Chci poprosit o kontrolu logu.Počítač je velice zplomalený, spuštění od zapnutí do použitelnosti trvá takřka 20min.
Děkuju Jindra
Logfile of HijackThis v1.99.1
Scan saved at 22:52:59, on 23.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Novákovi\Plocha\HijackThis.exe
C:\WINDOWS\system32\notepad.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: 90.182.221.59 l2authd.lineage2.com
O1 - Hosts: 90.182.221.59 l2testauthd.lineage2.com
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://C:\Program Files\AutoCAD LT 2002 Cz\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A0F5456-5523-4CE8-8FA7-C7B81BDF9841}: NameServer = 84.21.124.1,84.16.96.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Update Service (gupdate1c999e3305db6e6) (gupdate1c999e3305db6e6) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Prosím o kontrolu logu Vyřešeno
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Příště novější verzi HJT (2.02.):
http://www.trendsecure.com/portal/en-US ... s/download
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
http://www.trendsecure.com/portal/en-US ... s/download
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu
posílám log z nové verze Hijacku:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:20:48, on 24.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: 90.182.221.59 l2authd.lineage2.com
O1 - Hosts: 90.182.221.59 l2testauthd.lineage2.com
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://C:\Program Files\AutoCAD LT 2002 Cz\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A0F5456-5523-4CE8-8FA7-C7B81BDF9841}: NameServer = 84.21.124.1,84.16.96.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate1c999e3305db6e6) (gupdate1c999e3305db6e6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 10181 bytes
a log z Malwerbytes:
Malwarebytes' Anti-Malware 1.40
Verze databáze: 2690
Windows 5.1.2600 Service Pack 3
24.8.2009 21:17:17
mbam-log-2009-08-24 (21-16-42).txt
Typ skenu: Rychlý sken
Objektu skenováno: 92664
Uplynulý cas: 9 minute(s), 57 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 15
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 2
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
C:\WINDOWS\m.1.exe (Malware.Packer) -> No action taken.
C:\Program Files\ICQToolbar\toolbaru.dll (Adware.BHO) -> No action taken.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:20:48, on 24.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: 90.182.221.59 l2authd.lineage2.com
O1 - Hosts: 90.182.221.59 l2testauthd.lineage2.com
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://C:\Program Files\AutoCAD LT 2002 Cz\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A0F5456-5523-4CE8-8FA7-C7B81BDF9841}: NameServer = 84.21.124.1,84.16.96.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate1c999e3305db6e6) (gupdate1c999e3305db6e6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 10181 bytes
a log z Malwerbytes:
Malwarebytes' Anti-Malware 1.40
Verze databáze: 2690
Windows 5.1.2600 Service Pack 3
24.8.2009 21:17:17
mbam-log-2009-08-24 (21-16-42).txt
Typ skenu: Rychlý sken
Objektu skenováno: 92664
Uplynulý cas: 9 minute(s), 57 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 15
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 2
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
C:\WINDOWS\m.1.exe (Malware.Packer) -> No action taken.
C:\Program Files\ICQToolbar\toolbaru.dll (Adware.BHO) -> No action taken.
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Prosím o kontrolu logu
jaro3 bude asi až zítra, tak zatím:
Spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Prosím o kontrolu logu
Posílám log z Malwerbytes:
Malwarebytes' Anti-Malware 1.40
Verze databáze: 2690
Windows 5.1.2600 Service Pack 3
25.8.2009 20:42:15
mbam-log-2009-08-25 (20-42-15).txt
Typ skenu: Rychlý sken
Objektu skenováno: 92808
Uplynulý cas: 11 minute(s), 9 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 15
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 2
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
C:\WINDOWS\m.1.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\ICQToolbar\toolbaru.dll (Adware.BHO) -> Delete on reboot.
a log z Combofixu:
ComboFix 09-08-24.06 - Novákovi 25.08.2009 21:07.1.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.290 [GMT 2:00]
Spuštěný z: c:\documents and settings\Novákovi\Plocha\ComboFix.exe
AV: Antivirový systém AVG 7.1.384 *On-access scanning disabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}
AV: avast! antivirus 4.8.1296 [VPS 090825-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\reg.reg
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-25 do 2009-08-25 )))))))))))))))))))))))))))))))
.
2009-08-24 19:19 . 2009-08-24 19:19 -------- d-----w- c:\program files\Trend Micro
2009-08-24 19:01 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-24 19:01 . 2009-08-24 19:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-24 19:01 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-21 20:31 . 2009-08-21 20:31 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-08-21 20:30 . 2009-08-21 20:30 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-21 20:30 . 2009-08-21 20:30 -------- d-----w- c:\program files\MSBuild
2009-08-21 20:30 . 2009-08-21 20:30 -------- d-----w- c:\program files\Reference Assemblies
2009-08-21 20:29 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-21 20:29 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-21 20:29 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-21 20:29 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-21 20:29 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-21 20:29 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-21 20:29 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-21 20:29 . 2009-08-21 20:30 -------- dc----w- C:\a214e46986fc2621588cc5
2009-08-21 20:29 . 2009-08-23 08:33 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-17 19:15 . 2009-08-17 19:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-08-16 19:39 . 2009-08-16 19:39 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-13 20:26 . 2009-07-03 16:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-08-13 20:26 . 2009-07-03 16:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-08-13 20:26 . 2009-07-03 16:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-13 20:26 . 2009-07-03 16:59 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-08-13 20:26 . 2009-07-03 16:59 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-13 20:26 . 2009-07-19 16:46 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-08-13 20:26 . 2009-08-13 20:26 -------- d-----w- c:\windows\ie8updates
2009-08-13 20:25 . 2009-07-01 07:08 101376 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-08-13 20:23 . 2009-08-13 20:25 -------- dc-h--w- c:\windows\ie8
2009-08-12 19:18 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-25 18:47 . 2009-08-25 18:47 25965 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_08_25_20_15_32_small.dmp.zip
2009-08-25 18:47 . 2009-08-25 18:47 28010 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_08_25_20_10_34_small.dmp.zip
2009-08-25 18:46 . 2008-01-03 14:28 -------- d-----w- c:\program files\ICQToolbar
2009-08-23 17:55 . 2009-08-23 17:55 25294 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_08_23_10_49_15_small.dmp.zip
2009-08-23 17:55 . 2007-05-14 06:51 31981778 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-08-21 20:37 . 2001-10-25 12:00 437558 ----a-w- c:\windows\system32\perfh005.dat
2009-08-21 20:37 . 2001-10-25 12:00 82372 ----a-w- c:\windows\system32\perfc005.dat
2009-08-21 16:47 . 2009-08-21 16:47 25856 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_08_20_19_47_20_small.dmp.zip
2009-08-19 17:57 . 2009-08-19 17:57 25779 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_08_18_14_12_38_small.dmp.zip
2009-08-18 12:11 . 2009-08-18 12:11 24537 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_08_18_14_10_50_small.dmp.zip
2009-08-17 18:35 . 2009-08-17 18:35 10463873 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_08_16_19_08_17_full.dmp.zip
2009-08-12 10:08 . 2009-08-12 10:08 24322 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_08_11_15_09_48_small.dmp.zip
2009-08-08 08:55 . 2005-10-14 14:44 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-08 07:39 . 2008-08-23 16:10 -------- d-----w- c:\program files\GRETECH
2009-08-08 07:09 . 2007-01-22 20:18 -------- d-----w- c:\program files\BitLord
2009-08-08 07:09 . 2007-02-17 20:23 -------- d-----w- c:\program files\Valve
2009-08-08 07:07 . 2005-11-24 20:22 -------- d-----w- c:\program files\Google
2009-08-08 07:06 . 2009-02-28 15:55 -------- d-----w- c:\program files\Warcraft III
2009-08-08 07:04 . 2008-01-15 17:38 -------- d-----w- c:\program files\Nokia
2009-08-08 07:02 . 2005-10-09 09:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-08 07:02 . 2009-02-28 22:14 -------- d-----w- c:\program files\Garena
2009-08-05 09:01 . 2001-10-25 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:04 . 2001-10-25 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 19:50 . 2009-07-14 18:18 -------- d-----w- c:\program files\ICQ6.5
2009-07-14 18:20 . 2008-01-03 14:26 -------- d-----w- c:\program files\ICQ6
2009-07-13 21:43 . 2005-10-09 09:04 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:59 . 2001-10-25 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-21 20:47 . 2009-06-22 06:49 2621440 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-06-16 14:40 . 2001-10-25 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2001-10-25 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:45 . 2001-10-25 12:00 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:45 . 2001-10-25 12:00 81408 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 14:15 . 2001-10-25 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2005-10-09 08:30 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:16 . 2001-10-25 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:11 . 2001-10-25 12:00 1293824 ----a-w- c:\windows\system32\quartz.dll
2008-02-29 19:23 . 2008-02-29 19:22 2293848 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2005-01-21 12:11 . 2007-03-20 13:43 215 ----a-w- c:\program files\ctimne.txt
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 695808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-09-14 157592]
"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-07-17 980752]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-29 520024]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-21 198160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-06-15 1519616]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-15 113664]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [16.3.2009 22:14 64160]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [25.8.2008 14:41 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25.8.2008 14:41 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.1.2009 23:34 1029456]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [26.11.2005 17:03 2368]
S2 gupdate1c999e3305db6e6;Google Update Service (gupdate1c999e3305db6e6);c:\program files\Google\Update\GoogleUpdate.exe [28.2.2009 22:23 133104]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\Lineage 2\system\GameGuard\dump_wmimmc.sys --> c:\program files\Lineage 2\system\GameGuard\dump_wmimmc.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\NOVKOV~1\LOCALS~1\Temp\MUU8.tmp --> c:\docume~1\NOVKOV~1\LOCALS~1\Temp\MUU8.tmp [?]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [19.10.2006 13:11 10664]
S3 NETDLWL;D-Link Air Wireless Adapter(DL) NT Driver;c:\windows\system32\drivers\NETDLWL.sys [9.10.2005 12:41 159104]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2.8.2005 23:10 32512]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-08-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 19:16]
2006-01-16 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8129386926.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
2009-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 20:22]
2009-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 20:22]
2009-08-25 c:\windows\Tasks\User_Feed_Synchronization-{4ACBF038-D2E7-45F3-8F9D-E441912F0ACB}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-Cmaudio - cmicnfg.cpl
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: {8A0F5456-5523-4CE8-8FA7-C7B81BDF9841} = 84.21.124.1,84.16.96.2
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-25 21:15
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\NOVKOV~1\LOCALS~1\Temp\MUU8.tmp"
.
Celkový čas: 2009-08-25 21:23
ComboFix-quarantined-files.txt 2009-08-25 19:22
Před spuštěním: Volných bajtů: 28 285 509 632
Po spuštění: Volných bajtů: 28 286 357 504
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
198 --- E O F --- 2009-08-23 18:14
Malwarebytes' Anti-Malware 1.40
Verze databáze: 2690
Windows 5.1.2600 Service Pack 3
25.8.2009 20:42:15
mbam-log-2009-08-25 (20-42-15).txt
Typ skenu: Rychlý sken
Objektu skenováno: 92808
Uplynulý cas: 11 minute(s), 9 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 15
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 2
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
C:\WINDOWS\m.1.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\ICQToolbar\toolbaru.dll (Adware.BHO) -> Delete on reboot.
a log z Combofixu:
ComboFix 09-08-24.06 - Novákovi 25.08.2009 21:07.1.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.290 [GMT 2:00]
Spuštěný z: c:\documents and settings\Novákovi\Plocha\ComboFix.exe
AV: Antivirový systém AVG 7.1.384 *On-access scanning disabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}
AV: avast! antivirus 4.8.1296 [VPS 090825-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\reg.reg
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-25 do 2009-08-25 )))))))))))))))))))))))))))))))
.
2009-08-24 19:19 . 2009-08-24 19:19 -------- d-----w- c:\program files\Trend Micro
2009-08-24 19:01 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-24 19:01 . 2009-08-24 19:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-24 19:01 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-21 20:31 . 2009-08-21 20:31 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-08-21 20:30 . 2009-08-21 20:30 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-21 20:30 . 2009-08-21 20:30 -------- d-----w- c:\program files\MSBuild
2009-08-21 20:30 . 2009-08-21 20:30 -------- d-----w- c:\program files\Reference Assemblies
2009-08-21 20:29 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-21 20:29 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-21 20:29 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-21 20:29 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-21 20:29 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-21 20:29 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-21 20:29 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-21 20:29 . 2009-08-21 20:30 -------- dc----w- C:\a214e46986fc2621588cc5
2009-08-21 20:29 . 2009-08-23 08:33 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-17 19:15 . 2009-08-17 19:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-08-16 19:39 . 2009-08-16 19:39 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-13 20:26 . 2009-07-03 16:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-08-13 20:26 . 2009-07-03 16:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-08-13 20:26 . 2009-07-03 16:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-13 20:26 . 2009-07-03 16:59 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-08-13 20:26 . 2009-07-03 16:59 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-13 20:26 . 2009-07-19 16:46 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-08-13 20:26 . 2009-08-13 20:26 -------- d-----w- c:\windows\ie8updates
2009-08-13 20:25 . 2009-07-01 07:08 101376 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-08-13 20:23 . 2009-08-13 20:25 -------- dc-h--w- c:\windows\ie8
2009-08-12 19:18 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-25 18:47 . 2009-08-25 18:47 25965 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_08_25_20_15_32_small.dmp.zip
2009-08-25 18:47 . 2009-08-25 18:47 28010 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_08_25_20_10_34_small.dmp.zip
2009-08-25 18:46 . 2008-01-03 14:28 -------- d-----w- c:\program files\ICQToolbar
2009-08-23 17:55 . 2009-08-23 17:55 25294 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_08_23_10_49_15_small.dmp.zip
2009-08-23 17:55 . 2007-05-14 06:51 31981778 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-08-21 20:37 . 2001-10-25 12:00 437558 ----a-w- c:\windows\system32\perfh005.dat
2009-08-21 20:37 . 2001-10-25 12:00 82372 ----a-w- c:\windows\system32\perfc005.dat
2009-08-21 16:47 . 2009-08-21 16:47 25856 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_08_20_19_47_20_small.dmp.zip
2009-08-19 17:57 . 2009-08-19 17:57 25779 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_08_18_14_12_38_small.dmp.zip
2009-08-18 12:11 . 2009-08-18 12:11 24537 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_08_18_14_10_50_small.dmp.zip
2009-08-17 18:35 . 2009-08-17 18:35 10463873 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_08_16_19_08_17_full.dmp.zip
2009-08-12 10:08 . 2009-08-12 10:08 24322 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_08_11_15_09_48_small.dmp.zip
2009-08-08 08:55 . 2005-10-14 14:44 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-08 07:39 . 2008-08-23 16:10 -------- d-----w- c:\program files\GRETECH
2009-08-08 07:09 . 2007-01-22 20:18 -------- d-----w- c:\program files\BitLord
2009-08-08 07:09 . 2007-02-17 20:23 -------- d-----w- c:\program files\Valve
2009-08-08 07:07 . 2005-11-24 20:22 -------- d-----w- c:\program files\Google
2009-08-08 07:06 . 2009-02-28 15:55 -------- d-----w- c:\program files\Warcraft III
2009-08-08 07:04 . 2008-01-15 17:38 -------- d-----w- c:\program files\Nokia
2009-08-08 07:02 . 2005-10-09 09:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-08 07:02 . 2009-02-28 22:14 -------- d-----w- c:\program files\Garena
2009-08-05 09:01 . 2001-10-25 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:04 . 2001-10-25 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 19:50 . 2009-07-14 18:18 -------- d-----w- c:\program files\ICQ6.5
2009-07-14 18:20 . 2008-01-03 14:26 -------- d-----w- c:\program files\ICQ6
2009-07-13 21:43 . 2005-10-09 09:04 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:59 . 2001-10-25 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-21 20:47 . 2009-06-22 06:49 2621440 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-06-16 14:40 . 2001-10-25 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2001-10-25 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:45 . 2001-10-25 12:00 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:45 . 2001-10-25 12:00 81408 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 14:15 . 2001-10-25 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2005-10-09 08:30 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:16 . 2001-10-25 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:11 . 2001-10-25 12:00 1293824 ----a-w- c:\windows\system32\quartz.dll
2008-02-29 19:23 . 2008-02-29 19:22 2293848 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2005-01-21 12:11 . 2007-03-20 13:43 215 ----a-w- c:\program files\ctimne.txt
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 695808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-09-14 157592]
"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-07-17 980752]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-29 520024]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-21 198160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-06-15 1519616]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-15 113664]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [16.3.2009 22:14 64160]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [25.8.2008 14:41 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25.8.2008 14:41 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.1.2009 23:34 1029456]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [26.11.2005 17:03 2368]
S2 gupdate1c999e3305db6e6;Google Update Service (gupdate1c999e3305db6e6);c:\program files\Google\Update\GoogleUpdate.exe [28.2.2009 22:23 133104]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\Lineage 2\system\GameGuard\dump_wmimmc.sys --> c:\program files\Lineage 2\system\GameGuard\dump_wmimmc.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\NOVKOV~1\LOCALS~1\Temp\MUU8.tmp --> c:\docume~1\NOVKOV~1\LOCALS~1\Temp\MUU8.tmp [?]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [19.10.2006 13:11 10664]
S3 NETDLWL;D-Link Air Wireless Adapter(DL) NT Driver;c:\windows\system32\drivers\NETDLWL.sys [9.10.2005 12:41 159104]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2.8.2005 23:10 32512]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-08-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 19:16]
2006-01-16 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8129386926.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
2009-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 20:22]
2009-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 20:22]
2009-08-25 c:\windows\Tasks\User_Feed_Synchronization-{4ACBF038-D2E7-45F3-8F9D-E441912F0ACB}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-Cmaudio - cmicnfg.cpl
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: {8A0F5456-5523-4CE8-8FA7-C7B81BDF9841} = 84.21.124.1,84.16.96.2
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-25 21:15
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\NOVKOV~1\LOCALS~1\Temp\MUU8.tmp"
.
Celkový čas: 2009-08-25 21:23
ComboFix-quarantined-files.txt 2009-08-25 19:22
Před spuštěním: Volných bajtů: 28 285 509 632
Po spuštění: Volných bajtů: 28 286 357 504
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
198 --- E O F --- 2009-08-23 18:14
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Prosím o kontrolu logu
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:
File::
c:\windows\Internet Logs\vsmon_2nd_2009_08_25_20_15_32_small.dmp.zip
c:\windows\Internet Logs\vsmon_2nd_2009_08_25_20_10_34_small.dmp.zip
c:\windows\Internet Logs\vsmon_2nd_2009_08_23_10_49_15_small.dmp.zip
c:\windows\Internet Logs\tvDebug.zip
c:\windows\Internet Logs\vsmon_2nd_2009_08_20_19_47_20_small.dmp.zip
c:\windows\Internet Logs\vsmon_2nd_2009_08_18_14_12_38_small.dmp.zip
c:\windows\Internet Logs\vsmon_2nd_2009_08_18_14_10_50_small.dmp.zip
c:\windows\Internet Logs\vsmon_2nd_2009_08_16_19_08_17_full.dmp.zip
c:\windows\Internet Logs\vsmon_2nd_2009_08_11_15_09_48_small.dmp.zip
c:\windows\Internet Logs\xDB3.tmp
c:\program files\Lineage 2\system\GameGuard\dump_wmimmc.sys
c:\docume~1\NOVKOV~1\LOCALS~1\Temp\MUU8.tmp
DirLook::
c:\windows\SxsCaPendDel
Driver::
dump_wmimmc;dump_wmimmc
dump_wmimmc
GarenaPEngine;GarenaPEngine
GarenaPEngine
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000000
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače
Zkopíruj do něj následující celý text označený zeleně:
File::
c:\windows\Internet Logs\vsmon_2nd_2009_08_25_20_15_32_small.dmp.zip
c:\windows\Internet Logs\vsmon_2nd_2009_08_25_20_10_34_small.dmp.zip
c:\windows\Internet Logs\vsmon_2nd_2009_08_23_10_49_15_small.dmp.zip
c:\windows\Internet Logs\tvDebug.zip
c:\windows\Internet Logs\vsmon_2nd_2009_08_20_19_47_20_small.dmp.zip
c:\windows\Internet Logs\vsmon_2nd_2009_08_18_14_12_38_small.dmp.zip
c:\windows\Internet Logs\vsmon_2nd_2009_08_18_14_10_50_small.dmp.zip
c:\windows\Internet Logs\vsmon_2nd_2009_08_16_19_08_17_full.dmp.zip
c:\windows\Internet Logs\vsmon_2nd_2009_08_11_15_09_48_small.dmp.zip
c:\windows\Internet Logs\xDB3.tmp
c:\program files\Lineage 2\system\GameGuard\dump_wmimmc.sys
c:\docume~1\NOVKOV~1\LOCALS~1\Temp\MUU8.tmp
DirLook::
c:\windows\SxsCaPendDel
Driver::
dump_wmimmc;dump_wmimmc
dump_wmimmc
GarenaPEngine;GarenaPEngine
GarenaPEngine
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000000
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Prosím o kontrolu logu
Tady je log z Combofixu:
ComboFix 09-08-25.04 - Novákovi 26.08.2009 12:21.2.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.226 [GMT 2:00]
Spuštěný z: c:\documents and settings\Novákovi\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Novákovi\Plocha\CFScript.txt
AV: Antivirový systém AVG 7.1.384 *On-access scanning disabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}
AV: avast! antivirus 4.8.1296 [VPS 090825-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FILE ::
"c:\docume~1\NOVKOV~1\LOCALS~1\Temp\MUU8.tmp"
"c:\program files\Lineage 2\system\GameGuard\dump_wmimmc.sys"
"c:\windows\Internet Logs\tvDebug.zip"
"c:\windows\Internet Logs\vsmon_2nd_2009_08_11_15_09_48_small.dmp.zip"
"c:\windows\Internet Logs\vsmon_2nd_2009_08_16_19_08_17_full.dmp.zip"
"c:\windows\Internet Logs\vsmon_2nd_2009_08_18_14_10_50_small.dmp.zip"
"c:\windows\Internet Logs\vsmon_2nd_2009_08_18_14_12_38_small.dmp.zip"
"c:\windows\Internet Logs\vsmon_2nd_2009_08_20_19_47_20_small.dmp.zip"
"c:\windows\Internet Logs\vsmon_2nd_2009_08_23_10_49_15_small.dmp.zip"
"c:\windows\Internet Logs\vsmon_2nd_2009_08_25_20_10_34_small.dmp.zip"
"c:\windows\Internet Logs\vsmon_2nd_2009_08_25_20_15_32_small.dmp.zip"
"c:\windows\Internet Logs\xDB3.tmp"
.
PEV Error: CacheFolder
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Internet Logs\tvDebug.zip
c:\windows\Internet Logs\vsmon_2nd_2009_08_11_15_09_48_small.dmp.zip
c:\windows\Internet Logs\vsmon_2nd_2009_08_16_19_08_17_full.dmp.zip
c:\windows\Internet Logs\vsmon_2nd_2009_08_18_14_10_50_small.dmp.zip
c:\windows\Internet Logs\vsmon_2nd_2009_08_18_14_12_38_small.dmp.zip
c:\windows\Internet Logs\vsmon_2nd_2009_08_20_19_47_20_small.dmp.zip
c:\windows\Internet Logs\vsmon_2nd_2009_08_23_10_49_15_small.dmp.zip
c:\windows\Internet Logs\vsmon_2nd_2009_08_25_20_10_34_small.dmp.zip
c:\windows\Internet Logs\vsmon_2nd_2009_08_25_20_15_32_small.dmp.zip
c:\windows\Internet Logs\xDB3.tmp
c:\windows\system32\nerocheck.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DUMP_WMIMMC
-------\Legacy_GARENAPENGINE
-------\Service_dump_wmimmc
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-26 do 2009-08-26 )))))))))))))))))))))))))))))))
.
2009-08-24 19:19 . 2009-08-24 19:19 -------- d-----w- c:\program files\Trend Micro
2009-08-24 19:01 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-24 19:01 . 2009-08-24 19:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-24 19:01 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-21 20:31 . 2009-08-21 20:31 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-08-21 20:30 . 2009-08-21 20:30 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-21 20:30 . 2009-08-21 20:30 -------- d-----w- c:\program files\MSBuild
2009-08-21 20:30 . 2009-08-21 20:30 -------- d-----w- c:\program files\Reference Assemblies
2009-08-21 20:29 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-21 20:29 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-21 20:29 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-21 20:29 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-21 20:29 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-21 20:29 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-21 20:29 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-21 20:29 . 2009-08-21 20:30 -------- dc----w- C:\a214e46986fc2621588cc5
2009-08-21 20:29 . 2009-08-23 08:33 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-17 19:15 . 2009-08-17 19:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-08-16 19:39 . 2009-08-16 19:39 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-13 20:26 . 2009-07-03 16:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-08-13 20:26 . 2009-07-03 16:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-08-13 20:26 . 2009-07-03 16:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-13 20:26 . 2009-07-03 16:59 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-08-13 20:26 . 2009-07-03 16:59 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-13 20:26 . 2009-07-19 16:46 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-08-13 20:26 . 2009-08-13 20:26 -------- d-----w- c:\windows\ie8updates
2009-08-13 20:25 . 2009-07-01 07:08 101376 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-08-13 20:23 . 2009-08-13 20:25 -------- dc-h--w- c:\windows\ie8
2009-08-12 19:18 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-26 08:09 . 2009-08-26 08:09 25601 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_08_25_20_49_26_small.dmp.zip
2009-08-26 08:09 . 2009-08-26 08:09 24262 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_08_25_20_48_13_small.dmp.zip
2009-08-25 18:46 . 2008-01-03 14:28 -------- d-----w- c:\program files\ICQToolbar
2009-08-21 20:37 . 2001-10-25 12:00 437558 ----a-w- c:\windows\system32\perfh005.dat
2009-08-21 20:37 . 2001-10-25 12:00 82372 ----a-w- c:\windows\system32\perfc005.dat
2009-08-08 08:55 . 2005-10-14 14:44 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-08 07:39 . 2008-08-23 16:10 -------- d-----w- c:\program files\GRETECH
2009-08-08 07:09 . 2007-01-22 20:18 -------- d-----w- c:\program files\BitLord
2009-08-08 07:09 . 2007-02-17 20:23 -------- d-----w- c:\program files\Valve
2009-08-08 07:07 . 2005-11-24 20:22 -------- d-----w- c:\program files\Google
2009-08-08 07:06 . 2009-02-28 15:55 -------- d-----w- c:\program files\Warcraft III
2009-08-08 07:04 . 2008-01-15 17:38 -------- d-----w- c:\program files\Nokia
2009-08-08 07:02 . 2005-10-09 09:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-08 07:02 . 2009-02-28 22:14 -------- d-----w- c:\program files\Garena
2009-08-05 09:01 . 2001-10-25 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:04 . 2001-10-25 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 19:50 . 2009-07-14 18:18 -------- d-----w- c:\program files\ICQ6.5
2009-07-14 18:20 . 2008-01-03 14:26 -------- d-----w- c:\program files\ICQ6
2009-07-13 21:43 . 2005-10-09 09:04 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:59 . 2001-10-25 12:00 915456 ------w- c:\windows\system32\wininet.dll
2009-06-16 14:40 . 2001-10-25 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2001-10-25 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:45 . 2001-10-25 12:00 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:45 . 2001-10-25 12:00 81408 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 14:15 . 2001-10-25 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2005-10-09 08:30 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:16 . 2001-10-25 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:11 . 2001-10-25 12:00 1293824 ----a-w- c:\windows\system32\quartz.dll
2008-02-29 19:23 . 2008-02-29 19:22 2293848 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2005-01-21 12:11 . 2007-03-20 13:43 215 ----a-w- c:\program files\ctimne.txt
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\SxsCaPendDel ----
((((((((((((((((((((((((((((( SnapShot@2009-08-25_19.15.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-26 10:34 . 2009-08-26 10:34 16384 c:\windows\Temp\Perflib_Perfdata_4f4.dat
+ 2009-08-26 10:01 . 2009-08-26 10:01 16384 c:\windows\Temp\Perflib_Perfdata_254.dat
+ 2009-08-26 10:33 . 2009-08-26 10:33 16384 c:\windows\Temp\Perflib_Perfdata_15c.dat
+ 2007-01-29 08:58 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 695808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-09-14 157592]
"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-07-17 980752]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-29 520024]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-21 198160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-06-15 1519616]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-15 113664]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [16.3.2009 22:14 64160]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [25.8.2008 14:41 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25.8.2008 14:41 20560]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [26.11.2005 17:03 2368]
S2 gupdate1c999e3305db6e6;Google Update Service (gupdate1c999e3305db6e6);c:\program files\Google\Update\GoogleUpdate.exe [28.2.2009 22:23 133104]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [19.10.2006 13:11 10664]
S3 NETDLWL;D-Link Air Wireless Adapter(DL) NT Driver;c:\windows\system32\drivers\NETDLWL.sys [9.10.2005 12:41 159104]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2.8.2005 23:10 32512]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-08-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 19:16]
2006-01-16 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8129386926.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
2009-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 20:22]
2009-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 20:22]
2009-08-26 c:\windows\Tasks\User_Feed_Synchronization-{4ACBF038-D2E7-45F3-8F9D-E441912F0ACB}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: {8A0F5456-5523-4CE8-8FA7-C7B81BDF9841} = 84.21.124.1,84.16.96.2
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-26 12:36
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3228)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Lavasoft\Ad-Aware\AAWService.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclIrSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-08-26 12:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-26 10:56
ComboFix2.txt 2009-08-25 19:23
Před spuštěním: Volných bajtů: 28 256 428 032
Po spuštění: Volných bajtů: 28 138 672 128
245 --- E O F --- 2009-08-25 21:36
a nový log Hijak:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30:10, on 26.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://C:\Program Files\AutoCAD LT 2002 Cz\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A0F5456-5523-4CE8-8FA7-C7B81BDF9841}: NameServer = 84.21.124.1,84.16.96.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate1c999e3305db6e6) (gupdate1c999e3305db6e6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 9340 bytes
ComboFix 09-08-25.04 - Novákovi 26.08.2009 12:21.2.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.226 [GMT 2:00]
Spuštěný z: c:\documents and settings\Novákovi\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Novákovi\Plocha\CFScript.txt
AV: Antivirový systém AVG 7.1.384 *On-access scanning disabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}
AV: avast! antivirus 4.8.1296 [VPS 090825-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FILE ::
"c:\docume~1\NOVKOV~1\LOCALS~1\Temp\MUU8.tmp"
"c:\program files\Lineage 2\system\GameGuard\dump_wmimmc.sys"
"c:\windows\Internet Logs\tvDebug.zip"
"c:\windows\Internet Logs\vsmon_2nd_2009_08_11_15_09_48_small.dmp.zip"
"c:\windows\Internet Logs\vsmon_2nd_2009_08_16_19_08_17_full.dmp.zip"
"c:\windows\Internet Logs\vsmon_2nd_2009_08_18_14_10_50_small.dmp.zip"
"c:\windows\Internet Logs\vsmon_2nd_2009_08_18_14_12_38_small.dmp.zip"
"c:\windows\Internet Logs\vsmon_2nd_2009_08_20_19_47_20_small.dmp.zip"
"c:\windows\Internet Logs\vsmon_2nd_2009_08_23_10_49_15_small.dmp.zip"
"c:\windows\Internet Logs\vsmon_2nd_2009_08_25_20_10_34_small.dmp.zip"
"c:\windows\Internet Logs\vsmon_2nd_2009_08_25_20_15_32_small.dmp.zip"
"c:\windows\Internet Logs\xDB3.tmp"
.
PEV Error: CacheFolder
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Internet Logs\tvDebug.zip
c:\windows\Internet Logs\vsmon_2nd_2009_08_11_15_09_48_small.dmp.zip
c:\windows\Internet Logs\vsmon_2nd_2009_08_16_19_08_17_full.dmp.zip
c:\windows\Internet Logs\vsmon_2nd_2009_08_18_14_10_50_small.dmp.zip
c:\windows\Internet Logs\vsmon_2nd_2009_08_18_14_12_38_small.dmp.zip
c:\windows\Internet Logs\vsmon_2nd_2009_08_20_19_47_20_small.dmp.zip
c:\windows\Internet Logs\vsmon_2nd_2009_08_23_10_49_15_small.dmp.zip
c:\windows\Internet Logs\vsmon_2nd_2009_08_25_20_10_34_small.dmp.zip
c:\windows\Internet Logs\vsmon_2nd_2009_08_25_20_15_32_small.dmp.zip
c:\windows\Internet Logs\xDB3.tmp
c:\windows\system32\nerocheck.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DUMP_WMIMMC
-------\Legacy_GARENAPENGINE
-------\Service_dump_wmimmc
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-26 do 2009-08-26 )))))))))))))))))))))))))))))))
.
2009-08-24 19:19 . 2009-08-24 19:19 -------- d-----w- c:\program files\Trend Micro
2009-08-24 19:01 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-24 19:01 . 2009-08-24 19:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-24 19:01 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-21 20:31 . 2009-08-21 20:31 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-08-21 20:30 . 2009-08-21 20:30 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-21 20:30 . 2009-08-21 20:30 -------- d-----w- c:\program files\MSBuild
2009-08-21 20:30 . 2009-08-21 20:30 -------- d-----w- c:\program files\Reference Assemblies
2009-08-21 20:29 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-21 20:29 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-21 20:29 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-21 20:29 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-21 20:29 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-21 20:29 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-21 20:29 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-21 20:29 . 2009-08-21 20:30 -------- dc----w- C:\a214e46986fc2621588cc5
2009-08-21 20:29 . 2009-08-23 08:33 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-17 19:15 . 2009-08-17 19:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-08-16 19:39 . 2009-08-16 19:39 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-13 20:26 . 2009-07-03 16:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-08-13 20:26 . 2009-07-03 16:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-08-13 20:26 . 2009-07-03 16:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-13 20:26 . 2009-07-03 16:59 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-08-13 20:26 . 2009-07-03 16:59 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-13 20:26 . 2009-07-19 16:46 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-08-13 20:26 . 2009-08-13 20:26 -------- d-----w- c:\windows\ie8updates
2009-08-13 20:25 . 2009-07-01 07:08 101376 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-08-13 20:23 . 2009-08-13 20:25 -------- dc-h--w- c:\windows\ie8
2009-08-12 19:18 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-26 08:09 . 2009-08-26 08:09 25601 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_08_25_20_49_26_small.dmp.zip
2009-08-26 08:09 . 2009-08-26 08:09 24262 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_08_25_20_48_13_small.dmp.zip
2009-08-25 18:46 . 2008-01-03 14:28 -------- d-----w- c:\program files\ICQToolbar
2009-08-21 20:37 . 2001-10-25 12:00 437558 ----a-w- c:\windows\system32\perfh005.dat
2009-08-21 20:37 . 2001-10-25 12:00 82372 ----a-w- c:\windows\system32\perfc005.dat
2009-08-08 08:55 . 2005-10-14 14:44 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-08 07:39 . 2008-08-23 16:10 -------- d-----w- c:\program files\GRETECH
2009-08-08 07:09 . 2007-01-22 20:18 -------- d-----w- c:\program files\BitLord
2009-08-08 07:09 . 2007-02-17 20:23 -------- d-----w- c:\program files\Valve
2009-08-08 07:07 . 2005-11-24 20:22 -------- d-----w- c:\program files\Google
2009-08-08 07:06 . 2009-02-28 15:55 -------- d-----w- c:\program files\Warcraft III
2009-08-08 07:04 . 2008-01-15 17:38 -------- d-----w- c:\program files\Nokia
2009-08-08 07:02 . 2005-10-09 09:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-08 07:02 . 2009-02-28 22:14 -------- d-----w- c:\program files\Garena
2009-08-05 09:01 . 2001-10-25 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:04 . 2001-10-25 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 19:50 . 2009-07-14 18:18 -------- d-----w- c:\program files\ICQ6.5
2009-07-14 18:20 . 2008-01-03 14:26 -------- d-----w- c:\program files\ICQ6
2009-07-13 21:43 . 2005-10-09 09:04 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:59 . 2001-10-25 12:00 915456 ------w- c:\windows\system32\wininet.dll
2009-06-16 14:40 . 2001-10-25 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2001-10-25 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:45 . 2001-10-25 12:00 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:45 . 2001-10-25 12:00 81408 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 14:15 . 2001-10-25 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2005-10-09 08:30 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:16 . 2001-10-25 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:11 . 2001-10-25 12:00 1293824 ----a-w- c:\windows\system32\quartz.dll
2008-02-29 19:23 . 2008-02-29 19:22 2293848 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2005-01-21 12:11 . 2007-03-20 13:43 215 ----a-w- c:\program files\ctimne.txt
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\SxsCaPendDel ----
((((((((((((((((((((((((((((( SnapShot@2009-08-25_19.15.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-26 10:34 . 2009-08-26 10:34 16384 c:\windows\Temp\Perflib_Perfdata_4f4.dat
+ 2009-08-26 10:01 . 2009-08-26 10:01 16384 c:\windows\Temp\Perflib_Perfdata_254.dat
+ 2009-08-26 10:33 . 2009-08-26 10:33 16384 c:\windows\Temp\Perflib_Perfdata_15c.dat
+ 2007-01-29 08:58 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 695808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-09-14 157592]
"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-07-17 980752]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-29 520024]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-21 198160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-06-15 1519616]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-15 113664]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [16.3.2009 22:14 64160]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [25.8.2008 14:41 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25.8.2008 14:41 20560]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [26.11.2005 17:03 2368]
S2 gupdate1c999e3305db6e6;Google Update Service (gupdate1c999e3305db6e6);c:\program files\Google\Update\GoogleUpdate.exe [28.2.2009 22:23 133104]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [19.10.2006 13:11 10664]
S3 NETDLWL;D-Link Air Wireless Adapter(DL) NT Driver;c:\windows\system32\drivers\NETDLWL.sys [9.10.2005 12:41 159104]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2.8.2005 23:10 32512]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-08-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 19:16]
2006-01-16 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8129386926.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
2009-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 20:22]
2009-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 20:22]
2009-08-26 c:\windows\Tasks\User_Feed_Synchronization-{4ACBF038-D2E7-45F3-8F9D-E441912F0ACB}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: {8A0F5456-5523-4CE8-8FA7-C7B81BDF9841} = 84.21.124.1,84.16.96.2
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-26 12:36
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3228)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Lavasoft\Ad-Aware\AAWService.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclIrSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-08-26 12:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-26 10:56
ComboFix2.txt 2009-08-25 19:23
Před spuštěním: Volných bajtů: 28 256 428 032
Po spuštění: Volných bajtů: 28 138 672 128
245 --- E O F --- 2009-08-25 21:36
a nový log Hijak:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30:10, on 26.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://C:\Program Files\AutoCAD LT 2002 Cz\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A0F5456-5523-4CE8-8FA7-C7B81BDF9841}: NameServer = 84.21.124.1,84.16.96.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate1c999e3305db6e6) (gupdate1c999e3305db6e6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 9340 bytes
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Prosím o kontrolu logu
ComboFix ti tam ještě detekuje další antivir: AVG. Předpokládám i podle logu z HJT, že nyní používáš jen Avast. Najdi v PC všechny složky s názvem Grisoft a AVG a napiš je sem i s cestou.
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Prosím o kontrolu logu
PC našel tyhle složky:
Grisoft C:\ProgramFiles
Antivirový systém AVG 5.7 C:\Documents and Settings\All Users\Nabidka Start\Programy
C:\Program Files\Grisoft
Při spuštění je PC trochu rychlejší ale během spouštění se 2x objeví následující hláška (objevovala se i před tím):
C:\WINDOWS\system32\ZONELABS\vsmon.exe
Validation failed for C>\WINDOWS\system32\VSINIT.dll. Your probably are missinga necessary root certificate
Grisoft C:\ProgramFiles
Antivirový systém AVG 5.7 C:\Documents and Settings\All Users\Nabidka Start\Programy
C:\Program Files\Grisoft
Při spuštění je PC trochu rychlejší ale během spouštění se 2x objeví následující hláška (objevovala se i před tím):
C:\WINDOWS\system32\ZONELABS\vsmon.exe
Validation failed for C>\WINDOWS\system32\VSINIT.dll. Your probably are missinga necessary root certificate
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Prosím o kontrolu logu
Stáhni si:
Registry Search Tady: Registry Search
Rozbal si soubor do složky a potom poklepej na regsearch.exe ke startu programu.
Do volné linky(linek) nad Enter search string case independent zkopíruj a vlož:
A klikni na OK.Otevře se notepad s textem a celý text z něho sem vlož.
*****************************************************************************************************************************************
Stáhni si:
Registry Search Tady: Registry Search
Rozbal si soubor do složky a potom poklepej na regsearch.exe ke startu programu.
Do volné linky(linek) nad Enter search string case independent zkopíruj a vlož:
A klikni na OK.Otevře se notepad s textem a celý text z něho sem vlož.
Registry Search Tady: Registry Search
Rozbal si soubor do složky a potom poklepej na regsearch.exe ke startu programu.
Do volné linky(linek) nad Enter search string case independent zkopíruj a vlož:
Kód: Vybrat vše
Grisoft A klikni na OK.Otevře se notepad s textem a celý text z něho sem vlož.
*****************************************************************************************************************************************
Stáhni si:
Registry Search Tady: Registry Search
Rozbal si soubor do složky a potom poklepej na regsearch.exe ke startu programu.
Do volné linky(linek) nad Enter search string case independent zkopíruj a vlož:
Kód: Vybrat vše
AVG A klikni na OK.Otevře se notepad s textem a celý text z něho sem vlož.
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
-
adrenalinrush
- nováček
- Příspěvky: 2
- Registrován: srpen 09
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Dobrý den, prosím o kontrolu logu
ComboFix 09-08-25.05 - uzivatel 26.08.2009 18:29.1.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1535.984 [GMT 2:00]
Spuštěný z: c:\documents and settings\uzivatel\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Data
c:\windows\system32\Drivers\wohot.sys
c:\windows\system32\eumfyfsc.ini
c:\windows\system32\mfc45.dll
c:\windows\system32\nerocheck.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ufgq
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-26 do 2009-08-26 )))))))))))))))))))))))))))))))
.
2009-08-26 15:13 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-26 15:13 . 2009-08-26 15:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-26 15:13 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-25 17:52 . 2009-08-25 17:52 -------- d-----w- c:\program files\Nvu
2009-08-22 05:02 . 2009-08-22 05:03 -------- d-----w- c:\documents and settings\uzivatel\Rossmann Foto-Shop
2009-08-22 04:59 . 2009-08-22 05:00 -------- d-----w- c:\program files\Rossmann Foto-Shop Client
2009-08-21 18:25 . 2009-01-26 15:04 49152 ----a-w- c:\windows\system32\DBQARM.dll
2009-08-21 18:24 . 2009-08-21 18:29 -------- d-----w- c:\program files\dbQwikSite 5
2009-08-21 18:14 . 2009-08-21 18:14 -------- d-----w- c:\program files\FTP Commander
2009-08-20 19:05 . 2009-08-20 19:06 -------- d-----w- C:\Inetpub
2009-08-20 18:30 . 2009-08-20 18:30 -------- d-----w- c:\program files\Windows Script Control
2009-08-20 18:30 . 2009-08-20 18:30 -------- d-----w- c:\program files\Common Files\e.World
2009-08-20 18:30 . 2009-08-20 18:30 -------- d-----w- c:\windows\PHPMaker
2009-08-13 16:57 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-29 09:39 . 2009-07-03 16:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-29 09:39 . 2009-07-03 16:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-26 06:07 . 2008-11-22 14:29 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-08-21 18:05 . 2004-12-03 20:10 -------- d-----w- c:\program files\SmartFTP
2009-08-18 16:39 . 2007-11-08 09:23 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-17 20:46 . 2004-08-17 13:49 1248 --sha-w- C:\wj2jaeh0.sys
2009-08-16 06:39 . 2009-05-30 10:11 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-16 06:39 . 2009-05-30 10:10 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-16 06:39 . 2009-05-30 10:10 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-11 05:15 . 2008-01-02 19:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-05 21:24 . 2004-08-17 13:49 1248 --sha-w- C:\wj2jaezn.sys
2009-08-05 09:01 . 2004-08-17 13:49 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 19:24 . 2004-12-03 20:07 -------- d-----w- c:\program files\Chameleon
2009-08-04 17:16 . 2004-12-03 20:04 -------- d-----w- c:\program files\Illustrator 8.0 CZ
2009-08-03 19:00 . 2004-12-03 20:08 -------- d-----w- c:\program files\Macromedia
2009-08-03 18:49 . 2004-12-04 10:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-29 14:08 . 2007-09-19 18:44 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-07-17 19:04 . 2004-08-17 13:49 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-17 13:49 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-08 20:30 . 2009-07-08 20:30 0 ----a-w- c:\windows\nsreg.dat
2009-07-06 14:24 . 2009-07-06 10:30 -------- d-----w- c:\program files\Hixus Keyword Inventor
2009-07-06 10:26 . 2009-07-06 10:26 -------- d-----w- c:\program files\BHead
2009-07-03 16:59 . 2004-08-17 13:49 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-28 16:50 . 2004-12-02 23:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-28 16:42 . 2009-06-28 13:37 -------- d-----w- c:\program files\Micropro
2009-06-28 13:49 . 2009-06-28 13:49 -------- d-----w- c:\program files\Common Files\Micropro
2009-06-26 15:34 . 2001-10-25 14:00 47206 ----a-w- c:\windows\system32\perfc005.dat
2009-06-26 15:34 . 2001-10-25 14:00 312970 ----a-w- c:\windows\system32\perfh005.dat
2009-06-16 14:40 . 2004-08-17 13:49 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2001-10-25 14:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 10:45 . 2004-08-17 13:49 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:45 . 2004-08-17 13:49 81408 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 14:15 . 2004-08-17 13:49 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2004-12-02 22:56 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:16 . 2004-08-17 13:49 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:11 . 2004-08-17 13:49 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-05-30 11:23 . 2009-05-30 18:35 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-30 11:23 . 2009-03-18 10:43 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-30 10:45 . 2004-12-02 23:00 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-30 10:45 . 2004-12-02 23:00 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-05-30 10:11 . 2009-05-30 10:10 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 14:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files\NokiaN70\Nokia PC Suite 6\PcSync2.exe" [2005-06-24 860160]
"Google Update"="c:\documents and settings\uzivatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-08-11 133104]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RCServer"="c:\program files\Remote Control\RCServer.exe" [2003-02-05 196608]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-23 487424]
"PC Suite for Smartphones"="c:\program files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-05-28 528384]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-29 520024]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-16 2007832]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-12 286720]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2004-12-3 49254]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\microsoft frontpage\Office\OSA9.EXE [1999-2-17 65588]
Phone Connection Monitor.lnk - c:\program files\Sony Ericsson\Mobile\audevicemgr.exe [2005-10-13 807424]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-16 06:39 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install
"PCSuiteTrayApplication"=c:\program files\NokiaN70\Nokia PC Suite 6\LaunchApplication.exe -onlytray
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"UpdReg"=c:\windows\UpdReg.EXE
"UserFaultCheck"=%systemroot%\system32\dumprep 0 -u
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"DataLayer"=c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe
"CTSysVol"=c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe"=
"c:\\Program Files\\Sony Ericsson\\Mobile\\DXP SyncML.exe"=
"c:\\Program Files\\microsoft frontpage\\Office\\FRONTPG.EXE"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\uzivatel\\Plocha\\Márovy vjeci\\Mára\\World of warcraft\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"c:\\Documents and Settings\\uzivatel\\Plocha\\Márovy vjeci\\Mára\\World of warcraft\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Call of Duty\\CoDUOMP.exe"=
"c:\\Program Files\\FTP Commander\\ftpcomm.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3724:TCP"= 3724:TCP:*:Disabled:Blizzard Downloader: 3724
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [18.3.2009 12:43 64160]
R0 pnpshark;pnpshark;c:\windows\system32\drivers\pnpshark.sys [2.10.2003 4:16 119552]
R0 st3shark;st3shark;c:\windows\system32\drivers\st3shark.sys [27.9.2003 15:37 5504]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [30.5.2009 12:10 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [30.5.2009 12:10 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [30.5.2009 12:10 297752]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [20.6.2009 21:29 222456]
R2 RCSERVER;Remote Control Server;c:\program files\Remote Control\RCServer.exe [5.2.2003 20:51 196608]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9.3.2009 21:06 1029456]
S3 FTLUND;Lundinova Filter Driver;c:\windows\system32\drivers\ftlund.sys [13.10.2005 17:15 6828]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-07-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 09:43]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{E1CB53C3-5CA5-4955-B0E0-636EB8E8565B} - (no file)
Notify-tuvVLdbA - tuvVLdbA.dll
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\iavlsp.dll
DPF: {0A6112F2-F9D1-4FBF-A6EC-B67B22915873} - hxxp://foto.droxi.cz/snadno-vlozit-foto ... loader.dll
DPF: {BE9B2B7C-6680-44E6-9F51-05384AD9C2FF} - hxxp://navigace.cz.o2.com/MapConnect.ocx
DPF: {EC71A2BE-E211-41F9-BCAF-4EFF13426DFE} - hxxps://shop.rossmanncz.orwonet.de/shop ... upload.cab
FF - ProfilePath - c:\documents and settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\j6qheelq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
.
------- Asociace souborů -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-26 18:36
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(608)
c:\windows\system32\iavlsp.dll
- - - - - - - > 'explorer.exe'(3276)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\NokiaN70\Nokia PC Suite 6\PhoneBrowser.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\NokiaN70\Nokia PC Suite 6\PCSCM.dll
c:\program files\NokiaN70\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\NokiaN70\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\program files\SmartFTP\smarthook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Common Files\Authentium\AntiVirus\dvpapi.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\documents and settings\uzivatel\Local Settings\Data aplikací\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\progra~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\progra~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
c:\progra~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
c:\progra~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
.
**************************************************************************
.
Celkový čas: 2009-08-26 18:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-26 16:41
Před spuštěním: Volných bajtů: 49 006 641 152
Po spuštění: Volných bajtů: 48 963 997 696
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
300 --- E O F --- 2009-08-13 19:32
ComboFix 09-08-25.05 - uzivatel 26.08.2009 18:29.1.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1535.984 [GMT 2:00]
Spuštěný z: c:\documents and settings\uzivatel\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Data
c:\windows\system32\Drivers\wohot.sys
c:\windows\system32\eumfyfsc.ini
c:\windows\system32\mfc45.dll
c:\windows\system32\nerocheck.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ufgq
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-26 do 2009-08-26 )))))))))))))))))))))))))))))))
.
2009-08-26 15:13 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-26 15:13 . 2009-08-26 15:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-26 15:13 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-25 17:52 . 2009-08-25 17:52 -------- d-----w- c:\program files\Nvu
2009-08-22 05:02 . 2009-08-22 05:03 -------- d-----w- c:\documents and settings\uzivatel\Rossmann Foto-Shop
2009-08-22 04:59 . 2009-08-22 05:00 -------- d-----w- c:\program files\Rossmann Foto-Shop Client
2009-08-21 18:25 . 2009-01-26 15:04 49152 ----a-w- c:\windows\system32\DBQARM.dll
2009-08-21 18:24 . 2009-08-21 18:29 -------- d-----w- c:\program files\dbQwikSite 5
2009-08-21 18:14 . 2009-08-21 18:14 -------- d-----w- c:\program files\FTP Commander
2009-08-20 19:05 . 2009-08-20 19:06 -------- d-----w- C:\Inetpub
2009-08-20 18:30 . 2009-08-20 18:30 -------- d-----w- c:\program files\Windows Script Control
2009-08-20 18:30 . 2009-08-20 18:30 -------- d-----w- c:\program files\Common Files\e.World
2009-08-20 18:30 . 2009-08-20 18:30 -------- d-----w- c:\windows\PHPMaker
2009-08-13 16:57 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-29 09:39 . 2009-07-03 16:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-29 09:39 . 2009-07-03 16:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-26 06:07 . 2008-11-22 14:29 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-08-21 18:05 . 2004-12-03 20:10 -------- d-----w- c:\program files\SmartFTP
2009-08-18 16:39 . 2007-11-08 09:23 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-17 20:46 . 2004-08-17 13:49 1248 --sha-w- C:\wj2jaeh0.sys
2009-08-16 06:39 . 2009-05-30 10:11 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-16 06:39 . 2009-05-30 10:10 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-16 06:39 . 2009-05-30 10:10 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-11 05:15 . 2008-01-02 19:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-05 21:24 . 2004-08-17 13:49 1248 --sha-w- C:\wj2jaezn.sys
2009-08-05 09:01 . 2004-08-17 13:49 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 19:24 . 2004-12-03 20:07 -------- d-----w- c:\program files\Chameleon
2009-08-04 17:16 . 2004-12-03 20:04 -------- d-----w- c:\program files\Illustrator 8.0 CZ
2009-08-03 19:00 . 2004-12-03 20:08 -------- d-----w- c:\program files\Macromedia
2009-08-03 18:49 . 2004-12-04 10:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-29 14:08 . 2007-09-19 18:44 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-07-17 19:04 . 2004-08-17 13:49 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-17 13:49 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-08 20:30 . 2009-07-08 20:30 0 ----a-w- c:\windows\nsreg.dat
2009-07-06 14:24 . 2009-07-06 10:30 -------- d-----w- c:\program files\Hixus Keyword Inventor
2009-07-06 10:26 . 2009-07-06 10:26 -------- d-----w- c:\program files\BHead
2009-07-03 16:59 . 2004-08-17 13:49 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-28 16:50 . 2004-12-02 23:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-28 16:42 . 2009-06-28 13:37 -------- d-----w- c:\program files\Micropro
2009-06-28 13:49 . 2009-06-28 13:49 -------- d-----w- c:\program files\Common Files\Micropro
2009-06-26 15:34 . 2001-10-25 14:00 47206 ----a-w- c:\windows\system32\perfc005.dat
2009-06-26 15:34 . 2001-10-25 14:00 312970 ----a-w- c:\windows\system32\perfh005.dat
2009-06-16 14:40 . 2004-08-17 13:49 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2001-10-25 14:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 10:45 . 2004-08-17 13:49 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:45 . 2004-08-17 13:49 81408 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 14:15 . 2004-08-17 13:49 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2004-12-02 22:56 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:16 . 2004-08-17 13:49 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:11 . 2004-08-17 13:49 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-05-30 11:23 . 2009-05-30 18:35 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-30 11:23 . 2009-03-18 10:43 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-30 10:45 . 2004-12-02 23:00 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-30 10:45 . 2004-12-02 23:00 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-05-30 10:11 . 2009-05-30 10:10 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 14:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files\NokiaN70\Nokia PC Suite 6\PcSync2.exe" [2005-06-24 860160]
"Google Update"="c:\documents and settings\uzivatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-08-11 133104]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RCServer"="c:\program files\Remote Control\RCServer.exe" [2003-02-05 196608]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-23 487424]
"PC Suite for Smartphones"="c:\program files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-05-28 528384]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-29 520024]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-16 2007832]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-12 286720]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2004-12-3 49254]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\microsoft frontpage\Office\OSA9.EXE [1999-2-17 65588]
Phone Connection Monitor.lnk - c:\program files\Sony Ericsson\Mobile\audevicemgr.exe [2005-10-13 807424]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-16 06:39 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install
"PCSuiteTrayApplication"=c:\program files\NokiaN70\Nokia PC Suite 6\LaunchApplication.exe -onlytray
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"UpdReg"=c:\windows\UpdReg.EXE
"UserFaultCheck"=%systemroot%\system32\dumprep 0 -u
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"DataLayer"=c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe
"CTSysVol"=c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe"=
"c:\\Program Files\\Sony Ericsson\\Mobile\\DXP SyncML.exe"=
"c:\\Program Files\\microsoft frontpage\\Office\\FRONTPG.EXE"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\uzivatel\\Plocha\\Márovy vjeci\\Mára\\World of warcraft\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"c:\\Documents and Settings\\uzivatel\\Plocha\\Márovy vjeci\\Mára\\World of warcraft\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Call of Duty\\CoDUOMP.exe"=
"c:\\Program Files\\FTP Commander\\ftpcomm.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3724:TCP"= 3724:TCP:*:Disabled:Blizzard Downloader: 3724
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [18.3.2009 12:43 64160]
R0 pnpshark;pnpshark;c:\windows\system32\drivers\pnpshark.sys [2.10.2003 4:16 119552]
R0 st3shark;st3shark;c:\windows\system32\drivers\st3shark.sys [27.9.2003 15:37 5504]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [30.5.2009 12:10 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [30.5.2009 12:10 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [30.5.2009 12:10 297752]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [20.6.2009 21:29 222456]
R2 RCSERVER;Remote Control Server;c:\program files\Remote Control\RCServer.exe [5.2.2003 20:51 196608]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9.3.2009 21:06 1029456]
S3 FTLUND;Lundinova Filter Driver;c:\windows\system32\drivers\ftlund.sys [13.10.2005 17:15 6828]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-07-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 09:43]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{E1CB53C3-5CA5-4955-B0E0-636EB8E8565B} - (no file)
Notify-tuvVLdbA - tuvVLdbA.dll
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\iavlsp.dll
DPF: {0A6112F2-F9D1-4FBF-A6EC-B67B22915873} - hxxp://foto.droxi.cz/snadno-vlozit-foto ... loader.dll
DPF: {BE9B2B7C-6680-44E6-9F51-05384AD9C2FF} - hxxp://navigace.cz.o2.com/MapConnect.ocx
DPF: {EC71A2BE-E211-41F9-BCAF-4EFF13426DFE} - hxxps://shop.rossmanncz.orwonet.de/shop ... upload.cab
FF - ProfilePath - c:\documents and settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\j6qheelq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
.
------- Asociace souborů -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-26 18:36
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(608)
c:\windows\system32\iavlsp.dll
- - - - - - - > 'explorer.exe'(3276)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\NokiaN70\Nokia PC Suite 6\PhoneBrowser.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\NokiaN70\Nokia PC Suite 6\PCSCM.dll
c:\program files\NokiaN70\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\NokiaN70\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\program files\SmartFTP\smarthook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Common Files\Authentium\AntiVirus\dvpapi.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\documents and settings\uzivatel\Local Settings\Data aplikací\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\progra~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\progra~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
c:\progra~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
c:\progra~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
.
**************************************************************************
.
Celkový čas: 2009-08-26 18:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-26 16:41
Před spuštěním: Volných bajtů: 49 006 641 152
Po spuštění: Volných bajtů: 48 963 997 696
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
300 --- E O F --- 2009-08-13 19:32
Re: Prosím o kontrolu logu
Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0
; Results at 26.8.2009 18:54:47 for strings:
; 'kód: vybrat vše
'
; 'grisoft'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="grisoft"
; End Of The Log...
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0
; Results at 26.8.2009 18:54:47 for strings:
; 'kód: vybrat vše
'
; 'grisoft'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_USERS\S-1-5-21-1409082233-2077806209-725345543-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="grisoft"
; End Of The Log...
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 9 hostů