ComboFix 09-02-02.04 - xxx 2009-02-03 20:13:00.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1280.838 [GMT 1:00]
Spuštěný z: c:\documents and settings\xxx\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\xxx\Plocha\CFScript.txt
AV: AVG *On-access scanning disabled* (Outdated)
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení
FILE ::
c:\progra~1\AVG\AVG8\avgemc.exe
c:\progra~1\AVG\AVG8\avgwdsvc.exe
c:\windows\Ascd_tmp.ini
c:\windows\java\Packages\67XJV1FH.ZIP
c:\windows\java\Packages\ZJH3B1NH.ZIP
c:\windows\system32\avgrsstx.dll
c:\windows\system32\drivers\avgldx86.sys
c:\windows\system32\gaopdxcounter
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikací\avg8
c:\documents and settings\All Users\Data aplikací\avg8\AvgAm\avgam.lck
c:\documents and settings\All Users\Data aplikací\avg8\Cfg\krnl.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Cfg\mail.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Cfg\scan.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Cfg\sched.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Cfg\update.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Cfg\user.cfg
c:\documents and settings\All Users\Data aplikací\avg8\emc\Log\emc.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\amlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgcfg.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgcfg.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avglng.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avglng.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgrs.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgrs.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgui.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgui.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avguilog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwd.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwd.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwdsvc.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwdsvc.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avildr.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\cfglog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\corelog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\lnglog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\nslog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\privlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\publog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\rslog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\scanlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\schedlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\srmlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\updlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\vaultlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\wdlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\wdsvclog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgtray.exe
C:\fixwareout
c:\fixwareout\dnsbak.reg
c:\fixwareout\FindT\clsid.bak
c:\fixwareout\FindT\dumphive.exe
c:\fixwareout\FindT\FixWareOut.reg
c:\fixwareout\FindT\nircmd.exe
c:\fixwareout\FindT\patterns.txt
c:\fixwareout\FindT\rbot.bat
c:\fixwareout\FindT\RestartIt.exe
c:\fixwareout\FindT\runback.txt
c:\fixwareout\FindT\runs.vbs
c:\fixwareout\FindT\swreg.exe
c:\fixwareout\FindT\vfind.exe
c:\fixwareout\FindT\XP-2K2.cmd
c:\fixwareout\FixIt.BAT
c:\fixwareout\report.txt
c:\windows\Ascd_tmp.ini
c:\windows\java\Packages\67XJV1FH.ZIP
c:\windows\java\Packages\ZJH3B1NH.ZIP
c:\windows\system32\avgrsstx.dll
c:\windows\system32\drivers\avgldx86.sys
c:\windows\system32\gaopdxcounter
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-01-03 do 2009-02-03 )))))))))))))))))))))))))))))))
.
2009-02-03 18:00 . 2009-02-03 18:00 <DIR> d-------- c:\documents and settings\xxx\Data aplikací\Malwarebytes
2009-02-03 18:00 . 2009-02-03 18:00 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-02-03 15:26 . 2009-02-03 15:26 <DIR> d-------- c:\program files\Trend Micro
2009-02-03 14:58 . 2009-02-03 14:58 <DIR> d-------- c:\program files\ESET
2009-02-03 14:58 . 2009-02-03 14:58 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ESET
2009-02-01 13:21 . 2009-02-03 14:04 <DIR> d-------- c:\program files\AviSynth 2.5
2009-02-01 13:20 . 2009-02-01 13:20 <DIR> d-------- c:\program files\Red Kawa
2009-02-01 13:17 . 2009-02-01 13:17 <DIR> d-------- c:\documents and settings\xxx\Data aplikací\HandBrake
2009-01-30 14:58 . 2009-01-30 15:05 22,886 --a------ C:\IMG_0002.png
2009-01-27 15:53 . 2009-01-27 15:53 <DIR> d-------- c:\program files\Common Files\Logitech
2009-01-25 19:45 . 2009-01-25 19:46 <DIR> d-------- c:\program files\Digsby
2009-01-22 13:06 . 2009-01-22 13:06 <DIR> d-------- c:\program files\Firebird
2009-01-19 14:30 . 2009-01-19 14:30 <DIR> d-------- c:\windows\SQLTools9_KB954606_ENU
2009-01-19 14:25 . 2009-01-19 14:26 <DIR> d-------- c:\windows\SQL9_KB954606_ENU
2009-01-18 14:19 . 2009-01-18 14:19 <DIR> d-------- c:\program files\MSXML 6.0
2009-01-18 14:16 . 2009-01-18 14:16 <DIR> d-------- c:\program files\Microsoft Device Emulator
2009-01-18 14:14 . 2009-01-18 14:15 <DIR> d-------- c:\program files\Windows Mobile 5.0 SDK R2
2009-01-18 13:59 . 2009-01-18 13:59 <DIR> d-------- c:\windows\symbols
2009-01-18 13:58 . 2009-01-18 14:01 <DIR> d-------- c:\program files\HTML Help Workshop
2009-01-18 13:58 . 2009-01-18 13:58 <DIR> d-------- c:\program files\CE Remote Tools
2009-01-18 13:40 . 2009-01-18 13:41 <DIR> d-------- c:\windows\system32\js
2009-01-18 13:40 . 2009-01-18 13:40 <DIR> d-------- c:\windows\system32\images
2009-01-18 13:40 . 2009-01-18 13:41 <DIR> d-------- c:\windows\system32\html
2009-01-18 13:40 . 2009-01-18 13:41 <DIR> d-------- c:\windows\system32\css
2009-01-18 13:40 . 2009-01-18 13:40 <DIR> d-------- c:\program files\Microsoft Synchronization Services
2009-01-18 13:40 . 2009-01-18 13:40 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-01-18 13:40 . 2009-01-18 13:40 <DIR> d-------- c:\program files\Business Objects
2009-01-18 13:36 . 2009-01-18 13:36 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\PreEmptive Solutions
2009-01-18 13:33 . 2009-01-18 14:05 <DIR> d-------- c:\program files\Common Files\Merge Modules
2009-01-18 13:32 . 2009-01-18 13:32 <DIR> d-------- c:\program files\Microsoft Web Designer Tools
2009-01-18 13:32 . 2009-01-18 13:32 <DIR> dr-h----- C:\MSOCache
2009-01-17 09:26 . 2009-01-17 12:54 44,773 --a------ C:\IMG_0004.png
2009-01-15 18:02 . 2009-01-16 06:47 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-15 18:01 . 2009-01-16 06:47 <DIR> d-------- c:\program files\Java
2009-01-15 18:01 . 2009-01-15 18:01 <DIR> d-------- c:\program files\Common Files\Java
2009-01-14 21:48 . 2009-01-14 21:48 0 --a------ c:\windows\nsreg.dat
2009-01-14 19:56 . 2000-03-29 15:17 5,824 --a------ c:\windows\system32\drivers\ASUSHWIO.SYS
2009-01-13 18:47 . 2009-01-13 18:47 <DIR> d-------- c:\documents and settings\xxx\Data aplikací\Mikrotik
2009-01-07 13:28 . 2009-02-03 15:06 <DIR> d-------- c:\program files\Axis Communications
2009-01-07 11:05 . 2009-01-07 11:05 <DIR> d-------- c:\program files\OTRQuickPost
2009-01-07 11:05 . 2009-01-07 11:05 <DIR> d-------- c:\documents and settings\xxx\Data aplikací\OTRQuickPost.7125FA6B6F8E9DD7B1A4C62CFD70E25BE54A3080.1
2009-01-05 18:04 . 2009-01-05 18:04 <DIR> d-------- c:\program files\Common Files\Skype
2009-01-04 19:20 . 2009-01-04 19:20 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-01-04 19:20 . 2009-01-04 19:20 <DIR> d-------- c:\documents and settings\xxx\Data aplikací\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
2009-01-03 17:39 . 2009-02-03 14:46 <DIR> d-------- c:\program files\HandBrake
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-03 19:06 --------- d-----w c:\program files\DAEMON Tools Toolbar
2009-02-03 14:09 --------- d-----w c:\program files\BitComet
2009-02-03 14:08 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-01 12:51 --------- d-----w c:\documents and settings\xxx\Data aplikací\Skype
2009-01-24 12:19 21,152 ----a-w c:\documents and settings\xxx\Data aplikací\GDIPFONTCACHEV1.DAT
2009-01-19 13:36 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-01-19 13:30 --------- d-----w c:\program files\Microsoft SQL Server
2009-01-18 13:21 --------- d-----w c:\program files\Microsoft.NET
2009-01-18 13:00 --------- d-----w c:\program files\MSBuild
2009-01-18 12:59 --------- d-----w c:\program files\Microsoft Visual Studio 9.0
2009-01-05 17:04 --------- d-----r c:\program files\Skype
2008-12-31 14:11 --------- d-----w c:\documents and settings\xxx\Data aplikací\Digsby
2008-12-31 14:11 --------- d-----w c:\documents and settings\All Users\Data aplikací\Digsby
2008-12-31 14:05 --------- d-----w c:\documents and settings\All Users\Data aplikací\Winferno
2008-12-30 11:24 --------- d-----w c:\program files\eCover
2008-12-27 11:17 --------- d-----w c:\program files\Warcraft III
2008-12-26 16:31 2,829 ----a-w c:\windows\War3Unin.pif
2008-12-26 16:31 126,976 ----a-w c:\windows\War3Unin.exe
2008-12-25 16:20 --------- d-----w c:\documents and settings\xxx\Data aplikací\CyberLink
2008-12-25 16:20 --------- d-----w c:\documents and settings\All Users\Data aplikací\CyberLink
2008-12-25 16:17 --------- d-----w c:\program files\CyberLink
2008-12-25 13:39 --------- d-----w c:\program files\nLite
2008-12-23 20:59 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Logitech
2008-12-23 20:59 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Apple Computer
2008-12-23 19:44 --------- d-----w c:\documents and settings\xxx\Data aplikací\MSN6
2008-12-23 19:43 --------- d-----w c:\documents and settings\All Users\Data aplikací\MSN6
2008-12-22 10:51 --------- d-----w c:\documents and settings\xxx\Data aplikací\Smart PC Solutions
2008-12-22 09:44 --------- d-----w c:\program files\Microsoft Silverlight
2008-12-19 20:54 --------- d-----w c:\documents and settings\xxx\Data aplikací\Apple Computer
2008-12-19 20:29 --------- d-----w c:\documents and settings\All Users\Data aplikací\DVD Shrink
2008-12-19 13:26 --------- d-----w c:\program files\CD-LabelPrint
2008-12-19 13:03 --------- d-----w c:\documents and settings\xxx\Data aplikací\CD-LabelPrint
2008-12-19 12:20 --------- d-----w c:\program files\DVD Shrink
2008-12-19 12:16 --------- d-----w c:\program files\DVD Decrypter
2008-12-17 18:02 --------- d-----w c:\documents and settings\xxx\Data aplikací\Acoustica
2008-12-17 18:01 --------- d-----w c:\documents and settings\All Users\Data aplikací\Acoustica
2008-12-17 17:31 --------- d-----w c:\program files\Teksoft
2008-12-17 17:30 17,801 ----a-w c:\windows\system32\drivers\AegisP.sys
2008-12-16 16:43 --------- d-----w c:\program files\Bonjour
2008-12-16 12:54 --------- d-----w c:\program files\Opera
2008-12-14 10:48 --------- d-----w c:\program files\Common Files\Adobe
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-08 19:25 --------- d-----w c:\documents and settings\xxx\Data aplikací\ProfiCAD
2008-12-08 17:58 --------- d-----w c:\documents and settings\All Users\Data aplikací\Skype
2008-12-07 12:03 --------- d-----w c:\program files\Ahead
2008-12-07 12:02 --------- d-----w c:\program files\Common Files\Ahead
2008-12-06 11:10 --------- d-----w c:\program files\Microsoft Virtual PC
2008-12-05 14:01 --------- d-----w c:\program files\QuickTime
2008-12-05 14:01 --------- d-----w c:\program files\Common Files\snpstd3
2008-12-05 14:01 --------- d-----w c:\program files\Common Files\ACD Systems
.
((((((((((((((((((((((((((((( snapshot@2009-02-03_19.04.46.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-16 13:07:48 208,744 ----a-w c:\windows\system32\muweb.dll
+ 2009-02-03 19:17:56 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_410.dat
+ 2009-02-03 19:18:17 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6ec.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MirandaIM"="c:\miranda_evoluce\Miranda_IM\miranda32.exe" [2009-01-24 650309]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-16 136600]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"SoundMan"="SOUNDMAN.EXE" [2002-06-18 c:\windows\SOUNDMAN.EXE]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-27 113664]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-01-17 805392]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\MIRANDA_EVOLUCE\\Miranda_IM\\miranda32.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\Program Files\\EA Games\\Command and Conquer Generals\\game.dat"=
"c:\\Program Files\\Apple Software Update\\SoftwareUpdate.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat"=
"c:\\Strong DC\\StrongDC.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\xxx\\Plocha\\bulanci.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"14145:TCP"= 14145:TCP:BitComet 14145 TCP
"14145:UDP"= 14145:UDP:BitComet 14145 UDP
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-11-22 12936]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-22 90632]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51:58 13560]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2002-02-19 14336]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2002-08-29 69120]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S3 WZCOOK;WEP/WPA-PMK key recovery service;"c:\aircrack-ng-1.0-rc1-win\aircrack-ng-1.0-rc1-win\bin\wzcook.exe" --> c:\aircrack-ng-1.0-rc1-win\aircrack-ng-1.0-rc1-win\bin\wzcook.exe [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\autoplay.exe
.
Obsah adresáře 'Naplánované úlohy'
2009-01-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-02-03 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe []
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
Trusted Zone: devmasters.cz\exch
TCP: {15902329-075E-49F6-BB4C-3F723110A76B} = 192.168.28.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\xxx\Data aplikací\Mozilla\Firefox\Profiles\5pfizk4a.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.digsby.com
FF - prefs.js: keyword.URL - hxxp://searchbox.digsby.com/search?sour ... &gfns=1&q=
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 20:18:51
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1160)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\snmp.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\RealVNC\VNC4\winvnc4.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Celkový čas: 2009-02-03 20:25:04 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-02-03 19:25:01
ComboFix2.txt 2009-02-03 18:06:13
Před spuštěním: Volných bajtů: 13 632 053 248
Po spuštění: Volných bajtů: 13,620,813,824
323 --- E O F --- 2009-01-19 13:36:51
Problém s otevředím disku C v Tento počítač Vyřešeno
-
Snekatis
- Pohlaví:
Re: Problém s otevředím disku C v Tento počítač
Naposledy upravil(a) Snekatis dne 19 led 2010 15:11, celkem upraveno 2 x.
-
Snekatis
- Pohlaví:
Re: Problém s otevředím disku C v Tento počítač
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:30:01, on 3.2.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\snmp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MirandaIM] "C:\MIRANDA_EVOLUCE\Miranda_IM\miranda32.exe" "C:\MIRANDA_EVOLUCE\Miranda_IM\Others\Snekatis"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3684908734
O17 - HKLM\System\CCS\Services\Tcpip\..\{15902329-075E-49F6-BB4C-3F723110A76B}: NameServer = 192.168.28.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{15902329-075E-49F6-BB4C-3F723110A76B}: NameServer = 192.168.28.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{15902329-075E-49F6-BB4C-3F723110A76B}: NameServer = 192.168.28.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{15902329-075E-49F6-BB4C-3F723110A76B}: NameServer = 192.168.28.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: WEP/WPA-PMK key recovery service (WZCOOK) - Unknown owner - C:\aircrack-ng-1.0-rc1-win\aircrack-ng-1.0-rc1-win\bin\wzcook.exe (file missing)
--
End of file - 8177 bytes
Scan saved at 20:30:01, on 3.2.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\snmp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MirandaIM] "C:\MIRANDA_EVOLUCE\Miranda_IM\miranda32.exe" "C:\MIRANDA_EVOLUCE\Miranda_IM\Others\Snekatis"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3684908734
O17 - HKLM\System\CCS\Services\Tcpip\..\{15902329-075E-49F6-BB4C-3F723110A76B}: NameServer = 192.168.28.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{15902329-075E-49F6-BB4C-3F723110A76B}: NameServer = 192.168.28.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{15902329-075E-49F6-BB4C-3F723110A76B}: NameServer = 192.168.28.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{15902329-075E-49F6-BB4C-3F723110A76B}: NameServer = 192.168.28.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: WEP/WPA-PMK key recovery service (WZCOOK) - Unknown owner - C:\aircrack-ng-1.0-rc1-win\aircrack-ng-1.0-rc1-win\bin\wzcook.exe (file missing)
--
End of file - 8177 bytes
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43293
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Problém s otevředím disku C v Tento počítač
Tu flešku jsi vyčistil?
Ještě zbytek po AVG, takže ještě jeden script:
Postup stejný jako výše.
Ještě zbytek po AVG, takže ještě jeden script:
Kód: Vybrat vše
Driver::
avgrkx86
avgtdix
File::
c:\windows\system32\drivers\avgrkx86.sys
c:\windows\system32\drivers\avgtdix.sys
Postup stejný jako výše.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
Snekatis
- Pohlaví:
Re: Problém s otevředím disku C v Tento počítač
ComboFix 09-02-02.04 - xxx 2009-02-03 20:43:46.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1280.851 [GMT 1:00]
Spuštěný z: c:\documents and settings\xxx\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\xxx\Plocha\CFScript.txt
AV: AVG *On-access scanning disabled* (Outdated)
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení
FILE ::
c:\windows\system32\drivers\avgrkx86.sys
c:\windows\system32\drivers\avgtdix.sys
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\avgrkx86.sys
c:\windows\system32\drivers\avgtdix.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AVGRKX86
-------\Legacy_AVGTDIX
-------\Service_AvgRkx86
-------\Service_AvgTdiX
((((((((((((((((((((((((( Soubory vytvořené od 2009-01-03 do 2009-02-03 )))))))))))))))))))))))))))))))
.
2009-02-03 18:00 . 2009-02-03 18:00 <DIR> d-------- c:\documents and settings\xxx\Data aplikací\Malwarebytes
2009-02-03 18:00 . 2009-02-03 18:00 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-02-03 15:26 . 2009-02-03 15:26 <DIR> d-------- c:\program files\Trend Micro
2009-02-03 14:58 . 2009-02-03 14:58 <DIR> d-------- c:\program files\ESET
2009-02-03 14:58 . 2009-02-03 14:58 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ESET
2009-02-01 13:21 . 2009-02-03 14:04 <DIR> d-------- c:\program files\AviSynth 2.5
2009-02-01 13:20 . 2009-02-01 13:20 <DIR> d-------- c:\program files\Red Kawa
2009-02-01 13:17 . 2009-02-01 13:17 <DIR> d-------- c:\documents and settings\xxx\Data aplikací\HandBrake
2009-01-30 14:58 . 2009-01-30 15:05 22,886 --a------ C:\IMG_0002.png
2009-01-27 15:53 . 2009-01-27 15:53 <DIR> d-------- c:\program files\Common Files\Logitech
2009-01-25 19:45 . 2009-01-25 19:46 <DIR> d-------- c:\program files\Digsby
2009-01-22 13:06 . 2009-01-22 13:06 <DIR> d-------- c:\program files\Firebird
2009-01-19 14:30 . 2009-01-19 14:30 <DIR> d-------- c:\windows\SQLTools9_KB954606_ENU
2009-01-19 14:25 . 2009-01-19 14:26 <DIR> d-------- c:\windows\SQL9_KB954606_ENU
2009-01-18 14:19 . 2009-01-18 14:19 <DIR> d-------- c:\program files\MSXML 6.0
2009-01-18 14:16 . 2009-01-18 14:16 <DIR> d-------- c:\program files\Microsoft Device Emulator
2009-01-18 14:14 . 2009-01-18 14:15 <DIR> d-------- c:\program files\Windows Mobile 5.0 SDK R2
2009-01-18 13:59 . 2009-01-18 13:59 <DIR> d-------- c:\windows\symbols
2009-01-18 13:58 . 2009-01-18 14:01 <DIR> d-------- c:\program files\HTML Help Workshop
2009-01-18 13:58 . 2009-01-18 13:58 <DIR> d-------- c:\program files\CE Remote Tools
2009-01-18 13:40 . 2009-01-18 13:41 <DIR> d-------- c:\windows\system32\js
2009-01-18 13:40 . 2009-01-18 13:40 <DIR> d-------- c:\windows\system32\images
2009-01-18 13:40 . 2009-01-18 13:41 <DIR> d-------- c:\windows\system32\html
2009-01-18 13:40 . 2009-01-18 13:41 <DIR> d-------- c:\windows\system32\css
2009-01-18 13:40 . 2009-01-18 13:40 <DIR> d-------- c:\program files\Microsoft Synchronization Services
2009-01-18 13:40 . 2009-01-18 13:40 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-01-18 13:40 . 2009-01-18 13:40 <DIR> d-------- c:\program files\Business Objects
2009-01-18 13:36 . 2009-01-18 13:36 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\PreEmptive Solutions
2009-01-18 13:33 . 2009-01-18 14:05 <DIR> d-------- c:\program files\Common Files\Merge Modules
2009-01-18 13:32 . 2009-01-18 13:32 <DIR> d-------- c:\program files\Microsoft Web Designer Tools
2009-01-18 13:32 . 2009-01-18 13:32 <DIR> dr-h----- C:\MSOCache
2009-01-17 09:26 . 2009-01-17 12:54 44,773 --a------ C:\IMG_0004.png
2009-01-15 18:02 . 2009-01-16 06:47 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-15 18:01 . 2009-01-16 06:47 <DIR> d-------- c:\program files\Java
2009-01-15 18:01 . 2009-01-15 18:01 <DIR> d-------- c:\program files\Common Files\Java
2009-01-14 21:48 . 2009-01-14 21:48 0 --a------ c:\windows\nsreg.dat
2009-01-14 19:56 . 2000-03-29 15:17 5,824 --a------ c:\windows\system32\drivers\ASUSHWIO.SYS
2009-01-13 18:47 . 2009-01-13 18:47 <DIR> d-------- c:\documents and settings\xxx\Data aplikací\Mikrotik
2009-01-07 13:28 . 2009-02-03 15:06 <DIR> d-------- c:\program files\Axis Communications
2009-01-07 11:05 . 2009-01-07 11:05 <DIR> d-------- c:\program files\OTRQuickPost
2009-01-07 11:05 . 2009-01-07 11:05 <DIR> d-------- c:\documents and settings\xxx\Data aplikací\OTRQuickPost.7125FA6B6F8E9DD7B1A4C62CFD70E25BE54A3080.1
2009-01-05 18:04 . 2009-01-05 18:04 <DIR> d-------- c:\program files\Common Files\Skype
2009-01-04 19:20 . 2009-01-04 19:20 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-01-04 19:20 . 2009-01-04 19:20 <DIR> d-------- c:\documents and settings\xxx\Data aplikací\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
2009-01-03 17:39 . 2009-02-03 14:46 <DIR> d-------- c:\program files\HandBrake
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-03 19:06 --------- d-----w c:\program files\DAEMON Tools Toolbar
2009-02-03 14:09 --------- d-----w c:\program files\BitComet
2009-02-03 14:08 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-01 12:51 --------- d-----w c:\documents and settings\xxx\Data aplikací\Skype
2009-01-24 12:19 21,152 ----a-w c:\documents and settings\xxx\Data aplikací\GDIPFONTCACHEV1.DAT
2009-01-19 13:36 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-01-19 13:30 --------- d-----w c:\program files\Microsoft SQL Server
2009-01-18 13:21 --------- d-----w c:\program files\Microsoft.NET
2009-01-18 13:00 --------- d-----w c:\program files\MSBuild
2009-01-18 12:59 --------- d-----w c:\program files\Microsoft Visual Studio 9.0
2009-01-05 17:04 --------- d-----r c:\program files\Skype
2008-12-31 14:11 --------- d-----w c:\documents and settings\xxx\Data aplikací\Digsby
2008-12-31 14:11 --------- d-----w c:\documents and settings\All Users\Data aplikací\Digsby
2008-12-31 14:05 --------- d-----w c:\documents and settings\All Users\Data aplikací\Winferno
2008-12-30 11:24 --------- d-----w c:\program files\eCover
2008-12-27 11:17 --------- d-----w c:\program files\Warcraft III
2008-12-26 16:31 2,829 ----a-w c:\windows\War3Unin.pif
2008-12-26 16:31 126,976 ----a-w c:\windows\War3Unin.exe
2008-12-25 16:20 --------- d-----w c:\documents and settings\xxx\Data aplikací\CyberLink
2008-12-25 16:20 --------- d-----w c:\documents and settings\All Users\Data aplikací\CyberLink
2008-12-25 16:17 --------- d-----w c:\program files\CyberLink
2008-12-25 13:39 --------- d-----w c:\program files\nLite
2008-12-23 20:59 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Logitech
2008-12-23 20:59 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Apple Computer
2008-12-23 19:44 --------- d-----w c:\documents and settings\xxx\Data aplikací\MSN6
2008-12-23 19:43 --------- d-----w c:\documents and settings\All Users\Data aplikací\MSN6
2008-12-22 10:51 --------- d-----w c:\documents and settings\xxx\Data aplikací\Smart PC Solutions
2008-12-22 09:44 --------- d-----w c:\program files\Microsoft Silverlight
2008-12-19 20:54 --------- d-----w c:\documents and settings\xxx\Data aplikací\Apple Computer
2008-12-19 20:29 --------- d-----w c:\documents and settings\All Users\Data aplikací\DVD Shrink
2008-12-19 13:26 --------- d-----w c:\program files\CD-LabelPrint
2008-12-19 13:03 --------- d-----w c:\documents and settings\xxx\Data aplikací\CD-LabelPrint
2008-12-19 12:20 --------- d-----w c:\program files\DVD Shrink
2008-12-19 12:16 --------- d-----w c:\program files\DVD Decrypter
2008-12-17 18:02 --------- d-----w c:\documents and settings\xxx\Data aplikací\Acoustica
2008-12-17 18:01 --------- d-----w c:\documents and settings\All Users\Data aplikací\Acoustica
2008-12-17 17:31 --------- d-----w c:\program files\Teksoft
2008-12-17 17:30 17,801 ----a-w c:\windows\system32\drivers\AegisP.sys
2008-12-16 16:43 --------- d-----w c:\program files\Bonjour
2008-12-16 12:54 --------- d-----w c:\program files\Opera
2008-12-14 10:48 --------- d-----w c:\program files\Common Files\Adobe
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-08 19:25 --------- d-----w c:\documents and settings\xxx\Data aplikací\ProfiCAD
2008-12-08 17:58 --------- d-----w c:\documents and settings\All Users\Data aplikací\Skype
2008-12-07 12:03 --------- d-----w c:\program files\Ahead
2008-12-07 12:02 --------- d-----w c:\program files\Common Files\Ahead
2008-12-06 11:10 --------- d-----w c:\program files\Microsoft Virtual PC
2008-12-05 14:01 --------- d-----w c:\program files\QuickTime
2008-12-05 14:01 --------- d-----w c:\program files\Common Files\snpstd3
2008-12-05 14:01 --------- d-----w c:\program files\Common Files\ACD Systems
.
((((((((((((((((((((((((((((( snapshot@2009-02-03_19.04.46.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2008-10-16 13:07:48 208,744 ----a-w c:\windows\system32\muweb.dll
+ 2009-02-03 19:47:27 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_460.dat
+ 2009-02-03 19:47:49 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_710.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-16 136600]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"SoundMan"="SOUNDMAN.EXE" [2002-06-18 c:\windows\SOUNDMAN.EXE]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-27 113664]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-01-17 805392]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\MIRANDA_EVOLUCE\\Miranda_IM\\miranda32.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\Program Files\\EA Games\\Command and Conquer Generals\\game.dat"=
"c:\\Program Files\\Apple Software Update\\SoftwareUpdate.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat"=
"c:\\Strong DC\\StrongDC.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\xxx\\Plocha\\bulanci.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"14145:TCP"= 14145:TCP:BitComet 14145 TCP
"14145:UDP"= 14145:UDP:BitComet 14145 UDP
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51:58 13560]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2002-02-19 14336]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2002-08-29 69120]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S3 WZCOOK;WEP/WPA-PMK key recovery service;"c:\aircrack-ng-1.0-rc1-win\aircrack-ng-1.0-rc1-win\bin\wzcook.exe" --> c:\aircrack-ng-1.0-rc1-win\aircrack-ng-1.0-rc1-win\bin\wzcook.exe [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\autoplay.exe
.
Obsah adresáře 'Naplánované úlohy'
2009-01-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-02-03 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe []
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
Trusted Zone: devmasters.cz\exch
TCP: {15902329-075E-49F6-BB4C-3F723110A76B} = 192.168.28.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\xxx\Data aplikací\Mozilla\Firefox\Profiles\5pfizk4a.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.digsby.com
FF - prefs.js: keyword.URL - hxxp://searchbox.digsby.com/search?sour ... &gfns=1&q=
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 20:48:08
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1160)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\snmp.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\RealVNC\VNC4\winvnc4.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Celkový čas: 2009-02-03 20:53:42 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-02-03 19:53:39
ComboFix2.txt 2009-02-03 19:25:07
ComboFix3.txt 2009-02-03 18:06:13
Před spuštěním: Volných bajtů: 13 598 543 872
Po spuštění: Volných bajtů: 13,495,660,544
263 --- E O F --- 2009-01-19 13:36:51
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1280.851 [GMT 1:00]
Spuštěný z: c:\documents and settings\xxx\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\xxx\Plocha\CFScript.txt
AV: AVG *On-access scanning disabled* (Outdated)
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení
FILE ::
c:\windows\system32\drivers\avgrkx86.sys
c:\windows\system32\drivers\avgtdix.sys
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\avgrkx86.sys
c:\windows\system32\drivers\avgtdix.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AVGRKX86
-------\Legacy_AVGTDIX
-------\Service_AvgRkx86
-------\Service_AvgTdiX
((((((((((((((((((((((((( Soubory vytvořené od 2009-01-03 do 2009-02-03 )))))))))))))))))))))))))))))))
.
2009-02-03 18:00 . 2009-02-03 18:00 <DIR> d-------- c:\documents and settings\xxx\Data aplikací\Malwarebytes
2009-02-03 18:00 . 2009-02-03 18:00 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-02-03 15:26 . 2009-02-03 15:26 <DIR> d-------- c:\program files\Trend Micro
2009-02-03 14:58 . 2009-02-03 14:58 <DIR> d-------- c:\program files\ESET
2009-02-03 14:58 . 2009-02-03 14:58 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ESET
2009-02-01 13:21 . 2009-02-03 14:04 <DIR> d-------- c:\program files\AviSynth 2.5
2009-02-01 13:20 . 2009-02-01 13:20 <DIR> d-------- c:\program files\Red Kawa
2009-02-01 13:17 . 2009-02-01 13:17 <DIR> d-------- c:\documents and settings\xxx\Data aplikací\HandBrake
2009-01-30 14:58 . 2009-01-30 15:05 22,886 --a------ C:\IMG_0002.png
2009-01-27 15:53 . 2009-01-27 15:53 <DIR> d-------- c:\program files\Common Files\Logitech
2009-01-25 19:45 . 2009-01-25 19:46 <DIR> d-------- c:\program files\Digsby
2009-01-22 13:06 . 2009-01-22 13:06 <DIR> d-------- c:\program files\Firebird
2009-01-19 14:30 . 2009-01-19 14:30 <DIR> d-------- c:\windows\SQLTools9_KB954606_ENU
2009-01-19 14:25 . 2009-01-19 14:26 <DIR> d-------- c:\windows\SQL9_KB954606_ENU
2009-01-18 14:19 . 2009-01-18 14:19 <DIR> d-------- c:\program files\MSXML 6.0
2009-01-18 14:16 . 2009-01-18 14:16 <DIR> d-------- c:\program files\Microsoft Device Emulator
2009-01-18 14:14 . 2009-01-18 14:15 <DIR> d-------- c:\program files\Windows Mobile 5.0 SDK R2
2009-01-18 13:59 . 2009-01-18 13:59 <DIR> d-------- c:\windows\symbols
2009-01-18 13:58 . 2009-01-18 14:01 <DIR> d-------- c:\program files\HTML Help Workshop
2009-01-18 13:58 . 2009-01-18 13:58 <DIR> d-------- c:\program files\CE Remote Tools
2009-01-18 13:40 . 2009-01-18 13:41 <DIR> d-------- c:\windows\system32\js
2009-01-18 13:40 . 2009-01-18 13:40 <DIR> d-------- c:\windows\system32\images
2009-01-18 13:40 . 2009-01-18 13:41 <DIR> d-------- c:\windows\system32\html
2009-01-18 13:40 . 2009-01-18 13:41 <DIR> d-------- c:\windows\system32\css
2009-01-18 13:40 . 2009-01-18 13:40 <DIR> d-------- c:\program files\Microsoft Synchronization Services
2009-01-18 13:40 . 2009-01-18 13:40 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-01-18 13:40 . 2009-01-18 13:40 <DIR> d-------- c:\program files\Business Objects
2009-01-18 13:36 . 2009-01-18 13:36 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\PreEmptive Solutions
2009-01-18 13:33 . 2009-01-18 14:05 <DIR> d-------- c:\program files\Common Files\Merge Modules
2009-01-18 13:32 . 2009-01-18 13:32 <DIR> d-------- c:\program files\Microsoft Web Designer Tools
2009-01-18 13:32 . 2009-01-18 13:32 <DIR> dr-h----- C:\MSOCache
2009-01-17 09:26 . 2009-01-17 12:54 44,773 --a------ C:\IMG_0004.png
2009-01-15 18:02 . 2009-01-16 06:47 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-15 18:01 . 2009-01-16 06:47 <DIR> d-------- c:\program files\Java
2009-01-15 18:01 . 2009-01-15 18:01 <DIR> d-------- c:\program files\Common Files\Java
2009-01-14 21:48 . 2009-01-14 21:48 0 --a------ c:\windows\nsreg.dat
2009-01-14 19:56 . 2000-03-29 15:17 5,824 --a------ c:\windows\system32\drivers\ASUSHWIO.SYS
2009-01-13 18:47 . 2009-01-13 18:47 <DIR> d-------- c:\documents and settings\xxx\Data aplikací\Mikrotik
2009-01-07 13:28 . 2009-02-03 15:06 <DIR> d-------- c:\program files\Axis Communications
2009-01-07 11:05 . 2009-01-07 11:05 <DIR> d-------- c:\program files\OTRQuickPost
2009-01-07 11:05 . 2009-01-07 11:05 <DIR> d-------- c:\documents and settings\xxx\Data aplikací\OTRQuickPost.7125FA6B6F8E9DD7B1A4C62CFD70E25BE54A3080.1
2009-01-05 18:04 . 2009-01-05 18:04 <DIR> d-------- c:\program files\Common Files\Skype
2009-01-04 19:20 . 2009-01-04 19:20 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-01-04 19:20 . 2009-01-04 19:20 <DIR> d-------- c:\documents and settings\xxx\Data aplikací\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
2009-01-03 17:39 . 2009-02-03 14:46 <DIR> d-------- c:\program files\HandBrake
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-03 19:06 --------- d-----w c:\program files\DAEMON Tools Toolbar
2009-02-03 14:09 --------- d-----w c:\program files\BitComet
2009-02-03 14:08 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-01 12:51 --------- d-----w c:\documents and settings\xxx\Data aplikací\Skype
2009-01-24 12:19 21,152 ----a-w c:\documents and settings\xxx\Data aplikací\GDIPFONTCACHEV1.DAT
2009-01-19 13:36 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-01-19 13:30 --------- d-----w c:\program files\Microsoft SQL Server
2009-01-18 13:21 --------- d-----w c:\program files\Microsoft.NET
2009-01-18 13:00 --------- d-----w c:\program files\MSBuild
2009-01-18 12:59 --------- d-----w c:\program files\Microsoft Visual Studio 9.0
2009-01-05 17:04 --------- d-----r c:\program files\Skype
2008-12-31 14:11 --------- d-----w c:\documents and settings\xxx\Data aplikací\Digsby
2008-12-31 14:11 --------- d-----w c:\documents and settings\All Users\Data aplikací\Digsby
2008-12-31 14:05 --------- d-----w c:\documents and settings\All Users\Data aplikací\Winferno
2008-12-30 11:24 --------- d-----w c:\program files\eCover
2008-12-27 11:17 --------- d-----w c:\program files\Warcraft III
2008-12-26 16:31 2,829 ----a-w c:\windows\War3Unin.pif
2008-12-26 16:31 126,976 ----a-w c:\windows\War3Unin.exe
2008-12-25 16:20 --------- d-----w c:\documents and settings\xxx\Data aplikací\CyberLink
2008-12-25 16:20 --------- d-----w c:\documents and settings\All Users\Data aplikací\CyberLink
2008-12-25 16:17 --------- d-----w c:\program files\CyberLink
2008-12-25 13:39 --------- d-----w c:\program files\nLite
2008-12-23 20:59 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Logitech
2008-12-23 20:59 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Apple Computer
2008-12-23 19:44 --------- d-----w c:\documents and settings\xxx\Data aplikací\MSN6
2008-12-23 19:43 --------- d-----w c:\documents and settings\All Users\Data aplikací\MSN6
2008-12-22 10:51 --------- d-----w c:\documents and settings\xxx\Data aplikací\Smart PC Solutions
2008-12-22 09:44 --------- d-----w c:\program files\Microsoft Silverlight
2008-12-19 20:54 --------- d-----w c:\documents and settings\xxx\Data aplikací\Apple Computer
2008-12-19 20:29 --------- d-----w c:\documents and settings\All Users\Data aplikací\DVD Shrink
2008-12-19 13:26 --------- d-----w c:\program files\CD-LabelPrint
2008-12-19 13:03 --------- d-----w c:\documents and settings\xxx\Data aplikací\CD-LabelPrint
2008-12-19 12:20 --------- d-----w c:\program files\DVD Shrink
2008-12-19 12:16 --------- d-----w c:\program files\DVD Decrypter
2008-12-17 18:02 --------- d-----w c:\documents and settings\xxx\Data aplikací\Acoustica
2008-12-17 18:01 --------- d-----w c:\documents and settings\All Users\Data aplikací\Acoustica
2008-12-17 17:31 --------- d-----w c:\program files\Teksoft
2008-12-17 17:30 17,801 ----a-w c:\windows\system32\drivers\AegisP.sys
2008-12-16 16:43 --------- d-----w c:\program files\Bonjour
2008-12-16 12:54 --------- d-----w c:\program files\Opera
2008-12-14 10:48 --------- d-----w c:\program files\Common Files\Adobe
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-08 19:25 --------- d-----w c:\documents and settings\xxx\Data aplikací\ProfiCAD
2008-12-08 17:58 --------- d-----w c:\documents and settings\All Users\Data aplikací\Skype
2008-12-07 12:03 --------- d-----w c:\program files\Ahead
2008-12-07 12:02 --------- d-----w c:\program files\Common Files\Ahead
2008-12-06 11:10 --------- d-----w c:\program files\Microsoft Virtual PC
2008-12-05 14:01 --------- d-----w c:\program files\QuickTime
2008-12-05 14:01 --------- d-----w c:\program files\Common Files\snpstd3
2008-12-05 14:01 --------- d-----w c:\program files\Common Files\ACD Systems
.
((((((((((((((((((((((((((((( snapshot@2009-02-03_19.04.46.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2008-10-16 13:07:48 208,744 ----a-w c:\windows\system32\muweb.dll
+ 2009-02-03 19:47:27 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_460.dat
+ 2009-02-03 19:47:49 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_710.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-16 136600]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"SoundMan"="SOUNDMAN.EXE" [2002-06-18 c:\windows\SOUNDMAN.EXE]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-27 113664]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-01-17 805392]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\MIRANDA_EVOLUCE\\Miranda_IM\\miranda32.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\Program Files\\EA Games\\Command and Conquer Generals\\game.dat"=
"c:\\Program Files\\Apple Software Update\\SoftwareUpdate.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat"=
"c:\\Strong DC\\StrongDC.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\xxx\\Plocha\\bulanci.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"14145:TCP"= 14145:TCP:BitComet 14145 TCP
"14145:UDP"= 14145:UDP:BitComet 14145 UDP
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51:58 13560]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2002-02-19 14336]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2002-08-29 69120]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S3 WZCOOK;WEP/WPA-PMK key recovery service;"c:\aircrack-ng-1.0-rc1-win\aircrack-ng-1.0-rc1-win\bin\wzcook.exe" --> c:\aircrack-ng-1.0-rc1-win\aircrack-ng-1.0-rc1-win\bin\wzcook.exe [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\autoplay.exe
.
Obsah adresáře 'Naplánované úlohy'
2009-01-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-02-03 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe []
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
Trusted Zone: devmasters.cz\exch
TCP: {15902329-075E-49F6-BB4C-3F723110A76B} = 192.168.28.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\xxx\Data aplikací\Mozilla\Firefox\Profiles\5pfizk4a.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.digsby.com
FF - prefs.js: keyword.URL - hxxp://searchbox.digsby.com/search?sour ... &gfns=1&q=
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 20:48:08
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1160)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\snmp.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\RealVNC\VNC4\winvnc4.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Celkový čas: 2009-02-03 20:53:42 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-02-03 19:53:39
ComboFix2.txt 2009-02-03 19:25:07
ComboFix3.txt 2009-02-03 18:06:13
Před spuštěním: Volných bajtů: 13 598 543 872
Po spuštění: Volných bajtů: 13,495,660,544
263 --- E O F --- 2009-01-19 13:36:51
Naposledy upravil(a) Snekatis dne 19 led 2010 15:14, celkem upraveno 2 x.
-
Snekatis
- Pohlaví:
Re: Problém s otevředím disku C v Tento počítač
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:58:33, on 3.2.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\snmp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3684908734
O17 - HKLM\System\CCS\Services\Tcpip\..\{15902329-075E-49F6-BB4C-3F723110A76B}: NameServer = 192.168.28.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{15902329-075E-49F6-BB4C-3F723110A76B}: NameServer = 192.168.28.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{15902329-075E-49F6-BB4C-3F723110A76B}: NameServer = 192.168.28.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{15902329-075E-49F6-BB4C-3F723110A76B}: NameServer = 192.168.28.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: WEP/WPA-PMK key recovery service (WZCOOK) - Unknown owner - C:\aircrack-ng-1.0-rc1-win\aircrack-ng-1.0-rc1-win\bin\wzcook.exe (file missing)
--
End of file - 8052 bytes
Scan saved at 20:58:33, on 3.2.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\snmp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3684908734
O17 - HKLM\System\CCS\Services\Tcpip\..\{15902329-075E-49F6-BB4C-3F723110A76B}: NameServer = 192.168.28.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{15902329-075E-49F6-BB4C-3F723110A76B}: NameServer = 192.168.28.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{15902329-075E-49F6-BB4C-3F723110A76B}: NameServer = 192.168.28.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{15902329-075E-49F6-BB4C-3F723110A76B}: NameServer = 192.168.28.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: WEP/WPA-PMK key recovery service (WZCOOK) - Unknown owner - C:\aircrack-ng-1.0-rc1-win\aircrack-ng-1.0-rc1-win\bin\wzcook.exe (file missing)
--
End of file - 8052 bytes
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43293
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Problém s otevředím disku C v Tento počítač
Správce úloh-služby -pravým na AVG8/Grisoft(vše) -vlastnosti-vyber zastavit.
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Pokud nejsou problémy , je to vše.
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Kód: Vybrat vše
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: WEP/WPA-PMK key recovery service (WZCOOK) - Unknown owner - C:\aircrack-ng-1.0-rc1-win\aircrack-ng-1.0-rc1-win\bin\wzcook.exe (file missing)
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Pokud nejsou problémy , je to vše.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
Snekatis
- Pohlaví:
Re: Problém s otevředím disku C v Tento počítač
Tak uz je to vse, jeste jednou moc diky.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43293
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Problém s otevředím disku C v Tento počítač Vyřešeno
Není zač , můžeš dát vyřešeno , fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 2 hosti