Prosím o kontrolu logu,PC po odvirování Avastem stále tuhlo, pomohla oprava z instalačního CD
Logfile of random's system information tool 1.06 (written by random/random)
Run by sklad at 2010-03-16 19:16:00
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 14 GB (23%) free of 62 GB
Total RAM: 1023 MB (61% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:16:17, on 16.3.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Documents and Settings\sklad\Local Settings\Data aplikací\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Altap Salamander 2.5\salamand.exe
F:\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Temp\sklad.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\sklad\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] ~"C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Startup: winesm32.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O24 - Desktop Component 0: (no name) - http://www.celysvet.cz/skin/omalovanky/ ... 04be6f.gif
--
End of file - 9698 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-117609710-725345543-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-117609710-725345543-1004UA.job
C:\WINDOWS\tasks\Norton Security Scan for sklad.job
C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-10-19 1345336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-10-19 1345336]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-18 925696]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\smax4.exe [2005-07-26 716800]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-03-22 8425472]
"nwiz"=nwiz.exe /install []
"GamerOSD"=C:\Program Files\ASUS\GamerOSD\GamerOSD.exe [2007-02-14 380928]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [2008-10-31 54576]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-03-22 81920]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2006-03-02 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Google Update"=C:\Documents and Settings\sklad\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-03-06 133104]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2008-10-31 95536]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2009-10-09 25623336]
"ICQ"=~C:\Program Files\ICQ6.5\ICQ.exe silent []
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\sklad\Nabídka Start\Programy\Po spuštění
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
winesm32.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\opnNFyXR
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Cross Racing Championship\crc.exe"="C:\Program Files\Cross Racing Championship\crc.exe:*:Disabled:Cross Racing Championship 2005"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe"="C:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe:*:Disabled:speed"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\TrackMania Sunrise\TmSunrise.exe"="C:\Program Files\TrackMania Sunrise\TmSunrise.exe:*:Disabled:TmSunrise"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\MafiaLauncher.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{177a3c25-5d1d-11dc-9a9c-001a9230e60d}]
shell\AutoRun\command - F:\LaunchU3.exe -a
======List of files/folders created in the last 1 months======
2010-03-16 19:16:00 ----D---- C:\rsit
2010-03-15 21:28:51 ----D---- C:\WINDOWS\Prefetch
2010-03-15 21:23:27 ----RA---- C:\WINDOWS\system32\OLD33F.tmp
2010-03-15 21:22:29 ----A---- C:\WINDOWS\OEWABLog.txt
2010-03-15 21:21:41 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-03-15 21:11:20 ----RA---- C:\WINDOWS\SET73.tmp
2010-03-15 21:11:11 ----RA---- C:\WINDOWS\SET48.tmp
2010-03-15 21:11:08 ----RA---- C:\WINDOWS\SET3C.tmp
2010-03-15 21:11:07 ----RA---- C:\WINDOWS\SET39.tmp
2010-03-15 21:07:24 ----A---- C:\WINDOWS\pnplog.txt
2010-03-15 21:01:34 ----A---- C:\WINDOWS\imsins.BAK
2010-03-15 21:01:21 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-03-15 21:01:21 ----A---- C:\WINDOWS\system32\irclass.dll
2010-03-15 21:01:07 ----RA---- C:\WINDOWS\SETFF.tmp
2010-03-15 21:00:56 ----RA---- C:\WINDOWS\SETD4.tmp
2010-03-15 21:00:54 ----RA---- C:\WINDOWS\SETC8.tmp
2010-03-15 21:00:52 ----RA---- C:\WINDOWS\SETC5.tmp
2010-03-15 21:00:04 ----A---- C:\WINDOWS\setuplog.txt
2010-03-15 19:18:53 ----HD---- C:\WINDOWS\PIF
2010-03-15 19:09:11 ----A---- C:\WINDOWS\ntbtlog.txt
2010-03-15 18:41:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-13 07:25:49 ----A---- C:\WINDOWS\system32\MRT.INI
2010-03-12 20:48:34 ----A---- C:\WINDOWS\system32\fjhdyfhsn.bat
2010-03-12 19:18:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\FarmFrenzy3_America
2010-03-09 16:42:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\FarmFrenzy3_Arctica
2010-03-09 16:42:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\AlawarWrapper
2010-03-09 16:41:14 ----D---- C:\Program Files\Alawar
2010-03-06 21:01:43 ----D---- C:\Program Files\TrackMania Sunrise
======List of files/folders modified in the last 1 months======
2010-03-16 19:16:09 ----D---- C:\Temp
2010-03-16 19:14:04 ----D---- C:\Documents and Settings\sklad\Data aplikací\skypePM
2010-03-16 19:13:55 ----D---- C:\Documents and Settings\sklad\Data aplikací\OpenOffice.org2
2010-03-16 19:13:53 ----D---- C:\Documents and Settings\sklad\Data aplikací\Skype
2010-03-16 19:13:33 ----D---- C:\WINDOWS\Temp
2010-03-16 19:13:09 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-15 21:58:10 ----D---- C:\WINDOWS\system32\Setup
2010-03-15 21:58:01 ----D---- C:\WINDOWS\system32\usmt
2010-03-15 21:57:52 ----D---- C:\WINDOWS\AppPatch
2010-03-15 21:57:50 ----D---- C:\WINDOWS\ime
2010-03-15 21:57:49 ----RSD---- C:\WINDOWS\Fonts
2010-03-15 21:57:48 ----D---- C:\WINDOWS\Media
2010-03-15 21:57:37 ----D---- C:\WINDOWS\PeerNet
2010-03-15 21:57:24 ----D---- C:\WINDOWS\system32\npp
2010-03-15 21:57:17 ----D---- C:\WINDOWS\msagent
2010-03-15 21:54:02 ----D---- C:\WINDOWS\system32\1029
2010-03-15 21:53:31 ----D---- C:\WINDOWS\twain_32
2010-03-15 21:52:35 ----D---- C:\WINDOWS\system32\icsxml
2010-03-15 21:52:01 ----D---- C:\WINDOWS\system32\1033
2010-03-15 21:50:48 ----D---- C:\WINDOWS\Driver Cache
2010-03-15 21:50:47 ----D---- C:\WINDOWS\WinSxS
2010-03-15 21:49:05 ----D---- C:\WINDOWS
2010-03-15 21:42:46 ----SD---- C:\WINDOWS\Tasks
2010-03-15 21:38:43 ----D---- C:\WINDOWS\security
2010-03-15 21:31:19 ----D---- C:\WINDOWS\Registration
2010-03-15 21:31:11 ----D---- C:\WINDOWS\system32
2010-03-15 21:31:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-15 21:30:52 ----HD---- C:\WINDOWS\inf
2010-03-15 21:29:44 ----SHD---- C:\System Volume Information
2010-03-15 21:29:44 ----D---- C:\WINDOWS\system32\Restore
2010-03-15 21:28:17 ----D---- C:\WINDOWS\system32\drivers
2010-03-15 21:28:17 ----D---- C:\WINDOWS\system32\config
2010-03-15 21:28:17 ----D---- C:\WINDOWS\Help
2010-03-15 21:26:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-15 21:23:01 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-15 21:22:24 ----A---- C:\WINDOWS\ODBCINST.INI
2010-03-15 21:22:07 ----D---- C:\WINDOWS\system32\ias
2010-03-15 21:21:43 ----RD---- C:\WINDOWS\Web
2010-03-15 21:21:43 ----RD---- C:\Program Files
2010-03-15 21:21:35 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-03-15 21:21:26 ----A---- C:\WINDOWS\win.ini
2010-03-15 21:21:19 ----D---- C:\WINDOWS\system32\oobe
2010-03-15 21:21:16 ----D---- C:\WINDOWS\srchasst
2010-03-15 21:21:13 ----D---- C:\Program Files\Windows Media Player
2010-03-15 21:21:07 ----D---- C:\Program Files\Movie Maker
2010-03-15 21:20:57 ----D---- C:\Program Files\NetMeeting
2010-03-15 21:20:54 ----D---- C:\Program Files\Outlook Express
2010-03-15 21:20:53 ----D---- C:\Program Files\Common Files\System
2010-03-15 21:20:41 ----D---- C:\Program Files\Internet Explorer
2010-03-15 21:20:30 ----D---- C:\WINDOWS\system32\Com
2010-03-15 21:19:31 ----D---- C:\Program Files\Windows NT
2010-03-15 21:19:23 ----D---- C:\WINDOWS\system32\wbem
2010-03-15 21:18:33 ----SH---- C:\boot.ini
2010-03-15 21:11:35 ----A---- C:\WINDOWS\system.ini
2010-03-15 21:11:25 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2010-03-15 21:10:16 ----D---- C:\WINDOWS\Minidump
2010-03-15 21:01:21 ----D---- C:\WINDOWS\system
2010-03-15 19:22:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-03-15 19:22:13 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-03-14 21:59:15 ----D---- C:\Documents and Settings\sklad\Data aplikací\ICQ
2010-03-14 21:43:57 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-14 21:35:06 ----AD---- C:\Program Files\Altap Salamander 2.5
2010-03-14 21:31:53 ----D---- C:\Program Files\Yahoo!
2010-03-14 21:17:00 ----D---- C:\WINDOWS\Debug
2010-03-14 20:18:53 ----D---- C:\Program Files\Applications
2010-03-13 08:28:57 ----D---- C:\Program Files\Mozilla Firefox
2010-03-11 17:36:33 ----D---- C:\Program Files\Valve
2010-03-10 19:39:48 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-06 16:35:37 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-03-04 15:03:05 ----D---- C:\Documents and Settings\sklad\Data aplikací\Image Zone Express
2010-03-01 21:30:14 ----A---- C:\WINDOWS\system32\MRT.exe
2010-02-22 08:21:39 ----HD---- C:\Config.Msi
2010-02-21 16:02:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2010-02-21 15:57:42 ----SHD---- C:\WINDOWS\Installer
2010-02-21 15:57:33 ----D---- C:\Program Files\Common Files\Teleca Shared
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2007-02-14 11136]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-03-02 39936]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-05-26 165376]
R2 CoLinuxDriver;CoLinuxDriver; \??\C:\Program Files\Ulteo\Virtual Desktop\colinux\linux.sys []
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-05-26 18048]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-07-04 151552]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-12-19 92800]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-01-26 47360]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-08-13 83200]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-06-07 393088]
R3 tap0801co;TAP-Win32 Adapter V8 (coLinux); C:\WINDOWS\system32\DRIVERS\tap0801co.sys [2008-05-14 25856]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-03-02 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-03-02 57600]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-03-02 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-03-02 20480]
R3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys [2006-09-29 10752]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2006-03-02 31616]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys [2008-01-26 223128]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2006-11-15 258560]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-07 167936]
R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2008-02-23 225280]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-03-22 163908]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
PC po odvirování Avastem,aplikaci Spybot a opravě instalace
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Pyroman21cz
- Návštěvník
- Příspěvky: 51
- Registrován: 20 úno 2008 21:35
-
Rudy
- Site Admin
- Příspěvky: 119499
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: PC po odvirování Avastem,aplikaci Spybot a opravě instalace
Ještě dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
Pyroman21cz
- Návštěvník
- Příspěvky: 51
- Registrován: 20 úno 2008 21:35
Re: PC po odvirování Avastem,aplikaci Spybot a opravě instalace
zde prosím
ComboFix 10-03-15.06 - sklad 16.03.2010 19:50:26.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1023.612 [GMT 1:00]
Spuštěný z: F:\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 100313-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\MARKETA\Dokumenty\cc_20100315_011955.reg
c:\documents and settings\sklad\Dokumenty\cc_20100314_213049.reg
c:\windows\BM7f983360.txt
c:\windows\BM7f983360.xml
c:\windows\system32\cncs32.dll
c:\windows\system32\DgffNXyb.ini
c:\windows\system32\eweflefk.ini
c:\windows\system32\frmqlsky.ini
c:\windows\system32\hautjwdd.ini
c:\windows\system32\ieuinit.inf
c:\windows\system32\nnngoyjf.ini
c:\windows\system32\pjvsqmhd.ini
c:\windows\system32\qpophamm.ini
c:\windows\system32\sqnankbg.ini
c:\windows\system32\varmyyrj.ini
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-16 do 2010-03-16 )))))))))))))))))))))))))))))))
.
2010-03-16 18:16 . 2008-10-11 11:08 401720 ----a-w- c:\temp\sklad.exe
2010-03-16 18:16 . 2010-03-16 18:16 -------- d-----w- C:\rsit
2010-03-15 20:24 . 2006-03-02 12:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2010-03-15 20:23 . 2006-03-02 12:00 480256 -c--a-w- c:\windows\system32\dllcache\cintsetp.exe
2010-03-15 20:21 . 2006-03-02 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-03-15 20:19 . 2006-03-02 12:00 21896 -c--a-w- c:\windows\system32\dllcache\tdtcp.sys
2010-03-15 20:19 . 2006-03-02 12:00 21896 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2010-03-15 20:19 . 2006-03-02 12:00 12040 -c--a-w- c:\windows\system32\dllcache\tdpipe.sys
2010-03-15 20:19 . 2006-03-02 12:00 12040 ----a-w- c:\windows\system32\drivers\tdpipe.sys
2010-03-15 20:01 . 2006-03-02 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-03-15 20:01 . 2006-03-02 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-03-15 20:01 . 2006-03-02 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-03-15 20:01 . 2006-03-02 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-03-15 18:18 . 2010-03-15 18:18 -------- d--h--w- c:\windows\PIF
2010-03-12 19:48 . 2010-03-13 06:15 118 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2010-03-09 15:41 . 2010-03-12 18:15 -------- d-----w- c:\program files\Alawar
2010-03-06 20:01 . 2010-03-06 20:04 -------- d-----w- c:\program files\TrackMania Sunrise
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 20:31 . 2006-03-02 12:00 62138 ----a-w- c:\windows\system32\perfc005.dat
2010-03-15 20:31 . 2006-03-02 12:00 379568 ----a-w- c:\windows\system32\perfh005.dat
2010-03-15 20:20 . 2007-09-06 14:32 23544 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-15 18:22 . 2007-09-10 05:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-14 20:39 . 2007-09-07 08:15 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2010-03-14 20:35 . 2008-01-26 10:10 -------- d---a-w- c:\program files\Altap Salamander 2.5
2010-03-14 20:31 . 2008-10-11 11:02 -------- d-----w- c:\program files\Yahoo!
2010-03-14 19:18 . 2008-10-04 18:28 -------- d-----w- c:\program files\Applications
2010-03-11 16:36 . 2010-01-06 17:20 -------- d-----w- c:\program files\Valve
2010-03-06 15:35 . 2010-02-02 14:33 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-21 14:57 . 2008-05-18 05:19 -------- d-----w- c:\program files\Common Files\Teleca Shared
2010-02-07 06:40 . 2008-01-29 14:03 -------- d-----w- c:\program files\GameSpy Arcade
2010-02-07 06:39 . 2010-02-07 06:39 -------- d-----w- c:\program files\Microids
2010-02-07 06:39 . 2007-09-07 07:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-31 15:45 . 2010-01-31 15:45 -------- d-----w- c:\program files\ICQLite
2010-01-31 06:54 . 2010-01-31 06:54 -------- d-----w- c:\program files\Norton Security Scan
2010-01-31 06:54 . 2010-01-31 06:54 -------- d-----w- c:\program files\NortonInstaller
2010-01-21 11:48 . 2009-12-25 11:56 -------- d-----w- c:\program files\Microsoft Silverlight
2009-01-03 14:58 . 2007-09-07 09:37 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-01-03 14:58 . 2007-09-07 09:37 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-03 14:58 . 2007-09-07 09:37 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-01-03 14:58 . 2007-09-07 09:37 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-01-03 14:58 . 2007-09-07 09:37 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-01-28 17:23 . 2009-01-25 11:09 80 --sha-r- c:\windows\system32\5F373B2284.dll
2009-02-16 13:44 . 2009-02-15 18:02 56 --sha-r- c:\windows\system32\5F373B2284.sys
2009-02-16 13:44 . 2009-02-15 18:02 3558 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\sklad\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-03-06 133104]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-10-31 95536]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 925696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-22 8425472]
"nwiz"="nwiz.exe" [2007-03-22 1622016]
"GamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 380928]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2008-10-31 54576]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-22 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-03-02 44544]
c:\documents and settings\sklad\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-6-8 393216]
winesm32.exe [2008-4-14 29184]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IMMON"="c:\program files\IM Magician\Vicamon.exe"
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
"SweetIM"=c:\program files\SweetIM\Messenger\SweetIM.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Cross Racing Championship\\crc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TrackMania Sunrise\\TmSunrise.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [18.7.2008 13:33 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18.7.2008 13:33 20560]
R2 CoLinuxDriver;CoLinuxDriver;c:\program files\Ulteo\Virtual Desktop\colinux\linux.sys [7.5.2008 16:20 69120]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [25.3.2009 13:31 222456]
R3 tap0801co;TAP-Win32 Adapter V8 (coLinux);c:\windows\system32\drivers\tap0801co.sys [14.5.2008 13:49 25856]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.1.2008 11:12 611064]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [26.1.2008 11:13 223128]
.
Obsah adresáře 'Naplánované úlohy'
2010-03-10 c:\windows\Tasks\Norton Security Scan for sklad.job
- c:\program files\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-01-31 12:12]
2010-03-15 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-10-10 14:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-ICQ - ~c:\program files\ICQ6.5\ICQ.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-16 19:57
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
c:\documents and settings\sklad\Nabídka Start\Programy\Po spuštění\winesm32.exe 29184 bytes executable
sken byl úspešně dokončen
skryté soubory: 1
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1123561945-117609710-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(2572)
c:\program files\CyberLink\PowerDVD\deskband32.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\ATKKBService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\UAService7.exe
c:\documents and settings\sklad\Local Settings\Data aplikací\Google\Update\1.2.183.17\GoogleCrashHandler.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\OpenOffice.org 2.2\program\soffice.exe
c:\program files\OpenOffice.org 2.2\program\soffice.BIN
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2010-03-16 20:01:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-16 19:01
Před spuštěním: Volných bajtů: 14 704 410 624
Po spuštění: Volných bajtů: 14 736 486 400
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - A903E11B3F2D7EB9B8722E8A0C2D16E2
ComboFix 10-03-15.06 - sklad 16.03.2010 19:50:26.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1023.612 [GMT 1:00]
Spuštěný z: F:\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 100313-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\MARKETA\Dokumenty\cc_20100315_011955.reg
c:\documents and settings\sklad\Dokumenty\cc_20100314_213049.reg
c:\windows\BM7f983360.txt
c:\windows\BM7f983360.xml
c:\windows\system32\cncs32.dll
c:\windows\system32\DgffNXyb.ini
c:\windows\system32\eweflefk.ini
c:\windows\system32\frmqlsky.ini
c:\windows\system32\hautjwdd.ini
c:\windows\system32\ieuinit.inf
c:\windows\system32\nnngoyjf.ini
c:\windows\system32\pjvsqmhd.ini
c:\windows\system32\qpophamm.ini
c:\windows\system32\sqnankbg.ini
c:\windows\system32\varmyyrj.ini
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-16 do 2010-03-16 )))))))))))))))))))))))))))))))
.
2010-03-16 18:16 . 2008-10-11 11:08 401720 ----a-w- c:\temp\sklad.exe
2010-03-16 18:16 . 2010-03-16 18:16 -------- d-----w- C:\rsit
2010-03-15 20:24 . 2006-03-02 12:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2010-03-15 20:23 . 2006-03-02 12:00 480256 -c--a-w- c:\windows\system32\dllcache\cintsetp.exe
2010-03-15 20:21 . 2006-03-02 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-03-15 20:19 . 2006-03-02 12:00 21896 -c--a-w- c:\windows\system32\dllcache\tdtcp.sys
2010-03-15 20:19 . 2006-03-02 12:00 21896 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2010-03-15 20:19 . 2006-03-02 12:00 12040 -c--a-w- c:\windows\system32\dllcache\tdpipe.sys
2010-03-15 20:19 . 2006-03-02 12:00 12040 ----a-w- c:\windows\system32\drivers\tdpipe.sys
2010-03-15 20:01 . 2006-03-02 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-03-15 20:01 . 2006-03-02 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-03-15 20:01 . 2006-03-02 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-03-15 20:01 . 2006-03-02 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-03-15 18:18 . 2010-03-15 18:18 -------- d--h--w- c:\windows\PIF
2010-03-12 19:48 . 2010-03-13 06:15 118 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2010-03-09 15:41 . 2010-03-12 18:15 -------- d-----w- c:\program files\Alawar
2010-03-06 20:01 . 2010-03-06 20:04 -------- d-----w- c:\program files\TrackMania Sunrise
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 20:31 . 2006-03-02 12:00 62138 ----a-w- c:\windows\system32\perfc005.dat
2010-03-15 20:31 . 2006-03-02 12:00 379568 ----a-w- c:\windows\system32\perfh005.dat
2010-03-15 20:20 . 2007-09-06 14:32 23544 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-15 18:22 . 2007-09-10 05:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-14 20:39 . 2007-09-07 08:15 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2010-03-14 20:35 . 2008-01-26 10:10 -------- d---a-w- c:\program files\Altap Salamander 2.5
2010-03-14 20:31 . 2008-10-11 11:02 -------- d-----w- c:\program files\Yahoo!
2010-03-14 19:18 . 2008-10-04 18:28 -------- d-----w- c:\program files\Applications
2010-03-11 16:36 . 2010-01-06 17:20 -------- d-----w- c:\program files\Valve
2010-03-06 15:35 . 2010-02-02 14:33 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-21 14:57 . 2008-05-18 05:19 -------- d-----w- c:\program files\Common Files\Teleca Shared
2010-02-07 06:40 . 2008-01-29 14:03 -------- d-----w- c:\program files\GameSpy Arcade
2010-02-07 06:39 . 2010-02-07 06:39 -------- d-----w- c:\program files\Microids
2010-02-07 06:39 . 2007-09-07 07:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-31 15:45 . 2010-01-31 15:45 -------- d-----w- c:\program files\ICQLite
2010-01-31 06:54 . 2010-01-31 06:54 -------- d-----w- c:\program files\Norton Security Scan
2010-01-31 06:54 . 2010-01-31 06:54 -------- d-----w- c:\program files\NortonInstaller
2010-01-21 11:48 . 2009-12-25 11:56 -------- d-----w- c:\program files\Microsoft Silverlight
2009-01-03 14:58 . 2007-09-07 09:37 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-01-03 14:58 . 2007-09-07 09:37 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-03 14:58 . 2007-09-07 09:37 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-01-03 14:58 . 2007-09-07 09:37 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-01-03 14:58 . 2007-09-07 09:37 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-01-28 17:23 . 2009-01-25 11:09 80 --sha-r- c:\windows\system32\5F373B2284.dll
2009-02-16 13:44 . 2009-02-15 18:02 56 --sha-r- c:\windows\system32\5F373B2284.sys
2009-02-16 13:44 . 2009-02-15 18:02 3558 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\sklad\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-03-06 133104]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-10-31 95536]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 925696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-22 8425472]
"nwiz"="nwiz.exe" [2007-03-22 1622016]
"GamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 380928]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2008-10-31 54576]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-22 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-03-02 44544]
c:\documents and settings\sklad\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-6-8 393216]
winesm32.exe [2008-4-14 29184]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IMMON"="c:\program files\IM Magician\Vicamon.exe"
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
"SweetIM"=c:\program files\SweetIM\Messenger\SweetIM.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Cross Racing Championship\\crc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TrackMania Sunrise\\TmSunrise.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [18.7.2008 13:33 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18.7.2008 13:33 20560]
R2 CoLinuxDriver;CoLinuxDriver;c:\program files\Ulteo\Virtual Desktop\colinux\linux.sys [7.5.2008 16:20 69120]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [25.3.2009 13:31 222456]
R3 tap0801co;TAP-Win32 Adapter V8 (coLinux);c:\windows\system32\drivers\tap0801co.sys [14.5.2008 13:49 25856]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.1.2008 11:12 611064]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [26.1.2008 11:13 223128]
.
Obsah adresáře 'Naplánované úlohy'
2010-03-10 c:\windows\Tasks\Norton Security Scan for sklad.job
- c:\program files\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-01-31 12:12]
2010-03-15 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-10-10 14:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-ICQ - ~c:\program files\ICQ6.5\ICQ.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-16 19:57
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
c:\documents and settings\sklad\Nabídka Start\Programy\Po spuštění\winesm32.exe 29184 bytes executable
sken byl úspešně dokončen
skryté soubory: 1
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1123561945-117609710-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(2572)
c:\program files\CyberLink\PowerDVD\deskband32.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\ATKKBService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\UAService7.exe
c:\documents and settings\sklad\Local Settings\Data aplikací\Google\Update\1.2.183.17\GoogleCrashHandler.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\OpenOffice.org 2.2\program\soffice.exe
c:\program files\OpenOffice.org 2.2\program\soffice.BIN
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2010-03-16 20:01:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-16 19:01
Před spuštěním: Volných bajtů: 14 704 410 624
Po spuštění: Volných bajtů: 14 736 486 400
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - A903E11B3F2D7EB9B8722E8A0C2D16E2
-
Rudy
- Site Admin
- Příspěvky: 119499
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: PC po odvirování Avastem,aplikaci Spybot a opravě instalace
Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Collect::
c:\windows\system32\fjhdyfhsn.bat
c:\windows\system32\5F373B2284.dll
c:\windows\system32\5F373B2284.sys
c:\documents and settings\sklad\Nabídka Start\Programy\Po spuštění\winesm32.exe
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
Pyroman21cz
- Návštěvník
- Příspěvky: 51
- Registrován: 20 úno 2008 21:35
Re: PC po odvirování Avastem,aplikaci Spybot a opravě instalace
Provedeno, zde je log
ComboFix 10-03-15.06 - sklad 16.03.2010 21:42:34.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1023.695 [GMT 1:00]
Spuštěný z: c:\documents and settings\sklad\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\sklad\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 100316-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
file zipped: c:\documents and settings\sklad\Nabídka Start\Programy\Po spuštění\winesm32.exe
file zipped: c:\windows\system32\5F373B2284.dll
file zipped: c:\windows\system32\5F373B2284.sys
file zipped: c:\windows\system32\fjhdyfhsn.bat
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\sklad\Nabídka Start\Programy\Po spuštění\winesm32.exe
c:\windows\system32\5F373B2284.dll
c:\windows\system32\5F373B2284.sys
c:\windows\system32\fjhdyfhsn.bat
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-16 do 2010-03-16 )))))))))))))))))))))))))))))))
.
2010-03-16 18:16 . 2008-10-11 11:08 401720 ----a-w- c:\temp\sklad.exe
2010-03-16 18:16 . 2010-03-16 18:16 -------- d-----w- C:\rsit
2010-03-15 20:24 . 2006-03-02 12:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2010-03-15 20:23 . 2006-03-02 12:00 480256 -c--a-w- c:\windows\system32\dllcache\cintsetp.exe
2010-03-15 20:21 . 2006-03-02 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-03-15 20:19 . 2006-03-02 12:00 21896 -c--a-w- c:\windows\system32\dllcache\tdtcp.sys
2010-03-15 20:19 . 2006-03-02 12:00 21896 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2010-03-15 20:19 . 2006-03-02 12:00 12040 -c--a-w- c:\windows\system32\dllcache\tdpipe.sys
2010-03-15 20:19 . 2006-03-02 12:00 12040 ----a-w- c:\windows\system32\drivers\tdpipe.sys
2010-03-15 20:01 . 2006-03-02 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-03-15 20:01 . 2006-03-02 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-03-15 20:01 . 2006-03-02 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-03-15 20:01 . 2006-03-02 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-03-15 18:18 . 2010-03-15 18:18 -------- d--h--w- c:\windows\PIF
2010-03-09 15:41 . 2010-03-12 18:15 -------- d-----w- c:\program files\Alawar
2010-03-06 20:01 . 2010-03-06 20:04 -------- d-----w- c:\program files\TrackMania Sunrise
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 20:31 . 2006-03-02 12:00 62138 ----a-w- c:\windows\system32\perfc005.dat
2010-03-15 20:31 . 2006-03-02 12:00 379568 ----a-w- c:\windows\system32\perfh005.dat
2010-03-15 20:20 . 2007-09-06 14:32 23544 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-15 18:22 . 2007-09-10 05:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-14 20:39 . 2007-09-07 08:15 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2010-03-14 20:35 . 2008-01-26 10:10 -------- d---a-w- c:\program files\Altap Salamander 2.5
2010-03-14 20:31 . 2008-10-11 11:02 -------- d-----w- c:\program files\Yahoo!
2010-03-14 19:18 . 2008-10-04 18:28 -------- d-----w- c:\program files\Applications
2010-03-11 16:36 . 2010-01-06 17:20 -------- d-----w- c:\program files\Valve
2010-03-06 15:35 . 2010-02-02 14:33 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-21 14:57 . 2008-05-18 05:19 -------- d-----w- c:\program files\Common Files\Teleca Shared
2010-02-07 06:40 . 2008-01-29 14:03 -------- d-----w- c:\program files\GameSpy Arcade
2010-02-07 06:39 . 2010-02-07 06:39 -------- d-----w- c:\program files\Microids
2010-02-07 06:39 . 2007-09-07 07:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-31 15:45 . 2010-01-31 15:45 -------- d-----w- c:\program files\ICQLite
2010-01-31 06:54 . 2010-01-31 06:54 -------- d-----w- c:\program files\Norton Security Scan
2010-01-31 06:54 . 2010-01-31 06:54 -------- d-----w- c:\program files\NortonInstaller
2010-01-21 11:48 . 2009-12-25 11:56 -------- d-----w- c:\program files\Microsoft Silverlight
2009-01-03 14:58 . 2007-09-07 09:37 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-01-03 14:58 . 2007-09-07 09:37 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-03 14:58 . 2007-09-07 09:37 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-01-03 14:58 . 2007-09-07 09:37 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-01-03 14:58 . 2007-09-07 09:37 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-02-16 13:44 . 2009-02-15 18:02 3558 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-03-16_18.57.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-16 20:47 . 2010-03-16 20:47 16384 c:\windows\Temp\Perflib_Perfdata_750.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\sklad\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-03-06 133104]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-10-31 95536]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 925696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-22 8425472]
"nwiz"="nwiz.exe" [2007-03-22 1622016]
"GamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 380928]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2008-10-31 54576]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-22 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-03-02 44544]
c:\documents and settings\sklad\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-6-8 393216]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IMMON"="c:\program files\IM Magician\Vicamon.exe"
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
"SweetIM"=c:\program files\SweetIM\Messenger\SweetIM.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Cross Racing Championship\\crc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TrackMania Sunrise\\TmSunrise.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [18.7.2008 13:33 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18.7.2008 13:33 20560]
R2 CoLinuxDriver;CoLinuxDriver;c:\program files\Ulteo\Virtual Desktop\colinux\linux.sys [7.5.2008 16:20 69120]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [25.3.2009 13:31 222456]
R3 tap0801co;TAP-Win32 Adapter V8 (coLinux);c:\windows\system32\drivers\tap0801co.sys [14.5.2008 13:49 25856]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.1.2008 11:12 611064]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [26.1.2008 11:13 223128]
.
Obsah adresáře 'Naplánované úlohy'
2010-03-10 c:\windows\Tasks\Norton Security Scan for sklad.job
- c:\program files\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-01-31 12:12]
2010-03-15 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-10-10 14:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-16 21:48
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1123561945-117609710-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3824)
c:\program files\CyberLink\PowerDVD\deskband32.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\ATKKBService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\UAService7.exe
c:\documents and settings\sklad\Local Settings\Data aplikací\Google\Update\1.2.183.17\GoogleCrashHandler.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\OpenOffice.org 2.2\program\soffice.exe
c:\program files\OpenOffice.org 2.2\program\soffice.BIN
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-03-16 21:52:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-16 20:52
ComboFix2.txt 2010-03-16 19:01
Před spuštěním: Volných bajtů: 14 742 458 368
Po spuštění: Volných bajtů: 14 698 311 680
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - B83681E6D8BE3F151CF84106857B030E
ComboFix 10-03-15.06 - sklad 16.03.2010 21:42:34.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1023.695 [GMT 1:00]
Spuštěný z: c:\documents and settings\sklad\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\sklad\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 100316-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
file zipped: c:\documents and settings\sklad\Nabídka Start\Programy\Po spuštění\winesm32.exe
file zipped: c:\windows\system32\5F373B2284.dll
file zipped: c:\windows\system32\5F373B2284.sys
file zipped: c:\windows\system32\fjhdyfhsn.bat
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\sklad\Nabídka Start\Programy\Po spuštění\winesm32.exe
c:\windows\system32\5F373B2284.dll
c:\windows\system32\5F373B2284.sys
c:\windows\system32\fjhdyfhsn.bat
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-16 do 2010-03-16 )))))))))))))))))))))))))))))))
.
2010-03-16 18:16 . 2008-10-11 11:08 401720 ----a-w- c:\temp\sklad.exe
2010-03-16 18:16 . 2010-03-16 18:16 -------- d-----w- C:\rsit
2010-03-15 20:24 . 2006-03-02 12:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2010-03-15 20:23 . 2006-03-02 12:00 480256 -c--a-w- c:\windows\system32\dllcache\cintsetp.exe
2010-03-15 20:21 . 2006-03-02 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-03-15 20:19 . 2006-03-02 12:00 21896 -c--a-w- c:\windows\system32\dllcache\tdtcp.sys
2010-03-15 20:19 . 2006-03-02 12:00 21896 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2010-03-15 20:19 . 2006-03-02 12:00 12040 -c--a-w- c:\windows\system32\dllcache\tdpipe.sys
2010-03-15 20:19 . 2006-03-02 12:00 12040 ----a-w- c:\windows\system32\drivers\tdpipe.sys
2010-03-15 20:01 . 2006-03-02 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-03-15 20:01 . 2006-03-02 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-03-15 20:01 . 2006-03-02 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-03-15 20:01 . 2006-03-02 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-03-15 18:18 . 2010-03-15 18:18 -------- d--h--w- c:\windows\PIF
2010-03-09 15:41 . 2010-03-12 18:15 -------- d-----w- c:\program files\Alawar
2010-03-06 20:01 . 2010-03-06 20:04 -------- d-----w- c:\program files\TrackMania Sunrise
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 20:31 . 2006-03-02 12:00 62138 ----a-w- c:\windows\system32\perfc005.dat
2010-03-15 20:31 . 2006-03-02 12:00 379568 ----a-w- c:\windows\system32\perfh005.dat
2010-03-15 20:20 . 2007-09-06 14:32 23544 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-15 18:22 . 2007-09-10 05:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-14 20:39 . 2007-09-07 08:15 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2010-03-14 20:35 . 2008-01-26 10:10 -------- d---a-w- c:\program files\Altap Salamander 2.5
2010-03-14 20:31 . 2008-10-11 11:02 -------- d-----w- c:\program files\Yahoo!
2010-03-14 19:18 . 2008-10-04 18:28 -------- d-----w- c:\program files\Applications
2010-03-11 16:36 . 2010-01-06 17:20 -------- d-----w- c:\program files\Valve
2010-03-06 15:35 . 2010-02-02 14:33 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-21 14:57 . 2008-05-18 05:19 -------- d-----w- c:\program files\Common Files\Teleca Shared
2010-02-07 06:40 . 2008-01-29 14:03 -------- d-----w- c:\program files\GameSpy Arcade
2010-02-07 06:39 . 2010-02-07 06:39 -------- d-----w- c:\program files\Microids
2010-02-07 06:39 . 2007-09-07 07:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-31 15:45 . 2010-01-31 15:45 -------- d-----w- c:\program files\ICQLite
2010-01-31 06:54 . 2010-01-31 06:54 -------- d-----w- c:\program files\Norton Security Scan
2010-01-31 06:54 . 2010-01-31 06:54 -------- d-----w- c:\program files\NortonInstaller
2010-01-21 11:48 . 2009-12-25 11:56 -------- d-----w- c:\program files\Microsoft Silverlight
2009-01-03 14:58 . 2007-09-07 09:37 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-01-03 14:58 . 2007-09-07 09:37 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-03 14:58 . 2007-09-07 09:37 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-01-03 14:58 . 2007-09-07 09:37 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-01-03 14:58 . 2007-09-07 09:37 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-02-16 13:44 . 2009-02-15 18:02 3558 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-03-16_18.57.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-16 20:47 . 2010-03-16 20:47 16384 c:\windows\Temp\Perflib_Perfdata_750.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\sklad\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-03-06 133104]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-10-31 95536]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 925696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-22 8425472]
"nwiz"="nwiz.exe" [2007-03-22 1622016]
"GamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 380928]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2008-10-31 54576]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-22 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-03-02 44544]
c:\documents and settings\sklad\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-6-8 393216]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IMMON"="c:\program files\IM Magician\Vicamon.exe"
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
"SweetIM"=c:\program files\SweetIM\Messenger\SweetIM.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Cross Racing Championship\\crc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TrackMania Sunrise\\TmSunrise.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [18.7.2008 13:33 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18.7.2008 13:33 20560]
R2 CoLinuxDriver;CoLinuxDriver;c:\program files\Ulteo\Virtual Desktop\colinux\linux.sys [7.5.2008 16:20 69120]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [25.3.2009 13:31 222456]
R3 tap0801co;TAP-Win32 Adapter V8 (coLinux);c:\windows\system32\drivers\tap0801co.sys [14.5.2008 13:49 25856]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.1.2008 11:12 611064]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [26.1.2008 11:13 223128]
.
Obsah adresáře 'Naplánované úlohy'
2010-03-10 c:\windows\Tasks\Norton Security Scan for sklad.job
- c:\program files\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-01-31 12:12]
2010-03-15 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-10-10 14:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-16 21:48
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1123561945-117609710-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3824)
c:\program files\CyberLink\PowerDVD\deskband32.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\ATKKBService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\UAService7.exe
c:\documents and settings\sklad\Local Settings\Data aplikací\Google\Update\1.2.183.17\GoogleCrashHandler.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\OpenOffice.org 2.2\program\soffice.exe
c:\program files\OpenOffice.org 2.2\program\soffice.BIN
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-03-16 21:52:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-16 20:52
ComboFix2.txt 2010-03-16 19:01
Před spuštěním: Volných bajtů: 14 742 458 368
Po spuštění: Volných bajtů: 14 698 311 680
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - B83681E6D8BE3F151CF84106857B030E
-
Rudy
- Site Admin
- Příspěvky: 119499
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: PC po odvirování Avastem,aplikaci Spybot a opravě instalace
Log již vypadá čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
Pyroman21cz
- Návštěvník
- Příspěvky: 51
- Registrován: 20 úno 2008 21:35
Re: PC po odvirování Avastem,aplikaci Spybot a opravě instalace
I PC se chová slušně, jen zmizela ikona avastu v systray, ale to přežiju.
Děkuji moc a přeji dobrou noc.
Děkuji moc a přeji dobrou noc.
-
Rudy
- Site Admin
- Příspěvky: 119499
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: PC po odvirování Avastem,aplikaci Spybot a opravě instalace
To by mělo jít obnovit v nastavení Avastu. Nemáte zač a rovněž dobrou noc!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?
