byl i DNS changer, tzn. že se mi u síťovky nepamatuje po restartu DNS, proto ho tam musím vždycky dát.
COMBOfix log:
ComboFix 09-07-21.03 - Svoboda 22.07.2009 15:18.2.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.588 [GMT 2:00]
Spuštěný z: c:\documents and settings\Svoboda.92U2RQFPPL\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Svoboda.92U2RQFPPL\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Kerio Personal Firewall *enabled* {333BECA0-DED8-4139-A516-8D9E44E22669}
* Rezidentní štít AV je zapnutý
FILE ::
"c:\progra~1\Retina\modules\retina\Scanner\RET45.SYS"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\!KillBox
c:\!killbox\Logs\kb.log
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\program files\MegauploadToolbar
c:\program files\MegauploadToolbar\tbuninstall.exe
c:\program files\MegauploadToolbar\toolbar.ini
c:\program files\MegauploadToolbar\uninstall.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_RET45
-------\Service_RET45
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-22 do 2009-07-22 )))))))))))))))))))))))))))))))
.
2009-07-22 07:26 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-22 07:26 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-22 07:26 . 2009-07-22 07:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-21 17:15 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-21 16:58 . 2009-07-21 16:58 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Plocha
2009-07-21 16:25 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-21 11:18 . 2009-07-21 11:25 -------- d-----w- c:\program files\Wireshark
2009-07-15 20:16 . 2009-07-15 20:20 -------- d-----w- c:\program files\ICQ6.5
2009-07-09 13:17 . 2009-07-09 13:17 -------- d-----w- C:\Nová složka
2009-07-06 12:15 . 2009-07-06 12:15 -------- d-----w- c:\program files\MSECache
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-22 12:21 . 2006-07-10 23:21 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-07-21 17:14 . 2007-11-10 13:05 2928722 ----a-w- c:\windows\system32\drivers\fwdrv.err
2009-07-21 16:22 . 2006-05-24 18:21 -------- d-----w- c:\program files\Lavasoft
2009-07-21 13:30 . 2006-06-26 10:33 -------- d-----w- c:\program files\Trillian
2009-07-21 11:24 . 2006-03-03 19:28 -------- d-----w- c:\program files\WinPcap
2009-07-21 11:00 . 2006-07-09 19:13 -------- d-----w- c:\program files\HJB
2009-07-21 10:55 . 2006-05-24 18:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-20 06:40 . 2006-04-01 17:07 -------- d-----w- c:\program files\FlashFXP
2009-07-19 18:49 . 2006-04-14 13:35 -------- d-----w- c:\program files\FlashGet
2009-07-15 20:17 . 2008-07-01 16:26 -------- d-----w- c:\program files\ICQ6
2009-06-10 16:42 . 2008-10-17 14:18 -------- d-----w- c:\program files\XStandard
2009-05-03 16:36 . 2006-03-23 20:58 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-06-14 11:51 . 2008-07-04 14:35 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-01-16 15:05 . 2009-01-16 15:05 1056 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-07-22_11.35.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-22 13:28 . 2009-07-22 13:28 16384 c:\windows\Temp\Perflib_Perfdata_578.dat
+ 2006-03-18 18:16 . 2009-07-22 12:05 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-03-18 18:16 . 2009-07-21 17:15 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-03-18 18:16 . 2009-07-22 12:05 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-03-18 18:16 . 2009-07-21 17:15 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-03-18 18:16 . 2009-07-22 12:05 147456 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-03-18 18:16 . 2009-07-21 17:15 147456 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2006-03-18 917504]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-04-15 77824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\Svoboda.92U2RQFPPL\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
c:\documents and settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Wireless LAN Utility.lnk - c:\program files\WLAN\WLAN\wlanutil.exe [2006-3-18 106496]
ZDWLan Utility.lnk - c:\program files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2006-5-5 466944]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^GetRight - Tray Icon.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\GetRight - Tray Icon.lnk
backup=c:\windows\pss\GetRight - Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Privoxy.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Privoxy.lnk
backup=c:\windows\pss\Privoxy.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"helpsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"OpenVPNService"=3 (0x3)
"OpenSSHd"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"h:\\Hry\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [21.7.2009 18:25 64160]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26.9.2005 12:05 286720]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26.9.2005 12:05 81920]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3.7.2009 16:49 1029456]
R3 WLAN; Wireless LAN Driver;c:\windows\system32\drivers\nb825NDS.sys [18.3.2006 20:35 54784]
S3 ddsxeiservice;ddsxeiservice2;c:\program files\sXe Injected\ddsxei.sys [21.11.2007 9:11 28672]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [23.12.2008 17:35 50704]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [1.11.2008 15:23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [1.11.2008 15:23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [1.11.2008 15:23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [1.11.2008 15:24 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [1.11.2008 15:23 98568]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [1.10.2006 14:37 26624]
S4 OpenSSHd;OpenSSH Server;c:\program files\OpenSSH\bin\cygrunsrv.exe [18.4.2004 13:11 36864]
.
Obsah adresáře 'Naplánované úlohy'
2009-07-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Stáhnout pomocí FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Stáhnout vše pomocí FlashGet - c:\program files\FlashGet\jc_all.htm
LSP: imon.dll
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\www
Name-Space Handler: ftp\JetCarIEClickCatcher - {FB5DA722-162B-11D3-8B9B-AA70B4B0B524} - c:\progra~1\FlashGet\Jccatch.dll
Name-Space Handler: http\JetCarIEClickCatcher - {FB5DA722-162B-11D3-8B9B-AA70B4B0B524} - c:\progra~1\FlashGet\Jccatch.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {50E43D86-A74D-11D0-98CE-004005249458} - hxxps://www.mojebanka.cz/jars/confwiz/MVSGif.cab
FF - ProfilePath - c:\documents and settings\Svoboda.92U2RQFPPL\Data aplikací\Mozilla\Firefox\Profiles\1z0zm6ye.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - prefs.js: keyword.enabled - false
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\XStandard\Bin\NPXStandard.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-22 15:30
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1020)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(1100)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(2916)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\Crypserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kerio\Personal Firewall 4\kpf4ss.exe
c:\program files\ESET\nod32krn.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Celkový čas: 2009-07-22 15:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-07-22 13:40
ComboFix2.txt 2009-07-22 11:44
Před spuštěním: 3 833 450 496
Po spuštění: 3 789 291 520
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
238 --- E O F --- 2008-03-25 21:27
____________________________________________________________________________________________________________
log z HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:45:45, on 22.7.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\WLAN\WLAN\wlanutil.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Mozilla Firefox\firefox.exe
H:\NET\NEW PC\HiJackThis(2).exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Wireless LAN Utility.lnk = C:\Program Files\WLAN\WLAN\wlanutil.exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Stáhnout vše pomocí FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{790EB38F-AA1D-4853-A436-E7CB0A01FF58}: NameServer = 85.255.116.70,85.255.112.201
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 8507 bytes
PC se chová už celkem ok, akorát jak sem našel nějaký ten spyware, jak jsi psal, že to mám odebrat, tak mezi tím byl i DNS changer, tzn. že se mi u síťovky nepamatuje po restartu DNS, proto ho tam musím vždycky dát.
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Prosím o zkontrolovaní logů
Logy jsou čisté. Ten DNS changer nevím, já to nepoužívám a navíc toho mění vždycky víc než jen DNS, proto je anti-programy mažou.
Co tam máš od toho PC Tools?; jestli FW - máš tam Kerio, jestli AV-máš tam ESET, jestli čistič registru-smaž ho?
Odinstaluj ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš
(pozn.Pokud máš AVG, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, následně T-Cleaner smaž
a zapni si AVG.)
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache,
cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer,
Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Kdyby něco, tak se zastav.
Označ topic za vyřešený (zelená fajfka) a měj se.
Co tam máš od toho PC Tools?; jestli FW - máš tam Kerio, jestli AV-máš tam ESET, jestli čistič registru-smaž ho?
Odinstaluj ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš
(pozn.Pokud máš AVG, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, následně T-Cleaner smaž
a zapni si AVG.)
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache,
cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer,
Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Kdyby něco, tak se zastav.
Označ topic za vyřešený (zelená fajfka) a měj se.
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Prosím o zkontrolovaní logů Vyřešeno
Děkuji ti za pomoc. :)
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 100 hostů