Dobrý den, žádám o zkontrolování logu z RSIT.
Problém: avast hlásil nějakého trojana a další škodlivý software, přesunul jsem do truhly a později z ní i smazal. Zatím nový nehlásil. Dále při zapnutí Mozilly, nejde řádně nastavit domovská stránka a také se zapínají v novém okně stránky s nevhodným obsahem. Zpomalení počítače, ikdyž to nemůžu jistě přisuzovat té špíně.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Admin at 2009-11-15 16:07:13
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 97 GB (64%) free of 153 GB
Total RAM: 447 MB (28% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:07:42, on 15.11.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\bin\btwdins.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Admin\Plocha\RSIT.exe
C:\Program Files\trend micro\Admin.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.gamingharbor.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll
R3 - URLSearchHook: Softonic English TC Toolbar - {4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8} - C:\Program Files\Softonic_English_TC\tbSof1.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Documents and Settings\Admin\Dokumenty\BearShare MP3\Plugins\RazaWebHook.dll (file missing)
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.7.0.4550\NPIEAddOn.dll
O2 - BHO: Softonic English TC Toolbar - {4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8} - C:\Program Files\Softonic_English_TC\tbSof1.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: GamingHarbor Toolbar - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.2.21960\stb0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll
O3 - Toolbar: Softonic English TC Toolbar - {4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8} - C:\Program Files\Softonic_English_TC\tbSof1.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)
O3 - Toolbar: GamingHarbor Toolbar - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.2.21960\stb0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Documents and Settings\Admin\Dokumenty\BearShare MP3\BearShare MP3.exe" -tray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SmileyApp] C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.2.21960\stbapp.exe
O4 - HKLM\..\Policies\Explorer\Run: [Lsass Service] C:\Documents and Settings\Admin\Data aplikací\Microsoft\Windows\lsass.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZNxmk142YYCZ
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download with &Shareaza - res://C:\Documents and Settings\Admin\Dokumenty\BearShare MP3\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Documents and Settings\Admin\Plocha\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Documents and Settings\Admin\Plocha\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3245260704
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://icq.oberon-media.com/online//onl ... uncher.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/ ... 586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: c0017F62 - c0017F62.mat (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\bin\btwdins.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 13835 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton Security Scan for Admin.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EEDB912-C5FA-486F-8334-57288578C627}]
Shareaza Web Download Hook - C:\Documents and Settings\Admin\Dokumenty\BearShare MP3\Plugins\RazaWebHook.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
P2P Energy Toolbar - C:\Program Files\P2P_Energy\tbP2P1.dll [2009-07-27 2215960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35B8D58C-B0CB-46b0-BA64-05B3804E4E86}]
NP Helper Class - C:\Program Files\Internet Saving Optimizer\3.7.0.4550\NPIEAddOn.dll [2009-08-20 196608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}]
Softonic English TC Toolbar - C:\Program Files\Softonic_English_TC\tbSof1.dll [2009-07-27 2215960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}]
GamingHarbor Toolbar - C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.2.21960\stb0.dll [2009-08-14 1134592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-16 256112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-09-28 762864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-16 458736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]
{2bae58c2-79f9-45d1-a286-81f911301c3a} - P2P Energy Toolbar - C:\Program Files\P2P_Energy\tbP2P1.dll [2009-07-27 2215960]
{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8} - Softonic English TC Toolbar - C:\Program Files\Softonic_English_TC\tbSof1.dll [2009-07-27 2215960]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll []
{5617ECA9-488D-4BA2-8562-9710B9AB78D2} - GamingHarbor Toolbar - C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.2.21960\stb0.dll [2009-08-14 1134592]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-16 256112]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-07-12 7626752]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-09-12 16264192]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-02-16 282624]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-12 81000]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2006-10-17 398944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Lsass Service"=C:\Documents and Settings\Admin\Data aplikací\Microsoft\Windows\lsass.exe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"Shareaza"=C:\Documents and Settings\Admin\Dokumenty\BearShare MP3\BearShare MP3.exe -tray []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-16 68856]
"SmileyApp"=C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.2.21960\stbapp.exe [2009-08-14 602112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-16 68856]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\BTTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\c0017F62]
c0017F62.mat []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\avas_service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\avmgma_service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\avss_service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\gozer]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tpavdrw_service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\InterVideo\DVD6\WinDVD.exe"="C:\Program Files\InterVideo\DVD6\WinDVD.exe:*:Enabled:WinDVD"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Chroma Clash\ChromaClash.exe"="C:\Program Files\Chroma Clash\ChromaClash.exe:*:Enabled:ChromaClash"
"C:\Documents and Settings\Admin\Dokumenty\QIP\qip.exe"="C:\Documents and Settings\Admin\Dokumenty\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Documents and Settings\Admin\Dokumenty\BearShare MP3\BearShare MP3.exe"="C:\Documents and Settings\Admin\Dokumenty\BearShare MP3\BearShare MP3.exe:*:Enabled:BearShare MP3"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Documents and Settings\Admin\Plocha\QIP\qip.exe"="C:\Documents and Settings\Admin\Plocha\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Documents and Settings\Admin\Plocha\ICQ6.5\ICQ.exe"="C:\Documents and Settings\Admin\Plocha\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2009-11-15 16:07:16 ----D---- C:\Program Files\trend micro
2009-11-15 15:10:47 ----D---- C:\rsit
2009-11-15 15:08:45 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-11-15 15:08:32 ----AH---- C:\aaw7boot.cmd
2009-11-15 14:44:08 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-11-15 14:41:04 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-15 14:40:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
======List of files/folders modified in the last 1 months======
2009-11-15 16:07:16 ----RD---- C:\Program Files
2009-11-15 16:04:22 ----D---- C:\Program Files\Mozilla Firefox
2009-11-15 15:14:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-11-15 15:14:52 ----D---- C:\WINDOWS\temp
2009-11-15 15:08:45 ----D---- C:\WINDOWS\system32
2009-11-15 15:08:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sukoku
2009-11-15 15:03:05 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-15 14:57:49 ----SD---- C:\WINDOWS\Tasks
2009-11-15 14:56:03 ----D---- C:\WINDOWS\Prefetch
2009-11-15 14:51:25 ----A---- C:\WINDOWS\win.ini
2009-11-15 14:50:27 ----D---- C:\WINDOWS
2009-11-15 14:47:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-15 14:44:53 ----D---- C:\WINDOWS\system32\drivers
2009-11-15 14:44:52 ----HD---- C:\WINDOWS\inf
2009-11-15 14:41:04 ----SHD---- C:\WINDOWS\Installer
2009-11-15 14:40:22 ----D---- C:\Program Files\Lavasoft
2009-11-15 14:40:14 ----D---- C:\WINDOWS\WinSxS
2009-11-15 12:48:20 ----A---- C:\WINDOWS\NeroDigital.ini
2009-10-25 09:31:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-12 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-12 110160]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-12 50656]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-12 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-12 94032]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\WINDOWS\system32\drivers\btslbcsp.sys []
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-12 23152]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-12 1342602]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-09-12 4381184]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-07-12 3934592]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys [2007-03-07 223128]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S1 SpyEmrg;Spy Emergency Driver; C:\WINDOWS\System32\Drivers\spyemrg.sys []
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-05-12 401664]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-12 30363]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-12 148168]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-05-12 30189]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-12 57320]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-12 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-12 155160]
R2 btwdins;Bluetooth Service; C:\bin\btwdins.exe [2006-05-12 258103]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-04-03 20543]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-11-15 1179232]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-07-13 131131]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-07-13 65599]
R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-01 217600]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-12 254040]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-07-12 155715]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-03-07 69632]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-12 352920]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-08 182768]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
-----------------EOF-----------------
Předem díky za odpověď
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Trojan vir, stránky s nevhodným obsahem
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 118251
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Trojan vir, stránky s nevhodným obsahem
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Trojan vir, stránky s nevhodným obsahem
Tak sem dávám log (nebo spíš to co vyplivl) ComboFix, dávám sem raději všechno.
ComboFix 10-01-04.01 - Admin 09.01.2010 9:19.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.447.101 [GMT 1:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1282 [VPS 100108-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm1.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm10.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm106.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm11.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm12.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm13.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm131.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm14.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm15.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm16.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm17.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm18.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm19.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm1D.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm1F.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm1FD.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm2.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm2A.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm3.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm34.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm3B.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm3D.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm4.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm47.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm48.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm49.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm5.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm57.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm58.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm5C.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm6.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm69.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm6D.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm7.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm74.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm7F.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm8.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm83.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm8D.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm9.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm95.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tmA.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tmA1.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tmA7.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tmB.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tmBF.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tmC.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tmC4.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tmCB.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tmD.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tmE.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tmEB.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tmF.tmp
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.7.0.4550\adwpx.exe
c:\program files\Internet Saving Optimizer\3.7.0.4550\Data\config.md
c:\program files\Internet Saving Optimizer\3.7.0.4550\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\3.7.0.4550\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.7.0.4550\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\3.7.0.4550\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.7.0.4550\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\3.7.0.4550\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.7.0.4550\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.7.0.4550\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.7.0.4550\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.7.0.4550\NPIEaddon.dll
c:\program files\Internet Saving Optimizer\3.7.0.4550\unins000.dat
c:\program files\Internet Saving Optimizer\3.7.0.4550\unins000.exe
c:\program files\Media Access Startup
c:\program files\Media Access Startup\1.5.6.910\Data\config.md
c:\program files\Media Access Startup\1.5.6.910\FF\components\HPFFAddOn.dll
c:\program files\Media Access Startup\1.5.6.910\FF\components\HPFFAddOn.xpt
c:\program files\Media Access Startup\1.5.6.910\FF\components\HPFFHelperComponent.js
c:\program files\Media Access Startup\1.5.6.910\FF\chrome.manifest
c:\program files\Media Access Startup\1.5.6.910\FF\chrome\content\HPAddOn.js
c:\program files\Media Access Startup\1.5.6.910\FF\chrome\content\HPAddOn.xul
c:\program files\Media Access Startup\1.5.6.910\FF\chrome\HPAddOn.jar
c:\program files\Media Access Startup\1.5.6.910\FF\install.rdf
c:\program files\Media Access Startup\1.5.6.910\HPCommon.dll
c:\program files\Media Access Startup\1.5.6.910\hppx.exe
c:\program files\Media Access Startup\1.5.6.910\MAHelper.exe
c:\program files\Media Access Startup\1.5.6.910\unins000.dat
c:\program files\Media Access Startup\1.5.6.910\unins000.exe
c:\windows\Downloaded Program Files\popcaploader.inf
----- BITS: Možné infikované stránky -----
hxxp://kakoitodomen.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-09 do 2010-01-09 )))))))))))))))))))))))))))))))
.
V tomto časovém úseku nebyly vytvořeny žádné nové soubory.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-20 16:12 . 2001-10-25 14:00 61958 ----a-w- c:\windows\system32\perfc005.dat
2009-11-20 16:12 . 2001-10-25 14:00 379294 ----a-w- c:\windows\system32\perfh005.dat
2009-11-20 16:10 . 2009-11-20 16:10 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-11-20 16:10 . 2009-11-20 16:10 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-11-20 15:57 . 2009-11-20 15:57 -------- d-----w- c:\program files\Common Files\Nokia
2009-11-20 15:57 . 2009-11-20 15:57 -------- d-----w- c:\program files\Nokia
2009-11-20 15:57 . 2009-11-20 15:57 -------- d-----w- c:\program files\MSXML 6.0
2009-11-15 15:22 . 2008-10-29 17:43 -------- d-----w- c:\program files\CCleaner
2009-11-15 15:07 . 2009-11-15 15:07 -------- d-----w- c:\program files\trend micro
2009-11-15 13:43 . 2009-11-15 13:43 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-15 13:43 . 2009-11-15 14:08 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-15 13:40 . 2007-03-07 16:11 -------- d-----w- c:\program files\Lavasoft
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2009-07-27 2215960]
"{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}"= "c:\program files\Softonic_English_TC\tbSof1.dll" [2009-07-27 2215960]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]
[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
[HKEY_CLASSES_ROOT\clsid\{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2009-07-27 11:15 2215960 ----a-w- c:\program files\P2P_Energy\tbP2P1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}]
2009-07-27 11:15 2215960 ----a-w- c:\program files\Softonic_English_TC\tbSof1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2009-07-27 2215960]
"{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}"= "c:\program files\Softonic_English_TC\tbSof1.dll" [2009-07-27 2215960]
[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
[HKEY_CLASSES_ROOT\clsid\{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2009-07-27 2215960]
"{4FF5F6EA-FFAF-43E5-9A01-361C0893C3E8}"= "c:\program files\Softonic_English_TC\tbSof1.dll" [2009-07-27 2215960]
[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
[HKEY_CLASSES_ROOT\clsid\{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-12 7626752]
"NvMediaCenter"="NvMCTray.dll" [2006-07-12 86016]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 16264192]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-12 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-14 01:12 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
2006-10-17 01:20 398944 ----a-w- c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-07-12 05:19 1519616 ----a-w- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-02-16 08:54 282624 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileyApp]
2009-08-14 07:49 602112 ----a-w- c:\program files\DoubleD\GamingHarbor Toolbar\4.2.2.21960\stbapp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2008-09-16 11:16 1833296 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-16 11:33 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Chroma Clash\\ChromaClash.exe"=
"c:\\Documents and Settings\\Admin\\Plocha\\ICQ6.5\\ICQ.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [15.11.2009 14:44 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [18.4.2009 14:55 110160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18.4.2009 14:55 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2.11.2008 16:48 222456]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 12:17 1181328]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.3.2007 16:39 642560]
S1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\Drivers\spyemrg.sys --> c:\windows\system32\Drivers\spyemrg.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [20.11.2009 17:00 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [20.11.2009 17:00 8320]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [7.3.2007 16:40 223128]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-09 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 13:45]
2010-01-09 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 13:45]
2010-01-09 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 13:45]
2010-01-09 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 13:45]
2010-01-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 13:45]
2010-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 13:42]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.gamingharbor.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - ?p=ZNxmk142YYCZ
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download with &Shareaza - c:\documents and settings\Admin\Dokumenty\BearShare MP3\Plugins\RazaWebHook.dll/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - C:\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\vg2xbsj8.default\
FF - prefs.js: browser.search.selectedEngine - GamingHarbor
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|http://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.gamingharbor.com/search.do?desktopsmiley&keyword=
FF - component: c:\program files\DoubleD\GamingHarbor Toolbar\4.2.2.21960\FFToolbar\components\SmileyCore.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
Notify-c0017F62 - c0017F62.mat
MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
AddRemove-{16B6279B-9FF5-41fb-8BF9-404324F5DD1F}}_is1 - c:\program files\Media Access Startup\1.5.6.910\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-09 09:29
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2010-01-09 09:38:19
ComboFix-quarantined-files.txt 2010-01-09 08:38
ComboFix2.txt 2008-11-01 11:32
Před spuštěním: Volných bajtů: 116 660 649 984
Po spuštění: Volných bajtů: 116 912 320 512
- - End Of File - - 61F57749D7FC55627C4CB4B05567A1E7
ComboFix 10-01-04.01 - Admin 09.01.2010 9:19.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.447.101 [GMT 1:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1282 [VPS 100108-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm1.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm10.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm106.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm11.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm12.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm13.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm131.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm14.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm15.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm16.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm17.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm18.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm19.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm1D.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm1F.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm1FD.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm2.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm2A.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm3.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm34.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm3B.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm3D.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm4.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm47.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm48.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm49.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm5.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm57.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm58.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm5C.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm6.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm69.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm6D.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm7.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm74.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm7F.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm8.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm83.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm8D.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm9.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tm95.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tmA.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tmA1.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tmA7.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tmB.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tmBF.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tmC.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tmC4.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tmCB.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tmD.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tmE.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tmEB.tmp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\_tmF.tmp
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.7.0.4550\adwpx.exe
c:\program files\Internet Saving Optimizer\3.7.0.4550\Data\config.md
c:\program files\Internet Saving Optimizer\3.7.0.4550\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\3.7.0.4550\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.7.0.4550\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\3.7.0.4550\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.7.0.4550\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\3.7.0.4550\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.7.0.4550\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.7.0.4550\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.7.0.4550\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.7.0.4550\NPIEaddon.dll
c:\program files\Internet Saving Optimizer\3.7.0.4550\unins000.dat
c:\program files\Internet Saving Optimizer\3.7.0.4550\unins000.exe
c:\program files\Media Access Startup
c:\program files\Media Access Startup\1.5.6.910\Data\config.md
c:\program files\Media Access Startup\1.5.6.910\FF\components\HPFFAddOn.dll
c:\program files\Media Access Startup\1.5.6.910\FF\components\HPFFAddOn.xpt
c:\program files\Media Access Startup\1.5.6.910\FF\components\HPFFHelperComponent.js
c:\program files\Media Access Startup\1.5.6.910\FF\chrome.manifest
c:\program files\Media Access Startup\1.5.6.910\FF\chrome\content\HPAddOn.js
c:\program files\Media Access Startup\1.5.6.910\FF\chrome\content\HPAddOn.xul
c:\program files\Media Access Startup\1.5.6.910\FF\chrome\HPAddOn.jar
c:\program files\Media Access Startup\1.5.6.910\FF\install.rdf
c:\program files\Media Access Startup\1.5.6.910\HPCommon.dll
c:\program files\Media Access Startup\1.5.6.910\hppx.exe
c:\program files\Media Access Startup\1.5.6.910\MAHelper.exe
c:\program files\Media Access Startup\1.5.6.910\unins000.dat
c:\program files\Media Access Startup\1.5.6.910\unins000.exe
c:\windows\Downloaded Program Files\popcaploader.inf
----- BITS: Možné infikované stránky -----
hxxp://kakoitodomen.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-09 do 2010-01-09 )))))))))))))))))))))))))))))))
.
V tomto časovém úseku nebyly vytvořeny žádné nové soubory.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-20 16:12 . 2001-10-25 14:00 61958 ----a-w- c:\windows\system32\perfc005.dat
2009-11-20 16:12 . 2001-10-25 14:00 379294 ----a-w- c:\windows\system32\perfh005.dat
2009-11-20 16:10 . 2009-11-20 16:10 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-11-20 16:10 . 2009-11-20 16:10 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-11-20 15:57 . 2009-11-20 15:57 -------- d-----w- c:\program files\Common Files\Nokia
2009-11-20 15:57 . 2009-11-20 15:57 -------- d-----w- c:\program files\Nokia
2009-11-20 15:57 . 2009-11-20 15:57 -------- d-----w- c:\program files\MSXML 6.0
2009-11-15 15:22 . 2008-10-29 17:43 -------- d-----w- c:\program files\CCleaner
2009-11-15 15:07 . 2009-11-15 15:07 -------- d-----w- c:\program files\trend micro
2009-11-15 13:43 . 2009-11-15 13:43 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-15 13:43 . 2009-11-15 14:08 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-15 13:40 . 2007-03-07 16:11 -------- d-----w- c:\program files\Lavasoft
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2009-07-27 2215960]
"{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}"= "c:\program files\Softonic_English_TC\tbSof1.dll" [2009-07-27 2215960]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]
[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
[HKEY_CLASSES_ROOT\clsid\{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2009-07-27 11:15 2215960 ----a-w- c:\program files\P2P_Energy\tbP2P1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}]
2009-07-27 11:15 2215960 ----a-w- c:\program files\Softonic_English_TC\tbSof1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2009-07-27 2215960]
"{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}"= "c:\program files\Softonic_English_TC\tbSof1.dll" [2009-07-27 2215960]
[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
[HKEY_CLASSES_ROOT\clsid\{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2009-07-27 2215960]
"{4FF5F6EA-FFAF-43E5-9A01-361C0893C3E8}"= "c:\program files\Softonic_English_TC\tbSof1.dll" [2009-07-27 2215960]
[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
[HKEY_CLASSES_ROOT\clsid\{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-12 7626752]
"NvMediaCenter"="NvMCTray.dll" [2006-07-12 86016]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 16264192]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-12 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-14 01:12 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
2006-10-17 01:20 398944 ----a-w- c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-07-12 05:19 1519616 ----a-w- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-02-16 08:54 282624 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileyApp]
2009-08-14 07:49 602112 ----a-w- c:\program files\DoubleD\GamingHarbor Toolbar\4.2.2.21960\stbapp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2008-09-16 11:16 1833296 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-16 11:33 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Chroma Clash\\ChromaClash.exe"=
"c:\\Documents and Settings\\Admin\\Plocha\\ICQ6.5\\ICQ.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [15.11.2009 14:44 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [18.4.2009 14:55 110160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18.4.2009 14:55 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2.11.2008 16:48 222456]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 12:17 1181328]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.3.2007 16:39 642560]
S1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\Drivers\spyemrg.sys --> c:\windows\system32\Drivers\spyemrg.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [20.11.2009 17:00 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [20.11.2009 17:00 8320]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [7.3.2007 16:40 223128]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-09 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 13:45]
2010-01-09 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 13:45]
2010-01-09 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 13:45]
2010-01-09 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 13:45]
2010-01-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 13:45]
2010-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 13:42]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.gamingharbor.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - ?p=ZNxmk142YYCZ
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download with &Shareaza - c:\documents and settings\Admin\Dokumenty\BearShare MP3\Plugins\RazaWebHook.dll/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - C:\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\vg2xbsj8.default\
FF - prefs.js: browser.search.selectedEngine - GamingHarbor
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|http://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.gamingharbor.com/search.do?desktopsmiley&keyword=
FF - component: c:\program files\DoubleD\GamingHarbor Toolbar\4.2.2.21960\FFToolbar\components\SmileyCore.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
Notify-c0017F62 - c0017F62.mat
MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
AddRemove-{16B6279B-9FF5-41fb-8BF9-404324F5DD1F}}_is1 - c:\program files\Media Access Startup\1.5.6.910\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-09 09:29
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2010-01-09 09:38:19
ComboFix-quarantined-files.txt 2010-01-09 08:38
ComboFix2.txt 2008-11-01 11:32
Před spuštěním: Volných bajtů: 116 660 649 984
Po spuštění: Volných bajtů: 116 912 320 512
- - End Of File - - 61F57749D7FC55627C4CB4B05567A1E7
-
Rudy
- Site Admin
- Příspěvky: 118251
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Trojan vir, stránky s nevhodným obsahem
Pod "Ostatní výmazy" najdete smazané infikované položky. Zbytek logu vypadá čistý. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?