Jo jo v nozáku to šlo.
ComboFix 13-06-18.02 - bohouš 19.06.2013 22:23:04.19.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1504 [GMT 2:00]
Spuštěný z: G:\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\regedit.com
c:\windows\system32\muzapp.exe
c:\windows\system32\taskmgr.com
c:\windows\wininit.ini
D:\install.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-05-19 do 2013-06-19 )))))))))))))))))))))))))))))))
.
.
2013-06-19 20:08 . 2013-06-19 20:08 -------- d-----w- c:\windows\system32\wbem\Repository
2013-06-18 06:33 . 2013-06-18 06:32 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-17 20:17 . 2013-05-21 13:31 1167152 ----a-w- c:\windows\system32\dmwu.exe
2013-06-17 19:57 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-17 15:27 . 2013-06-19 20:10 -------- d-----w- c:\documents and settings\Administrator
2013-06-03 07:52 . 2013-06-03 12:48 -------- d-----w- c:\windows\system32\jmdp
2013-06-03 07:52 . 2013-06-03 07:52 -------- d-----w- c:\windows\system32\ARFC
2013-06-03 07:52 . 2013-02-05 07:25 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-06-03 07:52 . 2013-05-21 13:28 27136 ----a-w- c:\windows\system32\ImHttpComm.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-18 06:32 . 2007-04-11 09:07 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-18 06:32 . 2013-01-14 09:40 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-18 06:32 . 2010-06-27 18:39 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-12 17:27 . 2012-03-30 06:41 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 17:27 . 2011-06-16 09:46 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-07 22:27 . 2004-08-17 15:49 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:27 . 2004-08-17 15:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-05-07 22:27 . 2004-08-17 15:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-07 21:53 . 2004-08-17 15:44 385024 ----a-w- c:\windows\system32\html.iec
2013-05-03 05:38 . 2004-08-17 15:45 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-03 05:38 . 2004-08-17 15:45 2151936 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-02 15:28 . 2010-02-19 08:06 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-14 14:43 . 2013-04-14 14:43 249856 ------w- c:\windows\Setup1.exe
2013-04-14 14:43 . 2013-04-14 14:43 73216 ----a-w- c:\windows\ST6UNST.EXE
2013-04-12 14:01 . 2004-08-17 15:44 1876352 ----a-w- c:\windows\system32\win32k.sys
2010-02-15 13:48 . 2010-02-15 13:43 26665984 ------w- c:\program files\AdbeRdr930_cs_CZ.exe
2010-02-15 13:41 . 2010-02-15 13:41 1697792 ----a-w- c:\program files\AdbeRdrUpd913_all_incr.msp
2010-01-18 13:54 . 2010-01-18 13:51 77003400 ------w- c:\program files\BusinessCardsMX-setup.exe
2009-08-28 20:17 . 2009-08-28 20:17 1410632 ----a-w- c:\program files\setup_dm_paradies_foto_2.exe
2008-08-05 13:37 . 2008-08-05 13:30 6104632 ----a-w- c:\program files\picasaweb-current-setup.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2012-07-02 2498048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-01 1313672]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\360Amigo
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Volume2
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 07:52 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeMouse ]
2004-06-27 13:38 503808 ----a-w- c:\program files\Mouse Driver\MouseDrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2011-08-01 13:56 1821576 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicKey]
2004-03-15 12:27 45056 ----a-w- c:\progra~1\MEDIAK~1\MagicKey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2012-01-20 20:03 719672 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 14:28 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-10 22:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"d:\\Plánovače\\čištění\\solutoinstaller.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\GoforFiles\\goforfilesdl.exe"=
"c:\\Program Files\\GoforFiles\\GoforFiles.exe"=
"c:\\Documents and Settings\\bohouš\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\dmwu.exe"=
"c:\\WINDOWS\\system32\\ARFC\\wrtc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [12.6.2011 9:48 45288]
S1 AmgHips;AmgHips;c:\windows\system32\drivers\AmgHips.sys [2.3.2012 12:03 25248]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [31.3.2012 19:40 238952]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 13:28 160944]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [30.3.2012 17:33 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [30.3.2012 17:33 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [30.3.2012 17:33 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [30.3.2012 17:33 25088]
S3 cpuz135;cpuz135; [x]
S3 cpuz136;cpuz136;\??\c:\windows\TEMP\cpuz136\cpuz136_x32.sys --> c:\windows\TEMP\cpuz136\cpuz136_x32.sys [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [31.3.2012 20:13 80184]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [3.1.2011 11:22 36608]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [26.10.2012 9:53 12400]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\MTK.SYS [28.3.2007 10:33 15670]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [26.4.2010 9:40 32377]
S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [26.10.2012 9:46 155824]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [31.3.2012 20:13 181432]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 17:27]
.
2013-06-19 c:\windows\Tasks\GoforFilesUpdate.job
- c:\program files\GoforFiles\GFFUpdater.exe [2013-03-20 16:36]
.
2013-06-19 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 10:11]
.
2013-06-19 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 10:11]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{5786d022-540e-4699-b350-b4be0ae94b79} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-19 22:33
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\]*‘|đÁ]
"DisplayName"="?\11???"
"DeviceDesc"="?\11???"
"ProviderName"=""
"MFG"="????"
"DeviceInstanceIds"=multi:"\0c\00"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\]*‘|xć]
"DisplayName"="?\11???"
"DeviceDesc"="?\11???"
"ProviderName"=""
"MFG"="????"
"DeviceInstanceIds"=multi:"\0c\00"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="831FD2BA74BED7515319D005B16CF02B9EA742E997C8CF4CA467D8C721205F11F34E445F31544F5B0C4F4DE55C8A9B76D006532DFADEEC7947778B4B1BA843C6A75D95E7AFD6F094BE8A640721CF69079BD0EBEF216D5F5D94882C9D53FD2DA8119882C3C6DF9198B2174CDCBE27BE553DF661D0CACF38EADCCB5026B00A7A41B48E7A44A00D7A2B418574C243FCF17B822B3C548E667A3384B3BCB16E3E7DBCAC15211DBEFBEBB058ABFC7715434D384F62BCE154111EF005F6ECEF9A8BF86BA5C3CD68F4D495B4FBA2389CECEF11EE1C5751445C39107E68100FF518EC294360768CA56ABD9EE3C047B03957FB6E26F2FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB3452C038D530D6EB3452FEBC9E127BECC74CBC313EC0B2BD5CE4686776EF5BF52F53E875B0D4C0AB6D94C6C71D740DB2C6BA69B972D146D054A0B7B780B3F6CD7ED5C63854BBE5535961957866CFD914AE506319655572CCF99882FB7D368E8B8BC652FD443AC1D3B180B27727325902F0551E13ECEAF610D15CBFF34CFBB41BB6A9222309DA58C6CC89F45DAC4922E2FE94D220C285996C868D2593AEDC7DDA8395113A0FFA3137A62976F82E984A8D6B70FBEA046F2329E563B2044C07041D9737BD09A4CB56255F9F184EC1756D51F1DE5BD33241DEFE61A6A8A22E7A642A3F4C09877C545586BC40FA92650DAB6E6DE6F4ECB2EC9E1C11380BFE438CC1BBE62899E4306CC141A374073079DB2998DF298FFECE36B5A3AB07A45E5FE54002A4B3DA0239C232B1A238694642B58CFA6E543904B4B27E2A919B02B736820B9FAD68787477D94229671C8EA766C18231E0AE40AD7451543AC210F339E3B44FABDCD6E506AD078E6A4744AA59747A394DA4113A5E054F18D267119043E69F3E30B121593305F2BB2D39E735175CAD65D34969FDACBDC1AF644763AFE8A0BC8E2D4EFECD2E089DEE9FDA55E8CF7200BFBC863829665E8F82D5D0DA6F74D8D8781679BC7F5DA657D35F6AEA4525EE66817633149B8906F57D811763306238943A511FB772D8B2C518814C1E0C6EEEAC6BE14E24F7493C0490B4CE7B98E04F65953ACDE4EAEF64636F8E887647B471F14153F5A7A88E699CB1B1523390D60F13509FB7CAF42257FC9080CA10BFB85B274B1570EDD7F3D978582E1FB3455C4EBAB344B4045E268BB535CAE21C05EAF516546226DE7648412382D4D735A7BD47CD0EDEBFC138E4E2829C4E45DFEA736C562C6DA571B810B3FB2FC341866E7B1810B01CF6C5587CA52D0964093187ABCFD826DB9D351783AA38E40DC78A90C9C31BF0991E67DB3E80D3C159EA7CB62215DF1BC4E449CC0D835D2BB4F5B74D11305B29E99A921D2F01E710EB4A44981A1401E537F1"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(316)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2013-06-19 22:36:31
ComboFix-quarantined-files.txt 2013-06-19 20:36
ComboFix2.txt 2013-06-19 20:05
.
Před spuštěním: 4 577 398 784
Po spuštění: 4 556 337 152
.
- - End Of File - - 223A56B1840A3FD98AEDB9EDCA13C614
413FC2A0C716421B3158746D63736515
Prosím o kontrolu logu Vyřešeno
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Zkopíruj do něj následující celý text označený zeleně:
Kód: Vybrat vše
Folder::
c:\program files\Skype\Updater
Driver::
SkypeUpdate
dgderdrv
esgiguard
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
Max583
- Level 2.5
- Příspěvky: 289
- Registrován: červen 10
- Bydliště: Most
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Prosím o kontrolu logu
Jsem stále u stejného problému. V normálním režimu mi ComboFix žádný log nedělá. A v nouzáku nevím jak přetáhnout CSF na Combo. Tam mi ti nejde.
-
Max583
- Level 2.5
- Příspěvky: 289
- Registrován: červen 10
- Bydliště: Most
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Prosím o kontrolu logu
Konečně se mi ti povedlo ale v nouzáku:
ComboFix 13-06-18.02 - Administrator 21.06.2013 13:25:22.22.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1632 [GMT 2:00]
Spuštěný z: G:\ComboFix.exe
Použité ovládací přepínače :: G:\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.dll
c:\program files\Skype\Updater\Updater.exe
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DGDERDRV
-------\Legacy_ESGIGUARD
-------\Legacy_SKYPEUPDATE
-------\Service_dgderdrv
-------\Service_esgiguard
-------\Service_SkypeUpdate
((((((((((((((((((((((((( Soubory vytvořené od 2013-05-21 do 2013-06-21 )))))))))))))))))))))))))))))))
2013-06-21 08:18:00 . 2013-06-12 04:18:07 7068072 ----a-w- C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{EF4FE0E0-7961-4AB7-A83D-FE3FCD09640E}\mpengine.dll
2013-06-19 20:52:09 . 2013-06-12 04:18:07 7068072 ----a-w- C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-19 20:08:55 . 2013-06-19 20:08:55 -------- d-----w- C:\WINDOWS\system32\wbem\Repository
2013-06-18 06:37:47 . 2013-06-18 06:37:49 388096 ----a-r- C:\Documents and Settings\bohouš\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-06-18 06:33:00 . 2013-06-18 06:32:48 94112 ----a-w- C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-06-17 20:17:46 . 2013-05-21 13:31:12 1167152 ----a-w- C:\WINDOWS\system32\dmwu.exe
2013-06-17 19:57:32 . 2013-04-04 12:50:32 22856 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2013-06-17 15:27:09 . 2013-06-21 08:43:21 -------- d-----w- C:\Documents and Settings\Administrator
2013-06-03 07:52:57 . 2013-06-03 12:48:41 -------- d-----w- C:\WINDOWS\system32\jmdp
2013-06-03 07:52:57 . 2013-06-03 07:52:57 -------- d-----w- C:\WINDOWS\system32\ARFC
2013-06-03 07:52:51 . 2013-02-05 07:25:04 479232 ----a-w- C:\WINDOWS\system32\msvcm80.dll
2013-06-03 07:52:45 . 2013-05-21 13:28:38 27136 ----a-w- C:\WINDOWS\system32\ImHttpComm.dll
2013-05-29 13:23:01 . 2013-05-29 13:23:01 -------- d-----w- C:\Documents and Settings\LocalService\Nabídka Start
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
2013-06-18 06:32:42 . 2007-04-11 09:07:57 144896 ----a-w- C:\WINDOWS\system32\javacpl.cpl
2013-06-18 06:32:41 . 2013-01-14 09:40:33 866720 ----a-w- C:\WINDOWS\system32\npDeployJava1.dll
2013-06-18 06:32:40 . 2010-06-27 18:39:08 788896 ----a-w- C:\WINDOWS\system32\deployJava1.dll
2013-06-12 17:27:51 . 2012-03-30 06:41:31 692104 ----a-w- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-06-12 17:27:51 . 2011-06-16 09:46:39 71048 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-05-07 22:27:16 . 2004-08-17 15:49:22 920064 ----a-w- C:\WINDOWS\system32\wininet.dll
2013-05-07 22:27:15 . 2004-08-17 15:49:30 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl
2013-05-07 22:27:15 . 2004-08-17 15:49:10 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll
2013-05-07 21:53:29 . 2004-08-17 15:44:08 385024 ----a-w- C:\WINDOWS\system32\html.iec
2013-05-03 05:38:58 . 2004-08-17 15:45:32 2030592 ----a-w- C:\WINDOWS\system32\ntkrnlpa.exe
2013-05-03 05:38:58 . 2004-08-17 15:45:30 2151936 ----a-w- C:\WINDOWS\system32\ntoskrnl.exe
2013-05-02 15:28:50 . 2010-02-19 08:06:50 238872 ------w- C:\WINDOWS\system32\MpSigStub.exe
2013-04-14 14:43:46 . 2013-04-14 14:43:45 249856 ------w- C:\WINDOWS\Setup1.exe
2013-04-14 14:43:45 . 2013-04-14 14:43:44 73216 ----a-w- C:\WINDOWS\ST6UNST.EXE
2013-04-12 14:01:40 . 2004-08-17 15:44:44 1876352 ----a-w- C:\WINDOWS\system32\win32k.sys
2010-02-15 13:48:39 . 2010-02-15 13:43:09 26665984 ------w- C:\Program Files\AdbeRdr930_cs_CZ.exe
2010-02-15 13:41:49 . 2010-02-15 13:41:48 1697792 ----a-w- C:\Program Files\AdbeRdrUpd913_all_incr.msp
2010-01-18 13:54:27 . 2010-01-18 13:51:59 77003400 ------w- C:\Program Files\BusinessCardsMX-setup.exe
2009-08-28 20:17:47 . 2009-08-28 20:17:46 1410632 ----a-w- C:\Program Files\setup_dm_paradies_foto_2.exe
2008-08-05 13:37:27 . 2008-08-05 13:30:06 6104632 ----a-w- C:\Program Files\picasaweb-current-setup.exe
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 11:58:52 495616]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2012-07-02 07:11:14 2498048]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 15:24:40 86016]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 13:56:42 1821576]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2011-08-01 13:57:34 1313672]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28:22 577536]
"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe" [2013-01-27 10:11:06 947152]
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 13:54:26 91520]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 21:06:36 958576]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 05:32:50 253816]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 07:52:18 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\WINDOWS\system32\logonui.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54:26 91520 ----a-w- C:\Program Files\Microsoft Office\Office14\BCSSync.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 07:52:56 110592 ----a-w- C:\WINDOWS\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeMouse ]
2004-06-27 13:38:58 503808 ----a-w- C:\Program Files\Mouse Driver\MouseDrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2011-08-01 13:56:42 1821576 ----a-w- c:\Program Files\Microsoft IntelliPoint\ipoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicKey]
2004-03-15 12:27:24 45056 ----a-w- C:\PROGRA~1\MEDIAK~1\MagicKey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2012-01-20 20:03:48 719672 ----a-w- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 14:28:22 577536 ----a-w- C:\WINDOWS\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-10 22:32:54 61440 ----a-w- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Opera\\opera.exe"=
"C:\\Program Files\\ICQ7.2\\ICQ.exe"=
"C:\\Program Files\\ICQ7.2\\aolload.exe"=
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"D:\\Plánovače\\čištění\\solutoinstaller.exe"=
"C:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\msiexec.exe"=
"C:\\Program Files\\GoforFiles\\goforfilesdl.exe"=
"C:\\Program Files\\GoforFiles\\GoforFiles.exe"=
"C:\\Documents and Settings\\bohouš\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"C:\\WINDOWS\\system32\\dmwu.exe"=
"C:\\WINDOWS\\system32\\ARFC\\wrtc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 AmgHips;AmgHips;C:\WINDOWS\system32\drivers\AmgHips.sys [2.3.2012 12:03:26 25248]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [31.3.2012 19:40:54 238952]
R3 dc3d;MS Hardware Device Detection Driver;C:\WINDOWS\system32\drivers\dc3d.sys [12.6.2011 9:48:48 45288]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [3.1.2011 11:22:09 36608]
S3 Andbus;LGE Android Platform Composite USB Device;C:\WINDOWS\system32\drivers\lgandbus.sys [30.3.2012 17:33:07 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\WINDOWS\system32\drivers\lganddiag.sys [30.3.2012 17:33:08 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\WINDOWS\system32\drivers\lgandgps.sys [30.3.2012 17:33:08 20096]
S3 ANDModem;LGE Android Platform USB Modem;C:\WINDOWS\system32\drivers\lgandmodem.sys [30.3.2012 17:33:09 25088]
S3 cpuz135;cpuz135; [x]
S3 cpuz136;cpuz136;\??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x32.sys --> C:\WINDOWS\TEMP\cpuz136\cpuz136_x32.sys [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\system32\drivers\ssudbus.sys [31.3.2012 20:13:20 80184]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\drivers\ggflt.sys [26.10.2012 9:53:26 12400]
S3 MTK;Media Technology Kernel Driver;C:\WINDOWS\system32\drivers\MTK.SYS [28.3.2007 10:33:44 15670]
S3 PRODIGY;PRODIGY;C:\WINDOWS\system32\drivers\prodigy.sys [26.4.2010 9:40:27 32377]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files\Sony\Sony PC Companion\PCCService.exe [26.10.2012 9:46:37 155824]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\system32\drivers\ssudmdm.sys [31.3.2012 20:13:20 181432]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - FSUSBEXDISK
Obsah adresáře 'Naplánované úlohy'
2013-06-21 C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 06:41:31 . 2013-06-12 17:27:52]
2013-06-21 C:\WINDOWS\Tasks\GoforFilesUpdate.job
- C:\Program Files\GoforFiles\GFFUpdater.exe [2013-03-20 16:34:02 . 2013-03-20 16:36:45]
2013-06-21 C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
- C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 10:11:46 . 2013-01-27 10:11:46]
2013-06-21 C:\WINDOWS\Tasks\MpIdleTask.job
- C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 10:11:46 . 2013-01-27 10:11:46]
------- Doplňkový sken -------
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - C:\WINDOWS\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:55:30, on 21.6.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\ctfmon.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: FastestTube BHO - {3E532CE8-C6D9-4A10-8ACE-4348C96E8B6A} - C:\Program Files\FastestTube\1.3.7\WombatBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/CZ/Core/ ... _Win32.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/BOHOU~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
--
End of file - 6930 bytes
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-21 13:57:03
-----------------------------
13:57:03.640 OS Version: Windows 5.1.2600 Service Pack 3
13:57:03.640 Number of processors: 2 586 0x409
13:57:03.640 ComputerName: BOHOU-040C629BC UserName: bohouš
13:57:04.234 Initialize success
13:57:09.843 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3
13:57:09.843 Disk 0 Vendor: ST340014A 3.06 Size: 38165MB BusType: 3
13:57:09.843 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-e
13:57:09.843 Disk 1 Vendor: WDC_WD5000AVDS-63U7B1 01.00A01 Size: 476940MB BusType: 3
13:57:10.171 Disk 0 MBR read successfully
13:57:10.187 Disk 0 MBR scan
13:57:10.187 Disk 0 Windows XP default MBR code
13:57:10.203 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38162 MB offset 63
13:57:10.234 Disk 0 scanning sectors +78156225
13:57:10.671 Disk 0 scanning C:\WINDOWS\system32\drivers
13:57:36.593 Service scanning
13:58:01.234 Modules scanning
13:58:24.109 Disk 0 trace - called modules:
13:58:24.125 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
13:58:24.140 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6ab4e8]
13:58:24.140 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000066[0x8a650510]
13:58:24.140 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-3[0x8a6a7940]
13:58:24.140 Scan finished successfully
13:58:43.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\bohouš\Plocha\MBR.dat"
13:58:43.984 The log file has been saved successfully to "C:\Documents and Settings\bohouš\Plocha\aswMBR.txt"
ComboFix 13-06-18.02 - Administrator 21.06.2013 13:25:22.22.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1632 [GMT 2:00]
Spuštěný z: G:\ComboFix.exe
Použité ovládací přepínače :: G:\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.dll
c:\program files\Skype\Updater\Updater.exe
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DGDERDRV
-------\Legacy_ESGIGUARD
-------\Legacy_SKYPEUPDATE
-------\Service_dgderdrv
-------\Service_esgiguard
-------\Service_SkypeUpdate
((((((((((((((((((((((((( Soubory vytvořené od 2013-05-21 do 2013-06-21 )))))))))))))))))))))))))))))))
2013-06-21 08:18:00 . 2013-06-12 04:18:07 7068072 ----a-w- C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{EF4FE0E0-7961-4AB7-A83D-FE3FCD09640E}\mpengine.dll
2013-06-19 20:52:09 . 2013-06-12 04:18:07 7068072 ----a-w- C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-19 20:08:55 . 2013-06-19 20:08:55 -------- d-----w- C:\WINDOWS\system32\wbem\Repository
2013-06-18 06:37:47 . 2013-06-18 06:37:49 388096 ----a-r- C:\Documents and Settings\bohouš\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-06-18 06:33:00 . 2013-06-18 06:32:48 94112 ----a-w- C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-06-17 20:17:46 . 2013-05-21 13:31:12 1167152 ----a-w- C:\WINDOWS\system32\dmwu.exe
2013-06-17 19:57:32 . 2013-04-04 12:50:32 22856 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2013-06-17 15:27:09 . 2013-06-21 08:43:21 -------- d-----w- C:\Documents and Settings\Administrator
2013-06-03 07:52:57 . 2013-06-03 12:48:41 -------- d-----w- C:\WINDOWS\system32\jmdp
2013-06-03 07:52:57 . 2013-06-03 07:52:57 -------- d-----w- C:\WINDOWS\system32\ARFC
2013-06-03 07:52:51 . 2013-02-05 07:25:04 479232 ----a-w- C:\WINDOWS\system32\msvcm80.dll
2013-06-03 07:52:45 . 2013-05-21 13:28:38 27136 ----a-w- C:\WINDOWS\system32\ImHttpComm.dll
2013-05-29 13:23:01 . 2013-05-29 13:23:01 -------- d-----w- C:\Documents and Settings\LocalService\Nabídka Start
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
2013-06-18 06:32:42 . 2007-04-11 09:07:57 144896 ----a-w- C:\WINDOWS\system32\javacpl.cpl
2013-06-18 06:32:41 . 2013-01-14 09:40:33 866720 ----a-w- C:\WINDOWS\system32\npDeployJava1.dll
2013-06-18 06:32:40 . 2010-06-27 18:39:08 788896 ----a-w- C:\WINDOWS\system32\deployJava1.dll
2013-06-12 17:27:51 . 2012-03-30 06:41:31 692104 ----a-w- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-06-12 17:27:51 . 2011-06-16 09:46:39 71048 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-05-07 22:27:16 . 2004-08-17 15:49:22 920064 ----a-w- C:\WINDOWS\system32\wininet.dll
2013-05-07 22:27:15 . 2004-08-17 15:49:30 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl
2013-05-07 22:27:15 . 2004-08-17 15:49:10 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll
2013-05-07 21:53:29 . 2004-08-17 15:44:08 385024 ----a-w- C:\WINDOWS\system32\html.iec
2013-05-03 05:38:58 . 2004-08-17 15:45:32 2030592 ----a-w- C:\WINDOWS\system32\ntkrnlpa.exe
2013-05-03 05:38:58 . 2004-08-17 15:45:30 2151936 ----a-w- C:\WINDOWS\system32\ntoskrnl.exe
2013-05-02 15:28:50 . 2010-02-19 08:06:50 238872 ------w- C:\WINDOWS\system32\MpSigStub.exe
2013-04-14 14:43:46 . 2013-04-14 14:43:45 249856 ------w- C:\WINDOWS\Setup1.exe
2013-04-14 14:43:45 . 2013-04-14 14:43:44 73216 ----a-w- C:\WINDOWS\ST6UNST.EXE
2013-04-12 14:01:40 . 2004-08-17 15:44:44 1876352 ----a-w- C:\WINDOWS\system32\win32k.sys
2010-02-15 13:48:39 . 2010-02-15 13:43:09 26665984 ------w- C:\Program Files\AdbeRdr930_cs_CZ.exe
2010-02-15 13:41:49 . 2010-02-15 13:41:48 1697792 ----a-w- C:\Program Files\AdbeRdrUpd913_all_incr.msp
2010-01-18 13:54:27 . 2010-01-18 13:51:59 77003400 ------w- C:\Program Files\BusinessCardsMX-setup.exe
2009-08-28 20:17:47 . 2009-08-28 20:17:46 1410632 ----a-w- C:\Program Files\setup_dm_paradies_foto_2.exe
2008-08-05 13:37:27 . 2008-08-05 13:30:06 6104632 ----a-w- C:\Program Files\picasaweb-current-setup.exe
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 11:58:52 495616]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2012-07-02 07:11:14 2498048]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 15:24:40 86016]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 13:56:42 1821576]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2011-08-01 13:57:34 1313672]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28:22 577536]
"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe" [2013-01-27 10:11:06 947152]
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 13:54:26 91520]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 21:06:36 958576]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 05:32:50 253816]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 07:52:18 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\WINDOWS\system32\logonui.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54:26 91520 ----a-w- C:\Program Files\Microsoft Office\Office14\BCSSync.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 07:52:56 110592 ----a-w- C:\WINDOWS\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeMouse ]
2004-06-27 13:38:58 503808 ----a-w- C:\Program Files\Mouse Driver\MouseDrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2011-08-01 13:56:42 1821576 ----a-w- c:\Program Files\Microsoft IntelliPoint\ipoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicKey]
2004-03-15 12:27:24 45056 ----a-w- C:\PROGRA~1\MEDIAK~1\MagicKey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2012-01-20 20:03:48 719672 ----a-w- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 14:28:22 577536 ----a-w- C:\WINDOWS\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-10 22:32:54 61440 ----a-w- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Opera\\opera.exe"=
"C:\\Program Files\\ICQ7.2\\ICQ.exe"=
"C:\\Program Files\\ICQ7.2\\aolload.exe"=
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"D:\\Plánovače\\čištění\\solutoinstaller.exe"=
"C:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\msiexec.exe"=
"C:\\Program Files\\GoforFiles\\goforfilesdl.exe"=
"C:\\Program Files\\GoforFiles\\GoforFiles.exe"=
"C:\\Documents and Settings\\bohouš\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"C:\\WINDOWS\\system32\\dmwu.exe"=
"C:\\WINDOWS\\system32\\ARFC\\wrtc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 AmgHips;AmgHips;C:\WINDOWS\system32\drivers\AmgHips.sys [2.3.2012 12:03:26 25248]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [31.3.2012 19:40:54 238952]
R3 dc3d;MS Hardware Device Detection Driver;C:\WINDOWS\system32\drivers\dc3d.sys [12.6.2011 9:48:48 45288]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [3.1.2011 11:22:09 36608]
S3 Andbus;LGE Android Platform Composite USB Device;C:\WINDOWS\system32\drivers\lgandbus.sys [30.3.2012 17:33:07 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\WINDOWS\system32\drivers\lganddiag.sys [30.3.2012 17:33:08 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\WINDOWS\system32\drivers\lgandgps.sys [30.3.2012 17:33:08 20096]
S3 ANDModem;LGE Android Platform USB Modem;C:\WINDOWS\system32\drivers\lgandmodem.sys [30.3.2012 17:33:09 25088]
S3 cpuz135;cpuz135; [x]
S3 cpuz136;cpuz136;\??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x32.sys --> C:\WINDOWS\TEMP\cpuz136\cpuz136_x32.sys [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\system32\drivers\ssudbus.sys [31.3.2012 20:13:20 80184]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\drivers\ggflt.sys [26.10.2012 9:53:26 12400]
S3 MTK;Media Technology Kernel Driver;C:\WINDOWS\system32\drivers\MTK.SYS [28.3.2007 10:33:44 15670]
S3 PRODIGY;PRODIGY;C:\WINDOWS\system32\drivers\prodigy.sys [26.4.2010 9:40:27 32377]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files\Sony\Sony PC Companion\PCCService.exe [26.10.2012 9:46:37 155824]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\system32\drivers\ssudmdm.sys [31.3.2012 20:13:20 181432]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - FSUSBEXDISK
Obsah adresáře 'Naplánované úlohy'
2013-06-21 C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 06:41:31 . 2013-06-12 17:27:52]
2013-06-21 C:\WINDOWS\Tasks\GoforFilesUpdate.job
- C:\Program Files\GoforFiles\GFFUpdater.exe [2013-03-20 16:34:02 . 2013-03-20 16:36:45]
2013-06-21 C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
- C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 10:11:46 . 2013-01-27 10:11:46]
2013-06-21 C:\WINDOWS\Tasks\MpIdleTask.job
- C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 10:11:46 . 2013-01-27 10:11:46]
------- Doplňkový sken -------
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - C:\WINDOWS\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:55:30, on 21.6.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\ctfmon.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: FastestTube BHO - {3E532CE8-C6D9-4A10-8ACE-4348C96E8B6A} - C:\Program Files\FastestTube\1.3.7\WombatBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/CZ/Core/ ... _Win32.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/BOHOU~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
--
End of file - 6930 bytes
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-21 13:57:03
-----------------------------
13:57:03.640 OS Version: Windows 5.1.2600 Service Pack 3
13:57:03.640 Number of processors: 2 586 0x409
13:57:03.640 ComputerName: BOHOU-040C629BC UserName: bohouš
13:57:04.234 Initialize success
13:57:09.843 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3
13:57:09.843 Disk 0 Vendor: ST340014A 3.06 Size: 38165MB BusType: 3
13:57:09.843 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-e
13:57:09.843 Disk 1 Vendor: WDC_WD5000AVDS-63U7B1 01.00A01 Size: 476940MB BusType: 3
13:57:10.171 Disk 0 MBR read successfully
13:57:10.187 Disk 0 MBR scan
13:57:10.187 Disk 0 Windows XP default MBR code
13:57:10.203 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38162 MB offset 63
13:57:10.234 Disk 0 scanning sectors +78156225
13:57:10.671 Disk 0 scanning C:\WINDOWS\system32\drivers
13:57:36.593 Service scanning
13:58:01.234 Modules scanning
13:58:24.109 Disk 0 trace - called modules:
13:58:24.125 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
13:58:24.140 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6ab4e8]
13:58:24.140 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000066[0x8a650510]
13:58:24.140 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-3[0x8a6a7940]
13:58:24.140 Scan finished successfully
13:58:43.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\bohouš\Plocha\MBR.dat"
13:58:43.984 The log file has been saved successfully to "C:\Documents and Settings\bohouš\Plocha\aswMBR.txt"
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
vyčisti systém CCleanerem
Stáhni si OTC
na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.
Jak se chová PC?
Start-Spustit a zadej ComboFix /Uninstall
vyčisti systém CCleanerem
Stáhni si OTC
na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.
Jak se chová PC?
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
-
Max583
- Level 2.5
- Příspěvky: 289
- Registrován: červen 10
- Bydliště: Most
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Prosím o kontrolu logu Vyřešeno
Myslím, že dobrý jen by mě zajímalo od kud se ten policejní troják vzal. Jsou nějaký poznatky odkud to chodí ? Jinak díky za spolupráci.
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Těžko říci, kde se to dá chytit. Já jsem jednou i skrze ESET chytil vira na Seznamu. prostě to vyskočilo a bylo :-)
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 121 hostů