po startu win xp se na ploše otevřou dokumenty

papax · Příspěvekod **papax** » 30 dub 2011 23:11

omlouvám se.
napsal jsem to jak se mi to objevuje.
nyní jsem udělal Combo fixem nový sken, ale skript není nikde vidět co je na obrazovce je staré. zkusím to znovu
promiň.

Reklama

papax · Příspěvekod **papax** » 30 dub 2011 23:38

ComboFix 11-04-30.02 - Administrator 30.04.2011 23:21:09.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1527.1043 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-28 do 2011-04-30 )))))))))))))))))))))))))))))))
.
.
2011-04-30 17:00 . 2011-04-18 17:17 441176 -c--a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-30 15:11 . 2011-04-30 15:11 -------- dc----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2011-04-30 15:11 . 2011-04-30 15:11 -------- dc----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-04-30 15:11 . 2010-12-20 16:09 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-30 15:11 . 2011-04-30 15:27 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-30 15:11 . 2010-12-20 16:08 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-04-30 15:00 . 2011-04-30 15:00 50688 -c--a-w- c:\program files\ATF-Cleaner.exe
2011-04-30 06:27 . 2011-04-30 06:27 388096 -c--a-r- c:\documents and settings\Administrator\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-30 06:27 . 2011-04-30 06:27 -------- dc----w- c:\program files\Trend Micro
2011-04-28 12:10 . 2011-04-28 12:10 6963080 -c--a-w- c:\program files\Mozilla Firefox\Superovladac_5b8bc4b61c5b43ea867ac319d426e9e8_.exe
2011-04-28 07:31 . 2011-04-28 07:31 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Apple Computer
2011-04-28 07:31 . 2011-04-28 07:31 1409 -c--a-w- c:\windows\QTFont.for
2011-04-25 06:37 . 2011-04-25 06:40 12418248 -c--a-w- c:\program files\Mozilla Firefox\Firefox Setup 4.0.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-18 17:25 . 2010-06-29 11:49 40112 -c--a-w- c:\windows\avastSS.scr
2011-04-18 17:25 . 2010-05-28 15:58 199304 -c--a-w- c:\windows\system32\aswBoot.exe
2011-04-18 17:17 . 2010-05-28 15:58 307288 -c--a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-18 17:16 . 2010-05-28 15:58 49240 -c--a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-18 17:16 . 2010-05-28 15:58 102488 -c--a-w- c:\windows\system32\drivers\aswmon2.sys
2011-04-18 17:16 . 2010-05-28 15:58 96344 -c--a-w- c:\windows\system32\drivers\aswmon.sys
2011-04-18 17:13 . 2010-05-28 15:58 25432 -c--a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-18 17:13 . 2010-05-28 15:58 30680 -c--a-w- c:\windows\system32\drivers\aavmker4.sys
2011-04-18 17:12 . 2010-05-28 15:58 19544 -c--a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-07 05:33 . 2004-08-18 08:00 692736 -c--a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2004-08-18 08:00 420864 -c--a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2004-08-18 08:00 1857920 -c--a-w- c:\windows\system32\win32k.sys
2011-03-02 12:35 . 2011-03-02 12:35 2832544 -c--a-w- c:\program files\install_flash_player.exe
2011-02-22 23:08 . 2004-08-18 08:00 916480 -c--a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08 . 2004-08-18 08:00 43520 -c----w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08 . 2004-08-18 08:00 1469440 -c--a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-18 08:00 385024 -c----w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2004-08-18 08:00 455936 -c--a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-18 08:00 357888 -c--a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 05:25 5632 -c--a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-08-18 08:00 290432 -c--a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2004-08-18 08:00 270848 -c--a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-18 08:00 186880 -c--a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2004-08-18 08:00 978944 -c--a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-18 08:00 974848 -c--a-w- c:\windows\system32\mfc42u.dll
2011-02-02 19:40 . 2010-06-29 12:07 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2011-02-02 17:19 . 2010-06-29 12:07 73728 -c--a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2004-08-18 08:00 2067456 -c--a-w- c:\windows\system32\mstscax.dll
2010-12-29 18:33 . 2010-12-29 18:33 6275960 -c--a-w- c:\program files\Silverlight.exe
2007-09-20 02:45 . 2010-05-28 17:28 90112 -c--a-r- c:\program files\axesstel.dll
2007-09-20 02:45 . 2010-05-28 17:28 118784 -c--a-r- c:\program files\MSP_Uninstall.exe
2007-03-22 14:43 . 2007-03-22 14:43 4847104 -c--a-w- c:\program files\openofficeorg22.msi
2007-03-22 14:43 . 2007-03-22 14:43 1821008 -c--a-w- c:\program files\instmsiw.exe
2007-03-22 14:43 . 2007-03-22 14:43 1707856 -c--a-w- c:\program files\instmsia.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-30_17.16.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-30 21:06 . 2011-04-30 21:06 16384 c:\windows\temp\Perflib_Perfdata_9fc.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 -c--a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-12-16 2402512]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2007-01-05 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-31 122940]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-02-15 892928]
"EPSON Stylus C42 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-02-19 74240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]
"AGRSMMSG"="AGRSMMSG.exe" [2006-01-30 88203]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-01-23 802816]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-15 581693]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 18:41 40960 -c--a-w- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Axesstel\\Axesstel Manager\\Axesstel_manager.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4:TCP"= 4:TCP:02
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [30.4.2011 19:00 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28.5.2010 17:58 307288]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [18.8.2004 10:00 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.5.2010 17:58 19544]
R3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\drivers\axtmvflt.sys [28.5.2010 19:28 3456]
R3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\drivers\axtmvmdm.sys [28.5.2010 19:28 40064]
R3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\drivers\axtmvprt.sys [28.5.2010 19:28 38784]
S2 gupdate1caff6e38d99730;Služba Google Update (gupdate1caff6e38d99730);c:\program files\Google\Update\GoogleUpdate.exe [29.5.2010 22:33 133104]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29.5.2010 22:33 133104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-29 20:33]
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-29 20:33]
.
2011-04-30 c:\windows\Tasks\User_Feed_Synchronization-{792DC8FC-E672-4126-B13F-6618664CCF59}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: {E5C171CC-641E-4867-861C-2F348C275DED} = 160.218.167.5 194.228.211.33
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\ucdotju9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatche ... 60076&qkw=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-30 23:30
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????S??????(?@???????@
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-795763587-4109242249-2356022673-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,c5,ae,da,09,31,c7,43,b3,e8,c4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,c5,ae,da,09,31,c7,43,b3,e8,c4,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,c5,ae,da,09,31,c7,43,b3,e8,c4,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(948)
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
.
- - - - - - - > 'explorer.exe'(1084)
c:\program files\HPQ\IAM\Bin\SFSShell.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-04-30 23:35:00
ComboFix-quarantined-files.txt 2011-04-30 21:34
ComboFix2.txt 2011-04-30 18:49
ComboFix3.txt 2011-04-30 17:25
.
Před spuštěním: Volných bajtů: 40 892 100 608
Po spuštění: Volných bajtů: 40 885 829 632
.
- - End Of File - - 89A3E3674874C02873F4C671763C6781

Příspěvekod **Žbeky** » 01 kvě 2011 09:09

Opět jsi to spustil bez skeiptu pouhým poklepáním... Normálně to udělej s tím txt skriptem jak poprvé co jsem ho tu psal, ale v nouzáku

papax · Příspěvekod **papax** » 01 kvě 2011 09:13

Zdravím. Nyní probíhá start přes tři černá okna a plocha se zapíná dvakrát s jedním přerušením. Při opětovném vložení logu do Combofixu začat tento pracovat a po krátké chvilce nastal samovolný restart PC tak jako včera. Co mám s tím udělat? Co bylo vygenerováno jsem sem dal. Jsem začátečník a děkuji za přízeň. Jdu to zkusit znovu přes nouzový režim.
Papax

papax · Příspěvekod **papax** » 01 kvě 2011 09:36

ComboFix 11-04-30.02 - Administrator 01.05.2011 9:23.4.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1527.1253 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-01 do 2011-05-01 )))))))))))))))))))))))))))))))
.
.
2011-04-30 17:00 . 2011-04-18 17:17 441176 -c--a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-30 15:11 . 2011-04-30 15:11 -------- dc----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2011-04-30 15:11 . 2011-04-30 15:11 -------- dc----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-04-30 15:11 . 2010-12-20 16:09 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-30 15:11 . 2011-04-30 15:27 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-30 15:11 . 2010-12-20 16:08 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-04-30 15:00 . 2011-04-30 15:00 50688 -c--a-w- c:\program files\ATF-Cleaner.exe
2011-04-30 06:27 . 2011-04-30 06:27 388096 -c--a-r- c:\documents and settings\Administrator\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-30 06:27 . 2011-04-30 06:27 -------- dc----w- c:\program files\Trend Micro
2011-04-28 12:10 . 2011-04-28 12:10 6963080 -c--a-w- c:\program files\Mozilla Firefox\Superovladac_5b8bc4b61c5b43ea867ac319d426e9e8_.exe
2011-04-28 07:31 . 2011-04-28 07:31 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Apple Computer
2011-04-28 07:31 . 2011-04-28 07:31 1409 -c--a-w- c:\windows\QTFont.for
2011-04-25 06:37 . 2011-04-25 06:40 12418248 -c--a-w- c:\program files\Mozilla Firefox\Firefox Setup 4.0.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-18 17:25 . 2010-06-29 11:49 40112 -c--a-w- c:\windows\avastSS.scr
2011-04-18 17:25 . 2010-05-28 15:58 199304 -c--a-w- c:\windows\system32\aswBoot.exe
2011-04-18 17:17 . 2010-05-28 15:58 307288 -c--a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-18 17:16 . 2010-05-28 15:58 49240 -c--a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-18 17:16 . 2010-05-28 15:58 102488 -c--a-w- c:\windows\system32\drivers\aswmon2.sys
2011-04-18 17:16 . 2010-05-28 15:58 96344 -c--a-w- c:\windows\system32\drivers\aswmon.sys
2011-04-18 17:13 . 2010-05-28 15:58 25432 -c--a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-18 17:13 . 2010-05-28 15:58 30680 -c--a-w- c:\windows\system32\drivers\aavmker4.sys
2011-04-18 17:12 . 2010-05-28 15:58 19544 -c--a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-07 05:33 . 2004-08-18 08:00 692736 -c--a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2004-08-18 08:00 420864 -c--a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2004-08-18 08:00 1857920 -c--a-w- c:\windows\system32\win32k.sys
2011-03-02 12:35 . 2011-03-02 12:35 2832544 -c--a-w- c:\program files\install_flash_player.exe
2011-02-22 23:08 . 2004-08-18 08:00 916480 -c--a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08 . 2004-08-18 08:00 43520 -c----w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08 . 2004-08-18 08:00 1469440 -c--a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-18 08:00 385024 -c----w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2004-08-18 08:00 455936 -c--a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-18 08:00 357888 -c--a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 05:25 5632 -c--a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-08-18 08:00 290432 -c--a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2004-08-18 08:00 270848 -c--a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-18 08:00 186880 -c--a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2004-08-18 08:00 978944 -c--a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-18 08:00 974848 -c--a-w- c:\windows\system32\mfc42u.dll
2011-02-02 19:40 . 2010-06-29 12:07 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2011-02-02 17:19 . 2010-06-29 12:07 73728 -c--a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2004-08-18 08:00 2067456 -c--a-w- c:\windows\system32\mstscax.dll
2010-12-29 18:33 . 2010-12-29 18:33 6275960 -c--a-w- c:\program files\Silverlight.exe
2007-09-20 02:45 . 2010-05-28 17:28 90112 -c--a-r- c:\program files\axesstel.dll
2007-09-20 02:45 . 2010-05-28 17:28 118784 -c--a-r- c:\program files\MSP_Uninstall.exe
2007-03-22 14:43 . 2007-03-22 14:43 4847104 -c--a-w- c:\program files\openofficeorg22.msi
2007-03-22 14:43 . 2007-03-22 14:43 1821008 -c--a-w- c:\program files\instmsiw.exe
2007-03-22 14:43 . 2007-03-22 14:43 1707856 -c--a-w- c:\program files\instmsia.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 -c--a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-12-16 2402512]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2007-01-05 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-31 122940]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-02-15 892928]
"EPSON Stylus C42 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-02-19 74240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]
"AGRSMMSG"="AGRSMMSG.exe" [2006-01-30 88203]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-01-23 802816]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-15 581693]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 18:41 40960 -c--a-w- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Axesstel\\Axesstel Manager\\Axesstel_manager.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4:TCP"= 4:TCP:02
.
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [30.4.2011 19:00 441176]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28.5.2010 17:58 307288]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [18.8.2004 10:00 14336]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.5.2010 17:58 19544]
S2 gupdate1caff6e38d99730;Služba Google Update (gupdate1caff6e38d99730);c:\program files\Google\Update\GoogleUpdate.exe [29.5.2010 22:33 133104]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\drivers\axtmvflt.sys [28.5.2010 19:28 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\drivers\axtmvmdm.sys [28.5.2010 19:28 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\drivers\axtmvprt.sys [28.5.2010 19:28 38784]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29.5.2010 22:33 133104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel
.
Obsah adresáře 'Naplánované úlohy'
.
2011-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-29 20:33]
.
2011-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-29 20:33]
.
2011-04-30 c:\windows\Tasks\User_Feed_Synchronization-{792DC8FC-E672-4126-B13F-6618664CCF59}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\ucdotju9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatche ... 60076&qkw=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-01 09:28
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????S??????(?@???????@
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-795763587-4109242249-2356022673-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,c5,ae,da,09,31,c7,43,b3,e8,c4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,c5,ae,da,09,31,c7,43,b3,e8,c4,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,c5,ae,da,09,31,c7,43,b3,e8,c4,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(260)
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
.
- - - - - - - > 'explorer.exe'(1384)
c:\program files\HPQ\IAM\Bin\SFSShell.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
.
Celkový čas: 2011-05-01 09:30:01
ComboFix-quarantined-files.txt 2011-05-01 07:29
ComboFix2.txt 2011-04-30 21:35
ComboFix3.txt 2011-04-30 18:49
ComboFix4.txt 2011-04-30 17:25
.
Před spuštěním: Volných bajtů: 42 566 332 416
Po spuštění: Volných bajtů: 42 554 839 040
.
- - End Of File - - 62B84FE25A2EB9981A38940F17D445B4

Příspěvekod **Žbeky** » 01 kvě 2011 09:52

Já už nevím jak ti to mám říct... Vjedeš do nouzáku a podle tohoto viewtopic.php?f=70&t=67037#p491562 uděláš ten skript, přetáhneš ho nad CF a pustíš. Zatím to pochopili všichni, kdo o kontrolu žádali

guest · Příspěvekod **guest** » 01 kvě 2011 10:03

Zde to máš znázorněné graficky:

papax · Příspěvekod **papax** » 01 kvě 2011 10:47

ComboFix 11-04-30.02 - Administrator 01.05.2011 10:30:58.6.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1527.1268 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\program files\Mozilla Firefox\Superovladac_5b8bc4b61c5b43ea867ac319d426e9e8_.exe"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-01 do 2011-05-01 )))))))))))))))))))))))))))))))
.
.
2011-04-30 17:00 . 2011-04-18 17:17 441176 -c--a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-30 15:11 . 2011-04-30 15:11 -------- dc----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2011-04-30 15:11 . 2011-04-30 15:11 -------- dc----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-04-30 15:11 . 2010-12-20 16:09 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-30 15:11 . 2011-04-30 15:27 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-30 15:11 . 2010-12-20 16:08 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-04-30 15:00 . 2011-04-30 15:00 50688 -c--a-w- c:\program files\ATF-Cleaner.exe
2011-04-30 06:27 . 2011-04-30 06:27 388096 -c--a-r- c:\documents and settings\Administrator\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-30 06:27 . 2011-04-30 06:27 -------- dc----w- c:\program files\Trend Micro
2011-04-28 07:31 . 2011-04-28 07:31 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Apple Computer
2011-04-28 07:31 . 2011-04-28 07:31 1409 -c--a-w- c:\windows\QTFont.for
2011-04-25 06:37 . 2011-04-25 06:40 12418248 -c--a-w- c:\program files\Mozilla Firefox\Firefox Setup 4.0.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-18 17:25 . 2010-06-29 11:49 40112 -c--a-w- c:\windows\avastSS.scr
2011-04-18 17:25 . 2010-05-28 15:58 199304 -c--a-w- c:\windows\system32\aswBoot.exe
2011-04-18 17:17 . 2010-05-28 15:58 307288 -c--a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-18 17:16 . 2010-05-28 15:58 49240 -c--a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-18 17:16 . 2010-05-28 15:58 102488 -c--a-w- c:\windows\system32\drivers\aswmon2.sys
2011-04-18 17:16 . 2010-05-28 15:58 96344 -c--a-w- c:\windows\system32\drivers\aswmon.sys
2011-04-18 17:13 . 2010-05-28 15:58 25432 -c--a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-18 17:13 . 2010-05-28 15:58 30680 -c--a-w- c:\windows\system32\drivers\aavmker4.sys
2011-04-18 17:12 . 2010-05-28 15:58 19544 -c--a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-07 05:33 . 2004-08-18 08:00 692736 -c--a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2004-08-18 08:00 420864 -c--a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2004-08-18 08:00 1857920 -c--a-w- c:\windows\system32\win32k.sys
2011-03-02 12:35 . 2011-03-02 12:35 2832544 -c--a-w- c:\program files\install_flash_player.exe
2011-02-22 23:08 . 2004-08-18 08:00 916480 -c--a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08 . 2004-08-18 08:00 43520 -c----w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08 . 2004-08-18 08:00 1469440 -c--a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-18 08:00 385024 -c----w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2004-08-18 08:00 455936 -c--a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-18 08:00 357888 -c--a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 05:25 5632 -c--a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-08-18 08:00 290432 -c--a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2004-08-18 08:00 270848 -c--a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-18 08:00 186880 -c--a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2004-08-18 08:00 978944 -c--a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-18 08:00 974848 -c--a-w- c:\windows\system32\mfc42u.dll
2011-02-02 19:40 . 2010-06-29 12:07 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2011-02-02 17:19 . 2010-06-29 12:07 73728 -c--a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2004-08-18 08:00 2067456 -c--a-w- c:\windows\system32\mstscax.dll
2010-12-29 18:33 . 2010-12-29 18:33 6275960 -c--a-w- c:\program files\Silverlight.exe
2007-09-20 02:45 . 2010-05-28 17:28 90112 -c--a-r- c:\program files\axesstel.dll
2007-09-20 02:45 . 2010-05-28 17:28 118784 -c--a-r- c:\program files\MSP_Uninstall.exe
2007-03-22 14:43 . 2007-03-22 14:43 4847104 -c--a-w- c:\program files\openofficeorg22.msi
2007-03-22 14:43 . 2007-03-22 14:43 1821008 -c--a-w- c:\program files\instmsiw.exe
2007-03-22 14:43 . 2007-03-22 14:43 1707856 -c--a-w- c:\program files\instmsia.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-30_17.16.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-01 08:37 . 2011-05-01 08:37 16384 c:\windows\temp\Perflib_Perfdata_cc.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 -c--a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-12-16 2402512]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2007-01-05 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-31 122940]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-02-15 892928]
"EPSON Stylus C42 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-02-19 74240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]
"AGRSMMSG"="AGRSMMSG.exe" [2006-01-30 88203]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-01-23 802816]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-15 581693]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 18:41 40960 -c--a-w- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Axesstel\\Axesstel Manager\\Axesstel_manager.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [30.4.2011 19:00 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28.5.2010 17:58 307288]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [18.8.2004 10:00 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.5.2010 17:58 19544]
R3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\drivers\axtmvflt.sys [28.5.2010 19:28 3456]
R3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\drivers\axtmvmdm.sys [28.5.2010 19:28 40064]
R3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\drivers\axtmvprt.sys [28.5.2010 19:28 38784]
S2 gupdate1caff6e38d99730;Služba Google Update (gupdate1caff6e38d99730);c:\program files\Google\Update\GoogleUpdate.exe [29.5.2010 22:33 133104]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29.5.2010 22:33 133104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel
.
Obsah adresáře 'Naplánované úlohy'
.
2011-05-01 c:\windows\Tasks\User_Feed_Synchronization-{792DC8FC-E672-4126-B13F-6618664CCF59}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\ucdotju9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-01 10:37
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????S??????(?@???????@
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-795763587-4109242249-2356022673-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,c5,ae,da,09,31,c7,43,b3,e8,c4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,c5,ae,da,09,31,c7,43,b3,e8,c4,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,c5,ae,da,09,31,c7,43,b3,e8,c4,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(936)
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
.
- - - - - - - > 'explorer.exe'(2580)
c:\program files\HPQ\IAM\Bin\SFSShell.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\HPQ\IAM\bin\asghost.exe
c:\windows\system32\msdtc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
.
**************************************************************************
.
Celkový čas: 2011-05-01 10:42:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-05-01 08:42
ComboFix2.txt 2011-05-01 08:17
ComboFix3.txt 2011-05-01 07:30
ComboFix4.txt 2011-04-30 21:35
ComboFix5.txt 2011-05-01 08:30
.
Před spuštěním: Volných bajtů: 42 549 968 896
Po spuštění: Volných bajtů: 40 930 983 936
.
- - End Of File - - CDB1EBF84FB17BC351BDC28A4BDE86FA

papax · Příspěvekod **papax** » 01 kvě 2011 10:50

Blue Spirit píše:Zde to máš znázorněné graficky:

snad to už budu mít dobře.
zapoměl jsem si udělat na plochu ten CFS skript. babička mě krmí uši blbostmi a nesoustředil jsem se. Díky za trpělivou schovívavost.Papax

Příspěvekod **Žbeky** » 01 kvě 2011 11:27

Sláva nazdar výletu, nezmokli jsme a skript byl spuštěn

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials

+ Nový log z HJT

Jak se chová PC?

papax · Příspěvekod **papax** » 01 kvě 2011 12:20

nemohu nijak odinstalovat ComboFix zadám start ,spustit, napíšu ComboFix/uninstall, začne se načítat a zárověň se zapnou ochrany Avastu. Když Avast vypnu, začne se ComboFix načítat v malém obdélníčku je označení, ale skončí a nic se neděje. Jak to vyřešit prosím?

Příspěvekod **Žbeky** » 01 kvě 2011 12:30

před lomítkem má být mezera

po startu win xp se na ploše otevřou dokumenty Vyřešeno

Re: po startu win xp se na ploše otevřou dokumenty

Re: po startu win xp se na ploše otevřou dokumenty

Re: po startu win xp se na ploše otevřou dokumenty

Re: po startu win xp se na ploše otevřou dokumenty

Re: po startu win xp se na ploše otevřou dokumenty

Re: po startu win xp se na ploše otevřou dokumenty

Re: po startu win xp se na ploše otevřou dokumenty

Re: po startu win xp se na ploše otevřou dokumenty

Re: po startu win xp se na ploše otevřou dokumenty

Re: po startu win xp se na ploše otevřou dokumenty

Re: po startu win xp se na ploše otevřou dokumenty

Re: po startu win xp se na ploše otevřou dokumenty

Kdo je online