Kontrola logu Mbam

Yelkinson · Příspěvekod **Yelkinson** » 18 srp 2009 06:56

Malwarebytes' Anti-Malware 1.40
Verze databáze: 2644
Windows 5.1.2600 Service Pack 3

18.8.2009 6:53:55
mbam-log-2009-08-18 (06-53-47).txt

Typ skenu: Rychlý sken
Objektu skenováno: 89289
Uplynulý cas: 5 minute(s), 11 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 11
Infikované hodnoty registru: 1
Infikované položky dat registru: 3
Infikované složky: 0
Infikované soubory: 1

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CLASSES_ROOT\oberontb.band (Adware.Gamesbar) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{ad76633e-e50d-4844-9e7f-4dfbc7c18467} (Adware.Gamesbar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{daa37aad-f156-4c2c-ac48-3c22ef92ae2f} (Adware.Gamesbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> No action taken.
HKEY_CLASSES_ROOT\oberontb.band.1 (Adware.Gamesbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> No action taken.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> No action taken.

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\Program Files\GamesBar\oberontb.dll (Adware.Gamesbar) -> No action taken.

Musim do prace tak na to kouknu az kolem 15.00 diky moc.

Reklama

Příspěvekod **jaro3** » 18 srp 2009 08:26

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.
+ nový log z HJT.

Yelkinson · Příspěvekod **Yelkinson** » 18 srp 2009 16:40

Malwarebytes' Anti-Malware 1.40
Verze databáze: 2649
Windows 5.1.2600 Service Pack 3

18.8.2009 16:39:13
mbam-log-2009-08-18 (16-39-13).txt

Typ skenu: Rychlý sken
Objektu skenováno: 89436
Uplynulý cas: 5 minute(s), 11 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 11
Infikované hodnoty registru: 1
Infikované položky dat registru: 3
Infikované složky: 0
Infikované soubory: 1

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CLASSES_ROOT\oberontb.band (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{ad76633e-e50d-4844-9e7f-4dfbc7c18467} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{daa37aad-f156-4c2c-ac48-3c22ef92ae2f} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oberontb.band.1 (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\Program Files\GamesBar\oberontb.dll (Adware.Gamesbar) -> Quarantined and deleted successfully.

Yelkinson · Příspěvekod **Yelkinson** » 18 srp 2009 16:46

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:44:18, on 18.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.oberon-media.com/istart.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3708013187
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5426 bytes

Příspěvekod **jaro3** » 18 srp 2009 20:39

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod: viewtopic.php?f=70&t=5119

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.oberon-media.com/istart.html

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Vypni rez. ochranu u ESET NOD32
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Yelkinson · Příspěvekod **Yelkinson** » 19 srp 2009 01:09

ComboFix 09-08-10.06 - MojePC 19.08.2009 0:57.1.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.678 [GMT 2:00]
Spuštěný z: c:\documents and settings\MojePC\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-07-18 do 2009-08-18 )))))))))))))))))))))))))))))))
.

2009-08-18 14:44 . 2009-08-18 14:44 -------- d-----w- c:\program files\Trend Micro
2009-08-18 04:46 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-18 04:46 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-18 04:46 . 2009-08-18 04:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-17 21:44 . 2009-08-17 21:44 -------- d-----w- c:\documents and settings\MojePC\DoctorWeb
2009-08-17 05:31 . 2009-08-17 06:27 -------- d-----w- c:\program files\EA Sports
2009-08-16 13:15 . 2001-08-17 18:19 3712 -c--a-w- c:\windows\system32\dllcache\ctljystk.sys
2009-08-16 13:15 . 2001-08-17 18:19 3712 ----a-w- c:\windows\system32\drivers\ctljystk.sys
2009-08-16 13:15 . 2008-04-13 18:45 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys
2009-08-16 13:15 . 2008-04-13 18:45 10624 ----a-w- c:\windows\system32\drivers\gameenum.sys
2009-08-12 09:15 . 2009-08-12 09:15 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-08-12 09:14 . 2002-12-10 01:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
2009-08-12 09:14 . 2007-03-18 19:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-08-12 09:14 . 2006-09-29 11:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-08-12 09:14 . 2006-09-29 11:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-08-12 09:14 . 2006-09-29 11:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-08-12 09:14 . 2006-05-20 15:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-08-12 09:14 . 2006-05-11 18:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2009-08-12 09:14 . 2009-08-12 09:14 -------- d-----w- c:\program files\VSO
2009-08-12 05:49 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-08-12 05:49 . 2009-08-12 05:49 -------- d-----w- c:\windows\Logs
2009-08-12 05:16 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-11 13:41 . 2009-08-11 13:41 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-11 13:15 . 2009-08-11 13:15 -------- d-----w- c:\program files\Common Files\xing shared
2009-08-11 13:15 . 2009-08-11 13:15 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-08-11 13:15 . 2009-08-11 13:15 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-08-11 13:15 . 2009-08-11 13:15 -------- d-----w- c:\program files\Real
2009-08-11 13:15 . 2009-08-11 13:15 -------- d-----w- c:\program files\Common Files\Real
2009-08-10 14:05 . 2009-08-10 14:05 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-10 14:03 . 2009-08-10 14:03 -------- d-----w- c:\program files\Common Files\Skype
2009-08-10 14:03 . 2009-08-10 14:44 -------- d-----r- c:\program files\Skype
2009-08-10 10:17 . 2009-08-10 10:27 -------- d-----w- c:\program files\Froggy Castle 2
2009-08-10 10:07 . 2009-08-10 10:15 -------- d-----w- c:\program files\Dracula Twins
2009-08-10 09:58 . 2009-08-10 09:59 -------- d-----w- c:\program files\Bud Redhead
2009-08-10 09:17 . 2009-08-18 14:39 -------- d-----w- c:\program files\GamesBar
2009-08-10 09:16 . 2009-08-10 09:16 -------- d-----w- c:\program files\Common Files\Oberon Media
2009-08-10 09:16 . 2009-08-10 09:22 -------- d-----w- c:\program files\Oberon Media
2009-08-10 09:02 . 2009-08-10 09:02 -------- d-----w- c:\program files\Hidden Wonders of the Depths 2
2009-08-10 09:02 . 2009-08-10 09:02 -------- d-----w- c:\windows\Hidden Wonders of the Depths 2
2009-08-10 09:01 . 2009-08-10 09:01 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-06 18:37 . 2009-08-18 13:18 -------- d-----w- c:\program files\PokerStars
2009-08-05 18:06 . 2009-08-06 05:03 -------- d-----w- c:\program files\Avanquest update
2009-08-05 18:05 . 2007-06-25 09:43 10792 ----a-w- c:\windows\system32\drivers\s117cr.sys
2009-08-05 18:05 . 2007-06-25 09:43 98856 ----a-w- c:\windows\system32\drivers\s117unic.sys
2009-08-05 18:05 . 2007-06-25 09:43 100264 ----a-w- c:\windows\system32\drivers\s117mgmt.sys
2009-08-05 18:05 . 2007-06-25 09:43 98344 ----a-w- c:\windows\system32\drivers\s117obex.sys
2009-08-05 18:05 . 2007-06-25 09:43 22952 ----a-w- c:\windows\system32\drivers\s117nd5.sys
2009-08-05 18:05 . 2007-06-25 09:43 108456 ----a-w- c:\windows\system32\drivers\s117mdm.sys
2009-08-05 18:05 . 2007-06-25 09:43 14888 ----a-w- c:\windows\system32\drivers\s117mdfl.sys
2009-08-05 18:05 . 2007-06-25 09:43 12200 ----a-w- c:\windows\system32\drivers\s117cmnt.sys
2009-08-05 18:05 . 2007-06-25 09:43 12200 ----a-w- c:\windows\system32\drivers\s117cm.sys
2009-08-05 18:05 . 2007-06-25 09:43 12200 ----a-w- c:\windows\system32\drivers\s117whnt.sys
2009-08-05 18:05 . 2007-06-25 09:43 12200 ----a-w- c:\windows\system32\drivers\s117wh.sys
2009-08-05 18:05 . 2007-06-25 09:43 82984 ----a-w- c:\windows\system32\drivers\s117bus.sys
2009-08-05 18:04 . 2009-08-05 18:04 -------- d-----w- c:\program files\Sony Ericsson
2009-08-05 09:01 . 2009-08-05 09:01 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-05 07:21 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-08-05 07:21 . 2008-10-16 12:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-08-04 21:44 . 2008-04-14 03:22 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-08-04 21:44 . 2008-04-14 03:22 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-08-04 21:43 . 2006-09-18 12:12 843776 ----a-w- c:\windows\vsnpstd3.exe
2009-08-04 21:43 . 2007-03-30 15:43 61440 ----a-w- c:\windows\system32\vsnpstd3.dll
2009-08-04 21:43 . 2006-09-18 12:12 843776 ----a-w- c:\windows\system32\vsnpstd3.exe
2009-08-04 21:43 . 2009-08-04 21:43 -------- d-----w- c:\program files\VGA USB Camera
2009-08-04 21:43 . 2007-03-30 09:12 10199296 ----a-w- c:\windows\system32\drivers\snpstd3.sys
2009-08-04 21:43 . 2006-12-27 12:33 172032 ----a-w- c:\windows\system32\rsnpstd3.dll
2009-08-04 21:43 . 2006-12-27 12:33 172032 ----a-w- c:\windows\rsnpstd3.dll
2009-08-04 21:43 . 2005-11-23 11:55 53248 ----a-w- c:\windows\system32\csnpstd3.dll
2009-08-04 21:43 . 2004-11-29 17:43 458752 ----a-w- c:\windows\amcap.exe
2009-08-04 20:36 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-08-04 20:36 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-08-04 20:36 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-08-04 20:36 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-08-04 20:34 . 2008-11-26 10:18 -------- d-----w- C:\VGA USB Camera
2009-08-04 20:18 . 2009-08-11 13:25 -------- d-----w- c:\documents and settings\MojePC\Tracing
2009-08-04 20:17 . 2009-08-04 20:17 -------- d-----w- c:\program files\Microsoft
2009-08-04 20:17 . 2009-08-04 20:17 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-08-04 20:17 . 2009-08-04 20:18 -------- d-----w- c:\program files\Windows Live
2009-08-04 20:13 . 2009-08-04 20:13 -------- d-----w- c:\program files\Common Files\Windows Live
2009-08-04 13:53 . 2009-08-04 14:08 -------- d-----w- c:\program files\Windows Desktop Search
2009-08-04 13:53 . 2009-08-04 13:53 -------- d-----w- c:\windows\system32\GroupPolicy
2009-08-04 13:52 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-08-04 13:52 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-08-04 13:52 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-08-04 13:52 . 2008-04-14 03:22 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-08-04 13:51 . 2009-08-04 13:51 -------- d-----w- c:\program files\Windows Media Connect 2
2009-08-04 13:50 . 2009-08-08 11:59 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-08-04 13:50 . 2009-08-04 13:50 -------- d-----w- c:\windows\system32\LogFiles
2009-08-04 13:48 . 2009-08-04 13:48 -------- d-----w- c:\windows\system32\URTTEMP
2009-08-03 09:34 . 2009-08-03 09:35 -------- d-----w- c:\program files\4 Elements
2009-08-02 08:30 . 2009-08-02 08:30 -------- d-s---w- c:\program files\HLSW
2009-08-01 07:31 . 2009-08-02 08:55 -------- d-----w- c:\program files\Counter-Strike Source
2009-07-30 14:05 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-07-30 14:04 . 2009-07-30 14:04 -------- d-----w- c:\program files\Microsoft Works
2009-07-30 14:01 . 2009-07-30 14:01 -------- d-----w- c:\program files\Microsoft.NET
2009-07-30 13:58 . 2009-07-30 13:59 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-07-30 13:57 . 2009-07-30 14:03 -------- d-----w- c:\windows\SHELLNEW
2009-07-30 13:56 . 2009-07-30 13:56 -------- d--h--r- C:\MSOCache
2009-07-30 05:57 . 2009-08-03 09:12 -------- d-----w- c:\program files\Ricochet Infinity
2009-07-30 05:57 . 2009-07-30 05:57 -------- d-----w- c:\program files\ReflexiveArcade
2009-07-29 20:17 . 2009-07-29 20:17 -------- d-----w- c:\documents and settings\MojePC\.thumbnails
2009-07-29 20:07 . 2009-08-10 09:29 -------- d-----w- c:\documents and settings\MojePC\.gimp-2.2
2009-07-29 20:06 . 2009-07-29 20:07 -------- d-----w- c:\program files\GIMP-2.0
2009-07-29 20:02 . 2009-07-29 20:02 -------- d-----w- c:\program files\Common Files\GTK
2009-07-29 20:01 . 2009-07-29 20:01 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-07-29 19:53 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-07-29 19:50 . 2009-07-29 19:53 -------- d-----w- c:\windows\system32\XPSViewer
2009-07-29 19:50 . 2009-07-30 14:03 -------- d-----w- c:\program files\MSBuild
2009-07-29 19:50 . 2009-07-29 19:50 -------- d-----w- c:\program files\Reference Assemblies
2009-07-29 19:49 . 2009-07-29 19:49 -------- d-----w- C:\5a1ec0b72553885f4ebb76
2009-07-29 19:49 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-07-29 19:49 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-07-29 19:49 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-07-29 19:49 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-07-29 19:49 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-07-29 19:49 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-07-29 19:49 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-07-29 18:13 . 2009-07-29 18:13 -------- d-----w- C:\CPU-Z
2009-07-29 18:08 . 2009-07-29 18:08 -------- d-----w- c:\program files\Lavalys
2009-07-29 13:22 . 2009-07-03 16:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-29 13:22 . 2009-07-03 16:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-29 10:12 . 2009-07-29 10:12 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-07-29 10:12 . 2009-07-29 10:12 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-07-29 10:08 . 2009-07-29 10:08 -------- d-----w- c:\program files\PlayLogic
2009-07-29 04:46 . 2009-07-29 04:46 410984 ----a-w- c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-12 06:01 . 2009-02-04 00:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-05 09:01 . 2006-03-02 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 14:07 . 2006-03-02 12:00 92006 ----a-w- c:\windows\system32\perfc005.dat
2009-08-04 14:07 . 2006-03-02 12:00 461402 ----a-w- c:\windows\system32\perfh005.dat
2009-07-28 19:27 . 2009-02-04 00:21 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-17 19:04 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2006-03-02 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:59 . 2006-03-02 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:40 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2006-03-02 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:45 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:45 . 2006-03-02 12:00 81408 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 14:15 . 2006-03-02 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2009-02-03 23:18 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:16 . 2006-03-02 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:11 . 2006-03-02 12:00 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-05-24 22:24 . 2008-05-26 20:18 350208 ----a-w- c:\windows\system32\mssph.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-11 198160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [1.7.2008 9:04 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 8:21 468224]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.oberon-media.com/istart.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\MojePC\Data aplikací\Mozilla\Firefox\Profiles\d5mpk7tl.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-19 01:00
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3260)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2009-08-18 1:03
ComboFix-quarantined-files.txt 2009-08-18 23:02

Před spuštěním: 5 533 880 320
Po spuštění: 5 511 757 824

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

275 --- E O F --- 2009-08-12 23:45

Příspěvekod **jaro3** » 19 srp 2009 08:06

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\system32\ezsidmv.dat

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Yelkinson · Příspěvekod **Yelkinson** » 19 srp 2009 16:54

ComboFix 09-08-18.04 - MojePC 19.08.2009 16:38.2.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.682 [GMT 2:00]
Spuštěný z: c:\documents and settings\MojePC\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\MojePC\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

Nakažená kopie c:\windows\system32\mspmsnsv.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\system32\dllcache\mspmsnsv.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-19 do 2009-08-19 )))))))))))))))))))))))))))))))
.

2009-08-18 14:44 . 2009-08-18 14:44 -------- d-----w- c:\program files\Trend Micro
2009-08-18 04:46 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-18 04:46 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-18 04:46 . 2009-08-18 04:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-17 21:44 . 2009-08-17 21:44 -------- d-----w- c:\documents and settings\MojePC\DoctorWeb
2009-08-17 05:31 . 2009-08-17 06:27 -------- d-----w- c:\program files\EA Sports
2009-08-16 13:15 . 2001-08-17 18:19 3712 -c--a-w- c:\windows\system32\dllcache\ctljystk.sys
2009-08-16 13:15 . 2001-08-17 18:19 3712 ----a-w- c:\windows\system32\drivers\ctljystk.sys
2009-08-16 13:15 . 2008-04-13 18:45 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys
2009-08-16 13:15 . 2008-04-13 18:45 10624 ----a-w- c:\windows\system32\drivers\gameenum.sys
2009-08-12 09:15 . 2009-08-12 09:15 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-08-12 09:14 . 2002-12-10 01:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
2009-08-12 09:14 . 2007-03-18 19:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-08-12 09:14 . 2006-09-29 11:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-08-12 09:14 . 2006-09-29 11:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-08-12 09:14 . 2006-09-29 11:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-08-12 09:14 . 2006-05-20 15:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-08-12 09:14 . 2006-05-11 18:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2009-08-12 09:14 . 2009-08-12 09:14 -------- d-----w- c:\program files\VSO
2009-08-12 05:49 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-08-12 05:49 . 2009-08-12 05:49 -------- d-----w- c:\windows\Logs
2009-08-12 05:16 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-11 13:41 . 2009-08-11 13:41 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-11 13:15 . 2009-08-11 13:15 -------- d-----w- c:\program files\Common Files\xing shared
2009-08-11 13:15 . 2009-08-11 13:15 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-08-11 13:15 . 2009-08-11 13:15 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-08-11 13:15 . 2009-08-11 13:15 -------- d-----w- c:\program files\Real
2009-08-11 13:15 . 2009-08-11 13:15 -------- d-----w- c:\program files\Common Files\Real
2009-08-10 14:05 . 2009-08-10 14:05 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-10 14:03 . 2009-08-10 14:03 -------- d-----w- c:\program files\Common Files\Skype
2009-08-10 14:03 . 2009-08-10 14:44 -------- d-----r- c:\program files\Skype
2009-08-10 10:17 . 2009-08-10 10:27 -------- d-----w- c:\program files\Froggy Castle 2
2009-08-10 10:07 . 2009-08-10 10:15 -------- d-----w- c:\program files\Dracula Twins
2009-08-10 09:58 . 2009-08-10 09:59 -------- d-----w- c:\program files\Bud Redhead
2009-08-10 09:17 . 2009-08-18 14:39 -------- d-----w- c:\program files\GamesBar
2009-08-10 09:16 . 2009-08-10 09:16 -------- d-----w- c:\program files\Common Files\Oberon Media
2009-08-10 09:16 . 2009-08-10 09:22 -------- d-----w- c:\program files\Oberon Media
2009-08-10 09:02 . 2009-08-10 09:02 -------- d-----w- c:\program files\Hidden Wonders of the Depths 2
2009-08-10 09:02 . 2009-08-10 09:02 -------- d-----w- c:\windows\Hidden Wonders of the Depths 2
2009-08-10 09:01 . 2009-08-10 09:01 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-06 18:37 . 2009-08-18 13:18 -------- d-----w- c:\program files\PokerStars
2009-08-05 18:06 . 2009-08-06 05:03 -------- d-----w- c:\program files\Avanquest update
2009-08-05 18:05 . 2007-06-25 09:43 10792 ----a-w- c:\windows\system32\drivers\s117cr.sys
2009-08-05 18:05 . 2007-06-25 09:43 98856 ----a-w- c:\windows\system32\drivers\s117unic.sys
2009-08-05 18:05 . 2007-06-25 09:43 100264 ----a-w- c:\windows\system32\drivers\s117mgmt.sys
2009-08-05 18:05 . 2007-06-25 09:43 98344 ----a-w- c:\windows\system32\drivers\s117obex.sys
2009-08-05 18:05 . 2007-06-25 09:43 22952 ----a-w- c:\windows\system32\drivers\s117nd5.sys
2009-08-05 18:05 . 2007-06-25 09:43 108456 ----a-w- c:\windows\system32\drivers\s117mdm.sys
2009-08-05 18:05 . 2007-06-25 09:43 14888 ----a-w- c:\windows\system32\drivers\s117mdfl.sys
2009-08-05 18:05 . 2007-06-25 09:43 12200 ----a-w- c:\windows\system32\drivers\s117cmnt.sys
2009-08-05 18:05 . 2007-06-25 09:43 12200 ----a-w- c:\windows\system32\drivers\s117cm.sys
2009-08-05 18:05 . 2007-06-25 09:43 12200 ----a-w- c:\windows\system32\drivers\s117whnt.sys
2009-08-05 18:05 . 2007-06-25 09:43 12200 ----a-w- c:\windows\system32\drivers\s117wh.sys
2009-08-05 18:05 . 2007-06-25 09:43 82984 ----a-w- c:\windows\system32\drivers\s117bus.sys
2009-08-05 18:04 . 2009-08-05 18:04 -------- d-----w- c:\program files\Sony Ericsson
2009-08-05 09:01 . 2009-08-05 09:01 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-05 07:21 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-08-05 07:21 . 2008-10-16 12:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-08-04 21:44 . 2008-04-14 03:22 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-08-04 21:44 . 2008-04-14 03:22 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-08-04 21:43 . 2006-09-18 12:12 843776 ----a-w- c:\windows\vsnpstd3.exe
2009-08-04 21:43 . 2007-03-30 15:43 61440 ----a-w- c:\windows\system32\vsnpstd3.dll
2009-08-04 21:43 . 2006-09-18 12:12 843776 ----a-w- c:\windows\system32\vsnpstd3.exe
2009-08-04 21:43 . 2009-08-04 21:43 -------- d-----w- c:\program files\VGA USB Camera
2009-08-04 21:43 . 2007-03-30 09:12 10199296 ----a-w- c:\windows\system32\drivers\snpstd3.sys
2009-08-04 21:43 . 2006-12-27 12:33 172032 ----a-w- c:\windows\system32\rsnpstd3.dll
2009-08-04 21:43 . 2006-12-27 12:33 172032 ----a-w- c:\windows\rsnpstd3.dll
2009-08-04 21:43 . 2005-11-23 11:55 53248 ----a-w- c:\windows\system32\csnpstd3.dll
2009-08-04 21:43 . 2004-11-29 17:43 458752 ----a-w- c:\windows\amcap.exe
2009-08-04 20:36 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-08-04 20:36 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-08-04 20:36 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-08-04 20:36 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-08-04 20:34 . 2008-11-26 10:18 -------- d-----w- C:\VGA USB Camera
2009-08-04 20:18 . 2009-08-11 13:25 -------- d-----w- c:\documents and settings\MojePC\Tracing
2009-08-04 20:17 . 2009-08-04 20:17 -------- d-----w- c:\program files\Microsoft
2009-08-04 20:17 . 2009-08-04 20:17 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-08-04 20:17 . 2009-08-04 20:18 -------- d-----w- c:\program files\Windows Live
2009-08-04 20:13 . 2009-08-04 20:13 -------- d-----w- c:\program files\Common Files\Windows Live
2009-08-04 13:53 . 2009-08-04 14:08 -------- d-----w- c:\program files\Windows Desktop Search
2009-08-04 13:53 . 2009-08-04 13:53 -------- d-----w- c:\windows\system32\GroupPolicy
2009-08-04 13:52 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-08-04 13:52 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-08-04 13:52 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-08-04 13:52 . 2008-04-14 03:22 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-08-04 13:51 . 2009-08-04 13:51 -------- d-----w- c:\program files\Windows Media Connect 2
2009-08-04 13:50 . 2009-08-08 11:59 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-08-04 13:50 . 2009-08-04 13:50 -------- d-----w- c:\windows\system32\LogFiles
2009-08-04 13:48 . 2009-08-04 13:48 -------- d-----w- c:\windows\system32\URTTEMP
2009-08-03 09:34 . 2009-08-03 09:35 -------- d-----w- c:\program files\4 Elements
2009-08-02 08:30 . 2009-08-02 08:30 -------- d-s---w- c:\program files\HLSW
2009-08-01 07:31 . 2009-08-02 08:55 -------- d-----w- c:\program files\Counter-Strike Source
2009-07-30 14:05 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-07-30 14:04 . 2009-07-30 14:04 -------- d-----w- c:\program files\Microsoft Works
2009-07-30 14:01 . 2009-07-30 14:01 -------- d-----w- c:\program files\Microsoft.NET
2009-07-30 13:58 . 2009-07-30 13:59 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-07-30 13:57 . 2009-07-30 14:03 -------- d-----w- c:\windows\SHELLNEW
2009-07-30 13:56 . 2009-07-30 13:56 -------- d--h--r- C:\MSOCache
2009-07-30 05:57 . 2009-08-03 09:12 -------- d-----w- c:\program files\Ricochet Infinity
2009-07-30 05:57 . 2009-07-30 05:57 -------- d-----w- c:\program files\ReflexiveArcade
2009-07-29 20:17 . 2009-07-29 20:17 -------- d-----w- c:\documents and settings\MojePC\.thumbnails
2009-07-29 20:07 . 2009-08-10 09:29 -------- d-----w- c:\documents and settings\MojePC\.gimp-2.2
2009-07-29 20:06 . 2009-07-29 20:07 -------- d-----w- c:\program files\GIMP-2.0
2009-07-29 20:02 . 2009-07-29 20:02 -------- d-----w- c:\program files\Common Files\GTK
2009-07-29 20:01 . 2009-07-29 20:01 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-07-29 19:53 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-07-29 19:50 . 2009-07-29 19:53 -------- d-----w- c:\windows\system32\XPSViewer
2009-07-29 19:50 . 2009-07-30 14:03 -------- d-----w- c:\program files\MSBuild
2009-07-29 19:50 . 2009-07-29 19:50 -------- d-----w- c:\program files\Reference Assemblies
2009-07-29 19:49 . 2009-07-29 19:49 -------- d-----w- C:\5a1ec0b72553885f4ebb76
2009-07-29 19:49 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-07-29 19:49 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-07-29 19:49 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-07-29 19:49 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-07-29 19:49 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-07-29 19:49 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-07-29 19:49 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-07-29 18:13 . 2009-07-29 18:13 -------- d-----w- C:\CPU-Z
2009-07-29 18:08 . 2009-07-29 18:08 -------- d-----w- c:\program files\Lavalys
2009-07-29 13:22 . 2009-07-03 16:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-29 13:22 . 2009-07-03 16:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-29 10:12 . 2009-07-29 10:12 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-07-29 10:12 . 2009-07-29 10:12 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-07-29 10:08 . 2009-07-29 10:08 -------- d-----w- c:\program files\PlayLogic
2009-07-29 04:46 . 2009-07-29 04:46 410984 ----a-w- c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-12 06:01 . 2009-02-04 00:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-05 09:01 . 2006-03-02 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 14:07 . 2006-03-02 12:00 92006 ----a-w- c:\windows\system32\perfc005.dat
2009-08-04 14:07 . 2006-03-02 12:00 461402 ----a-w- c:\windows\system32\perfh005.dat
2009-07-28 19:27 . 2009-02-04 00:21 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-17 19:04 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2006-03-02 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:59 . 2006-03-02 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:40 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2006-03-02 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:45 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:45 . 2006-03-02 12:00 81408 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 14:15 . 2006-03-02 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2009-02-03 23:18 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:16 . 2006-03-02 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:11 . 2006-03-02 12:00 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-05-24 22:24 . 2008-05-26 20:18 350208 ----a-w- c:\windows\system32\mssph.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-18_23.01.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-19 14:45 . 2009-08-19 14:45 16384 c:\windows\Temp\Perflib_Perfdata_16c.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-11 198160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [1.7.2008 9:04 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 8:21 468224]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.oberon-media.com/istart.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\MojePC\Data aplikací\Mozilla\Firefox\Profiles\d5mpk7tl.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-19 16:46
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2332)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\devldr32.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2009-08-19 16:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-19 14:53
ComboFix2.txt 2009-08-18 23:03

Před spuštěním: 5 473 128 448
Po spuštění: 5 423 370 240

289 --- E O F --- 2009-08-12 23:45

Yelkinson · Příspěvekod **Yelkinson** » 19 srp 2009 16:56

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:55:19, on 19.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.oberon-media.com/istart.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3708013187
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 4989 bytes

Příspěvekod **jaro3** » 20 srp 2009 09:23

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod: viewtopic.php?f=70&t=5119

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.oberon-media.com/istart.html

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , fajfku.

Yelkinson · Příspěvekod **Yelkinson** » 20 srp 2009 15:42

Tak dikec .Jen mi neje jeste do hlavykdyz zapinam PC tak tam name vyskoci tabulka abych zadal heslo atd.nasesti ho davat nemusim.A kdyz vypinam pc tak se mi taky zmenila ta nabidka .Neni to ta klasicka s tema trema cudlama ale je to takova ta rolovaci co snad byla ve win98 asi!A vubec netusim jak se mi to prehodilo a ani jak to dostat zpet! :mad:

Příspěvekod **jaro3** » 20 srp 2009 17:46

Nejprve zkus více krát restatovat PC.

Kontrola logu Mbam Vyřešeno

Kontrola logu Mbam

Re: Kontrola logu Mbam

Re: Kontrola logu Mbam

Re: Kontrola logu Mbam

Re: Kontrola logu Mbam

Re: Kontrola logu Mbam

Re: Kontrola logu Mbam

Re: Kontrola logu Mbam

Re: Kontrola logu Mbam

Re: Kontrola logu Mbam

Re: Kontrola logu Mbam

Re: Kontrola logu Mbam

Kdo je online