Chtěla bych se zeptat ohledně toho viru co koluje na fb, který jsem taky ze zvědavosti otevřela.
Počítač mi byl vyčištěn dvěma programy (Spybot Search/Destroy and CCleaner),
vše mi funguje v pohodě, ale když se chci připojit na fb tak mi to píše toto:
Sorry, we are experiencing temporary technical problem, please check back later.
Na jiném počítači se normálně připojím, tak nevím jestli tam není ještě nějáký jiný vir?
Díky moc za odpověď. mischa
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Opět další zvědavec co kliknul na odkaz na fb....
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Opět další zvědavec co kliknul na odkaz na fb....
Zdravim a pekny den preji 
Odinstalujte Spybot - Search & Destroy - program ma uz nejlepsi leta davno za sebou a posledni cca 3 roky neni schopen celit aktualnim hrozbam
Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
Odinstalujte Spybot - Search & Destroy - program ma uz nejlepsi leta davno za sebou a posledni cca 3 roky neni schopen celit aktualnim hrozbam Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
- Ukoncete vsechny programy
- Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
- Zvolte moznost 2 a potvrte enterem
- Utilita provede svou cinnost a da log - ten sem vlozte
- Nyni znovu, ale zvolte moznost 3 a pote jeste 4 - logy opet vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Opět další zvědavec co kliknul na odkaz na fb....
RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: michaela.janoscova [Admin rights]
Mode: Remove -- Date : 07/27/2011 09:58:27
Bad processes: 0
Registry Entries: 8
[SUSP PATH] HKLM\[...]\Run : 6197311.exe ("C:\WINDOWS\TEMP\6197311.exe") -> DELETED
[SUSP PATH] HKCU\[...]\Winlogon : Shell (explorer.exe,C:\Documents and Settings\michaela.janoscova\Data aplikací\Microsoft\Windows\shell.exe) -> DELETED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (http=127.0.0.1:50370) -> NOT REMOVED, USE PROXYFIX
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]
Finished : << RKreport[1].txt >>
RKreport[1].txt
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: michaela.janoscova [Admin rights]
Mode: Remove -- Date : 07/27/2011 09:58:27
Bad processes: 0
Registry Entries: 8
[SUSP PATH] HKLM\[...]\Run : 6197311.exe ("C:\WINDOWS\TEMP\6197311.exe") -> DELETED
[SUSP PATH] HKCU\[...]\Winlogon : Shell (explorer.exe,C:\Documents and Settings\michaela.janoscova\Data aplikací\Microsoft\Windows\shell.exe) -> DELETED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (http=127.0.0.1:50370) -> NOT REMOVED, USE PROXYFIX
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]
Finished : << RKreport[1].txt >>
RKreport[1].txt
Re: Opět další zvědavec co kliknul na odkaz na fb....
RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: michaela.janoscova [Admin rights]
Mode: HOSTSFix -- Date : 07/27/2011 09:59:25
Bad processes: 0
HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]
Resetted HOSTS:
127.0.0.1 localhost
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: michaela.janoscova [Admin rights]
Mode: HOSTSFix -- Date : 07/27/2011 09:59:25
Bad processes: 0
HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]
Resetted HOSTS:
127.0.0.1 localhost
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
Re: Opět další zvědavec co kliknul na odkaz na fb....
RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: michaela.janoscova [Admin rights]
Mode: ProxyFix -- Date : 07/27/2011 09:59:52
Bad processes: 0
Registry Entries: 1
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (http=127.0.0.1:50370) -> DELETED
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: michaela.janoscova [Admin rights]
Mode: ProxyFix -- Date : 07/27/2011 09:59:52
Bad processes: 0
Registry Entries: 1
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (http=127.0.0.1:50370) -> DELETED
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
Re: Opět další zvědavec co kliknul na odkaz na fb....
vyborne 
Aplikujte exeHelper by Raktor
- Linky ke stazeni
- COM soubor http://vyosek.ic.cz/BE/exeHelper.com
- SCR soubor http://vyosek.ic.cz/BE/exeHelper.scr
- Utilitu staci spustit jako Spravce (klik pravym mysidlem), probehne oprava a vznikne log exehelperlog.txt
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Opět další zvědavec co kliknul na odkaz na fb....
exeHelper by Raktor
Build 20100414
Run at 10:03:46 on 07/27/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
Build 20100414
Run at 10:03:46 on 07/27/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
Re: Opět další zvědavec co kliknul na odkaz na fb....
Děkuju moc za pomoc....
Radši se teda je ješdnou zeptám ať něco nepo......
Teď už by vše mělo být ok?
Radši se teda je ješdnou zeptám ať něco nepo......
Teď už by vše mělo být ok?
Re: Opět další zvědavec co kliknul na odkaz na fb....
vytecne, jdeme dale 
PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Opět další zvědavec co kliknul na odkaz na fb....
Omlouvám se, ale mám otázečku ohledně vypnutí firewall a anstispamu....
jak zjistím jestli jsou vypnuté?
jak zjistím jestli jsou vypnuté?
Re: Opět další zvědavec co kliknul na odkaz na fb....
Neni zac se omlouvat, od toho tu jsme abychom poradili a vysvetlili 
Havet je poskodila, takze domluva s nimi je tezka, nechte to tak, pripadnou hlasku ComboFixu o jejich zapnuti odkliknete a ignorujte
Havet je poskodila, takze domluva s nimi je tezka, nechte to tak, pripadnou hlasku ComboFixu o jejich zapnuti odkliknete a ignorujte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Opět další zvědavec co kliknul na odkaz na fb....
ComboFix 11-07-27.01 - michaela.janoscova 27.07.2011 10:23:50.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.759.359 [GMT 2:00]
Spuštěný z: c:\documents and settings\michaela.janoscova\Dokumenty\Sta×enÚ soubory\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\michaela.janoscova\WINDOWS
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\l1rezerv.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix.rar
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\systemup.exe
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\ws386.ini
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ASPIMGR
-------\Legacy_SRVBTCCLIENT
-------\Legacy_SRVIECHECK
-------\Legacy_SRVSYSDRIVER32
-------\Legacy_WXPDRIVERS
-------\Service_srvbtcclient
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-27 do 2011-07-27 )))))))))))))))))))))))))))))))
.
.
2011-07-26 10:18 . 2011-07-26 10:18 -------- d-----w- c:\program files\CCleaner
2011-07-26 10:18 . 2011-07-26 10:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-07-26 10:18 . 2011-07-26 10:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-26 10:07 . 2011-07-26 10:07 -------- d-----w- C:\ERDNT
2011-07-25 13:45 . 2011-07-25 13:45 -------- d-----w- c:\windows\ufa
2011-07-25 13:45 . 2011-07-25 13:45 -------- d-----w- c:\windows\rpcminer
2011-07-25 13:45 . 2011-07-25 13:45 -------- d-----w- c:\windows\phoenix
2011-07-25 13:40 . 2011-07-25 13:45 246272 ----a-w- c:\windows\unrar.exe
2011-07-25 13:37 . 2011-07-25 13:37 -------- d-----w- c:\program files\Common Files\Java
2011-07-25 13:30 . 2011-07-25 13:30 -------- d-----w- c:\windows\av_ico
2011-07-25 13:26 . 2011-07-25 13:26 -------- d--h--w- c:\windows\update.tray-2-0
2011-07-25 13:26 . 2011-07-25 13:26 -------- d--h--w- c:\windows\update.tray-2-0-lnk
2011-07-25 13:22 . 2011-07-25 13:22 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 11:35 . 2008-04-14 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-04 02:52 . 2010-11-16 10:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 00:25 . 2010-11-04 14:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:32 . 2009-08-13 13:55 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2008-04-14 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-08 14565376]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-08 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-08 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-08 114688]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-14 19:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]
2008-08-01 07:47 53248 ----a-w- c:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tray_ico0]
2011-07-25 13:21 1185280 ---h--w- c:\windows\update.tray-2-0\svchost.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\michaela.janoscova\\Dokumenty\\Stažené soubory\\Flash-Player.exe"=
"c:\\WINDOWS\\update.tray-2-0\\svchost.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 16:04 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2010 14:47 94872]
S2 ekrn;ESET Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19.5.2010 12:28 136176]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [19.5.2010 12:28 136176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 10:28]
.
2011-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 10:28]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.5.2 192.168.5.1
FF - ProfilePath - c:\documents and settings\michaela.janoscova\Data aplikací\Mozilla\Firefox\Profiles\m45hiolq.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-HPPQVideo - c:\program files\HP\ScheduledLaunch\HP Color LaserJet CM2320 MFP Series\bin\hppschlnch.exe -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CM2320_MFP_Series -f PQOptimizerVideo.xml
MSConfigStartUp-2886392 - c:\windows\TEMP\2886392.exe
MSConfigStartUp-484133 - c:\docume~1\MICHAE~1.JAN\LOCALS~1\Temp\484133.exe
MSConfigStartUp-7061587 - c:\windows\TEMP\7061587.exe
MSConfigStartUp-8485274 - c:\windows\TEMP\8485274.exe
MSConfigStartUp-91134320-loader2 - c:\windows\TEMP\91134320-loader2.exe
MSConfigStartUp-l1rezerv - c:\windows\l1rezerv.exe
MSConfigStartUp-sysdriver32 - c:\windows\sysdriver32.exe
MSConfigStartUp-sysdriver32_ - c:\windows\sysdriver32_.exe
MSConfigStartUp-systemup - c:\windows\systemup.exe
MSConfigStartUp-wxpdrv - c:\windows\services32.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-27 10:33
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(900)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\program files\Skype\Phone\Skype.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2011-07-27 10:38:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-27 08:38
.
Před spuštěním: Volných bajtů: 51 679 944 704
Po spuštění: Volných bajtů: 51 903 782 912
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=AlwaysOff /fastdetect
.
- - End Of File - - 7B46F03299A0519F3A8B0B55C9B170A0
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.759.359 [GMT 2:00]
Spuštěný z: c:\documents and settings\michaela.janoscova\Dokumenty\Sta×enÚ soubory\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\michaela.janoscova\WINDOWS
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\l1rezerv.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix.rar
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\systemup.exe
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\ws386.ini
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ASPIMGR
-------\Legacy_SRVBTCCLIENT
-------\Legacy_SRVIECHECK
-------\Legacy_SRVSYSDRIVER32
-------\Legacy_WXPDRIVERS
-------\Service_srvbtcclient
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-27 do 2011-07-27 )))))))))))))))))))))))))))))))
.
.
2011-07-26 10:18 . 2011-07-26 10:18 -------- d-----w- c:\program files\CCleaner
2011-07-26 10:18 . 2011-07-26 10:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-07-26 10:18 . 2011-07-26 10:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-26 10:07 . 2011-07-26 10:07 -------- d-----w- C:\ERDNT
2011-07-25 13:45 . 2011-07-25 13:45 -------- d-----w- c:\windows\ufa
2011-07-25 13:45 . 2011-07-25 13:45 -------- d-----w- c:\windows\rpcminer
2011-07-25 13:45 . 2011-07-25 13:45 -------- d-----w- c:\windows\phoenix
2011-07-25 13:40 . 2011-07-25 13:45 246272 ----a-w- c:\windows\unrar.exe
2011-07-25 13:37 . 2011-07-25 13:37 -------- d-----w- c:\program files\Common Files\Java
2011-07-25 13:30 . 2011-07-25 13:30 -------- d-----w- c:\windows\av_ico
2011-07-25 13:26 . 2011-07-25 13:26 -------- d--h--w- c:\windows\update.tray-2-0
2011-07-25 13:26 . 2011-07-25 13:26 -------- d--h--w- c:\windows\update.tray-2-0-lnk
2011-07-25 13:22 . 2011-07-25 13:22 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 11:35 . 2008-04-14 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-04 02:52 . 2010-11-16 10:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 00:25 . 2010-11-04 14:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:32 . 2009-08-13 13:55 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2008-04-14 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-08 14565376]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-08 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-08 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-08 114688]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-14 19:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]
2008-08-01 07:47 53248 ----a-w- c:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tray_ico0]
2011-07-25 13:21 1185280 ---h--w- c:\windows\update.tray-2-0\svchost.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\michaela.janoscova\\Dokumenty\\Stažené soubory\\Flash-Player.exe"=
"c:\\WINDOWS\\update.tray-2-0\\svchost.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 16:04 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2010 14:47 94872]
S2 ekrn;ESET Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19.5.2010 12:28 136176]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [19.5.2010 12:28 136176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 10:28]
.
2011-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 10:28]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.5.2 192.168.5.1
FF - ProfilePath - c:\documents and settings\michaela.janoscova\Data aplikací\Mozilla\Firefox\Profiles\m45hiolq.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-HPPQVideo - c:\program files\HP\ScheduledLaunch\HP Color LaserJet CM2320 MFP Series\bin\hppschlnch.exe -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CM2320_MFP_Series -f PQOptimizerVideo.xml
MSConfigStartUp-2886392 - c:\windows\TEMP\2886392.exe
MSConfigStartUp-484133 - c:\docume~1\MICHAE~1.JAN\LOCALS~1\Temp\484133.exe
MSConfigStartUp-7061587 - c:\windows\TEMP\7061587.exe
MSConfigStartUp-8485274 - c:\windows\TEMP\8485274.exe
MSConfigStartUp-91134320-loader2 - c:\windows\TEMP\91134320-loader2.exe
MSConfigStartUp-l1rezerv - c:\windows\l1rezerv.exe
MSConfigStartUp-sysdriver32 - c:\windows\sysdriver32.exe
MSConfigStartUp-sysdriver32_ - c:\windows\sysdriver32_.exe
MSConfigStartUp-systemup - c:\windows\systemup.exe
MSConfigStartUp-wxpdrv - c:\windows\services32.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-27 10:33
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(900)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\program files\Skype\Phone\Skype.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2011-07-27 10:38:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-27 08:38
.
Před spuštěním: Volných bajtů: 51 679 944 704
Po spuštění: Volných bajtů: 51 903 782 912
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=AlwaysOff /fastdetect
.
- - End Of File - - 7B46F03299A0519F3A8B0B55C9B170A0
Re: Opět další zvědavec co kliknul na odkaz na fb....
Prejmenujte ComboFix na pitomec.com at si uvedomite ze na blbiny se neklika Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
KillAll:: Folder:: c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy c:\program files\Spybot - Search & Destroy c:\windows\ufa c:\windows\rpcminer c:\windows\phoenix c:\windows\av_ico c:\windows\update.tray-2-0 c:\windows\update.tray-2-0-lnk File:: c:\windows\Tasks\GoogleUpdateTaskMachineCore.job c:\windows\Tasks\GoogleUpdateTaskMachineUA.job Collect:: c:\windows\unrar.exe c:\Documents and Settings\michaela.janoscova\Dokumenty\Stažené soubory\Flash-Player.exe DirLook:: c:\program files\Common Files\Java Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "DisableThumbnailCache"=dword:00000000 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Documents and Settings\\michaela.janoscova\\Dokumenty\\Stažené soubory\\Flash-Player.exe"= "c:\\WINDOWS\\update.tray-2-0\\svchost.exe"= "c:\Documents and Settings\michaela.janoscova\Dokumenty\Stažené soubory\Flash-Player.exe"=- "c:\WINDOWS\\update.tray-2-0\svchost.exe"=- Driver:: gupdate gupdatem AtJob:: Reboot::- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Opět další zvědavec co kliknul na odkaz na fb....
ComboFix 11-07-27.01 - michaela.janoscova 27.07.2011 10:54:00.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.759.432 [GMT 2:00]
Spuštěný z: c:\documents and settings\michaela.janoscova\Dokumenty\Stažené soubory\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\michaela.janoscova\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
file zipped: c:\documents and settings\michaela.janoscova\Dokumenty\Stažené soubory\Flash-Player.exe
file zipped: c:\windows\unrar.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Spybot - Search & Destroy
c:\program files\Spybot - Search & Destroy\advcheck.dll
c:\program files\Spybot - Search & Destroy\aports.dll
c:\program files\Spybot - Search & Destroy\blindman.exe
c:\program files\Spybot - Search & Destroy\CGYLVPGKJXMIIKDHFU.scr
c:\program files\Spybot - Search & Destroy\Default configuration.ini
c:\program files\Spybot - Search & Destroy\DelZip179.dll
c:\program files\Spybot - Search & Destroy\Dummies\dummy.cd_clint.dll
c:\program files\Spybot - Search & Destroy\Dummies\dummy.dap.gif
c:\program files\Spybot - Search & Destroy\Dummies\dummy.data.xml
c:\program files\Spybot - Search & Destroy\Dummies\dummy.default.gif
c:\program files\Spybot - Search & Destroy\Dummies\dummy.related.htm
c:\program files\Spybot - Search & Destroy\Help\Brasil.license.txt
c:\program files\Spybot - Search & Destroy\Help\Cesky.license.txt
c:\program files\Spybot - Search & Destroy\Help\Deutsch.license.txt
c:\program files\Spybot - Search & Destroy\Help\English.chm
c:\program files\Spybot - Search & Destroy\Help\English.license.txt
c:\program files\Spybot - Search & Destroy\Help\Espanol.license.txt
c:\program files\Spybot - Search & Destroy\Help\Francais.license.txt
c:\program files\Spybot - Search & Destroy\Help\Hellenic.license.txt
c:\program files\Spybot - Search & Destroy\Help\Italiano.license.txt
c:\program files\Spybot - Search & Destroy\Help\Japanese.license.ansi.txt
c:\program files\Spybot - Search & Destroy\Help\Japanese.license.txt
c:\program files\Spybot - Search & Destroy\Help\Korean.license.txt
c:\program files\Spybot - Search & Destroy\Help\Nederlands.license.txt
c:\program files\Spybot - Search & Destroy\Help\Polski.license.txt
c:\program files\Spybot - Search & Destroy\Help\Russkiy.license.txt
c:\program files\Spybot - Search & Destroy\Help\Slovensky.license.txt
c:\program files\Spybot - Search & Destroy\Help\Srpski.license.txt
c:\program files\Spybot - Search & Destroy\Help\Suomi.license.txt
c:\program files\Spybot - Search & Destroy\Includes\Adware.sbi
c:\program files\Spybot - Search & Destroy\Includes\AdwareC.sbi
c:\program files\Spybot - Search & Destroy\Includes\Browserpages.sbs
c:\program files\Spybot - Search & Destroy\Includes\CLSIDs.sbs
c:\program files\Spybot - Search & Destroy\Includes\Cookies.sbi
c:\program files\Spybot - Search & Destroy\Includes\Cookies.sbs
c:\program files\Spybot - Search & Destroy\Includes\Dialer.sbi
c:\program files\Spybot - Search & Destroy\Includes\Dialer.sbs
c:\program files\Spybot - Search & Destroy\Includes\DialerC.sbi
c:\program files\Spybot - Search & Destroy\Includes\Domains.sbs
c:\program files\Spybot - Search & Destroy\Includes\HeavyDuty.sbi
c:\program files\Spybot - Search & Destroy\Includes\Hijackers.sbi
c:\program files\Spybot - Search & Destroy\Includes\HijackersC.sbi
c:\program files\Spybot - Search & Destroy\Includes\iPhone.sbi
c:\program files\Spybot - Search & Destroy\Includes\Keyloggers.sbi
c:\program files\Spybot - Search & Destroy\Includes\KeyloggersC.sbi
c:\program files\Spybot - Search & Destroy\Includes\Logs.uts
c:\program files\Spybot - Search & Destroy\Includes\LSP.sbi
c:\program files\Spybot - Search & Destroy\Includes\LSP.sbs
c:\program files\Spybot - Search & Destroy\Includes\Malware.sbi
c:\program files\Spybot - Search & Destroy\Includes\MalwareC.sbi
c:\program files\Spybot - Search & Destroy\Includes\OperaPlugins.sbs
c:\program files\Spybot - Search & Destroy\Includes\ProcWatch.sbs
c:\program files\Spybot - Search & Destroy\Includes\PUPS.sbi
c:\program files\Spybot - Search & Destroy\Includes\PUPSC.sbi
c:\program files\Spybot - Search & Destroy\Includes\RegWatch.sbs
c:\program files\Spybot - Search & Destroy\Includes\RegXLinks.sbs
c:\program files\Spybot - Search & Destroy\Includes\Revision.sbi
c:\program files\Spybot - Search & Destroy\Includes\Revision.sbs
c:\program files\Spybot - Search & Destroy\Includes\Searchpages.sbs
c:\program files\Spybot - Search & Destroy\Includes\Security.sbi
c:\program files\Spybot - Search & Destroy\Includes\SecurityC.sbi
c:\program files\Spybot - Search & Destroy\Includes\Services.sbs
c:\program files\Spybot - Search & Destroy\Includes\Spybots.sbi
c:\program files\Spybot - Search & Destroy\Includes\SpybotsC.sbi
c:\program files\Spybot - Search & Destroy\Includes\Spyware.sbi
c:\program files\Spybot - Search & Destroy\Includes\SpywareC.sbi
c:\program files\Spybot - Search & Destroy\Includes\Startup.tnfo
c:\program files\Spybot - Search & Destroy\Includes\Targets.nfo
c:\program files\Spybot - Search & Destroy\Includes\Tracks.uti
c:\program files\Spybot - Search & Destroy\Includes\Trojans.sbi
c:\program files\Spybot - Search & Destroy\Includes\TrojansC-02.sbi
c:\program files\Spybot - Search & Destroy\Includes\TrojansC-03.sbi
c:\program files\Spybot - Search & Destroy\Includes\TrojansC-04.sbi
c:\program files\Spybot - Search & Destroy\Includes\TrojansC-05.sbi
c:\program files\Spybot - Search & Destroy\Includes\TrojansC.sbi
c:\program files\Spybot - Search & Destroy\Includes\TTLASSH.sbs
c:\program files\Spybot - Search & Destroy\Includes\URL-Blacklist.sbs
c:\program files\Spybot - Search & Destroy\Includes\X509White.sbs
c:\program files\Spybot - Search & Destroy\Languages\Afrikaans.sbl
c:\program files\Spybot - Search & Destroy\Languages\Arabic.sbl
c:\program files\Spybot - Search & Destroy\Languages\Azeri.sbl
c:\program files\Spybot - Search & Destroy\Languages\Bahasa Indonesia.sbl
c:\program files\Spybot - Search & Destroy\Languages\Belarusskiy.sbl
c:\program files\Spybot - Search & Destroy\Languages\Bosanski.sbl
c:\program files\Spybot - Search & Destroy\Languages\Brasil.sbl
c:\program files\Spybot - Search & Destroy\Languages\Bulgarski.sbl
c:\program files\Spybot - Search & Destroy\Languages\Catalan.sbl
c:\program files\Spybot - Search & Destroy\Languages\Cesky.sbl
c:\program files\Spybot - Search & Destroy\Languages\Dansk.sbl
c:\program files\Spybot - Search & Destroy\Languages\Deutsch.sbl
c:\program files\Spybot - Search & Destroy\Languages\Eesti.sbl
c:\program files\Spybot - Search & Destroy\Languages\English.sbl
c:\program files\Spybot - Search & Destroy\Languages\Espanol.sbl
c:\program files\Spybot - Search & Destroy\Languages\Esperanto.sbl
c:\program files\Spybot - Search & Destroy\Languages\Euskera.sbl
c:\program files\Spybot - Search & Destroy\Languages\Farsi.sbl
c:\program files\Spybot - Search & Destroy\Languages\Francais.sbl
c:\program files\Spybot - Search & Destroy\Languages\Furlan.sbl
c:\program files\Spybot - Search & Destroy\Languages\Galego.sbl
c:\program files\Spybot - Search & Destroy\Languages\Hebrew.sbl
c:\program files\Spybot - Search & Destroy\Languages\Hellenic.sbl
c:\program files\Spybot - Search & Destroy\Languages\Hindi.sbl
c:\program files\Spybot - Search & Destroy\Languages\Hrvatski.sbl
c:\program files\Spybot - Search & Destroy\Languages\Chinese (simplified).sbl
c:\program files\Spybot - Search & Destroy\Languages\Chinese (traditional).sbl
c:\program files\Spybot - Search & Destroy\Languages\Islenska.sbl
c:\program files\Spybot - Search & Destroy\Languages\Italiano.sbl
c:\program files\Spybot - Search & Destroy\Languages\Japanese.sbl
c:\program files\Spybot - Search & Destroy\Languages\Korean.sbl
c:\program files\Spybot - Search & Destroy\Languages\Latvian.sbl
c:\program files\Spybot - Search & Destroy\Languages\Letzebuergesch.sbl
c:\program files\Spybot - Search & Destroy\Languages\Lietuviu.sbl
c:\program files\Spybot - Search & Destroy\Languages\Magyar.sbl
c:\program files\Spybot - Search & Destroy\Languages\Makedonski.sbl
c:\program files\Spybot - Search & Destroy\Languages\Melayu.sbl
c:\program files\Spybot - Search & Destroy\Languages\Nederlands.sbl
c:\program files\Spybot - Search & Destroy\Languages\Norsk.sbl
c:\program files\Spybot - Search & Destroy\Languages\Polski.sbl
c:\program files\Spybot - Search & Destroy\Languages\Portugues.sbl
c:\program files\Spybot - Search & Destroy\Languages\Romaneste.sbl
c:\program files\Spybot - Search & Destroy\Languages\Russkiy.sbl
c:\program files\Spybot - Search & Destroy\Languages\Shqip.sbl
c:\program files\Spybot - Search & Destroy\Languages\Slovenscina.sbl
c:\program files\Spybot - Search & Destroy\Languages\Slovensky.sbl
c:\program files\Spybot - Search & Destroy\Languages\Srpski.sbl
c:\program files\Spybot - Search & Destroy\Languages\Suomi.sbl
c:\program files\Spybot - Search & Destroy\Languages\Svenska.sbl
c:\program files\Spybot - Search & Destroy\Languages\Thai.sbl
c:\program files\Spybot - Search & Destroy\Languages\Turkce.sbl
c:\program files\Spybot - Search & Destroy\Languages\Ukrainian.sbl
c:\program files\Spybot - Search & Destroy\Languages\Uzbek.sbl
c:\program files\Spybot - Search & Destroy\messages.zres
c:\program files\Spybot - Search & Destroy\OptOut.ini
c:\program files\Spybot - Search & Destroy\Plugins\Fennel.dll
c:\program files\Spybot - Search & Destroy\Plugins\Chai.dll
c:\program files\Spybot - Search & Destroy\Plugins\Mate.dll
c:\program files\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll
c:\program files\Spybot - Search & Destroy\SDFiles.exe
c:\program files\Spybot - Search & Destroy\SDHelper.dll
c:\program files\Spybot - Search & Destroy\SDMain.exe
c:\program files\Spybot - Search & Destroy\SDUpdate.exe
c:\program files\Spybot - Search & Destroy\Skins\Colorblind.ini
c:\program files\Spybot - Search & Destroy\Skins\Italia.ini
c:\program files\Spybot - Search & Destroy\Skins\Italia.jpg
c:\program files\Spybot - Search & Destroy\Skins\Peace.ini
c:\program files\Spybot - Search & Destroy\Skins\Peace.jpg
c:\program files\Spybot - Search & Destroy\SpybotSD.exe
c:\program files\Spybot - Search & Destroy\sqlite3.dll
c:\program files\Spybot - Search & Destroy\TeaTimer.exe
c:\program files\Spybot - Search & Destroy\Tools.dll
c:\program files\Spybot - Search & Destroy\UADPKGZRW.scr
c:\program files\Spybot - Search & Destroy\unins000.dat
c:\program files\Spybot - Search & Destroy\unins000.exe
c:\program files\Spybot - Search & Destroy\unins000.msg
c:\program files\Spybot - Search & Destroy\UninsSrv.dll
c:\program files\Spybot - Search & Destroy\Update.exe
c:\program files\Spybot - Search & Destroy\Updates\downloaded.ini
c:\program files\Spybot - Search & Destroy\YMNNMTYTHIZXVQUMC.scr
c:\windows\av_ico
c:\windows\av_ico\ico_NOD_AV_START.ico
c:\windows\av_ico\ico_NOD_SYSINSP.ico
c:\windows\av_ico\ico_NOD_SYSRESC.ico
c:\windows\av_ico\ico_NOD_TXT.ico
c:\windows\av_ico\ico_NOD_UNINSTALL.ico
c:\windows\phoenix
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\rpcminer
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\ufa
c:\windows\ufa\ufa.exe
c:\windows\unrar.exe
c:\windows\update.tray-2-0-lnk
c:\windows\update.tray-2-0-lnk\svchost.exe
c:\windows\update.tray-2-0
c:\windows\update.tray-2-0\svchost.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-27 do 2011-07-27 )))))))))))))))))))))))))))))))
.
.
2011-07-26 10:18 . 2011-07-26 10:18 -------- d-----w- c:\program files\CCleaner
2011-07-26 10:18 . 2011-07-26 10:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-07-26 10:07 . 2011-07-26 10:07 -------- d-----w- C:\ERDNT
2011-07-25 13:37 . 2011-07-25 13:37 -------- d-----w- c:\program files\Common Files\Java
2011-07-25 13:22 . 2011-07-25 13:22 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 11:35 . 2008-04-14 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-04 02:52 . 2010-11-16 10:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 00:25 . 2010-11-04 14:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:32 . 2009-08-13 13:55 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2008-04-14 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\Common Files\Java ----
.
2011-04-08 10:59 . 2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jaucheck.exe
2011-04-08 10:59 . 2011-04-08 10:59 239336 ----a-w- c:\program files\Common Files\Java\Java Update\jaureg.exe
2011-04-08 10:59 . 2011-04-08 10:59 507624 ----a-w- c:\program files\Common Files\Java\Java Update\jucheck.exe
2011-04-08 10:59 . 2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
2011-04-08 10:59 . 2011-04-08 10:59 1297 ----a-w- c:\program files\Common Files\Java\Java Update\task.xml
2011-04-08 10:59 . 2011-04-08 10:59 1302 ----a-w- c:\program files\Common Files\Java\Java Update\task64.xml
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-27_08.33.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-27 08:59 . 2011-07-27 08:59 16384 c:\windows\temp\Perflib_Perfdata_4fc.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-08 14565376]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-08 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-08 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-08 114688]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]
2008-08-01 07:47 53248 ----a-w- c:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\michaela.janoscova\\Dokumenty\\Stažené soubory\\Flash-Player.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 16:04 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2010 14:47 94872]
S2 ekrn;ESET Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.5.2 192.168.5.1
FF - ProfilePath - c:\documents and settings\michaela.janoscova\Data aplikací\Mozilla\Firefox\Profiles\m45hiolq.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-tray_ico0 - c:\windows\update.tray-2-0\svchost.exe
AddRemove-{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 - c:\program files\Spybot - Search & Destroy\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-27 11:01
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2084)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\program files\Skype\Phone\Skype.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2011-07-27 11:04:11 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-27 09:04
ComboFix2.txt 2011-07-27 08:38
.
Před spuštěním: Volných bajtů: 51 929 989 120
Po spuštění: Volných bajtů: 51 880 099 840
.
- - End Of File - - E133F68C57F76458A92D33B4D59DAC3B
Nahr nˇ probŘhlo ŁspŘçnŘ
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.759.432 [GMT 2:00]
Spuštěný z: c:\documents and settings\michaela.janoscova\Dokumenty\Stažené soubory\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\michaela.janoscova\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
file zipped: c:\documents and settings\michaela.janoscova\Dokumenty\Stažené soubory\Flash-Player.exe
file zipped: c:\windows\unrar.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Spybot - Search & Destroy
c:\program files\Spybot - Search & Destroy\advcheck.dll
c:\program files\Spybot - Search & Destroy\aports.dll
c:\program files\Spybot - Search & Destroy\blindman.exe
c:\program files\Spybot - Search & Destroy\CGYLVPGKJXMIIKDHFU.scr
c:\program files\Spybot - Search & Destroy\Default configuration.ini
c:\program files\Spybot - Search & Destroy\DelZip179.dll
c:\program files\Spybot - Search & Destroy\Dummies\dummy.cd_clint.dll
c:\program files\Spybot - Search & Destroy\Dummies\dummy.dap.gif
c:\program files\Spybot - Search & Destroy\Dummies\dummy.data.xml
c:\program files\Spybot - Search & Destroy\Dummies\dummy.default.gif
c:\program files\Spybot - Search & Destroy\Dummies\dummy.related.htm
c:\program files\Spybot - Search & Destroy\Help\Brasil.license.txt
c:\program files\Spybot - Search & Destroy\Help\Cesky.license.txt
c:\program files\Spybot - Search & Destroy\Help\Deutsch.license.txt
c:\program files\Spybot - Search & Destroy\Help\English.chm
c:\program files\Spybot - Search & Destroy\Help\English.license.txt
c:\program files\Spybot - Search & Destroy\Help\Espanol.license.txt
c:\program files\Spybot - Search & Destroy\Help\Francais.license.txt
c:\program files\Spybot - Search & Destroy\Help\Hellenic.license.txt
c:\program files\Spybot - Search & Destroy\Help\Italiano.license.txt
c:\program files\Spybot - Search & Destroy\Help\Japanese.license.ansi.txt
c:\program files\Spybot - Search & Destroy\Help\Japanese.license.txt
c:\program files\Spybot - Search & Destroy\Help\Korean.license.txt
c:\program files\Spybot - Search & Destroy\Help\Nederlands.license.txt
c:\program files\Spybot - Search & Destroy\Help\Polski.license.txt
c:\program files\Spybot - Search & Destroy\Help\Russkiy.license.txt
c:\program files\Spybot - Search & Destroy\Help\Slovensky.license.txt
c:\program files\Spybot - Search & Destroy\Help\Srpski.license.txt
c:\program files\Spybot - Search & Destroy\Help\Suomi.license.txt
c:\program files\Spybot - Search & Destroy\Includes\Adware.sbi
c:\program files\Spybot - Search & Destroy\Includes\AdwareC.sbi
c:\program files\Spybot - Search & Destroy\Includes\Browserpages.sbs
c:\program files\Spybot - Search & Destroy\Includes\CLSIDs.sbs
c:\program files\Spybot - Search & Destroy\Includes\Cookies.sbi
c:\program files\Spybot - Search & Destroy\Includes\Cookies.sbs
c:\program files\Spybot - Search & Destroy\Includes\Dialer.sbi
c:\program files\Spybot - Search & Destroy\Includes\Dialer.sbs
c:\program files\Spybot - Search & Destroy\Includes\DialerC.sbi
c:\program files\Spybot - Search & Destroy\Includes\Domains.sbs
c:\program files\Spybot - Search & Destroy\Includes\HeavyDuty.sbi
c:\program files\Spybot - Search & Destroy\Includes\Hijackers.sbi
c:\program files\Spybot - Search & Destroy\Includes\HijackersC.sbi
c:\program files\Spybot - Search & Destroy\Includes\iPhone.sbi
c:\program files\Spybot - Search & Destroy\Includes\Keyloggers.sbi
c:\program files\Spybot - Search & Destroy\Includes\KeyloggersC.sbi
c:\program files\Spybot - Search & Destroy\Includes\Logs.uts
c:\program files\Spybot - Search & Destroy\Includes\LSP.sbi
c:\program files\Spybot - Search & Destroy\Includes\LSP.sbs
c:\program files\Spybot - Search & Destroy\Includes\Malware.sbi
c:\program files\Spybot - Search & Destroy\Includes\MalwareC.sbi
c:\program files\Spybot - Search & Destroy\Includes\OperaPlugins.sbs
c:\program files\Spybot - Search & Destroy\Includes\ProcWatch.sbs
c:\program files\Spybot - Search & Destroy\Includes\PUPS.sbi
c:\program files\Spybot - Search & Destroy\Includes\PUPSC.sbi
c:\program files\Spybot - Search & Destroy\Includes\RegWatch.sbs
c:\program files\Spybot - Search & Destroy\Includes\RegXLinks.sbs
c:\program files\Spybot - Search & Destroy\Includes\Revision.sbi
c:\program files\Spybot - Search & Destroy\Includes\Revision.sbs
c:\program files\Spybot - Search & Destroy\Includes\Searchpages.sbs
c:\program files\Spybot - Search & Destroy\Includes\Security.sbi
c:\program files\Spybot - Search & Destroy\Includes\SecurityC.sbi
c:\program files\Spybot - Search & Destroy\Includes\Services.sbs
c:\program files\Spybot - Search & Destroy\Includes\Spybots.sbi
c:\program files\Spybot - Search & Destroy\Includes\SpybotsC.sbi
c:\program files\Spybot - Search & Destroy\Includes\Spyware.sbi
c:\program files\Spybot - Search & Destroy\Includes\SpywareC.sbi
c:\program files\Spybot - Search & Destroy\Includes\Startup.tnfo
c:\program files\Spybot - Search & Destroy\Includes\Targets.nfo
c:\program files\Spybot - Search & Destroy\Includes\Tracks.uti
c:\program files\Spybot - Search & Destroy\Includes\Trojans.sbi
c:\program files\Spybot - Search & Destroy\Includes\TrojansC-02.sbi
c:\program files\Spybot - Search & Destroy\Includes\TrojansC-03.sbi
c:\program files\Spybot - Search & Destroy\Includes\TrojansC-04.sbi
c:\program files\Spybot - Search & Destroy\Includes\TrojansC-05.sbi
c:\program files\Spybot - Search & Destroy\Includes\TrojansC.sbi
c:\program files\Spybot - Search & Destroy\Includes\TTLASSH.sbs
c:\program files\Spybot - Search & Destroy\Includes\URL-Blacklist.sbs
c:\program files\Spybot - Search & Destroy\Includes\X509White.sbs
c:\program files\Spybot - Search & Destroy\Languages\Afrikaans.sbl
c:\program files\Spybot - Search & Destroy\Languages\Arabic.sbl
c:\program files\Spybot - Search & Destroy\Languages\Azeri.sbl
c:\program files\Spybot - Search & Destroy\Languages\Bahasa Indonesia.sbl
c:\program files\Spybot - Search & Destroy\Languages\Belarusskiy.sbl
c:\program files\Spybot - Search & Destroy\Languages\Bosanski.sbl
c:\program files\Spybot - Search & Destroy\Languages\Brasil.sbl
c:\program files\Spybot - Search & Destroy\Languages\Bulgarski.sbl
c:\program files\Spybot - Search & Destroy\Languages\Catalan.sbl
c:\program files\Spybot - Search & Destroy\Languages\Cesky.sbl
c:\program files\Spybot - Search & Destroy\Languages\Dansk.sbl
c:\program files\Spybot - Search & Destroy\Languages\Deutsch.sbl
c:\program files\Spybot - Search & Destroy\Languages\Eesti.sbl
c:\program files\Spybot - Search & Destroy\Languages\English.sbl
c:\program files\Spybot - Search & Destroy\Languages\Espanol.sbl
c:\program files\Spybot - Search & Destroy\Languages\Esperanto.sbl
c:\program files\Spybot - Search & Destroy\Languages\Euskera.sbl
c:\program files\Spybot - Search & Destroy\Languages\Farsi.sbl
c:\program files\Spybot - Search & Destroy\Languages\Francais.sbl
c:\program files\Spybot - Search & Destroy\Languages\Furlan.sbl
c:\program files\Spybot - Search & Destroy\Languages\Galego.sbl
c:\program files\Spybot - Search & Destroy\Languages\Hebrew.sbl
c:\program files\Spybot - Search & Destroy\Languages\Hellenic.sbl
c:\program files\Spybot - Search & Destroy\Languages\Hindi.sbl
c:\program files\Spybot - Search & Destroy\Languages\Hrvatski.sbl
c:\program files\Spybot - Search & Destroy\Languages\Chinese (simplified).sbl
c:\program files\Spybot - Search & Destroy\Languages\Chinese (traditional).sbl
c:\program files\Spybot - Search & Destroy\Languages\Islenska.sbl
c:\program files\Spybot - Search & Destroy\Languages\Italiano.sbl
c:\program files\Spybot - Search & Destroy\Languages\Japanese.sbl
c:\program files\Spybot - Search & Destroy\Languages\Korean.sbl
c:\program files\Spybot - Search & Destroy\Languages\Latvian.sbl
c:\program files\Spybot - Search & Destroy\Languages\Letzebuergesch.sbl
c:\program files\Spybot - Search & Destroy\Languages\Lietuviu.sbl
c:\program files\Spybot - Search & Destroy\Languages\Magyar.sbl
c:\program files\Spybot - Search & Destroy\Languages\Makedonski.sbl
c:\program files\Spybot - Search & Destroy\Languages\Melayu.sbl
c:\program files\Spybot - Search & Destroy\Languages\Nederlands.sbl
c:\program files\Spybot - Search & Destroy\Languages\Norsk.sbl
c:\program files\Spybot - Search & Destroy\Languages\Polski.sbl
c:\program files\Spybot - Search & Destroy\Languages\Portugues.sbl
c:\program files\Spybot - Search & Destroy\Languages\Romaneste.sbl
c:\program files\Spybot - Search & Destroy\Languages\Russkiy.sbl
c:\program files\Spybot - Search & Destroy\Languages\Shqip.sbl
c:\program files\Spybot - Search & Destroy\Languages\Slovenscina.sbl
c:\program files\Spybot - Search & Destroy\Languages\Slovensky.sbl
c:\program files\Spybot - Search & Destroy\Languages\Srpski.sbl
c:\program files\Spybot - Search & Destroy\Languages\Suomi.sbl
c:\program files\Spybot - Search & Destroy\Languages\Svenska.sbl
c:\program files\Spybot - Search & Destroy\Languages\Thai.sbl
c:\program files\Spybot - Search & Destroy\Languages\Turkce.sbl
c:\program files\Spybot - Search & Destroy\Languages\Ukrainian.sbl
c:\program files\Spybot - Search & Destroy\Languages\Uzbek.sbl
c:\program files\Spybot - Search & Destroy\messages.zres
c:\program files\Spybot - Search & Destroy\OptOut.ini
c:\program files\Spybot - Search & Destroy\Plugins\Fennel.dll
c:\program files\Spybot - Search & Destroy\Plugins\Chai.dll
c:\program files\Spybot - Search & Destroy\Plugins\Mate.dll
c:\program files\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll
c:\program files\Spybot - Search & Destroy\SDFiles.exe
c:\program files\Spybot - Search & Destroy\SDHelper.dll
c:\program files\Spybot - Search & Destroy\SDMain.exe
c:\program files\Spybot - Search & Destroy\SDUpdate.exe
c:\program files\Spybot - Search & Destroy\Skins\Colorblind.ini
c:\program files\Spybot - Search & Destroy\Skins\Italia.ini
c:\program files\Spybot - Search & Destroy\Skins\Italia.jpg
c:\program files\Spybot - Search & Destroy\Skins\Peace.ini
c:\program files\Spybot - Search & Destroy\Skins\Peace.jpg
c:\program files\Spybot - Search & Destroy\SpybotSD.exe
c:\program files\Spybot - Search & Destroy\sqlite3.dll
c:\program files\Spybot - Search & Destroy\TeaTimer.exe
c:\program files\Spybot - Search & Destroy\Tools.dll
c:\program files\Spybot - Search & Destroy\UADPKGZRW.scr
c:\program files\Spybot - Search & Destroy\unins000.dat
c:\program files\Spybot - Search & Destroy\unins000.exe
c:\program files\Spybot - Search & Destroy\unins000.msg
c:\program files\Spybot - Search & Destroy\UninsSrv.dll
c:\program files\Spybot - Search & Destroy\Update.exe
c:\program files\Spybot - Search & Destroy\Updates\downloaded.ini
c:\program files\Spybot - Search & Destroy\YMNNMTYTHIZXVQUMC.scr
c:\windows\av_ico
c:\windows\av_ico\ico_NOD_AV_START.ico
c:\windows\av_ico\ico_NOD_SYSINSP.ico
c:\windows\av_ico\ico_NOD_SYSRESC.ico
c:\windows\av_ico\ico_NOD_TXT.ico
c:\windows\av_ico\ico_NOD_UNINSTALL.ico
c:\windows\phoenix
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\rpcminer
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\ufa
c:\windows\ufa\ufa.exe
c:\windows\unrar.exe
c:\windows\update.tray-2-0-lnk
c:\windows\update.tray-2-0-lnk\svchost.exe
c:\windows\update.tray-2-0
c:\windows\update.tray-2-0\svchost.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-27 do 2011-07-27 )))))))))))))))))))))))))))))))
.
.
2011-07-26 10:18 . 2011-07-26 10:18 -------- d-----w- c:\program files\CCleaner
2011-07-26 10:18 . 2011-07-26 10:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-07-26 10:07 . 2011-07-26 10:07 -------- d-----w- C:\ERDNT
2011-07-25 13:37 . 2011-07-25 13:37 -------- d-----w- c:\program files\Common Files\Java
2011-07-25 13:22 . 2011-07-25 13:22 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 11:35 . 2008-04-14 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-04 02:52 . 2010-11-16 10:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 00:25 . 2010-11-04 14:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:32 . 2009-08-13 13:55 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2008-04-14 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\Common Files\Java ----
.
2011-04-08 10:59 . 2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jaucheck.exe
2011-04-08 10:59 . 2011-04-08 10:59 239336 ----a-w- c:\program files\Common Files\Java\Java Update\jaureg.exe
2011-04-08 10:59 . 2011-04-08 10:59 507624 ----a-w- c:\program files\Common Files\Java\Java Update\jucheck.exe
2011-04-08 10:59 . 2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
2011-04-08 10:59 . 2011-04-08 10:59 1297 ----a-w- c:\program files\Common Files\Java\Java Update\task.xml
2011-04-08 10:59 . 2011-04-08 10:59 1302 ----a-w- c:\program files\Common Files\Java\Java Update\task64.xml
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-27_08.33.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-27 08:59 . 2011-07-27 08:59 16384 c:\windows\temp\Perflib_Perfdata_4fc.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-08 14565376]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-08 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-08 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-08 114688]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]
2008-08-01 07:47 53248 ----a-w- c:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\michaela.janoscova\\Dokumenty\\Stažené soubory\\Flash-Player.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 16:04 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2010 14:47 94872]
S2 ekrn;ESET Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.5.2 192.168.5.1
FF - ProfilePath - c:\documents and settings\michaela.janoscova\Data aplikací\Mozilla\Firefox\Profiles\m45hiolq.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-tray_ico0 - c:\windows\update.tray-2-0\svchost.exe
AddRemove-{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 - c:\program files\Spybot - Search & Destroy\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-27 11:01
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2084)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\program files\Skype\Phone\Skype.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2011-07-27 11:04:11 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-27 09:04
ComboFix2.txt 2011-07-27 08:38
.
Před spuštěním: Volných bajtů: 51 929 989 120
Po spuštění: Volných bajtů: 51 880 099 840
.
- - End Of File - - E133F68C57F76458A92D33B4D59DAC3B
Nahr nˇ probŘhlo ŁspŘçnŘ
Re: Opět další zvědavec co kliknul na odkaz na fb....
Jak se chova PC 
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?