Zdravím, nefunguje mi klávesnice ani myš tak jak mají. Viz. téma zde
Log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:22:45, on 26.11.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Software Update 3\SoftAuto.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Documents and Settings\Štěpán Kulík\Local Settings\Data aplikací\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
C:\Program Files\Zune\ZuneBusEnum.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Microsoft\BingBar\BingBar.exe
C:\Program Files\Microsoft\BingBar\BingApp.exe
C:\Program Files\Clownfish\Clownfish.exe
C:\PROGRA~1\THEKMP~1\KMPlayer.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddrnw
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Štěpán Kulík\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-606747145-854245398-682003330-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: CurseClientStartup.ccip
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3333343703
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
--
End of file - 10196 bytes
Prosím o kontrolu logu
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Odinstaluj daemon tools toolbar
Fixni:
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.
Fixni:
Kód: Vybrat vše
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddrnw
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Štěpán Kulík\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3333343703Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Re: Prosím o kontrolu logu
Malwarebytes' Anti-Malware
www.malwarebytes.org
Verze databáze:
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
26.11.2011 16:34:39
mbam-log-2011-11-26 (16-34-35).txt
Typ: Rychlá kontrola
Kontrolované objekty: 175573
Uplynulý čas: 2 minut, 47 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 1
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
www.malwarebytes.org
Verze databáze:
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
26.11.2011 16:34:39
mbam-log-2011-11-26 (16-34-35).txt
Typ: Rychlá kontrola
Kontrolované objekty: 175573
Uplynulý čas: 2 minut, 47 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 1
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Znovu spusť MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Re: Prosím o kontrolu logu
MbAM
Malwarebytes' Anti-Malware
www.malwarebytes.org
Verze databáze:
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
26.11.2011 20:54:12
mbam-log-2011-11-26 (20-54-12).txt
Typ: Rychlá kontrola
Kontrolované objekty: 175554
Uplynulý čas: 2 minut, 23 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 1
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
COMBOFIX
ComboFix 11-11-26.04 - Štěpán Kulík 26.11.2011 21:13:57.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1464 [GMT 1:00]
Spuštěný z: c:\documents and settings\Štěpán Kulík\Plocha\ComboFix.exe
AV: AVG Anti-Virus 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\regw2.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-26 do 2011-11-26 )))))))))))))))))))))))))))))))
.
.
2011-11-26 15:28 . 2011-11-26 15:28 -------- d-----w- c:\documents and settings\Štěpán Kulík\Data aplikací\Malwarebytes
2011-11-26 15:28 . 2011-11-26 15:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-11-26 15:28 . 2011-11-26 15:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-26 15:28 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-26 12:22 . 2011-11-26 12:22 388096 ----a-r- c:\documents and settings\Štěpán Kulík\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-26 12:22 . 2011-11-26 12:22 -------- d-----w- c:\program files\Trend Micro
2011-11-24 18:44 . 2011-11-24 18:44 -------- d-----w- c:\program files\THQ
2011-11-11 23:47 . 2011-11-11 23:47 -------- d-----w- c:\documents and settings\Štěpán Kulík\Local Settings\Data aplikací\Skyrim
2011-11-11 23:36 . 2011-11-12 00:45 -------- d-----w- c:\program files\The Elder Scrolls V Skyrim
2011-11-11 18:35 . 2011-11-11 18:35 -------- d-----w- c:\program files\Clownfish
2011-11-11 14:20 . 2011-11-13 13:32 -------- d-----w- c:\program files\Call of Duty- Modern Warfare 3
2011-11-10 18:06 . 2011-11-10 18:06 -------- d-----w- c:\documents and settings\Štěpán Kulík\Data aplikací\AVG Secure Search
2011-11-10 18:06 . 2011-11-10 18:06 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2011-11-10 18:06 . 2011-11-10 18:06 -------- d-----w- c:\program files\AVG Secure Search
2011-11-10 18:05 . 2011-11-10 18:05 -------- d-----w- c:\documents and settings\Štěpán Kulík\Data aplikací\AVG2012
2011-11-10 18:03 . 2011-11-10 18:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG2012
2011-11-04 22:54 . 2011-11-04 22:54 -------- d-----w- c:\documents and settings\tpn Kulk
2011-11-04 22:49 . 2011-10-20 20:21 773080 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll
2011-11-04 20:51 . 2011-11-04 20:51 -------- d-----w- c:\program files\Common Files\Java
2011-11-04 14:28 . 2011-11-04 14:28 -------- d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2011-11-04 14:27 . 2011-11-04 14:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-11-04 14:06 . 2011-11-04 14:15 -------- d-----w- c:\program files\Mass Effect 2
2011-11-04 13:41 . 2011-11-04 13:41 -------- d-----w- c:\documents and settings\Štěpán Kulík\Data aplikací\Ubisoft
2011-11-04 13:41 . 2011-11-04 13:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Ubisoft
2011-11-04 12:46 . 2011-11-04 12:46 -------- d-----w- c:\program files\CPUID
2011-11-04 12:46 . 2010-11-09 14:35 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2011-11-04 12:44 . 2011-11-04 12:44 -------- d-----w- c:\program files\SystemRequirementsLab
2011-11-04 12:44 . 2011-11-04 12:44 -------- d-----w- c:\documents and settings\Štěpán Kulík\SystemRequirementsLab
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-13 19:50 . 2011-05-24 19:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-17 17:48 . 2011-10-17 17:48 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-10-10 14:22 . 2011-04-20 20:22 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 05:23 . 2011-01-07 04:41 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 05:21 . 2011-02-10 05:53 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-10-03 04:06 . 2011-04-20 23:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 01:37 . 2011-04-20 23:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2002-09-23 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2010-03-18 08:09 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2002-09-23 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2002-09-23 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-13 05:30 . 2011-01-19 02:32 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 14:10 . 2002-09-23 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-10-20 20:21 . 2011-04-20 21:39 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-11-10 18:06 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll" [2011-11-10 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"SkyTel"="SkyTel.EXE" [2007-04-04 1822720]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-24 2415456]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-11-10 218464]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Štěpán Kulík\Nabídka Start\Programy\Po spuštění\
CurseClientStartup.ccip [2011-5-8 0]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Štěpán Kulík^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\Štěpán Kulík\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 20:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clownfish]
2011-11-01 08:42 962048 ----a-w- c:\program files\Clownfish\Clownfish.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-08-02 07:33 4910912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2011-10-22 23:31 137536 ----atw- c:\documents and settings\Štěpán Kulík\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-08-04 12:34 1955208 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 08:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-04 16:27 1242448 ----a-w- c:\program files\Steam\steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Valve\\Portal 2\\portal2.exe"=
"c:\\Program Files\\QIP Infium JadrisPack\\qip.exe"=
"c:\\Riot Games\\League of Legends\\lol.launcher.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\VirtualDJ\\virtualdj_pro.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft III\\lancraft.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\crayon physics deluxe\\launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\cogs\\cogs.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\hammerfight\\Hammerfight.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\steelstorm\\steelstorm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\brink\\brink.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Dead Island\\deadislandgame.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.403\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.404\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.440\\Agent.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base19679\\SC2.exe"=
"c:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"c:\\Program Files\\Mass Effect 2\\MassEffect2Launcher.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Documents and Settings\\Štěpán Kulík\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Štěpán Kulík\\Local Settings\\Apps\\2.0\\T5GPC9VM.RKQ\\M3O4D83P.G6A\\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\\CurseClient.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57890:TCP"= 57890:TCP:Pando Media Booster
"57890:UDP"= 57890:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6887:TCP"= 6887:TCP:League of Legends Launcher
"6887:UDP"= 6887:UDP:League of Legends Launcher
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"6941:TCP"= 6941:TCP:League of Legends Launcher
"6941:UDP"= 6941:UDP:League of Legends Launcher
"6911:TCP"= 6911:TCP:League of Legends Launcher
"6911:UDP"= 6911:UDP:League of Legends Launcher
"6975:TCP"= 6975:TCP:League of Legends Launcher
"6975:UDP"= 6975:UDP:League of Legends Launcher
"6990:TCP"= 6990:TCP:League of Legends Launcher
"6990:UDP"= 6990:UDP:League of Legends Launcher
"6966:TCP"= 6966:TCP:League of Legends Launcher
"6966:UDP"= 6966:UDP:League of Legends Launcher
"6943:TCP"= 6943:TCP:League of Legends Launcher
"6943:UDP"= 6943:UDP:League of Legends Launcher
"6938:TCP"= 6938:TCP:League of Legends Launcher
"6938:UDP"= 6938:UDP:League of Legends Launcher
"6959:TCP"= 6959:TCP:League of Legends Launcher
"6959:UDP"= 6959:UDP:League of Legends Launcher
"6881:TCP"= 6881:TCP:League of Legends Launcher
"6881:UDP"= 6881:UDP:League of Legends Launcher
"6924:TCP"= 6924:TCP:League of Legends Launcher
"6924:UDP"= 6924:UDP:League of Legends Launcher
"6886:TCP"= 6886:TCP:League of Legends Launcher
"6886:UDP"= 6886:UDP:League of Legends Launcher
"8398:TCP"= 8398:TCP:League of Legends Launcher
"8398:UDP"= 8398:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
"6936:TCP"= 6936:TCP:League of Legends Launcher
"6936:UDP"= 6936:UDP:League of Legends Launcher
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22.2.2011 7:13 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [19.1.2011 3:32 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.1.2011 5:41 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [10.2.2011 6:54 295248]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [17.10.2011 18:48 232512]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2.8.2011 6:09 192776]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [4.11.2011 13:46 21992]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [4.8.2011 13:34 1361288]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [20.4.2011 22:46 2255464]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [10.11.2011 19:06 246624]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [30.3.2011 16:17 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10.2.2011 6:53 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10.2.2011 6:53 16720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12.10.2011 6:25 4433248]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [1.3.2011 20:23 183560]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [21.5.2008 12:42 64000]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 12:37 517096]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [5.8.2011 11:30 268512]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-26 c:\windows\Tasks\AdobeAAMUpdater-1.0-KULDA-Štěpán Kulík.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-04-30 15:57]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://seznam.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Štěpán Kulík\Data aplikací\Mozilla\Firefox\Profiles\t2yp0i7v.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=ddrnw
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B77 ... &sap=ku&q=
.
.
------- Asociace souborů -------
.
txtfile="c:\program files\PSPad editor\PSPad.exe" "%1"
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-Clownfish - (no file)
MSConfigStartUp-iDownloader Task - c:\program files\iDownloader\IDStarter.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-26 21:17
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2011-11-26 21:18:41
ComboFix-quarantined-files.txt 2011-11-26 20:18
.
Před spuštěním: Volných bajtů: 135 255 187 456
Po spuštění: Volných bajtů: 135 350 112 256
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 9EE9F761CB89FFEA34E47714E62515D5
Malwarebytes' Anti-Malware
www.malwarebytes.org
Verze databáze:
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
26.11.2011 20:54:12
mbam-log-2011-11-26 (20-54-12).txt
Typ: Rychlá kontrola
Kontrolované objekty: 175554
Uplynulý čas: 2 minut, 23 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 1
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
COMBOFIX
ComboFix 11-11-26.04 - Štěpán Kulík 26.11.2011 21:13:57.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1464 [GMT 1:00]
Spuštěný z: c:\documents and settings\Štěpán Kulík\Plocha\ComboFix.exe
AV: AVG Anti-Virus 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\regw2.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-26 do 2011-11-26 )))))))))))))))))))))))))))))))
.
.
2011-11-26 15:28 . 2011-11-26 15:28 -------- d-----w- c:\documents and settings\Štěpán Kulík\Data aplikací\Malwarebytes
2011-11-26 15:28 . 2011-11-26 15:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-11-26 15:28 . 2011-11-26 15:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-26 15:28 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-26 12:22 . 2011-11-26 12:22 388096 ----a-r- c:\documents and settings\Štěpán Kulík\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-26 12:22 . 2011-11-26 12:22 -------- d-----w- c:\program files\Trend Micro
2011-11-24 18:44 . 2011-11-24 18:44 -------- d-----w- c:\program files\THQ
2011-11-11 23:47 . 2011-11-11 23:47 -------- d-----w- c:\documents and settings\Štěpán Kulík\Local Settings\Data aplikací\Skyrim
2011-11-11 23:36 . 2011-11-12 00:45 -------- d-----w- c:\program files\The Elder Scrolls V Skyrim
2011-11-11 18:35 . 2011-11-11 18:35 -------- d-----w- c:\program files\Clownfish
2011-11-11 14:20 . 2011-11-13 13:32 -------- d-----w- c:\program files\Call of Duty- Modern Warfare 3
2011-11-10 18:06 . 2011-11-10 18:06 -------- d-----w- c:\documents and settings\Štěpán Kulík\Data aplikací\AVG Secure Search
2011-11-10 18:06 . 2011-11-10 18:06 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2011-11-10 18:06 . 2011-11-10 18:06 -------- d-----w- c:\program files\AVG Secure Search
2011-11-10 18:05 . 2011-11-10 18:05 -------- d-----w- c:\documents and settings\Štěpán Kulík\Data aplikací\AVG2012
2011-11-10 18:03 . 2011-11-10 18:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG2012
2011-11-04 22:54 . 2011-11-04 22:54 -------- d-----w- c:\documents and settings\tpn Kulk
2011-11-04 22:49 . 2011-10-20 20:21 773080 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll
2011-11-04 20:51 . 2011-11-04 20:51 -------- d-----w- c:\program files\Common Files\Java
2011-11-04 14:28 . 2011-11-04 14:28 -------- d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2011-11-04 14:27 . 2011-11-04 14:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-11-04 14:06 . 2011-11-04 14:15 -------- d-----w- c:\program files\Mass Effect 2
2011-11-04 13:41 . 2011-11-04 13:41 -------- d-----w- c:\documents and settings\Štěpán Kulík\Data aplikací\Ubisoft
2011-11-04 13:41 . 2011-11-04 13:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Ubisoft
2011-11-04 12:46 . 2011-11-04 12:46 -------- d-----w- c:\program files\CPUID
2011-11-04 12:46 . 2010-11-09 14:35 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2011-11-04 12:44 . 2011-11-04 12:44 -------- d-----w- c:\program files\SystemRequirementsLab
2011-11-04 12:44 . 2011-11-04 12:44 -------- d-----w- c:\documents and settings\Štěpán Kulík\SystemRequirementsLab
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-13 19:50 . 2011-05-24 19:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-17 17:48 . 2011-10-17 17:48 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-10-10 14:22 . 2011-04-20 20:22 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 05:23 . 2011-01-07 04:41 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 05:21 . 2011-02-10 05:53 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-10-03 04:06 . 2011-04-20 23:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 01:37 . 2011-04-20 23:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2002-09-23 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2010-03-18 08:09 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2002-09-23 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2002-09-23 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-13 05:30 . 2011-01-19 02:32 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 14:10 . 2002-09-23 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-10-20 20:21 . 2011-04-20 21:39 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-11-10 18:06 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll" [2011-11-10 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"SkyTel"="SkyTel.EXE" [2007-04-04 1822720]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-24 2415456]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-11-10 218464]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Štěpán Kulík\Nabídka Start\Programy\Po spuštění\
CurseClientStartup.ccip [2011-5-8 0]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Štěpán Kulík^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\Štěpán Kulík\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 20:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clownfish]
2011-11-01 08:42 962048 ----a-w- c:\program files\Clownfish\Clownfish.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-08-02 07:33 4910912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2011-10-22 23:31 137536 ----atw- c:\documents and settings\Štěpán Kulík\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-08-04 12:34 1955208 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 08:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-04 16:27 1242448 ----a-w- c:\program files\Steam\steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Valve\\Portal 2\\portal2.exe"=
"c:\\Program Files\\QIP Infium JadrisPack\\qip.exe"=
"c:\\Riot Games\\League of Legends\\lol.launcher.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\VirtualDJ\\virtualdj_pro.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft III\\lancraft.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\crayon physics deluxe\\launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\cogs\\cogs.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\hammerfight\\Hammerfight.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\steelstorm\\steelstorm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\brink\\brink.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Dead Island\\deadislandgame.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.403\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.404\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.440\\Agent.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base19679\\SC2.exe"=
"c:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"c:\\Program Files\\Mass Effect 2\\MassEffect2Launcher.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Documents and Settings\\Štěpán Kulík\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Štěpán Kulík\\Local Settings\\Apps\\2.0\\T5GPC9VM.RKQ\\M3O4D83P.G6A\\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\\CurseClient.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57890:TCP"= 57890:TCP:Pando Media Booster
"57890:UDP"= 57890:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6887:TCP"= 6887:TCP:League of Legends Launcher
"6887:UDP"= 6887:UDP:League of Legends Launcher
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"6941:TCP"= 6941:TCP:League of Legends Launcher
"6941:UDP"= 6941:UDP:League of Legends Launcher
"6911:TCP"= 6911:TCP:League of Legends Launcher
"6911:UDP"= 6911:UDP:League of Legends Launcher
"6975:TCP"= 6975:TCP:League of Legends Launcher
"6975:UDP"= 6975:UDP:League of Legends Launcher
"6990:TCP"= 6990:TCP:League of Legends Launcher
"6990:UDP"= 6990:UDP:League of Legends Launcher
"6966:TCP"= 6966:TCP:League of Legends Launcher
"6966:UDP"= 6966:UDP:League of Legends Launcher
"6943:TCP"= 6943:TCP:League of Legends Launcher
"6943:UDP"= 6943:UDP:League of Legends Launcher
"6938:TCP"= 6938:TCP:League of Legends Launcher
"6938:UDP"= 6938:UDP:League of Legends Launcher
"6959:TCP"= 6959:TCP:League of Legends Launcher
"6959:UDP"= 6959:UDP:League of Legends Launcher
"6881:TCP"= 6881:TCP:League of Legends Launcher
"6881:UDP"= 6881:UDP:League of Legends Launcher
"6924:TCP"= 6924:TCP:League of Legends Launcher
"6924:UDP"= 6924:UDP:League of Legends Launcher
"6886:TCP"= 6886:TCP:League of Legends Launcher
"6886:UDP"= 6886:UDP:League of Legends Launcher
"8398:TCP"= 8398:TCP:League of Legends Launcher
"8398:UDP"= 8398:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
"6936:TCP"= 6936:TCP:League of Legends Launcher
"6936:UDP"= 6936:UDP:League of Legends Launcher
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22.2.2011 7:13 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [19.1.2011 3:32 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.1.2011 5:41 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [10.2.2011 6:54 295248]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [17.10.2011 18:48 232512]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2.8.2011 6:09 192776]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [4.11.2011 13:46 21992]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [4.8.2011 13:34 1361288]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [20.4.2011 22:46 2255464]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [10.11.2011 19:06 246624]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [30.3.2011 16:17 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10.2.2011 6:53 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10.2.2011 6:53 16720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12.10.2011 6:25 4433248]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [1.3.2011 20:23 183560]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [21.5.2008 12:42 64000]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 12:37 517096]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [5.8.2011 11:30 268512]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-26 c:\windows\Tasks\AdobeAAMUpdater-1.0-KULDA-Štěpán Kulík.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-04-30 15:57]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://seznam.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Štěpán Kulík\Data aplikací\Mozilla\Firefox\Profiles\t2yp0i7v.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=ddrnw
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B77 ... &sap=ku&q=
.
.
------- Asociace souborů -------
.
txtfile="c:\program files\PSPad editor\PSPad.exe" "%1"
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-Clownfish - (no file)
MSConfigStartUp-iDownloader Task - c:\program files\iDownloader\IDStarter.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-26 21:17
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2011-11-26 21:18:41
ComboFix-quarantined-files.txt 2011-11-26 20:18
.
Před spuštěním: Volných bajtů: 135 255 187 456
Po spuštění: Volných bajtů: 135 350 112 256
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 9EE9F761CB89FFEA34E47714E62515D5
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
Driver::
MBAMSwissArmy
cpuz135
File::
c:\windows\system32\drivers\mbamswissarmy.sys
c:\windows\system32\drivers\cpuz135_x32.sys
Folder::
c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Prosím o kontrolu logu
ComboFix 11-11-26.04 - Štěpán Kulík 26.11.2011 22:14:40.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1465 [GMT 1:00]
Spuštěný z: c:\documents and settings\Štěpán Kulík\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Štěpán Kulík\Plocha\CFScript.txt
AV: AVG Anti-Virus 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\windows\system32\drivers\cpuz135_x32.sys"
"c:\windows\system32\drivers\mbamswissarmy.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP\WiseCustomCalla.dll
c:\windows\system32\drivers\cpuz135_x32.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CPUZ135
-------\Legacy_MBAMSWISSARMY
-------\Service_cpuz135
-------\Service_MBAMSwissArmy
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-26 do 2011-11-26 )))))))))))))))))))))))))))))))
.
.
2011-11-26 15:28 . 2011-11-26 15:28 -------- d-----w- c:\documents and settings\Štěpán Kulík\Data aplikací\Malwarebytes
2011-11-26 15:28 . 2011-11-26 15:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-11-26 15:28 . 2011-11-26 15:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-26 15:28 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-26 12:22 . 2011-11-26 12:22 388096 ----a-r- c:\documents and settings\Štěpán Kulík\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-26 12:22 . 2011-11-26 12:22 -------- d-----w- c:\program files\Trend Micro
2011-11-24 18:44 . 2011-11-24 18:44 -------- d-----w- c:\program files\THQ
2011-11-11 23:47 . 2011-11-11 23:47 -------- d-----w- c:\documents and settings\Štěpán Kulík\Local Settings\Data aplikací\Skyrim
2011-11-11 23:36 . 2011-11-12 00:45 -------- d-----w- c:\program files\The Elder Scrolls V Skyrim
2011-11-11 18:35 . 2011-11-11 18:35 -------- d-----w- c:\program files\Clownfish
2011-11-11 14:20 . 2011-11-13 13:32 -------- d-----w- c:\program files\Call of Duty- Modern Warfare 3
2011-11-10 18:06 . 2011-11-10 18:06 -------- d-----w- c:\documents and settings\Štěpán Kulík\Data aplikací\AVG Secure Search
2011-11-10 18:06 . 2011-11-10 18:06 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2011-11-10 18:06 . 2011-11-10 18:06 -------- d-----w- c:\program files\AVG Secure Search
2011-11-10 18:05 . 2011-11-10 18:05 -------- d-----w- c:\documents and settings\Štěpán Kulík\Data aplikací\AVG2012
2011-11-10 18:03 . 2011-11-10 18:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG2012
2011-11-04 22:54 . 2011-11-04 22:54 -------- d-----w- c:\documents and settings\tpn Kulk
2011-11-04 22:49 . 2011-10-20 20:21 773080 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll
2011-11-04 20:51 . 2011-11-04 20:51 -------- d-----w- c:\program files\Common Files\Java
2011-11-04 14:27 . 2011-11-04 14:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-11-04 14:06 . 2011-11-04 14:15 -------- d-----w- c:\program files\Mass Effect 2
2011-11-04 13:41 . 2011-11-04 13:41 -------- d-----w- c:\documents and settings\Štěpán Kulík\Data aplikací\Ubisoft
2011-11-04 13:41 . 2011-11-04 13:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Ubisoft
2011-11-04 12:46 . 2011-11-04 12:46 -------- d-----w- c:\program files\CPUID
2011-11-04 12:44 . 2011-11-04 12:44 -------- d-----w- c:\program files\SystemRequirementsLab
2011-11-04 12:44 . 2011-11-04 12:44 -------- d-----w- c:\documents and settings\Štěpán Kulík\SystemRequirementsLab
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-13 19:50 . 2011-05-24 19:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-17 17:48 . 2011-10-17 17:48 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-10-10 14:22 . 2011-04-20 20:22 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 05:23 . 2011-01-07 04:41 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 05:21 . 2011-02-10 05:53 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-10-03 04:06 . 2011-04-20 23:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 01:37 . 2011-04-20 23:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2002-09-23 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2010-03-18 08:09 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2002-09-23 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2002-09-23 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-13 05:30 . 2011-01-19 02:32 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 14:10 . 2002-09-23 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-10-20 20:21 . 2011-04-20 21:39 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-26_20.17.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-26 21:20 . 2011-11-26 21:20 16384 c:\windows\temp\Perflib_Perfdata_644.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-11-10 18:06 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll" [2011-11-10 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"SkyTel"="SkyTel.EXE" [2007-04-04 1822720]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-24 2415456]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-11-10 218464]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Štěpán Kulík\Nabídka Start\Programy\Po spuštění\
CurseClientStartup.ccip [2011-5-8 0]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Štěpán Kulík^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\Štěpán Kulík\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 20:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clownfish]
2011-11-01 08:42 962048 ----a-w- c:\program files\Clownfish\Clownfish.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-08-02 07:33 4910912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2011-10-22 23:31 137536 ----atw- c:\documents and settings\Štěpán Kulík\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-08-04 12:34 1955208 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 08:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-04 16:27 1242448 ----a-w- c:\program files\Steam\steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Valve\\Portal 2\\portal2.exe"=
"c:\\Program Files\\QIP Infium JadrisPack\\qip.exe"=
"c:\\Riot Games\\League of Legends\\lol.launcher.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\VirtualDJ\\virtualdj_pro.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft III\\lancraft.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\crayon physics deluxe\\launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\cogs\\cogs.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\hammerfight\\Hammerfight.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\steelstorm\\steelstorm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\brink\\brink.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Dead Island\\deadislandgame.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.403\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.404\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.440\\Agent.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base19679\\SC2.exe"=
"c:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"c:\\Program Files\\Mass Effect 2\\MassEffect2Launcher.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Documents and Settings\\Štěpán Kulík\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Štěpán Kulík\\Local Settings\\Apps\\2.0\\T5GPC9VM.RKQ\\M3O4D83P.G6A\\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\\CurseClient.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57890:TCP"= 57890:TCP:Pando Media Booster
"57890:UDP"= 57890:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6887:TCP"= 6887:TCP:League of Legends Launcher
"6887:UDP"= 6887:UDP:League of Legends Launcher
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"6941:TCP"= 6941:TCP:League of Legends Launcher
"6941:UDP"= 6941:UDP:League of Legends Launcher
"6911:TCP"= 6911:TCP:League of Legends Launcher
"6911:UDP"= 6911:UDP:League of Legends Launcher
"6975:TCP"= 6975:TCP:League of Legends Launcher
"6975:UDP"= 6975:UDP:League of Legends Launcher
"6990:TCP"= 6990:TCP:League of Legends Launcher
"6990:UDP"= 6990:UDP:League of Legends Launcher
"6966:TCP"= 6966:TCP:League of Legends Launcher
"6966:UDP"= 6966:UDP:League of Legends Launcher
"6943:TCP"= 6943:TCP:League of Legends Launcher
"6943:UDP"= 6943:UDP:League of Legends Launcher
"6938:TCP"= 6938:TCP:League of Legends Launcher
"6938:UDP"= 6938:UDP:League of Legends Launcher
"6959:TCP"= 6959:TCP:League of Legends Launcher
"6959:UDP"= 6959:UDP:League of Legends Launcher
"6881:TCP"= 6881:TCP:League of Legends Launcher
"6881:UDP"= 6881:UDP:League of Legends Launcher
"6924:TCP"= 6924:TCP:League of Legends Launcher
"6924:UDP"= 6924:UDP:League of Legends Launcher
"6886:TCP"= 6886:TCP:League of Legends Launcher
"6886:UDP"= 6886:UDP:League of Legends Launcher
"8398:TCP"= 8398:TCP:League of Legends Launcher
"8398:UDP"= 8398:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
"6936:TCP"= 6936:TCP:League of Legends Launcher
"6936:UDP"= 6936:UDP:League of Legends Launcher
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22.2.2011 7:13 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [19.1.2011 3:32 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.1.2011 5:41 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [10.2.2011 6:54 295248]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [17.10.2011 18:48 232512]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2.8.2011 6:09 192776]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [4.8.2011 13:34 1361288]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [20.4.2011 22:46 2255464]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [10.11.2011 19:06 246624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12.10.2011 6:25 4433248]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [30.3.2011 16:17 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10.2.2011 6:53 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10.2.2011 6:53 16720]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [1.3.2011 20:23 183560]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [21.5.2008 12:42 64000]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 12:37 517096]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [5.8.2011 11:30 268512]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-26 c:\windows\Tasks\AdobeAAMUpdater-1.0-KULDA-Štěpán Kulík.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-04-30 15:57]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://seznam.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Štěpán Kulík\Data aplikací\Mozilla\Firefox\Profiles\t2yp0i7v.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=ddrnw
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B77 ... &sap=ku&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-26 22:21
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3248)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Zune\ZuneBusEnum.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\System32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-11-26 22:24:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-26 21:24
ComboFix2.txt 2011-11-26 20:18
.
Před spuštěním: Volných bajtů: 135 362 396 160
Po spuštění: Volných bajtů: 135 264 632 832
.
- - End Of File - - 127F7BDC3330DA6ADE61D0197546BDFE
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1465 [GMT 1:00]
Spuštěný z: c:\documents and settings\Štěpán Kulík\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Štěpán Kulík\Plocha\CFScript.txt
AV: AVG Anti-Virus 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\windows\system32\drivers\cpuz135_x32.sys"
"c:\windows\system32\drivers\mbamswissarmy.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP\WiseCustomCalla.dll
c:\windows\system32\drivers\cpuz135_x32.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CPUZ135
-------\Legacy_MBAMSWISSARMY
-------\Service_cpuz135
-------\Service_MBAMSwissArmy
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-26 do 2011-11-26 )))))))))))))))))))))))))))))))
.
.
2011-11-26 15:28 . 2011-11-26 15:28 -------- d-----w- c:\documents and settings\Štěpán Kulík\Data aplikací\Malwarebytes
2011-11-26 15:28 . 2011-11-26 15:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-11-26 15:28 . 2011-11-26 15:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-26 15:28 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-26 12:22 . 2011-11-26 12:22 388096 ----a-r- c:\documents and settings\Štěpán Kulík\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-26 12:22 . 2011-11-26 12:22 -------- d-----w- c:\program files\Trend Micro
2011-11-24 18:44 . 2011-11-24 18:44 -------- d-----w- c:\program files\THQ
2011-11-11 23:47 . 2011-11-11 23:47 -------- d-----w- c:\documents and settings\Štěpán Kulík\Local Settings\Data aplikací\Skyrim
2011-11-11 23:36 . 2011-11-12 00:45 -------- d-----w- c:\program files\The Elder Scrolls V Skyrim
2011-11-11 18:35 . 2011-11-11 18:35 -------- d-----w- c:\program files\Clownfish
2011-11-11 14:20 . 2011-11-13 13:32 -------- d-----w- c:\program files\Call of Duty- Modern Warfare 3
2011-11-10 18:06 . 2011-11-10 18:06 -------- d-----w- c:\documents and settings\Štěpán Kulík\Data aplikací\AVG Secure Search
2011-11-10 18:06 . 2011-11-10 18:06 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2011-11-10 18:06 . 2011-11-10 18:06 -------- d-----w- c:\program files\AVG Secure Search
2011-11-10 18:05 . 2011-11-10 18:05 -------- d-----w- c:\documents and settings\Štěpán Kulík\Data aplikací\AVG2012
2011-11-10 18:03 . 2011-11-10 18:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG2012
2011-11-04 22:54 . 2011-11-04 22:54 -------- d-----w- c:\documents and settings\tpn Kulk
2011-11-04 22:49 . 2011-10-20 20:21 773080 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll
2011-11-04 20:51 . 2011-11-04 20:51 -------- d-----w- c:\program files\Common Files\Java
2011-11-04 14:27 . 2011-11-04 14:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-11-04 14:06 . 2011-11-04 14:15 -------- d-----w- c:\program files\Mass Effect 2
2011-11-04 13:41 . 2011-11-04 13:41 -------- d-----w- c:\documents and settings\Štěpán Kulík\Data aplikací\Ubisoft
2011-11-04 13:41 . 2011-11-04 13:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Ubisoft
2011-11-04 12:46 . 2011-11-04 12:46 -------- d-----w- c:\program files\CPUID
2011-11-04 12:44 . 2011-11-04 12:44 -------- d-----w- c:\program files\SystemRequirementsLab
2011-11-04 12:44 . 2011-11-04 12:44 -------- d-----w- c:\documents and settings\Štěpán Kulík\SystemRequirementsLab
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-13 19:50 . 2011-05-24 19:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-17 17:48 . 2011-10-17 17:48 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-10-10 14:22 . 2011-04-20 20:22 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 05:23 . 2011-01-07 04:41 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 05:21 . 2011-02-10 05:53 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-10-03 04:06 . 2011-04-20 23:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 01:37 . 2011-04-20 23:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2002-09-23 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2010-03-18 08:09 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2002-09-23 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2002-09-23 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-13 05:30 . 2011-01-19 02:32 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 14:10 . 2002-09-23 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-10-20 20:21 . 2011-04-20 21:39 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-26_20.17.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-26 21:20 . 2011-11-26 21:20 16384 c:\windows\temp\Perflib_Perfdata_644.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-11-10 18:06 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll" [2011-11-10 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"SkyTel"="SkyTel.EXE" [2007-04-04 1822720]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-24 2415456]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-11-10 218464]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Štěpán Kulík\Nabídka Start\Programy\Po spuštění\
CurseClientStartup.ccip [2011-5-8 0]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Štěpán Kulík^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\Štěpán Kulík\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 20:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clownfish]
2011-11-01 08:42 962048 ----a-w- c:\program files\Clownfish\Clownfish.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-08-02 07:33 4910912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2011-10-22 23:31 137536 ----atw- c:\documents and settings\Štěpán Kulík\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-08-04 12:34 1955208 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 08:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-04 16:27 1242448 ----a-w- c:\program files\Steam\steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Valve\\Portal 2\\portal2.exe"=
"c:\\Program Files\\QIP Infium JadrisPack\\qip.exe"=
"c:\\Riot Games\\League of Legends\\lol.launcher.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\VirtualDJ\\virtualdj_pro.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft III\\lancraft.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\crayon physics deluxe\\launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\cogs\\cogs.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\hammerfight\\Hammerfight.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\steelstorm\\steelstorm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\brink\\brink.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Dead Island\\deadislandgame.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.403\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.404\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.440\\Agent.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base19679\\SC2.exe"=
"c:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"c:\\Program Files\\Mass Effect 2\\MassEffect2Launcher.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Documents and Settings\\Štěpán Kulík\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Štěpán Kulík\\Local Settings\\Apps\\2.0\\T5GPC9VM.RKQ\\M3O4D83P.G6A\\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\\CurseClient.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57890:TCP"= 57890:TCP:Pando Media Booster
"57890:UDP"= 57890:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6887:TCP"= 6887:TCP:League of Legends Launcher
"6887:UDP"= 6887:UDP:League of Legends Launcher
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"6941:TCP"= 6941:TCP:League of Legends Launcher
"6941:UDP"= 6941:UDP:League of Legends Launcher
"6911:TCP"= 6911:TCP:League of Legends Launcher
"6911:UDP"= 6911:UDP:League of Legends Launcher
"6975:TCP"= 6975:TCP:League of Legends Launcher
"6975:UDP"= 6975:UDP:League of Legends Launcher
"6990:TCP"= 6990:TCP:League of Legends Launcher
"6990:UDP"= 6990:UDP:League of Legends Launcher
"6966:TCP"= 6966:TCP:League of Legends Launcher
"6966:UDP"= 6966:UDP:League of Legends Launcher
"6943:TCP"= 6943:TCP:League of Legends Launcher
"6943:UDP"= 6943:UDP:League of Legends Launcher
"6938:TCP"= 6938:TCP:League of Legends Launcher
"6938:UDP"= 6938:UDP:League of Legends Launcher
"6959:TCP"= 6959:TCP:League of Legends Launcher
"6959:UDP"= 6959:UDP:League of Legends Launcher
"6881:TCP"= 6881:TCP:League of Legends Launcher
"6881:UDP"= 6881:UDP:League of Legends Launcher
"6924:TCP"= 6924:TCP:League of Legends Launcher
"6924:UDP"= 6924:UDP:League of Legends Launcher
"6886:TCP"= 6886:TCP:League of Legends Launcher
"6886:UDP"= 6886:UDP:League of Legends Launcher
"8398:TCP"= 8398:TCP:League of Legends Launcher
"8398:UDP"= 8398:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
"6936:TCP"= 6936:TCP:League of Legends Launcher
"6936:UDP"= 6936:UDP:League of Legends Launcher
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22.2.2011 7:13 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [19.1.2011 3:32 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.1.2011 5:41 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [10.2.2011 6:54 295248]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [17.10.2011 18:48 232512]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2.8.2011 6:09 192776]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [4.8.2011 13:34 1361288]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [20.4.2011 22:46 2255464]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [10.11.2011 19:06 246624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12.10.2011 6:25 4433248]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [30.3.2011 16:17 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10.2.2011 6:53 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10.2.2011 6:53 16720]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [1.3.2011 20:23 183560]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [21.5.2008 12:42 64000]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 12:37 517096]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [5.8.2011 11:30 268512]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-26 c:\windows\Tasks\AdobeAAMUpdater-1.0-KULDA-Štěpán Kulík.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-04-30 15:57]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://seznam.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Štěpán Kulík\Data aplikací\Mozilla\Firefox\Profiles\t2yp0i7v.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=ddrnw
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B77 ... &sap=ku&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-26 22:21
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3248)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Zune\ZuneBusEnum.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\System32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-11-26 22:24:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-26 21:24
ComboFix2.txt 2011-11-26 20:18
.
Před spuštěním: Volných bajtů: 135 362 396 160
Po spuštění: Volných bajtů: 135 264 632 832
.
- - End Of File - - 127F7BDC3330DA6ADE61D0197546BDFE
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
File::
c:\windows\Tasks\AdobeAAMUpdater-1.0-KULDA-Štěpán Kulík.job
Firefox::
FF - ProfilePath - c:\documents and settings\Štěpán Kulík\Data aplikací\Mozilla\Firefox\Profiles\t2yp0i7v.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=ddrnw
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B77 ... &sap=ku&q=
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Re: Prosím o kontrolu logu
ComboFix 11-11-26.04 - Štěpán Kulík 27.11.2011 13:18:49.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1318 [GMT 1:00]
Spuštěný z: c:\documents and settings\Štěpán Kulík\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Štěpán Kulík\Plocha\CFScript.txt
AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\windows\Tasks\AdobeAAMUpdater-1.0-KULDA-Štěpán Kulík.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-27 do 2011-11-27 )))))))))))))))))))))))))))))))
.
.
2011-11-26 15:28 . 2011-11-26 15:28 -------- d-----w- c:\documents and settings\Štěpán Kulík\Data aplikací\Malwarebytes
2011-11-26 15:28 . 2011-11-26 15:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-11-26 15:28 . 2011-11-26 15:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-26 15:28 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-26 12:22 . 2011-11-26 12:22 388096 ----a-r- c:\documents and settings\Štěpán Kulík\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-26 12:22 . 2011-11-26 12:22 -------- d-----w- c:\program files\Trend Micro
2011-11-24 18:44 . 2011-11-24 18:44 -------- d-----w- c:\program files\THQ
2011-11-11 23:47 . 2011-11-11 23:47 -------- d-----w- c:\documents and settings\Štěpán Kulík\Local Settings\Data aplikací\Skyrim
2011-11-11 23:36 . 2011-11-12 00:45 -------- d-----w- c:\program files\The Elder Scrolls V Skyrim
2011-11-11 18:35 . 2011-11-11 18:35 -------- d-----w- c:\program files\Clownfish
2011-11-11 14:20 . 2011-11-13 13:32 -------- d-----w- c:\program files\Call of Duty- Modern Warfare 3
2011-11-10 18:06 . 2011-11-10 18:06 -------- d-----w- c:\documents and settings\Štěpán Kulík\Data aplikací\AVG Secure Search
2011-11-10 18:06 . 2011-11-10 18:06 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2011-11-10 18:06 . 2011-11-10 18:06 -------- d-----w- c:\program files\AVG Secure Search
2011-11-10 18:05 . 2011-11-10 18:05 -------- d-----w- c:\documents and settings\Štěpán Kulík\Data aplikací\AVG2012
2011-11-10 18:03 . 2011-11-10 18:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG2012
2011-11-04 22:54 . 2011-11-04 22:54 -------- d-----w- c:\documents and settings\tpn Kulk
2011-11-04 22:49 . 2011-10-20 20:21 773080 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll
2011-11-04 20:51 . 2011-11-04 20:51 -------- d-----w- c:\program files\Common Files\Java
2011-11-04 14:27 . 2011-11-04 14:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-11-04 14:06 . 2011-11-04 14:15 -------- d-----w- c:\program files\Mass Effect 2
2011-11-04 13:41 . 2011-11-04 13:41 -------- d-----w- c:\documents and settings\Štěpán Kulík\Data aplikací\Ubisoft
2011-11-04 13:41 . 2011-11-04 13:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Ubisoft
2011-11-04 12:46 . 2011-11-04 12:46 -------- d-----w- c:\program files\CPUID
2011-11-04 12:44 . 2011-11-04 12:44 -------- d-----w- c:\program files\SystemRequirementsLab
2011-11-04 12:44 . 2011-11-04 12:44 -------- d-----w- c:\documents and settings\Štěpán Kulík\SystemRequirementsLab
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-13 19:50 . 2011-05-24 19:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-17 17:48 . 2011-10-17 17:48 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-10-10 14:22 . 2011-04-20 20:22 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 05:23 . 2011-01-07 04:41 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 05:21 . 2011-02-10 05:53 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-10-03 04:06 . 2011-04-20 23:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 01:37 . 2011-04-20 23:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2002-09-23 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2010-03-18 08:09 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2002-09-23 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2002-09-23 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-13 05:30 . 2011-01-19 02:32 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 14:10 . 2002-09-23 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-10-20 20:21 . 2011-04-20 21:39 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-26_20.17.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-26 21:20 . 2011-11-26 21:20 16384 c:\windows\temp\Perflib_Perfdata_644.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-11-10 18:06 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll" [2011-11-10 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"SkyTel"="SkyTel.EXE" [2007-04-04 1822720]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-24 2415456]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-11-10 218464]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Štěpán Kulík\Nabídka Start\Programy\Po spuštění\
CurseClientStartup.ccip [2011-5-8 0]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Štěpán Kulík^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\Štěpán Kulík\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 20:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clownfish]
2011-11-01 08:42 962048 ----a-w- c:\program files\Clownfish\Clownfish.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-08-02 07:33 4910912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2011-10-22 23:31 137536 ----atw- c:\documents and settings\Štěpán Kulík\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-08-04 12:34 1955208 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 08:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-04 16:27 1242448 ----a-w- c:\program files\Steam\steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Valve\\Portal 2\\portal2.exe"=
"c:\\Program Files\\QIP Infium JadrisPack\\qip.exe"=
"c:\\Riot Games\\League of Legends\\lol.launcher.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\VirtualDJ\\virtualdj_pro.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft III\\lancraft.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\crayon physics deluxe\\launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\cogs\\cogs.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\hammerfight\\Hammerfight.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\steelstorm\\steelstorm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\brink\\brink.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Dead Island\\deadislandgame.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.403\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.404\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.440\\Agent.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base19679\\SC2.exe"=
"c:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"c:\\Program Files\\Mass Effect 2\\MassEffect2Launcher.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Documents and Settings\\Štěpán Kulík\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Štěpán Kulík\\Local Settings\\Apps\\2.0\\T5GPC9VM.RKQ\\M3O4D83P.G6A\\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\\CurseClient.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57890:TCP"= 57890:TCP:Pando Media Booster
"57890:UDP"= 57890:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6887:TCP"= 6887:TCP:League of Legends Launcher
"6887:UDP"= 6887:UDP:League of Legends Launcher
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"6941:TCP"= 6941:TCP:League of Legends Launcher
"6941:UDP"= 6941:UDP:League of Legends Launcher
"6911:TCP"= 6911:TCP:League of Legends Launcher
"6911:UDP"= 6911:UDP:League of Legends Launcher
"6975:TCP"= 6975:TCP:League of Legends Launcher
"6975:UDP"= 6975:UDP:League of Legends Launcher
"6990:TCP"= 6990:TCP:League of Legends Launcher
"6990:UDP"= 6990:UDP:League of Legends Launcher
"6966:TCP"= 6966:TCP:League of Legends Launcher
"6966:UDP"= 6966:UDP:League of Legends Launcher
"6943:TCP"= 6943:TCP:League of Legends Launcher
"6943:UDP"= 6943:UDP:League of Legends Launcher
"6938:TCP"= 6938:TCP:League of Legends Launcher
"6938:UDP"= 6938:UDP:League of Legends Launcher
"6959:TCP"= 6959:TCP:League of Legends Launcher
"6959:UDP"= 6959:UDP:League of Legends Launcher
"6881:TCP"= 6881:TCP:League of Legends Launcher
"6881:UDP"= 6881:UDP:League of Legends Launcher
"6924:TCP"= 6924:TCP:League of Legends Launcher
"6924:UDP"= 6924:UDP:League of Legends Launcher
"6886:TCP"= 6886:TCP:League of Legends Launcher
"6886:UDP"= 6886:UDP:League of Legends Launcher
"8398:TCP"= 8398:TCP:League of Legends Launcher
"8398:UDP"= 8398:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
"6936:TCP"= 6936:TCP:League of Legends Launcher
"6936:UDP"= 6936:UDP:League of Legends Launcher
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22.2.2011 7:13 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [19.1.2011 3:32 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.1.2011 5:41 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [10.2.2011 6:54 295248]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [17.10.2011 18:48 232512]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2.8.2011 6:09 192776]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [4.8.2011 13:34 1361288]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [20.4.2011 22:46 2255464]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [10.11.2011 19:06 246624]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [30.3.2011 16:17 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10.2.2011 6:53 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10.2.2011 6:53 16720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12.10.2011 6:25 4433248]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [1.3.2011 20:23 183560]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [21.5.2008 12:42 64000]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 12:37 517096]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [5.8.2011 11:30 268512]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-27 c:\windows\Tasks\AdobeAAMUpdater-1.0-KULDA-Štěpán Kulík.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-04-30 15:57]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://seznam.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Štěpán Kulík\Data aplikací\Mozilla\Firefox\Profiles\t2yp0i7v.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-27 13:26
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1936)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-11-27 13:27:25
ComboFix-quarantined-files.txt 2011-11-27 12:27
ComboFix2.txt 2011-11-26 21:24
ComboFix3.txt 2011-11-26 20:18
.
Před spuštěním: Volných bajtů: 133 611 491 328
Po spuštění: Volných bajtů: 133 598 609 408
.
- - End Of File - - F828483E186B7CFE5DF6DA469A007DB4
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1318 [GMT 1:00]
Spuštěný z: c:\documents and settings\Štěpán Kulík\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Štěpán Kulík\Plocha\CFScript.txt
AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\windows\Tasks\AdobeAAMUpdater-1.0-KULDA-Štěpán Kulík.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-27 do 2011-11-27 )))))))))))))))))))))))))))))))
.
.
2011-11-26 15:28 . 2011-11-26 15:28 -------- d-----w- c:\documents and settings\Štěpán Kulík\Data aplikací\Malwarebytes
2011-11-26 15:28 . 2011-11-26 15:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-11-26 15:28 . 2011-11-26 15:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-26 15:28 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-26 12:22 . 2011-11-26 12:22 388096 ----a-r- c:\documents and settings\Štěpán Kulík\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-26 12:22 . 2011-11-26 12:22 -------- d-----w- c:\program files\Trend Micro
2011-11-24 18:44 . 2011-11-24 18:44 -------- d-----w- c:\program files\THQ
2011-11-11 23:47 . 2011-11-11 23:47 -------- d-----w- c:\documents and settings\Štěpán Kulík\Local Settings\Data aplikací\Skyrim
2011-11-11 23:36 . 2011-11-12 00:45 -------- d-----w- c:\program files\The Elder Scrolls V Skyrim
2011-11-11 18:35 . 2011-11-11 18:35 -------- d-----w- c:\program files\Clownfish
2011-11-11 14:20 . 2011-11-13 13:32 -------- d-----w- c:\program files\Call of Duty- Modern Warfare 3
2011-11-10 18:06 . 2011-11-10 18:06 -------- d-----w- c:\documents and settings\Štěpán Kulík\Data aplikací\AVG Secure Search
2011-11-10 18:06 . 2011-11-10 18:06 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2011-11-10 18:06 . 2011-11-10 18:06 -------- d-----w- c:\program files\AVG Secure Search
2011-11-10 18:05 . 2011-11-10 18:05 -------- d-----w- c:\documents and settings\Štěpán Kulík\Data aplikací\AVG2012
2011-11-10 18:03 . 2011-11-10 18:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG2012
2011-11-04 22:54 . 2011-11-04 22:54 -------- d-----w- c:\documents and settings\tpn Kulk
2011-11-04 22:49 . 2011-10-20 20:21 773080 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll
2011-11-04 20:51 . 2011-11-04 20:51 -------- d-----w- c:\program files\Common Files\Java
2011-11-04 14:27 . 2011-11-04 14:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-11-04 14:06 . 2011-11-04 14:15 -------- d-----w- c:\program files\Mass Effect 2
2011-11-04 13:41 . 2011-11-04 13:41 -------- d-----w- c:\documents and settings\Štěpán Kulík\Data aplikací\Ubisoft
2011-11-04 13:41 . 2011-11-04 13:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Ubisoft
2011-11-04 12:46 . 2011-11-04 12:46 -------- d-----w- c:\program files\CPUID
2011-11-04 12:44 . 2011-11-04 12:44 -------- d-----w- c:\program files\SystemRequirementsLab
2011-11-04 12:44 . 2011-11-04 12:44 -------- d-----w- c:\documents and settings\Štěpán Kulík\SystemRequirementsLab
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-13 19:50 . 2011-05-24 19:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-17 17:48 . 2011-10-17 17:48 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-10-10 14:22 . 2011-04-20 20:22 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 05:23 . 2011-01-07 04:41 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 05:21 . 2011-02-10 05:53 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-10-03 04:06 . 2011-04-20 23:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 01:37 . 2011-04-20 23:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2002-09-23 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2010-03-18 08:09 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2002-09-23 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2002-09-23 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-13 05:30 . 2011-01-19 02:32 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 14:10 . 2002-09-23 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-10-20 20:21 . 2011-04-20 21:39 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-26_20.17.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-26 21:20 . 2011-11-26 21:20 16384 c:\windows\temp\Perflib_Perfdata_644.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-11-10 18:06 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll" [2011-11-10 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"SkyTel"="SkyTel.EXE" [2007-04-04 1822720]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-24 2415456]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-11-10 218464]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Štěpán Kulík\Nabídka Start\Programy\Po spuštění\
CurseClientStartup.ccip [2011-5-8 0]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Štěpán Kulík^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\Štěpán Kulík\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 20:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clownfish]
2011-11-01 08:42 962048 ----a-w- c:\program files\Clownfish\Clownfish.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-08-02 07:33 4910912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2011-10-22 23:31 137536 ----atw- c:\documents and settings\Štěpán Kulík\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-08-04 12:34 1955208 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 08:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-04 16:27 1242448 ----a-w- c:\program files\Steam\steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Valve\\Portal 2\\portal2.exe"=
"c:\\Program Files\\QIP Infium JadrisPack\\qip.exe"=
"c:\\Riot Games\\League of Legends\\lol.launcher.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\VirtualDJ\\virtualdj_pro.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft III\\lancraft.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\crayon physics deluxe\\launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\cogs\\cogs.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\hammerfight\\Hammerfight.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\steelstorm\\steelstorm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\brink\\brink.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Dead Island\\deadislandgame.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.403\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.404\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.440\\Agent.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base19679\\SC2.exe"=
"c:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"c:\\Program Files\\Mass Effect 2\\MassEffect2Launcher.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Documents and Settings\\Štěpán Kulík\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Štěpán Kulík\\Local Settings\\Apps\\2.0\\T5GPC9VM.RKQ\\M3O4D83P.G6A\\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\\CurseClient.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57890:TCP"= 57890:TCP:Pando Media Booster
"57890:UDP"= 57890:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6887:TCP"= 6887:TCP:League of Legends Launcher
"6887:UDP"= 6887:UDP:League of Legends Launcher
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"6941:TCP"= 6941:TCP:League of Legends Launcher
"6941:UDP"= 6941:UDP:League of Legends Launcher
"6911:TCP"= 6911:TCP:League of Legends Launcher
"6911:UDP"= 6911:UDP:League of Legends Launcher
"6975:TCP"= 6975:TCP:League of Legends Launcher
"6975:UDP"= 6975:UDP:League of Legends Launcher
"6990:TCP"= 6990:TCP:League of Legends Launcher
"6990:UDP"= 6990:UDP:League of Legends Launcher
"6966:TCP"= 6966:TCP:League of Legends Launcher
"6966:UDP"= 6966:UDP:League of Legends Launcher
"6943:TCP"= 6943:TCP:League of Legends Launcher
"6943:UDP"= 6943:UDP:League of Legends Launcher
"6938:TCP"= 6938:TCP:League of Legends Launcher
"6938:UDP"= 6938:UDP:League of Legends Launcher
"6959:TCP"= 6959:TCP:League of Legends Launcher
"6959:UDP"= 6959:UDP:League of Legends Launcher
"6881:TCP"= 6881:TCP:League of Legends Launcher
"6881:UDP"= 6881:UDP:League of Legends Launcher
"6924:TCP"= 6924:TCP:League of Legends Launcher
"6924:UDP"= 6924:UDP:League of Legends Launcher
"6886:TCP"= 6886:TCP:League of Legends Launcher
"6886:UDP"= 6886:UDP:League of Legends Launcher
"8398:TCP"= 8398:TCP:League of Legends Launcher
"8398:UDP"= 8398:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
"6936:TCP"= 6936:TCP:League of Legends Launcher
"6936:UDP"= 6936:UDP:League of Legends Launcher
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22.2.2011 7:13 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [19.1.2011 3:32 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.1.2011 5:41 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [10.2.2011 6:54 295248]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [17.10.2011 18:48 232512]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2.8.2011 6:09 192776]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [4.8.2011 13:34 1361288]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [20.4.2011 22:46 2255464]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [10.11.2011 19:06 246624]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [30.3.2011 16:17 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10.2.2011 6:53 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10.2.2011 6:53 16720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12.10.2011 6:25 4433248]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [1.3.2011 20:23 183560]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [21.5.2008 12:42 64000]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 12:37 517096]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [5.8.2011 11:30 268512]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-27 c:\windows\Tasks\AdobeAAMUpdater-1.0-KULDA-Štěpán Kulík.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-04-30 15:57]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://seznam.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Štěpán Kulík\Data aplikací\Mozilla\Firefox\Profiles\t2yp0i7v.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-27 13:26
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1936)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-11-27 13:27:25
ComboFix-quarantined-files.txt 2011-11-27 12:27
ComboFix2.txt 2011-11-26 21:24
ComboFix3.txt 2011-11-26 20:18
.
Před spuštěním: Volných bajtů: 133 611 491 328
Po spuštění: Volných bajtů: 133 598 609 408
.
- - End Of File - - F828483E186B7CFE5DF6DA469A007DB4
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials
+ Nový log z HJT
Jak se chová PC?
Start-Spustit a zadej ComboFix /Uninstall
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials
+ Nový log z HJT
Jak se chová PC?
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 79 hostů