Prosím o kontrolu logu!

[Dutagebule]

Dobrý den,

prosím o zkontrolávání logu. Na PC se mi nainstaloval "Security Tools". Děkuji mnohokrát za pomoc.

ComboFix 10-02-12.01 - Tomáš 15.02.2010 9:18.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.580 [GMT 1:00]
Spuštěný z: c:\documents and settings\Tomáš\Dokumenty\Stažené soubory\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100214-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\89646134
c:\documents and settings\All Users\Data aplikací\89646134\89646134.exe
c:\windows\system32\twain_32.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-15 do 2010-02-15 )))))))))))))))))))))))))))))))
.

2010-02-01 17:58 . 2010-02-01 17:58 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-02-01 17:53 . 2010-02-01 17:53 -------- d-----w- c:\program files\Common Files\Skype
2010-02-01 17:53 . 2010-02-01 17:53 -------- d-----r- c:\program files\Skype
2010-01-22 07:17 . 2010-01-22 07:17 -------- d-----w- c:\program files\Common Files\Adobe AIR

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-31 11:15 . 2009-11-27 19:17 -------- d-----w- c:\program files\Google
2010-01-22 07:14 . 2008-10-12 07:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-09 14:59 . 2009-03-11 12:19 -------- d-----w- c:\program files\ICQ6.5
2010-01-09 14:59 . 2009-10-03 15:48 -------- d-----w- c:\program files\free-downloads.net
2010-01-05 09:58 . 2008-04-14 06:52 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 09:57 . 2008-04-14 06:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:57 . 2008-04-14 06:51 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2008-04-13 22:45 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-23 17:29 . 2009-12-23 17:29 278728 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-12-23 17:29 . 2009-12-23 17:29 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-12-23 17:24 . 2009-12-23 17:24 228937 ----a-w- c:\windows\Alcohol_Toolbar_Uninstaller_9187.exe
2009-12-23 17:24 . 2009-12-23 17:24 -------- d-----w- c:\program files\Alcohol Toolbar
2009-12-17 07:42 . 2008-10-12 07:00 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2008-04-14 06:51 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-12 14:19 . 2009-12-12 14:19 1406 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-12-12 14:07 . 2009-12-12 14:07 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-10 11:38 . 2001-10-25 14:00 90190 ----a-w- c:\windows\system32\perfc005.dat
2009-12-10 11:38 . 2001-10-25 14:00 455220 ----a-w- c:\windows\system32\perfh005.dat
2009-12-09 10:11 . 2008-04-14 08:06 2068224 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-09 10:11 . 2008-04-14 06:07 2191360 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-04 18:22 . 2008-04-13 22:47 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2008-04-14 06:51 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2008-04-14 08:51 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2001-10-25 14:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2008-04-14 08:51 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:09 . 2008-04-14 06:51 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2008-04-14 06:51 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-24 23:54 . 2009-05-27 05:45 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-05-27 05:45 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-05-27 05:45 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-05-27 05:45 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-05-27 05:45 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-05-27 05:45 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-05-27 05:45 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-05-27 05:45 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-05-27 05:45 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 16:03 . 2008-04-14 06:51 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2010-01-02 2166296]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2010-01-02 13:40 2166296 ----a-w- c:\program files\free-downloads.net\tbfre1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2010-01-02 2166296]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2010-01-02 2166296]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"Svátky a výročí"="d:\výročí\Svátky a výročí\Vyroci.exe" [1998-04-14 485888]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-27 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 77824]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016]
"PMCRemote"="c:\program files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2006-04-27 94208]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-07-09 36352]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
CoreCenter.lnk - c:\program files\MSI\Core Center\CoreCenter.exe [2008-10-12 932864]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Windows Commander\\WINCMD32.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Hry\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Hry\\CS1.6\\hl.exe"=
"d:\\Hry\\VIETCONG\\vietcong.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27.5.2009 6:45 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27.5.2009 6:45 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [11.12.2008 18:20 222456]
R3 3xHybrid;Pinnacle PCTV 310i Stereo DVB-T;c:\windows\system32\drivers\3xHybrid.sys [6.11.2008 18:47 827008]
S0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys --> c:\windows\system32\DRIVERS\ElbyVCD.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3.10.2009 16:46 721904]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31.1.2010 12:15 135664]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
S3 PCAlertDriver;PCAlertDriver;c:\program files\MSI\Core Center\NTGLM7X.sys [12.10.2008 10:55 28160]
.
Obsah adresáře 'Naplánované úlohy'

2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 11:15]

2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 11:15]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Connection Wizard,ShellNext = hxxp://start.qip.ru/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\go7qm03x.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-PMCS - c:\program files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKLM-Run-PMCS - c:\program files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
HKLM-Run-Pinnacle WebUpdater - c:\program files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-15 09:22
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="15488D5C2A222202495767A6161ABA1F6EDD51E6735416F2493D0ABFCE4AEB52597FE45BB0CE86B153D5545C498A2C5A7A24BCDFE81D6039B523978EC6BC6A36098CE9C49AEDB32252D908BD044B772E5C94A95B465CBB783AB34D76CC7A1F26FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A9C6AECB7A5D1407C038D530D6EB3452B68EAAF7C34A2BCE5C9A6EB49A1007020619BD46682DF8297FB9C2615E8A56A304A7558B58608A67A9E1DBE7E2A55C95832703199401142AAD803F3BB951633697BFA35DC4401FA5262B831A21EF5021A424EC36C32C0D6F86EA655697B1AB7973E582BE348534CD2B8A51A7E65C373EB9C104A08B0D660CEC6C7AFE359DFD9A326F1863265287C32AD4E44F985BDF2EA57585BFD5861836DBBCFA652186A26A00F43B67EE4A4A13A2229432EE6406D2DEF9E25E5F7E0FCCDC57929E3D64505DA05075453616A4E82DD067D7766FDE33F2CC43ACBAE02A4E117AA6A24034B58DE62309E0F7E12E96F1011A29107B10F9FE317E3E4E9C3E5EAD294DCD36F4F1B6BD51677E036076132F199EF6F00936F637ABA389D22293457AAC50E0FCA99C3AA1043A46FBC3FE76B9C19771221FDD1B6388716AD669E46DD28CAD0147DABB9C24A55B48DBC6BE01F5E65E3000C50C7EDDD460A13B6D646AA81C98B41C93CE876AE75A74EA241E145DBB002DBA8B38DB95E199CF362DB3EC7E6B7869D5E3C5482DBDFB20CC9DFBB47FB33CC657034B138E46F97F52A96C4DEDD16670A35E85CD3A60B50573772A8CFE88873FAF40A52560DC12196C6B1A88A2EB31FC091CE72F73CA3640A57B6F6A91370A3D6F5D1B3B3644286EB67B3C3D5C98DB27DBB739A34D3E59538074843F800222CA9778701ECEDCB5B0B7E9483171F91D6CC6D13A89D1BEB5A374B418232C6CDED6FCB2E23EFD4E6979C649254AC7785EAC490EA1E01D1411FBC38F4D4D05C084B3C8B2212E2A03244314AEAE16DC3EBFABB51396CDE04AE60786DE389D920C0D98F69F4C244FA77A6D20B536C2C0BA1213B28D361B63B168D72A7DE3946D1F249DD8AAFC7AFCAEB6BAC1FD7EA51822DD6E3A2C9234FCDE7764EB4ECE59460FAAC213823E32D5CE56D32128BFB51AE95BAE9DA3302B1BA8AB8461356AB45D35B36B1FDE8FEC12828B433E5DA610944DFA28FC2B88B3BFACD1F6719A1C948A2F895CC8F7E2F17B07B978E846D27366CCDD92D0FD88277E4B68DCD7E93F0C37DCA7BFB18C1FABF15F7DC6C791D744842B5B0B635B11030227233AA595215061E4BF254DDC9F2969D0A166D4F2BE8A76EE7E925308766707A8E97A3D92833B1BAF35FEE5AF349EE86629F15D2002715A63840C14CB021A5FFDD7E9D6589CCA0C6A2123174F1F60"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-02-15 09:23:59
ComboFix-quarantined-files.txt 2010-02-15 08:23

Před spuštěním: 3 017 310 208
Po spuštění: 4 277 608 448

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 26A9A1E38AE4DDD678C76D1B1ECE573B

[earl]

Zdravim,

ComboFix provedl par vymazu - jak to vypada ted?

[Dutagebule]

Chod pc se zdá být tak jak před tím. Zůstaly pouze nějaké zbylé soubory z programu, který se nainstaloval, ale program se již nespouští.

[earl]

Ty zbyle soubory jsou presne kde?

[Dutagebule]

Zástupce je na ploše a potom jsou zástupce v nabídce start.

[earl]

Oboje smazte.

Start - spustit - napiste ComboFix /Uninstall - a klepnout na OK
-----------------------------------------------------------------------------------------------------------------

Pouzijte T-Cleaner na vycisteni pc po utilitach pouzitych pri odvirovani.Postupujte dle instrukci na obrazovce.Pri detekci antivirem se jedna o falesny poplach.
-----------------------------------------------------------------------------------------------------------------

Vycistete pc Ccleanerem.

Vzdy nejprve Analyzovat a pak Spustit Cleaner.2x po sobe.

Windows-odskrtnout historii a historii automatickeho vyplnovani formularu - prisel byste o historii navstivenych stranek a o ulozena hesla ve formularich

(je to sice z pohledu zabezpeceni spatne,ale aspon pak uzivatel nenadava,kam ze mu to zmizelo )

Aplikace-u prohlizecu internetu odskrtnout Historii internetu.

Registry-nechat vse zaskrtle,Hledej problemy,Opravit vybrane problemy

(nechat ho udelat zalohu-ta je ulozena v Dokumentech-DULEZITE).

Taktez 2x-3x po sobe.

A hotovo.

[Dutagebule]

Děkuji mnohokrát za pomoc a rychlé vyřízení.

[earl]

Nemate vubec zac.