Super facebook!!

Sekce věnovaná virům a jiným škodlivým kódům, rovněž ale nástrojům, kterým se lze proti nim bránit…

Moderátoři: Mods_senior, Security team

Odpovědět
Uživatelský avatar
Laura
Level 1
Level 1
Příspěvky: 76
Registrován: srpen 09
Pohlaví: Žena
Stav:
Offline

Super facebook!!

Příspěvekod Laura » 20 srp 2011 00:34

Dnes mi psal kamarád ...říkám si proč mi píše anglicky tak jsem mu odpovídala ale pokažde co jsem odepsala tak se přihlasil a odepsal a zase se odhlasil......bylo mi to pozdrelí ale .....psalo mi to že se zasměju poslal mi odkaz co bylo jako You tube.....stahla jsem si Flash (jinak bych to údajně neviděla) no ale stahla jsem ho nainstalovala a znovu jsem se podivala na ty webovky a došlo i to ....během chvíle se počítač zkur... tak se strašně bavím... :twisted: no tedy mám Trojskýho koně údajně - vypíná se mi pocitac když chci udelat zěnu, nebo nainstalovat antivirus, vyplo mi to řízení uživatelských účtů ... :evil: a nejde to znova zapnout, když dám správce úloh mám spuštěne aplikace co se tváří jako mé znak avastu (dávno odinstalovaný) a u toho nazev Form4 to samé u Adobe....když dám ukončit úlohu tak se vypne pc ...........už opravdu nevím co dál!!!!! :idea:
Nahoru
Reklama
Top
Uživatelský avatar
tux
Elite Level 10
Elite Level 10
Příspěvky: 9627
Registrován: červenec 10
Pohlaví: Muž
Stav:
Offline

Re: Super facebook!!

Příspěvekod tux » 20 srp 2011 00:36

To je to ještě baví? :roll:
Dej sem log z HiJackThis a Mbamu.
Just Fucking Google It!
Nahoru
Uživatelský avatar
Laura
Level 1
Level 1
Příspěvky: 76
Registrován: srpen 09
Pohlaví: Žena
Stav:
Offline

Re: Super facebook!!

Příspěvekod Laura » 20 srp 2011 00:40

kde se to dá stáhnout??
Nahoru
Uživatelský avatar
tux
Elite Level 10
Elite Level 10
Příspěvky: 9627
Registrován: červenec 10
Pohlaví: Muž
Stav:
Offline

Re: Super facebook!!

Příspěvekod tux » 20 srp 2011 00:42

Návod na HiJackThis najdeš zde.


Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.
Just Fucking Google It!
Nahoru
Uživatelský avatar
Laura
Level 1
Level 1
Příspěvky: 76
Registrován: srpen 09
Pohlaví: Žena
Stav:
Offline

Re: Super facebook!!

Příspěvekod Laura » 20 srp 2011 01:05

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Verze databáze: 7513

Windows 6.0.6000
Internet Explorer 8.0.6001.18904

20.8.2011 1:00:07
mbam-log-2011-08-20 (00-59-53).txt

Typ: Rychlá kontrola
Kontrolované objekty: 165421
Uplynulý čas: 7 minut, 21 sekund

Infikované procesy v paměti: 9
Infikované moduly v paměti: 0
Infikované klíče v registru: 11
Infikované hodnoty v registru: 14
Infikované datové položky v registru: 5
Infikované složky: 1
Infikované soubory: 36

Infikované procesy v paměti:
c:\Windows\update.5.0\svchost.exe (Trojan.Agent.H) -> 2284 -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Agent.H) -> 2596 -> No action taken.
c:\Windows\update.tray-12-0\svchost.exe (Trojan.Dropper) -> 2728 -> No action taken.
c:\Windows\sysdriver32.exe (Trojan.Agent) -> 2784 -> No action taken.
c:\Windows\update.tray-7-0\svchost.exe (Trojan.Dropper) -> 2904 -> No action taken.
c:\Windows\l1rezerv.exe (Trojan.Agent) -> 3164 -> No action taken.
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> 3276 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 2608 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 3176 -> No action taken.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Agent.H) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent) -> Value: sysdriver32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico1 (Trojan.Dropper) -> Value: tray_ico1 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1rezerv.exe (Trojan.Agent) -> Value: l1rezerv.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Trojan.Dropper) -> Value: wxpdrv -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\8018922.exe (Trojan.Agent) -> Value: 8018922.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent) -> Value: sysdriver32_.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5839626.exe (Trojan.Agent) -> Value: 5839626.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3476090.exe (Trojan.Agent) -> Value: 3476090.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\25114999-loader2.exe (Trojan.Agent) -> Value: 25114999-loader2.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6212411.exe (Trojan.Agent) -> Value: 6212411.exe -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Worm.AutoRun) -> Value: Shell -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.

Infikované datové položky v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\RECYCLER\S-1-5-21-0914757561-1526112909-127013621-9056\rundll32.exe,explorer.exe) Good: (Explorer.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Infikované složky:
c:\Windows\rpcminer (Trojan.BCMiner) -> No action taken.

Infikované soubory:
c:\Windows\update.5.0\svchost.exe (Trojan.Agent.H) -> No action taken.
c:\Windows\update.tray-12-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\sysdriver32.exe (Trojan.Agent) -> No action taken.
c:\Windows\update.tray-7-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\l1rezerv.exe (Trojan.Agent) -> No action taken.
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\services32.exe (Trojan.Dropper) -> No action taken.
c:\Users\Pavel\AppData\Local\temp\8018922.exe (Trojan.Agent) -> No action taken.
c:\Windows\sysdriver32_.exe (Trojan.Agent) -> No action taken.
c:\Windows\temp\5839626.exe (Trojan.Agent) -> No action taken.
c:\Windows\temp\3476090.exe (Trojan.Agent) -> No action taken.
c:\Windows\temp\25114999-loader2.exe (Trojan.Agent) -> No action taken.
c:\Windows\temp\3716832.exe (Trojan.Agent.H) -> No action taken.
c:\Windows\temp\43417526.exe (Trojan.Downloader) -> No action taken.
c:\Windows\temp\45383_myunrar2.exe (Trojan.Dropper) -> No action taken.
c:\Windows\temp\5714284.exe (Trojan.Agent) -> No action taken.
c:\Windows\temp\6803952.exe (Trojan.Agent) -> No action taken.
c:\Windows\temp\9771671.exe (Trojan.Agent) -> No action taken.
c:\Windows\temp\6212411.exe (Trojan.Agent) -> No action taken.
c:\Windows\temp\9110592.exe (Trojan.Agent) -> No action taken.
c:\Windows\temp\723927697.exe (Trojan.FakeAlert.Gen) -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> No action taken.
c:\Windows\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\curllib.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\libeay32.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\libsasl.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\openldap.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\ssleay32.dll (Trojan.BCMiner) -> No action taken.
Nahoru
Uživatelský avatar
Žbeky
Moderátor
Guru Level 13
Guru Level 13
Příspěvky: 22288
Registrován: květen 08
Bydliště: Vsetín - Pardubice
Pohlaví: Muž
Stav:
Offline

Re: Super facebook!!

Příspěvekod Žbeky » 20 srp 2011 08:29

- Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.

HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Nahoru
Uživatelský avatar
Laura
Level 1
Level 1
Příspěvky: 76
Registrován: srpen 09
Pohlaví: Žena
Stav:
Offline

Re: Super facebook!!

Příspěvekod Laura » 20 srp 2011 10:01

ComboFix 11-08-19.02 - Pavel 20.08.2011 9:34.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.420.1029.18.1022.217 [GMT 2:00]
Spuštěný z: c:\users\Pavel\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files\AutocompletePro
c:\program files\AutocompletePro\AutocompletePro.dll
c:\program files\AutocompletePro\FireFoxExtension.exe
c:\program files\AutocompletePro\chrome\autocompleteprochrome.crx
c:\program files\AutocompletePro\InstTracker.exe
c:\program files\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files\AutocompletePro\support@predictad.com\install.rdf
c:\program files\AutocompletePro\unins000.dat
c:\program files\AutocompletePro\unins000.exe
c:\users\Pavel\AppData\Roaming\inst.exe
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\system\BisonCam.dll
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\system32\scvideo.dll
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-20 do 2011-08-20 )))))))))))))))))))))))))))))))
.
.
2011-08-20 07:48 . 2011-08-20 07:48 -------- d-----w- c:\users\Pavel\AppData\Local\temp
2011-08-20 07:48 . 2011-08-20 07:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-19 22:48 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-19 22:48 . 2011-08-19 22:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-19 22:48 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-19 21:45 . 2011-08-19 21:45 -------- d-----w- c:\users\Pavel\AppData\Roaming\AVG10
2011-08-19 21:40 . 2011-08-19 21:42 -------- d-----w- c:\windows\system32\drivers\AVG
2011-08-19 21:35 . 2011-08-20 07:19 -------- d--h--w- c:\windows\update.tray-12-0
2011-08-19 21:35 . 2011-08-19 21:35 -------- d--h--w- c:\windows\update.tray-12-0-lnk
2011-08-19 21:21 . 2011-08-19 21:21 -------- d--h--w- c:\programdata\Common Files
2011-08-19 21:21 . 2011-08-19 21:46 -------- d-----w- c:\programdata\MFAData
2011-08-19 20:25 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-19 20:07 . 2011-08-19 20:07 -------- d-----w- c:\windows\ufa
2011-08-19 20:03 . 2011-08-19 20:07 246272 ----a-w- c:\windows\unrar.exe
2011-08-19 20:03 . 2011-08-19 20:03 -------- d--h--w- c:\windows\update.7.1
2011-08-19 19:56 . 2011-08-19 19:56 -------- d-----w- c:\windows\av_ico
2011-08-19 19:54 . 2011-08-20 07:19 -------- d--h--w- c:\windows\update.tray-7-0
2011-08-19 19:54 . 2011-08-19 19:54 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-08-19 10:57 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{034BF9FB-00DA-4A7B-93BB-751F2D0583F3}\mpengine.dll
2011-07-28 12:08 . 2011-07-28 12:08 -------- d-----w- c:\users\Pavel\AppData\Local\IsolatedStorage
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 11:43 . 2010-09-05 16:38 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-09-05 16:38 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2010-09-05 16:40 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-09-05 16:39 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2010-09-05 16:39 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-09-05 16:39 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2010-09-05 16:40 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-24 17:14 . 2009-10-04 15:23 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-11-18 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-05-25 159744]
"FIC HotKey"="c:\program files\Hotkey Utility\tray.exe" [2007-07-13 561152]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 153136]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2010-05-12 317376]
"BisonAPP"="c:\windows\BisonCam\BisonAPP.exe" [2007-05-17 49152]
"Silent Mode"="c:\program files\Light Sensor Utility\Sensor.exe" [2007-06-27 253952]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 4431872]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"PowerManager"="c:\program files\Power Manager\PM.exe" [2007-05-16 29696]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-18 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-18 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-18 8466432]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-06-30 273544]
.
c:\users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [N/A]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:English /KBD:2 /dir:c:\progra~1\AVASTS~1\Avast\defs\11081000\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [x]
R2 ddservice;ddservice;c:\windows\update.7.1\svchostdriver.exe [2011-08-19 382464]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 136176]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 FlashUSB;FlashUSB;c:\windows\system32\DRIVERS\FlashUSB.sys [2009-05-12 16896]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 136176]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-05-27 90536]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-05-27 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-05-27 122152]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-05-27 115496]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-05-27 25768]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-05-27 111912]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-05-27 117672]
R3 VERYSPLITPRO;VerySoft WebCamSplitter Pro, WDM Streaming Driver;c:\windows\system32\DRIVERS\verysplitpro.sys [2010-02-18 68352]
R3 VSAudio;VerySoft Virtual Audio WDM;c:\windows\system32\DRIVERS\vsaudio.sys [2010-03-11 15360]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-04 297168]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2006-11-02 22016]
S2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2008-03-20 327800]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-04-14 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 28624]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HsfXAudioService REG_MULTI_SZ HsfXAudioService
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-29 15:31]
.
2011-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-29 15:31]
.
2011-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1853382227-3427846857-181528931-1000Core.job
- c:\users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-20 15:14]
.
2011-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1853382227-3427846857-181528931-1000UA.job
- c:\users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-20 15:14]
.
2011-08-19 c:\windows\Tasks\User_Feed_Synchronization-{90EAA60B-3A2E-4141-AC6F-91863202F249}.job
- c:\windows\system32\msfeedssync.exe [2010-03-30 04:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.cz.o2.com/welcome/cz/index.html
uDefault_Search_URL = hxxp://google.inklineglobal.com
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/cse?cx=partner-pu ... =Search&q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\f1gb3fr2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=hp
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&o ... &gfns=1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Performer Optimum: performeroptimum@livejasmin.com - %profile%\extensions\performeroptimum@livejasmin.com
FF - Ext: AutocompletePro - Your handy search suggestions tool: support@predictad.com - %profile%\extensions\support@predictad.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
URLSearchHooks-{fae3e6b1-1936-40d6-9acc-59ebcf661ccb} - c:\program files\ImTranslator_Pro\tbImT1.dll
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
BHO-{fae3e6b1-1936-40d6-9acc-59ebcf661ccb} - c:\program files\ImTranslator_Pro\tbImT1.dll
Toolbar-{fae3e6b1-1936-40d6-9acc-59ebcf661ccb} - c:\program files\ImTranslator_Pro\tbImT1.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB} - c:\program files\ImTranslator_Pro\tbImT1.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - c:\program files\AVAST Software\Avast\ashShell.dll
HKCU-Run-ISUSPM - c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe
HKLM-Run-SweetIM - c:\program files\SweetIM\Messenger\SweetIM.exe
HKLM-Run-hpqSRMon - c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
HKLM-Run-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
HKLM-Run-avast - c:\program files\AVAST Software\Avast\avastUI.exe
HKLM-Run-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe
SafeBoot-BsScanner
AddRemove-AutocompletePro3_is1 - c:\program files\AutocompletePro\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-20 09:48
Windows 6.0.6000 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2011-08-20 09:53:28
ComboFix-quarantined-files.txt 2011-08-20 07:53
.
Před spuštěním: Volných bajtů: 42 125 254 656
Po spuštění: Volných bajtů: 42 503 094 272
.
- - End Of File - - 09990DB05F8A82AB1010D04C660760D5
Nahoru
Uživatelský avatar
Laura
Level 1
Level 1
Příspěvky: 76
Registrován: srpen 09
Pohlaví: Žena
Stav:
Offline

Re: Super facebook!!

Příspěvekod Laura » 20 srp 2011 10:01

ComboFix 11-08-19.02 - Pavel 20.08.2011 9:34.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.420.1029.18.1022.217 [GMT 2:00]
Spuštěný z: c:\users\Pavel\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files\AutocompletePro
c:\program files\AutocompletePro\AutocompletePro.dll
c:\program files\AutocompletePro\FireFoxExtension.exe
c:\program files\AutocompletePro\chrome\autocompleteprochrome.crx
c:\program files\AutocompletePro\InstTracker.exe
c:\program files\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files\AutocompletePro\support@predictad.com\install.rdf
c:\program files\AutocompletePro\unins000.dat
c:\program files\AutocompletePro\unins000.exe
c:\users\Pavel\AppData\Roaming\inst.exe
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\system\BisonCam.dll
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\system32\scvideo.dll
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-20 do 2011-08-20 )))))))))))))))))))))))))))))))
.
.
2011-08-20 07:48 . 2011-08-20 07:48 -------- d-----w- c:\users\Pavel\AppData\Local\temp
2011-08-20 07:48 . 2011-08-20 07:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-19 22:48 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-19 22:48 . 2011-08-19 22:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-19 22:48 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-19 21:45 . 2011-08-19 21:45 -------- d-----w- c:\users\Pavel\AppData\Roaming\AVG10
2011-08-19 21:40 . 2011-08-19 21:42 -------- d-----w- c:\windows\system32\drivers\AVG
2011-08-19 21:35 . 2011-08-20 07:19 -------- d--h--w- c:\windows\update.tray-12-0
2011-08-19 21:35 . 2011-08-19 21:35 -------- d--h--w- c:\windows\update.tray-12-0-lnk
2011-08-19 21:21 . 2011-08-19 21:21 -------- d--h--w- c:\programdata\Common Files
2011-08-19 21:21 . 2011-08-19 21:46 -------- d-----w- c:\programdata\MFAData
2011-08-19 20:25 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-19 20:07 . 2011-08-19 20:07 -------- d-----w- c:\windows\ufa
2011-08-19 20:03 . 2011-08-19 20:07 246272 ----a-w- c:\windows\unrar.exe
2011-08-19 20:03 . 2011-08-19 20:03 -------- d--h--w- c:\windows\update.7.1
2011-08-19 19:56 . 2011-08-19 19:56 -------- d-----w- c:\windows\av_ico
2011-08-19 19:54 . 2011-08-20 07:19 -------- d--h--w- c:\windows\update.tray-7-0
2011-08-19 19:54 . 2011-08-19 19:54 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-08-19 10:57 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{034BF9FB-00DA-4A7B-93BB-751F2D0583F3}\mpengine.dll
2011-07-28 12:08 . 2011-07-28 12:08 -------- d-----w- c:\users\Pavel\AppData\Local\IsolatedStorage
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 11:43 . 2010-09-05 16:38 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-09-05 16:38 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2010-09-05 16:40 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-09-05 16:39 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2010-09-05 16:39 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-09-05 16:39 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2010-09-05 16:40 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-24 17:14 . 2009-10-04 15:23 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-11-18 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-05-25 159744]
"FIC HotKey"="c:\program files\Hotkey Utility\tray.exe" [2007-07-13 561152]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 153136]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2010-05-12 317376]
"BisonAPP"="c:\windows\BisonCam\BisonAPP.exe" [2007-05-17 49152]
"Silent Mode"="c:\program files\Light Sensor Utility\Sensor.exe" [2007-06-27 253952]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 4431872]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"PowerManager"="c:\program files\Power Manager\PM.exe" [2007-05-16 29696]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-18 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-18 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-18 8466432]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-06-30 273544]
.
c:\users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [N/A]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:English /KBD:2 /dir:c:\progra~1\AVASTS~1\Avast\defs\11081000\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [x]
R2 ddservice;ddservice;c:\windows\update.7.1\svchostdriver.exe [2011-08-19 382464]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 136176]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 FlashUSB;FlashUSB;c:\windows\system32\DRIVERS\FlashUSB.sys [2009-05-12 16896]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 136176]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-05-27 90536]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-05-27 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-05-27 122152]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-05-27 115496]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-05-27 25768]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-05-27 111912]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-05-27 117672]
R3 VERYSPLITPRO;VerySoft WebCamSplitter Pro, WDM Streaming Driver;c:\windows\system32\DRIVERS\verysplitpro.sys [2010-02-18 68352]
R3 VSAudio;VerySoft Virtual Audio WDM;c:\windows\system32\DRIVERS\vsaudio.sys [2010-03-11 15360]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-04 297168]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2006-11-02 22016]
S2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2008-03-20 327800]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-04-14 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 28624]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HsfXAudioService REG_MULTI_SZ HsfXAudioService
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-29 15:31]
.
2011-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-29 15:31]
.
2011-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1853382227-3427846857-181528931-1000Core.job
- c:\users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-20 15:14]
.
2011-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1853382227-3427846857-181528931-1000UA.job
- c:\users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-20 15:14]
.
2011-08-19 c:\windows\Tasks\User_Feed_Synchronization-{90EAA60B-3A2E-4141-AC6F-91863202F249}.job
- c:\windows\system32\msfeedssync.exe [2010-03-30 04:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.cz.o2.com/welcome/cz/index.html
uDefault_Search_URL = hxxp://google.inklineglobal.com
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/cse?cx=partner-pu ... =Search&q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\f1gb3fr2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=hp
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&o ... &gfns=1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Performer Optimum: performeroptimum@livejasmin.com - %profile%\extensions\performeroptimum@livejasmin.com
FF - Ext: AutocompletePro - Your handy search suggestions tool: support@predictad.com - %profile%\extensions\support@predictad.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
URLSearchHooks-{fae3e6b1-1936-40d6-9acc-59ebcf661ccb} - c:\program files\ImTranslator_Pro\tbImT1.dll
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
BHO-{fae3e6b1-1936-40d6-9acc-59ebcf661ccb} - c:\program files\ImTranslator_Pro\tbImT1.dll
Toolbar-{fae3e6b1-1936-40d6-9acc-59ebcf661ccb} - c:\program files\ImTranslator_Pro\tbImT1.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB} - c:\program files\ImTranslator_Pro\tbImT1.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - c:\program files\AVAST Software\Avast\ashShell.dll
HKCU-Run-ISUSPM - c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe
HKLM-Run-SweetIM - c:\program files\SweetIM\Messenger\SweetIM.exe
HKLM-Run-hpqSRMon - c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
HKLM-Run-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
HKLM-Run-avast - c:\program files\AVAST Software\Avast\avastUI.exe
HKLM-Run-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe
SafeBoot-BsScanner
AddRemove-AutocompletePro3_is1 - c:\program files\AutocompletePro\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-20 09:48
Windows 6.0.6000 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2011-08-20 09:53:28
ComboFix-quarantined-files.txt 2011-08-20 07:53
.
Před spuštěním: Volných bajtů: 42 125 254 656
Po spuštění: Volných bajtů: 42 503 094 272
.
- - End Of File - - 09990DB05F8A82AB1010D04C660760D5
Nahoru
Uživatelský avatar
Laura
Level 1
Level 1
Příspěvky: 76
Registrován: srpen 09
Pohlaví: Žena
Stav:
Offline

Re: Super facebook!!

Příspěvekod Laura » 20 srp 2011 10:57

můžu si odinstalovat ty programy ( Combo fix, mbam) ???
Nahoru
guest
Pohlaví: Nespecifikováno

Re: Super facebook!!

Příspěvekod guest » 20 srp 2011 11:01

Dokud ti chlapi neřeknou tak ne. Nejprve s tebou musí dokončit čisticí proces.
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43294
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Super facebook!!

Příspěvekod jaro3 » 20 srp 2011 11:20

Vlož log z HJT:
viewtopic.php?f=70&t=5119


Odinstaluj si jeden antivir , máš tam dva :
AVG a Avast..

Pak udělej znovu sken v Combofixu , je to stále nakažené.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
Uživatelský avatar
Laura
Level 1
Level 1
Příspěvky: 76
Registrován: srpen 09
Pohlaví: Žena
Stav:
Offline

Re: Super facebook!!

Příspěvekod Laura » 20 srp 2011 11:37

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:35:44, on 20.8.2011
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hotkey Utility\tray.exe
C:\Windows\BisonCam\BisonAPP.exe
C:\Program Files\Light Sensor Utility\Sensor.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Power Manager\PM.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.inklineglobal.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cz.o2.com/welcome/cz/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (file missing)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\PROGRA~1\AVASTS~1\Avast\aswWebRepIE.dll (file missing)
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\PROGRA~1\AVASTS~1\Avast\aswWebRepIE.dll (file missing)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [FIC HotKey] C:\Program Files\Hotkey Utility\tray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
O4 - HKLM\..\Run: [BisonAPP] C:\Windows\BisonCam\BisonAPP.exe
O4 - HKLM\..\Run: [Silent Mode] C:\Program Files\Light Sensor Utility\Sensor.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe (file missing)
O23 - Service: AVGIDSAgent - Unknown owner - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (file missing)
O23 - Service: AVG WatchDog (avgwd) - Unknown owner - C:\Program Files\AVG\AVG10\avgwdsvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ddservice - Unknown owner - C:\Windows\update.7.1\svchostdriver.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9168 bytes




avast a AVG v programy a funkce nemám :eh:
Nahoru
Odpovědět

Zpět na “Viry, antiviry, firewally…”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 6 hostů