Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 14:18:18, on 15.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\HiJackThis\TrendMicro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15187&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6371] command.com /c del "C:\Documents and Settings\Admin\Local Settings\Temp\herss.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5008] cmd.exe /c del "C:\Documents and Settings\Admin\Local Settings\Temp\herss.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus SX400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE /FU "C:\WINDOWS\TEMP\E_S102.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus SX400 Series (kopie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE /FU "C:\WINDOWS\TEMP\E_S109.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB1856] command.com /c del "C:\Documents and Settings\Admin\Local Settings\Temp\herss.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3689] cmd.exe /c del "C:\Documents and Settings\Admin\Local Settings\Temp\herss.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Search - ?p=ZCxdm490YYCZ
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1AE23F24-D3E4-4C57-8468-6618B9B8B70F} (ICASign Class) - https://maxhbps.postovnisporitelna.cz/c ... gnerCZ.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {461A37E7-17B3-40E3-B6BB-7CAEC732C9E4} (CSOBEnroll Class) - https://maxibps.postovnisporitelna.cz/C ... Enroll.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {B10CBD8D-F9B6-11CF-9B38-0080AD11B667} (Ikonic Button Control) - http://www.spszr.cz/~blazicek/Vypocty/S ... cntrls.cab
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - Autodesk - C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba Google Update (gupdate1ca3bae65f27afe) (gupdate1ca3bae65f27afe) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program Files\MATLAB\R2006a\webserver\bin\win32\matlabserver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O24 - Desktop Component 0: (no name) - http://tbn0.google.com/images?q=tbn:_-p ... o-logo.png
O24 - Desktop Component 1: (no name) - http://tbn0.google.com/images?q=tbn:vQA ... 9-Volvo_(1)_red.jpg
O24 - Desktop Component 10: (no name) - http://tbn0.google.com/images?q=tbn:4RT ... o20062.jpg
O24 - Desktop Component 2: (no name) - http://tbn0.google.com/images?q=tbn:BzP ... 2006_2.jpg
O24 - Desktop Component 3: (no name) - http://tbn0.google.com/images?q=tbn:Swc ... -Volvo.jpg
O24 - Desktop Component 4: (no name) - http://tbn0.google.com/images?q=tbn:6pk ... sign-1.jpg
O24 - Desktop Component 5: (no name) - http://tbn0.google.com/images?q=tbn:jgK ... xc6022.jpg
O24 - Desktop Component 6: (no name) - http://tbn0.google.com/images?q=tbn:Fgf ... 643724.jpg
O24 - Desktop Component 7: (no name) - http://tbn0.google.com/images?q=tbn:JYk ... o_xc90.jpg
O24 - Desktop Component 8: (no name) - http://tbn0.google.com/images?q=tbn:6ZC ... ico-02.jpg
O24 - Desktop Component 9: (no name) - http://tbn3.google.com/images?q=tbn:qeO ... s/saab.jpg
--
End of file - 13808 bytes
Log v HiJackThis Vyřešeno
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43295
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Log v HiJackThis
Odinstaluj:
ICQToolBar
DAEMON Tools Toolbar
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
ICQToolBar
DAEMON Tools Toolbar
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Kód: Vybrat vše
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15187&l=dis
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\RunOnce: [SpybotDeletingA6371] command.com /c del "C:\Documents and Settings\Admin\Local Settings\Temp\herss.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5008] cmd.exe /c del "C:\Documents and Settings\Admin\Local Settings\Temp\herss.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1856] command.com /c del "C:\Documents and Settings\Admin\Local Settings\Temp\herss.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3689] cmd.exe /c del "C:\Documents and Settings\Admin\Local Settings\Temp\herss.exe"
O8 - Extra context menu item: &Search - ?p=ZCxdm490YYCZ
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {B10CBD8D-F9B6-11CF-9B38-0080AD11B667} (Ikonic Button Control) - http://www.spszr.cz/~blazicek/Vypocty/S ... cntrls.cab
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cab
O24 - Desktop Component 0: (no name) - http://tbn0.google.com/images?q=tbn:_-p ... o-logo.png
O24 - Desktop Component 1: (no name) - http://tbn0.google.com/images?q=tbn:vQA ... 9-Volvo_(1)_red.jpg
O24 - Desktop Component 10: (no name) - http://tbn0.google.com/images?q=tbn:4RT ... o20062.jpg
O24 - Desktop Component 2: (no name) - http://tbn0.google.com/images?q=tbn:BzP ... 2006_2.jpg
O24 - Desktop Component 3: (no name) - http://tbn0.google.com/images?q=tbn:Swc ... -Volvo.jpg
O24 - Desktop Component 4: (no name) - http://tbn0.google.com/images?q=tbn:6pk ... sign-1.jpg
O24 - Desktop Component 5: (no name) - http://tbn0.google.com/images?q=tbn:jgK ... xc6022.jpg
O24 - Desktop Component 6: (no name) - http://tbn0.google.com/images?q=tbn:Fgf ... 643724.jpg
O24 - Desktop Component 7: (no name) - http://tbn0.google.com/images?q=tbn:JYk ... o_xc90.jpg
O24 - Desktop Component 8: (no name) - http://tbn0.google.com/images?q=tbn:6ZC ... ico-02.jpg
O24 - Desktop Component 9: (no name) - http://tbn3.google.com/images?q=tbn:qeO ... s/saab.jpg
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Log v HiJackThis
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3741
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
15.2.2010 19:35:13
mbam-log-2010-02-15 (19-35-04).txt
Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 118489
Uplynulý čas: 5 minute(s), 6 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 28
Infikované hodnoty registru: 1
Infikované datové položky registru: 1
Infikované adresáře: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)
Verze databáze: 3741
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
15.2.2010 19:35:13
mbam-log-2010-02-15 (19-35-04).txt
Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 118489
Uplynulý čas: 5 minute(s), 6 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 28
Infikované hodnoty registru: 1
Infikované datové položky registru: 1
Infikované adresáře: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Log v HiJackThis
Zatím to vezmu za jaro3.
Takže spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Konec
Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Takže spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Konec
Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Log v HiJackThis
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3741
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
15.2.2010 22:13:31
mbam-log-2010-02-15 (22-13-31).txt
Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 118354
Uplynulý čas: 3 minute(s), 28 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 28
Infikované hodnoty registru: 1
Infikované datové položky registru: 1
Infikované adresáře: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)
po provedeni Malwarebytes
Verze databáze: 3741
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
15.2.2010 22:13:31
mbam-log-2010-02-15 (22-13-31).txt
Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 118354
Uplynulý čas: 3 minute(s), 28 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 28
Infikované hodnoty registru: 1
Infikované datové položky registru: 1
Infikované adresáře: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)
po provedeni Malwarebytes
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Log v HiJackThis
Výborně, teď ComboFix.
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Log v HiJackThis
ComboFix 10-02-12.01 - Admin 15.02.2010 22:36:55.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3070.2532 [GMT 1:00]
Spuštěný z: c:\documents and settings\Admin\Dokumenty\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100215-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Thumbs.db
c:\windows\Downloaded Program Files\IDropPTB.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-15 do 2010-02-15 )))))))))))))))))))))))))))))))
.
2010-02-15 18:28 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-15 18:28 . 2010-02-15 18:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-15 18:28 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-12 20:17 . 2010-02-12 20:17 2287104 ----a-w- c:\windows\system32\TUKernel.exe
2010-02-11 14:03 . 2010-02-11 14:03 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2010-02-11 14:03 . 2009-07-15 09:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2010-02-11 14:03 . 2010-02-11 14:03 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-02-09 21:43 . 2009-12-14 07:10 33280 -c----w- c:\windows\system32\dllcache\csrsrv.dll
2010-02-08 20:41 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-02-08 19:52 . 2010-02-15 21:32 -------- d-----w- c:\program files\Common Files\Akamai
2010-01-29 16:13 . 2010-01-29 16:13 -------- d-----w- c:\program files\LucasArts
2010-01-26 15:35 . 2010-02-12 15:31 -------- d-----w- c:\program files\Battle for Wesnoth 1.7.12-1.8beta5
2010-01-24 11:29 . 2002-04-22 07:15 4284416 ----a-r- c:\windows\uncsetup.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-15 18:25 . 2008-07-09 14:59 -------- d-----w- c:\program files\ICQToolbar
2010-02-15 09:30 . 2008-07-03 21:04 103171 ----a-w- c:\windows\system32\nvModes.dat
2010-02-12 15:21 . 2008-07-03 21:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-11 14:03 . 2009-12-17 19:14 -------- d-----w- c:\program files\TuneUp Utilities 2009
2010-02-10 19:16 . 2009-03-15 17:20 -------- d-----w- c:\program files\ICQ6.5
2010-02-07 20:53 . 2009-12-17 11:43 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-04 14:26 . 2009-09-13 15:54 -------- d-----w- c:\program files\GameSpy Arcade
2010-01-30 18:01 . 2008-11-20 19:34 -------- d-----w- c:\program files\The KMPlayer
2009-12-31 16:50 . 2007-08-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2007-08-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2008-07-03 20:40 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2007-08-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-13 17:11 . 2007-08-02 12:00 90434 ----a-w- c:\windows\system32\perfc005.dat
2009-12-13 17:11 . 2007-08-02 12:00 455900 ----a-w- c:\windows\system32\perfh005.dat
2009-12-09 10:11 . 2007-08-02 12:00 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2025984 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2007-08-02 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-01 14:31 . 2008-10-15 09:18 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-27 17:14 . 2007-08-02 12:00 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 15:49 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2007-08-02 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2007-08-02 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:09 . 2007-08-02 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 15:49 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-24 23:54 . 2009-11-22 20:28 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-11-22 20:28 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2009-11-22 20:29 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-11-22 20:29 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-11-22 20:28 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-11-22 20:28 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 16:03 . 2007-08-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-11-14 10:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-11-14 10:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVHotkey"="nvHotkey.dll" [2008-06-09 90112]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-06 16855552]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-11-14 49416]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13537280]
"nwiz"="nwiz.exe" [2008-06-09 1630208]
"NvMediaCenter"="NvMCTray.dll" [2008-06-09 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-11 2150400]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-11-14 10:07 96008 ----a-w- c:\windows\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"webHancer Agent"="c:\program files\webHancer\Programs\whAgent.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Maple 10\\jre\\bin\\maple.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [22.11.2009 21:28 114768]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2.8.2007 13:00 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22.11.2009 21:28 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [15.3.2009 18:26 222456]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [3.7.2008 22:13 48472]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [3.7.2008 22:13 43480]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.9.2009 15:28 721904]
S2 gupdate1ca3bae65f27afe;Služba Google Update (gupdate1ca3bae65f27afe);c:\program files\Google\Update\GoogleUpdate.exe [22.9.2009 18:59 133104]
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;c:\program files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE [3.5.2005 20:42 323584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-02-15 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54]
2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-22 17:59]
2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-22 17:59]
2010-02-15 c:\windows\Tasks\User_Feed_Synchronization-{9CBBFB4F-B6C0-49F2-98CF-F6CDEEAB0AEB}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redi ... searchfor={searchTerms}
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
DPF: {1AE23F24-D3E4-4C57-8468-6618B9B8B70F} - hxxps://maxhbps.postovnisporitelna.cz/c ... gnerCZ.cab
DPF: {461A37E7-17B3-40E3-B6BB-7CAEC732C9E4} - hxxps://maxibps.postovnisporitelna.cz/C ... Enroll.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Inca Ball_is1 - f:\inca ball\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-15 22:40
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3647.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3647.dll"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1304)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infql2.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\qlbase.dll
c:\windows\System32\BCMLogon.dll
- - - - - - - > 'lsass.exe'(1380)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infql2.dll
.
Celkový čas: 2010-02-15 22:41:28
ComboFix-quarantined-files.txt 2010-02-15 21:41
Před spuštěním: Volných bajtů: 192 615 526 400
Po spuštění: Volných bajtů: 192 619 741 184
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=DA6R53
- - End Of File - - 273B730CDC498D36886BCBE986A9964A
Tak tady je combofix
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3070.2532 [GMT 1:00]
Spuštěný z: c:\documents and settings\Admin\Dokumenty\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100215-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Thumbs.db
c:\windows\Downloaded Program Files\IDropPTB.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-15 do 2010-02-15 )))))))))))))))))))))))))))))))
.
2010-02-15 18:28 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-15 18:28 . 2010-02-15 18:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-15 18:28 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-12 20:17 . 2010-02-12 20:17 2287104 ----a-w- c:\windows\system32\TUKernel.exe
2010-02-11 14:03 . 2010-02-11 14:03 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2010-02-11 14:03 . 2009-07-15 09:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2010-02-11 14:03 . 2010-02-11 14:03 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-02-09 21:43 . 2009-12-14 07:10 33280 -c----w- c:\windows\system32\dllcache\csrsrv.dll
2010-02-08 20:41 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-02-08 19:52 . 2010-02-15 21:32 -------- d-----w- c:\program files\Common Files\Akamai
2010-01-29 16:13 . 2010-01-29 16:13 -------- d-----w- c:\program files\LucasArts
2010-01-26 15:35 . 2010-02-12 15:31 -------- d-----w- c:\program files\Battle for Wesnoth 1.7.12-1.8beta5
2010-01-24 11:29 . 2002-04-22 07:15 4284416 ----a-r- c:\windows\uncsetup.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-15 18:25 . 2008-07-09 14:59 -------- d-----w- c:\program files\ICQToolbar
2010-02-15 09:30 . 2008-07-03 21:04 103171 ----a-w- c:\windows\system32\nvModes.dat
2010-02-12 15:21 . 2008-07-03 21:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-11 14:03 . 2009-12-17 19:14 -------- d-----w- c:\program files\TuneUp Utilities 2009
2010-02-10 19:16 . 2009-03-15 17:20 -------- d-----w- c:\program files\ICQ6.5
2010-02-07 20:53 . 2009-12-17 11:43 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-04 14:26 . 2009-09-13 15:54 -------- d-----w- c:\program files\GameSpy Arcade
2010-01-30 18:01 . 2008-11-20 19:34 -------- d-----w- c:\program files\The KMPlayer
2009-12-31 16:50 . 2007-08-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2007-08-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2008-07-03 20:40 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2007-08-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-13 17:11 . 2007-08-02 12:00 90434 ----a-w- c:\windows\system32\perfc005.dat
2009-12-13 17:11 . 2007-08-02 12:00 455900 ----a-w- c:\windows\system32\perfh005.dat
2009-12-09 10:11 . 2007-08-02 12:00 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2025984 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2007-08-02 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-01 14:31 . 2008-10-15 09:18 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-27 17:14 . 2007-08-02 12:00 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 15:49 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2007-08-02 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2007-08-02 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:09 . 2007-08-02 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 15:49 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-24 23:54 . 2009-11-22 20:28 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-11-22 20:28 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2009-11-22 20:29 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-11-22 20:29 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-11-22 20:28 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-11-22 20:28 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 16:03 . 2007-08-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-11-14 10:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-11-14 10:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVHotkey"="nvHotkey.dll" [2008-06-09 90112]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-06 16855552]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-11-14 49416]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13537280]
"nwiz"="nwiz.exe" [2008-06-09 1630208]
"NvMediaCenter"="NvMCTray.dll" [2008-06-09 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-11 2150400]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-11-14 10:07 96008 ----a-w- c:\windows\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"webHancer Agent"="c:\program files\webHancer\Programs\whAgent.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Maple 10\\jre\\bin\\maple.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [22.11.2009 21:28 114768]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2.8.2007 13:00 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22.11.2009 21:28 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [15.3.2009 18:26 222456]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [3.7.2008 22:13 48472]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [3.7.2008 22:13 43480]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.9.2009 15:28 721904]
S2 gupdate1ca3bae65f27afe;Služba Google Update (gupdate1ca3bae65f27afe);c:\program files\Google\Update\GoogleUpdate.exe [22.9.2009 18:59 133104]
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;c:\program files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE [3.5.2005 20:42 323584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-02-15 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54]
2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-22 17:59]
2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-22 17:59]
2010-02-15 c:\windows\Tasks\User_Feed_Synchronization-{9CBBFB4F-B6C0-49F2-98CF-F6CDEEAB0AEB}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redi ... searchfor={searchTerms}
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
DPF: {1AE23F24-D3E4-4C57-8468-6618B9B8B70F} - hxxps://maxhbps.postovnisporitelna.cz/c ... gnerCZ.cab
DPF: {461A37E7-17B3-40E3-B6BB-7CAEC732C9E4} - hxxps://maxibps.postovnisporitelna.cz/C ... Enroll.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Inca Ball_is1 - f:\inca ball\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-15 22:40
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3647.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3647.dll"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1304)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infql2.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\qlbase.dll
c:\windows\System32\BCMLogon.dll
- - - - - - - > 'lsass.exe'(1380)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infql2.dll
.
Celkový čas: 2010-02-15 22:41:28
ComboFix-quarantined-files.txt 2010-02-15 21:41
Před spuštěním: Volných bajtů: 192 615 526 400
Po spuštění: Volných bajtů: 192 619 741 184
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=DA6R53
- - End Of File - - 273B730CDC498D36886BCBE986A9964A
Tak tady je combofix
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43295
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Log v HiJackThis
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
File::
c:\windows\uncsetup.exe
c:\windows\system32\nvModes.dat
c:\program files\ICQToolbar
c:\windows\system32\d3d9caps.dat
DDS::
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redi ... searchfor={searchTerms}Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Log v HiJackThis
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3742
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
17.2.2010 17:14:55
mbam-log-2010-02-17 (17-14-55).txt
Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 1
Uplynulý čas: 3 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)
sorry, za spozdeni, jinac mam celkem problemy se startem PC, system nabiha celkem pomallu
Verze databáze: 3742
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
17.2.2010 17:14:55
mbam-log-2010-02-17 (17-14-55).txt
Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 1
Uplynulý čas: 3 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)
sorry, za spozdeni, jinac mam celkem problemy se startem PC, system nabiha celkem pomallu
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43295
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Log v HiJackThis
Nechtěl jsem MbAM , chtěl jsem udělat script v Combofixu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Log v HiJackThis
ComboFix 10-02-12.01 - Admin 18.02.2010 8:12.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3070.2537 [GMT 1:00]
Spuštěný z: c:\documents and settings\Admin\Dokumenty\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Admin\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100216-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\program files\ICQToolbar"
"c:\windows\system32\d3d9caps.dat"
"c:\windows\system32\nvModes.dat"
"c:\windows\uncsetup.exe"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\nvModes.dat
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-18 do 2010-02-18 )))))))))))))))))))))))))))))))
.
2010-02-16 19:31 . 2010-02-16 19:31 -------- d-----w- C:\Autodesk
2010-02-15 18:28 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-15 18:28 . 2010-02-15 18:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-15 18:28 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-12 20:17 . 2010-02-12 20:17 2287104 ----a-w- c:\windows\system32\TUKernel.exe
2010-02-11 14:03 . 2010-02-11 14:03 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2010-02-11 14:03 . 2009-07-15 09:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2010-02-11 14:03 . 2010-02-11 14:03 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-02-09 21:43 . 2009-12-14 07:10 33280 -c----w- c:\windows\system32\dllcache\csrsrv.dll
2010-02-08 20:41 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-02-08 19:52 . 2010-02-18 07:21 -------- d-----w- c:\program files\Common Files\Akamai
2010-01-29 16:13 . 2010-01-29 16:13 -------- d-----w- c:\program files\LucasArts
2010-01-26 15:35 . 2010-02-12 15:31 -------- d-----w- c:\program files\Battle for Wesnoth 1.7.12-1.8beta5
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-15 18:25 . 2008-07-09 14:59 -------- d-----w- c:\program files\ICQToolbar
2010-02-12 15:21 . 2008-07-03 21:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-11 14:03 . 2009-12-17 19:14 -------- d-----w- c:\program files\TuneUp Utilities 2009
2010-02-10 19:16 . 2009-03-15 17:20 -------- d-----w- c:\program files\ICQ6.5
2010-02-07 20:53 . 2009-12-17 11:43 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-04 14:26 . 2009-09-13 15:54 -------- d-----w- c:\program files\GameSpy Arcade
2010-01-30 18:01 . 2008-11-20 19:34 -------- d-----w- c:\program files\The KMPlayer
2009-12-31 16:50 . 2007-08-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2007-08-02 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2008-07-03 20:40 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2007-08-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-13 17:11 . 2007-08-02 12:00 90434 ----a-w- c:\windows\system32\perfc005.dat
2009-12-13 17:11 . 2007-08-02 12:00 455900 ----a-w- c:\windows\system32\perfh005.dat
2009-12-09 10:11 . 2007-08-02 12:00 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2007-08-02 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2007-08-02 12:00 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 15:49 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2007-08-02 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2007-08-02 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:09 . 2007-08-02 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 15:49 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-24 23:54 . 2009-11-22 20:28 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-11-22 20:28 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2009-11-22 20:29 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-11-22 20:29 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-11-22 20:28 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-11-22 20:28 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 16:03 . 2007-08-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-02-15_21.40.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-18 07:19 . 2010-02-18 07:19 16384 c:\windows\Temp\Perflib_Perfdata_d8.dat
+ 2010-02-18 06:56 . 2010-02-18 06:56 16384 c:\windows\Temp\Perflib_Perfdata_b0.dat
+ 2010-02-18 07:19 . 2010-02-18 07:19 16384 c:\windows\Temp\Perflib_Perfdata_90.dat
+ 2010-02-18 07:19 . 2010-02-18 07:19 16384 c:\windows\Temp\Perflib_Perfdata_498.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-11-14 10:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-11-14 10:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVHotkey"="nvHotkey.dll" [2008-06-09 90112]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-06 16855552]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-11-14 49416]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13537280]
"nwiz"="nwiz.exe" [2008-06-09 1630208]
"NvMediaCenter"="NvMCTray.dll" [2008-06-09 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"webHancer Agent"="c:\program files\webHancer\Programs\whAgent.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-11 2150400]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-11-14 10:07 96008 ----a-w- c:\windows\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"webHancer Agent"="c:\program files\webHancer\Programs\whAgent.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Maple 10\\jre\\bin\\maple.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.9.2009 15:28 721904]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [22.11.2009 21:28 114768]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2.8.2007 13:00 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22.11.2009 21:28 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [15.3.2009 18:26 222456]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [3.7.2008 22:13 48472]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [3.7.2008 22:13 43480]
S2 gupdate1ca3bae65f27afe;Služba Google Update (gupdate1ca3bae65f27afe);c:\program files\Google\Update\GoogleUpdate.exe [22.9.2009 18:59 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [15.2.2010 19:28 38224]
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;c:\program files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE [3.5.2005 20:42 323584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-02-18 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54]
2010-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-22 17:59]
2010-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-22 17:59]
2010-02-18 c:\windows\Tasks\User_Feed_Synchronization-{9CBBFB4F-B6C0-49F2-98CF-F6CDEEAB0AEB}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redi ... searchfor={searchTerms}
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
DPF: {1AE23F24-D3E4-4C57-8468-6618B9B8B70F} - hxxps://maxhbps.postovnisporitelna.cz/c ... gnerCZ.cab
DPF: {461A37E7-17B3-40E3-B6BB-7CAEC732C9E4} - hxxps://maxibps.postovnisporitelna.cz/C ... Enroll.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-18 08:21
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spao.sys >>UNKNOWN [0x8ACF9938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba90cf28
\Driver\ACPI -> ACPI.sys @ 0xba666cb8
\Driver\atapi -> atapi.sys @ 0xba5fbb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3647.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3647.dll"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1324)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infql2.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\qlbase.dll
c:\windows\System32\BCMLogon.dll
c:\program files\Protector Suite QL\otp.dll
c:\program files\Protector Suite QL\psqltray.dll
- - - - - - - > 'lsass.exe'(1400)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infql2.dll
- - - - - - - > 'explorer.exe'(1288)
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infql2.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
c:\program files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
c:\program files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\windows\System32\TUProgSt.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\rundll32.exe
c:\windows\RTHDCPL.EXE
c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
c:\program files\Protector Suite QL\psqltray.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\DEUTZE~1.SCR
.
**************************************************************************
.
Celkový čas: 2010-02-18 08:26:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-18 07:26
ComboFix2.txt 2010-02-17 16:57
ComboFix3.txt 2010-02-15 21:41
Před spuštěním: Volných bajtů: 187 521 851 392
Po spuštění: Volných bajtů: 187 467 194 368
- - End Of File - - 565433E736F4CB1CC103AEB8DD51186E
Jo jasne, sorry, jsem si toho vsim pozde
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3070.2537 [GMT 1:00]
Spuštěný z: c:\documents and settings\Admin\Dokumenty\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Admin\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100216-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\program files\ICQToolbar"
"c:\windows\system32\d3d9caps.dat"
"c:\windows\system32\nvModes.dat"
"c:\windows\uncsetup.exe"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\nvModes.dat
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-18 do 2010-02-18 )))))))))))))))))))))))))))))))
.
2010-02-16 19:31 . 2010-02-16 19:31 -------- d-----w- C:\Autodesk
2010-02-15 18:28 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-15 18:28 . 2010-02-15 18:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-15 18:28 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-12 20:17 . 2010-02-12 20:17 2287104 ----a-w- c:\windows\system32\TUKernel.exe
2010-02-11 14:03 . 2010-02-11 14:03 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2010-02-11 14:03 . 2009-07-15 09:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2010-02-11 14:03 . 2010-02-11 14:03 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-02-09 21:43 . 2009-12-14 07:10 33280 -c----w- c:\windows\system32\dllcache\csrsrv.dll
2010-02-08 20:41 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-02-08 19:52 . 2010-02-18 07:21 -------- d-----w- c:\program files\Common Files\Akamai
2010-01-29 16:13 . 2010-01-29 16:13 -------- d-----w- c:\program files\LucasArts
2010-01-26 15:35 . 2010-02-12 15:31 -------- d-----w- c:\program files\Battle for Wesnoth 1.7.12-1.8beta5
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-15 18:25 . 2008-07-09 14:59 -------- d-----w- c:\program files\ICQToolbar
2010-02-12 15:21 . 2008-07-03 21:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-11 14:03 . 2009-12-17 19:14 -------- d-----w- c:\program files\TuneUp Utilities 2009
2010-02-10 19:16 . 2009-03-15 17:20 -------- d-----w- c:\program files\ICQ6.5
2010-02-07 20:53 . 2009-12-17 11:43 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-04 14:26 . 2009-09-13 15:54 -------- d-----w- c:\program files\GameSpy Arcade
2010-01-30 18:01 . 2008-11-20 19:34 -------- d-----w- c:\program files\The KMPlayer
2009-12-31 16:50 . 2007-08-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2007-08-02 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2008-07-03 20:40 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2007-08-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-13 17:11 . 2007-08-02 12:00 90434 ----a-w- c:\windows\system32\perfc005.dat
2009-12-13 17:11 . 2007-08-02 12:00 455900 ----a-w- c:\windows\system32\perfh005.dat
2009-12-09 10:11 . 2007-08-02 12:00 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2007-08-02 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2007-08-02 12:00 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 15:49 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2007-08-02 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2007-08-02 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:09 . 2007-08-02 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 15:49 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-24 23:54 . 2009-11-22 20:28 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-11-22 20:28 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2009-11-22 20:29 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-11-22 20:29 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-11-22 20:28 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-11-22 20:28 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 16:03 . 2007-08-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-02-15_21.40.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-18 07:19 . 2010-02-18 07:19 16384 c:\windows\Temp\Perflib_Perfdata_d8.dat
+ 2010-02-18 06:56 . 2010-02-18 06:56 16384 c:\windows\Temp\Perflib_Perfdata_b0.dat
+ 2010-02-18 07:19 . 2010-02-18 07:19 16384 c:\windows\Temp\Perflib_Perfdata_90.dat
+ 2010-02-18 07:19 . 2010-02-18 07:19 16384 c:\windows\Temp\Perflib_Perfdata_498.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-11-14 10:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-11-14 10:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVHotkey"="nvHotkey.dll" [2008-06-09 90112]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-06 16855552]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-11-14 49416]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13537280]
"nwiz"="nwiz.exe" [2008-06-09 1630208]
"NvMediaCenter"="NvMCTray.dll" [2008-06-09 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"webHancer Agent"="c:\program files\webHancer\Programs\whAgent.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-11 2150400]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-11-14 10:07 96008 ----a-w- c:\windows\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"webHancer Agent"="c:\program files\webHancer\Programs\whAgent.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Maple 10\\jre\\bin\\maple.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.9.2009 15:28 721904]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [22.11.2009 21:28 114768]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2.8.2007 13:00 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22.11.2009 21:28 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [15.3.2009 18:26 222456]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [3.7.2008 22:13 48472]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [3.7.2008 22:13 43480]
S2 gupdate1ca3bae65f27afe;Služba Google Update (gupdate1ca3bae65f27afe);c:\program files\Google\Update\GoogleUpdate.exe [22.9.2009 18:59 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [15.2.2010 19:28 38224]
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;c:\program files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE [3.5.2005 20:42 323584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-02-18 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54]
2010-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-22 17:59]
2010-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-22 17:59]
2010-02-18 c:\windows\Tasks\User_Feed_Synchronization-{9CBBFB4F-B6C0-49F2-98CF-F6CDEEAB0AEB}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redi ... searchfor={searchTerms}
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
DPF: {1AE23F24-D3E4-4C57-8468-6618B9B8B70F} - hxxps://maxhbps.postovnisporitelna.cz/c ... gnerCZ.cab
DPF: {461A37E7-17B3-40E3-B6BB-7CAEC732C9E4} - hxxps://maxibps.postovnisporitelna.cz/C ... Enroll.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-18 08:21
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spao.sys >>UNKNOWN [0x8ACF9938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba90cf28
\Driver\ACPI -> ACPI.sys @ 0xba666cb8
\Driver\atapi -> atapi.sys @ 0xba5fbb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3647.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3647.dll"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1324)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infql2.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\qlbase.dll
c:\windows\System32\BCMLogon.dll
c:\program files\Protector Suite QL\otp.dll
c:\program files\Protector Suite QL\psqltray.dll
- - - - - - - > 'lsass.exe'(1400)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infql2.dll
- - - - - - - > 'explorer.exe'(1288)
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infql2.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
c:\program files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
c:\program files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\windows\System32\TUProgSt.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\rundll32.exe
c:\windows\RTHDCPL.EXE
c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
c:\program files\Protector Suite QL\psqltray.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\DEUTZE~1.SCR
.
**************************************************************************
.
Celkový čas: 2010-02-18 08:26:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-18 07:26
ComboFix2.txt 2010-02-17 16:57
ComboFix3.txt 2010-02-15 21:41
Před spuštěním: Volných bajtů: 187 521 851 392
Po spuštění: Volných bajtů: 187 467 194 368
- - End Of File - - 565433E736F4CB1CC103AEB8DD51186E
Jo jasne, sorry, jsem si toho vsim pozde
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43295
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Log v HiJackThis
Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře:
C:\mbr.exe -f
a dej Ok.mezi mbr.exe a -f je mezera
- pokud by tě bezpečnostní software upozornil na přepsání MBR tak to povol
- počkej až program proběhne a pak restartuj Pc
/////////////////////////////////////////////////////////////////////////////////////////////////
Ještě jeden script v CF.
Pak zase log z CF+HJT.
C:\mbr.exe -f
a dej Ok.mezi mbr.exe a -f je mezera
- pokud by tě bezpečnostní software upozornil na přepsání MBR tak to povol
- počkej až program proběhne a pak restartuj Pc
/////////////////////////////////////////////////////////////////////////////////////////////////
Ještě jeden script v CF.
Kód: Vybrat vše
Folder::
c:\program files\ICQToolbar
c:\program files\Common Files\Symantec Shared
DDS::
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redi ... searchfor={searchTerms}
Pak zase log z CF+HJT.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 94 hostů