RSIT prosba o kontrolu

Zpráva

Pakl · #1 Příspěvek od **Pakl** » 21 dub 2010 15:30

Prosím o preventivní kontrolu logu RSIT, nemám žádné obtíže, pouze už starší systém, několik let nepřeinstalovávaný. A moc děkuji.

Logfile of random's system information tool 1.06 (written by random/random)
Run by xxx at 2010-04-21 16:24:24
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 26 GB (64%) free of 41 GB
Total RAM: 3071 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:25:11, on 21.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\NMSAccessU.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\V0530Mon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
D:\Program Files\MuralPix\MpAgent.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\PopTray\PopTray.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\rsit\RSIT.exe
D:\Program Files\HijackThis\xxx.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [V0530Mon.exe] C:\WINDOWS\V0530Mon.exe
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\xxx\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe" /NoDialog
O4 - Startup: Kana StartDelay - POPPeeper.lnk = C:\Program Files\SDelay-1.0.0.3\SDelay.exe
O4 - Startup: Kana StartDelay - PopTray.lnk = C:\Program Files\SDelay-1.0.0.3\SDelay.exe
O4 - Startup: Kana StartDelay - qip.lnk = C:\Program Files\SDelay-1.0.0.3\SDelay.exe
O4 - Startup: Kana StartDelay - Skype.lnk = C:\Program Files\SDelay-1.0.0.3\SDelay.exe
O4 - Global Startup: MuralPixAgent.lnk = D:\Program Files\MuralPix\MpAgent.exe
O4 - Global Startup: OODefragTray.lnk = C:\WINDOWS\system32\oodtray.exe
O4 - Global Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: SunJavaUpdateSched.lnk = C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Přidat do stávajícího PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: SCARABAY - {A28A0545-4B15-4AC0-B4A4-118ACA2A7317} - E:\Abacus\Scarabay\scielib.dll
O9 - Extra 'Tools' menuitem: To fill a login and the password - {A28A0545-4B15-4AC0-B4A4-118ACA2A7317} - E:\Abacus\Scarabay\scielib.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwar ... TSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4562110937
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAEF8860-9B05-4F76-BC0F-43604BB4A876}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\WINDOWS\system32\NMSAccessU.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 12441 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GlaryInitialize.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-630328440-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-630328440-839522115-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-11 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-11 321120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-05-10 90112]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2008-12-16 4375032]
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2008-12-16 962128]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2008-12-16 165144]
"V0530Mon.exe"=C:\WINDOWS\V0530Mon.exe [2008-02-19 28672]
"OSSelectorReinstall"=C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe [2007-03-15 2225208]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-01-30 16116224]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-29 61440]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-01-30 1800464]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-04-14 2790472]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Active Desktop Calendar"=C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe [2010-03-14 5729792]
"Google Update"=C:\Documents and Settings\xxx\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-03-27 136176]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe [2009-10-26 753664]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
MuralPixAgent.lnk - D:\Program Files\MuralPix\MpAgent.exe
OODefragTray.lnk - C:\WINDOWS\system32\oodtray.exe
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
SunJavaUpdateSched.lnk - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Documents and Settings\xxx\Nabídka Start\Programy\Po spuštění
Kana StartDelay - POPPeeper.lnk - C:\Program Files\SDelay-1.0.0.3\SDelay.exe
Kana StartDelay - PopTray.lnk - C:\Program Files\SDelay-1.0.0.3\SDelay.exe
Kana StartDelay - qip.lnk - C:\Program Files\SDelay-1.0.0.3\SDelay.exe
Kana StartDelay - Skype.lnk - C:\Program Files\SDelay-1.0.0.3\SDelay.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-09-30 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"= []
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-05 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=80030000
"NoDrives"=0
"NoDriveTypeAutoRun"=47010000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoResolveSearch"=
"HonorAutoRunSetting"=
"NoDrives"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Canon\Network ScanGear\SgTool.exe"="C:\Program Files\Canon\Network ScanGear\SgTool.exe:*:Enabled:SGTOOL"
"D:\Program Files\Flight Simulator 9\fs9.exe"="D:\Program Files\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"D:\Program Files\Games\Volejbal\volley.exe"="D:\Program Files\Games\Volejbal\volley.exe:*:Enabled:volley"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"D:\Program Files\StrongDC++\StrongDC.exe"="D:\Program Files\StrongDC++\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\Program Files\Spyware Terminator\SpywareTerminator.exe"="D:\Program Files\Spyware Terminator\SpywareTerminator.exe:LocalSubNet:Enabled:Spyware Terminator"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c265805-4024-11dd-bed1-001a4d84210c}]
shell\AutoRun\command - H:\mbvd.exe
shell\open\command - H:\mbvd.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f0101d0-6ad5-11dc-a57a-001a4d84210c}]
shell\AutoRun\command - rundll32 system.dll,MainBegin
shell\Explore\command - rundll32 system.dll,MainBegin
shell\Open\command - rundll32 system.dll,MainBegin

======File associations======

.ini - open - notepad.exe %1

======List of files/folders created in the last 1 months======

2010-04-21 09:15:41 ----D---- C:\Program Files\SDelay-1.0.0.3
2010-04-17 00:03:52 ----D---- C:\Program Files\FolderScan 1.1
2010-04-03 09:46:55 ----D---- C:\Documents and Settings\xxx\Data aplikací\Nokia
2010-04-03 09:42:53 ----D---- C:\Program Files\Common Files\PCSuite

======List of files/folders modified in the last 1 months======

2010-04-21 16:25:04 ----D---- C:\WINDOWS\Prefetch
2010-04-21 16:24:38 ----D---- C:\Documents and Settings\xxx\Data aplikací\Skype
2010-04-21 16:22:32 ----D---- C:\Program Files\SpywareBlaster
2010-04-21 13:30:20 ----D---- C:\Program Files\Mozilla Thunderbird
2010-04-21 13:02:15 ----D---- C:\WINDOWS\temp
2010-04-21 12:53:03 ----D---- C:\WINDOWS\system32
2010-04-21 12:53:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-21 12:51:32 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-21 12:46:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-21 10:02:55 ----SHD---- C:\WINDOWS\Installer
2010-04-21 10:02:06 ----SHD---- C:\Config.Msi
2010-04-21 10:02:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-04-21 09:15:41 ----RD---- C:\Program Files
2010-04-21 08:56:11 ----SHD---- C:\WINDOWS\CSC
2010-04-19 09:42:49 ----D---- C:\WINDOWS\inf
2010-04-16 17:41:19 ----D---- C:\Program Files\Hesla JB
2010-04-16 17:00:13 ----D---- C:\WINDOWS
2010-04-16 17:00:13 ----A---- C:\WINDOWS\demdata.txt
2010-04-14 18:47:03 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-04-14 08:34:34 ----D---- C:\Documents and Settings\xxx\Data aplikací\Macromedia
2010-04-14 08:16:09 ----DC---- C:\WINDOWS\system32\dllcache
2010-04-14 08:16:01 ----D---- C:\WINDOWS\system32\drivers
2010-04-14 08:15:57 ----D---- C:\Program Files\Windows Media Player
2010-04-14 08:15:16 ----D---- C:\WINDOWS\ie8updates
2010-04-11 13:35:01 ----D---- C:\WINDOWS\system32\config
2010-04-07 08:52:30 ----A---- C:\WINDOWS\wk2000.ini
2010-04-07 08:52:30 ----A---- C:\WINDOWS\winklav.ini
2010-04-07 08:52:30 ----A---- C:\WINDOWS\wg2000.ini
2010-04-07 08:07:51 ----D---- C:\Program Files\CCleaner
2010-04-03 19:48:54 ----D---- C:\Documents and Settings\xxx\Data aplikací\uTorrent
2010-04-03 09:44:31 ----D---- C:\Program Files\uTorrent
2010-04-03 09:43:22 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-04-03 09:42:53 ----D---- C:\Program Files\Common Files
2010-04-03 09:42:48 ----D---- C:\Program Files\Nokia
2010-04-03 09:42:48 ----D---- C:\Program Files\Common Files\Nokia
2010-04-03 09:39:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\Installations
2010-03-31 13:13:36 ----D---- C:\Program Files\Internet Explorer
2010-03-30 23:24:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-29 19:09:50 ----D---- C:\Program Files\Decrapifier
2010-03-27 15:17:36 ----D---- C:\Program Files\Notepad++
2010-03-27 15:17:36 ----D---- C:\Documents and Settings\xxx\Data aplikací\Notepad++
2010-03-27 11:09:27 ----D---- C:\WINDOWS\Tasks
2010-03-27 11:08:02 ----D---- C:\Program Files\Mozilla Firefox
2010-03-27 11:03:20 ----D---- C:\Program Files\SUPERAntiSpyware
2010-03-27 11:03:10 ----D---- C:\Documents and Settings\xxx\Data aplikací\SUPERAntiSpyware.com
2010-03-27 11:02:44 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-03-27 11:02:03 ----D---- C:\Program Files\Glary Utilities

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-04-14 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-04-14 162768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-04-14 46672]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2010-02-04 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2010-01-30 25160]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-04-14 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-04-14 100432]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2009-04-18 44704]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-04-14 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2009-09-30 3565056]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver; C:\WINDOWS\system32\DRIVERS\CtClsFlt.sys [2008-05-07 145952]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-01-30 4474368]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2006-11-27 58368]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2006-11-27 19968]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-01-09 47360]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 V0530Dev;Creative Camera VF0530 Driver; C:\WINDOWS\system32\DRIVERS\V0530Vid.sys [2008-04-28 272512]
S1 ATITool;ATITool Overclocking Utility; C:\WINDOWS\system32\DRIVERS\ATITool.sys [2005-05-31 28160]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MA-620;Mobile Action MA-660 USB Infrared Adapter; C:\WINDOWS\system32\DRIVERS\MA-620.sys [2003-03-25 27136]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-01-21 18048]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-12-30 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-12-30 7936]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-12-30 7936]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73344]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2008-12-16 554264]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-09-30 602112]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-01-30 723632]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe [2006-10-31 77824]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NMSAccessU;NMSAccessU; C:\WINDOWS\system32\NMSAccessU.exe [2008-05-03 71096]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-05-11 1050120]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe [2006-10-31 1990656]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-09-29 593920]
S2 TryAndDecideService;Acronis Try And Decide Service; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2008-03-06 495936]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-09-20 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-01 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe []
S4 ATMsrvc;ATM Service; C:\WINDOWS\System32\ATMsrvc.exe [2000-05-24 15360]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 21 dub 2010 20:22

1. V systému máte Avast5 a Comodo IS, který rovněž obsahuje antivir. Buď odinstalujte Avast, nebo CIS a doplněte systém o nějaký jiný firewall. Takto může docházet k sw konfliktu.
2. Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Pakl · #3 Příspěvek od **Pakl** » 22 dub 2010 09:08

Z CIS mám instalovaný pouze FW, zatímco AV od Comodo neužívám, snad je to v této kombinaci možné.
Nevím proč je na konci TuneAp, dávno tento program neužívám.
Zde je log z CF:

ComboFix 10-04-21.01 - xxx 22.04.2010 9:57.8.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3071.2408 [GMT 2:00]
Spuštěný z: c:\documents and settings\xxx\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-03-22 do 2010-04-22 )))))))))))))))))))))))))))))))
.

2010-04-21 07:15 . 2010-04-21 08:06 -------- d-----w- c:\program files\SDelay-1.0.0.3
2010-04-16 22:03 . 2010-04-16 22:03 -------- d-----w- c:\program files\FolderScan 1.1
2010-04-03 07:42 . 2010-04-03 07:42 -------- d-----w- c:\program files\Common Files\PCSuite

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-22 07:23 . 2001-10-25 12:00 79890 ----a-w- c:\windows\system32\perfc005.dat
2010-04-22 07:23 . 2001-10-25 12:00 434008 ----a-w- c:\windows\system32\perfh005.dat
2010-04-22 07:06 . 2007-08-23 05:00 3208 ----a-w- c:\windows\im32st.dat
2010-04-22 06:58 . 2007-08-22 21:05 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-04-21 14:22 . 2007-08-22 23:52 -------- d-----w- c:\program files\SpywareBlaster
2010-04-16 15:41 . 2009-03-13 15:57 -------- d-----w- c:\program files\Hesla JB
2010-04-14 16:47 . 2008-12-10 07:18 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-14 16:47 . 2008-12-10 07:18 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-14 16:35 . 2008-12-10 07:18 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-14 16:35 . 2008-12-10 07:18 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-14 16:31 . 2008-12-10 07:18 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-14 16:31 . 2008-12-10 07:18 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-04-14 16:31 . 2008-12-10 07:18 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-04-14 16:31 . 2008-12-10 07:18 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-14 16:30 . 2008-12-10 07:18 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-04-07 06:07 . 2007-08-23 00:11 -------- d-----w- c:\program files\CCleaner
2010-04-03 07:44 . 2008-03-17 22:20 -------- d-----w- c:\program files\uTorrent
2010-04-03 07:42 . 2009-08-20 14:55 -------- d-----w- c:\program files\Common Files\Nokia
2010-04-03 07:42 . 2009-08-20 14:54 -------- d-----w- c:\program files\Nokia
2010-03-30 21:24 . 2009-03-25 07:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-29 22:46 . 2009-03-25 07:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2009-03-25 07:20 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 17:09 . 2010-01-04 10:51 -------- d-----w- c:\program files\Decrapifier
2010-03-27 13:17 . 2010-02-01 19:23 -------- d-----w- c:\program files\Notepad++
2010-03-27 09:03 . 2007-12-20 14:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-27 09:02 . 2007-08-23 02:22 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-27 09:02 . 2009-05-24 15:39 -------- d-----w- c:\program files\Glary Utilities
2010-03-18 13:49 . 2010-03-18 13:49 -------- d-----w- c:\program files\PC Connectivity Solution
2010-03-16 13:43 . 2009-12-30 17:06 -------- d-----w- c:\program files\Hry
2010-03-16 13:42 . 2010-03-16 13:42 -------- d-----w- c:\program files\Regino v5.0
2010-03-10 06:17 . 2002-09-20 16:04 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 12:33 . 2010-03-16 13:44 -------- d-----w- c:\program files\Farpr
2010-02-25 06:18 . 2002-09-20 16:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2002-08-28 23:59 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:08 . 2002-09-20 17:12 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 19:08 . 2002-09-20 15:12 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-12 04:35 . 2002-09-20 16:03 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2002-08-28 23:37 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-04 10:20 . 2009-11-05 13:15 171552 ----a-w- c:\windows\system32\guard32.dll
2010-02-04 10:20 . 2009-11-05 13:15 134344 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-01-30 08:41 . 2009-11-05 13:15 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-01-30 08:41 . 2009-11-05 13:15 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-01-23 11:01 . 2010-01-23 11:01 0 ----a-w- c:\windows\ativpsrm.bin
2008-05-03 09:58 . 2008-05-03 09:10 90144 --sha-w- c:\windows\system32\drivers\fidbox.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Active Desktop Calendar"="c:\program files\XemiComputers\Active Desktop Calendar\ADC.exe" [2010-03-14 5729792]
"Google Update"="c:\documents and settings\xxx\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-03-27 136176]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe" [2009-10-26 753664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-12-16 4375032]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-12-16 962128]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-12-16 165144]
"V0530Mon.exe"="c:\windows\V0530Mon.exe" [2008-02-19 28672]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-03-15 2225208]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-01-30 1800464]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]

c:\documents and settings\xxx\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Kana StartDelay - POPPeeper.lnk - c:\program files\SDelay-1.0.0.3\SDelay.exe [2010-4-21 265728]
Kana StartDelay - PopTray.lnk - c:\program files\SDelay-1.0.0.3\SDelay.exe [2010-4-21 265728]
Kana StartDelay - qip.lnk - c:\program files\SDelay-1.0.0.3\SDelay.exe [2010-4-21 265728]
Kana StartDelay - Skype.lnk - c:\program files\SDelay-1.0.0.3\SDelay.exe [2010-4-21 265728]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
MuralPixAgent.lnk - d:\program files\MuralPix\MpAgent.exe [2005-11-20 102400]
OODefragTray.lnk - c:\windows\system32\oodtray.exe [2007-5-11 2512392]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-6-9 3565296]
SunJavaUpdateSched.lnk - c:\program files\Java\jre1.6.0_07\bin\jusched.exe [2008-7-21 144784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-06-05 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0oodbs\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Canon\\Network ScanGear\\SgTool.exe"=
"d:\\Program Files\\Flight Simulator 9\\fs9.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"d:\\Program Files\\Games\\Volejbal\\volley.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Program Files\\StrongDC++\\StrongDC.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2.2.2009 23:10 64160]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10.12.2008 9:18 162768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [5.11.2009 15:15 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [5.11.2009 15:15 25160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 11:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17.2.2010 11:15 66632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.12.2008 9:18 19024]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe -s [?]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [12.3.2009 22:43 145952]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe -s [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.6.2009 14:20 12648]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17.2.2010 11:15 12872]
S3 V0530Dev;Creative Camera VF0530 Driver;c:\windows\system32\drivers\V0530Vid.sys [28.4.2008 2:00 272512]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-22 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-05-24 12:03]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/webhp
mWindow Title = Microsoft Internet Explorer
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést vybrané vazby do Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Přidat do stávajícího PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{A28A0545-4B15-4AC0-B4A4-118ACA2A7317} - {546403CE-6D0C-4357-BA75-F0169B3AB539} - e:\abacus\Scarabay\scielib.dll
TCP: {BAEF8860-9B05-4F76-BC0F-43604BB4A876} = 192.168.1.1
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\xxx\Data aplikací\Mozilla\Firefox\Profiles\gi58eotn.default\
FF - prefs.js: browser.search.selectedEngine - Navrcholu.cz
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - plugin: c:\program files\mozilla firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
FF - plugin: d:\program files\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

SafeBoot-Lavasoft Ad-Aware Service

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-22 10:00
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1456)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1592)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(4024)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\program files\XemiComputers\Active Desktop Calendar\MouseHook.dll
c:\windows\system32\webcheck.dll
.
Celkový čas: 2010-04-22 10:02:32
ComboFix-quarantined-files.txt 2010-04-22 08:02

Před spuštěním: Volných bajtů: 27 181 543 424
Po spuštění: Volných bajtů: 27 137 597 440

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /TUTag=UKI4HY /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (TuneUp Záloha)" /fastdetect /NoExecute=OptIn /TUTag=UKI4HY-BAK

- - End Of File - - C11D053E6BF04919BC567D3C87F24EA9

#4 Příspěvek od **Rudy** » 22 dub 2010 18:34

Otevřte poznámkový blok a zkopírujte do něj:

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c265805-4024-11dd-bed1-001a4d84210c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f0101d0-6ad5-11dc-a57a-001a4d84210c}]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. Cf se spustí a vykoná příkazy ze skriptu.

Obrázek

Pakl · #5 Příspěvek od **Pakl** » 22 dub 2010 19:35

Přikládám nový log z CF. jednak ho CF vytvořil, jednak myslím, že jinak se nedá poznat, zda je vše OK.
Mohu se zeptat, co tam bylo?
Zde je ten log:

ComboFix 10-04-21.01 - xxx 22.04.2010 20:23:08.9.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3071.2350 [GMT 2:00]
Spuštěný z: c:\documents and settings\xxx\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\xxx\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-03-22 do 2010-04-22 )))))))))))))))))))))))))))))))
.

2010-04-21 07:15 . 2010-04-21 08:06 -------- d-----w- c:\program files\SDelay-1.0.0.3
2010-04-16 22:03 . 2010-04-16 22:03 -------- d-----w- c:\program files\FolderScan 1.1
2010-04-03 07:42 . 2010-04-03 07:42 -------- d-----w- c:\program files\Common Files\PCSuite

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-22 15:57 . 2007-08-22 21:05 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-04-22 13:06 . 2001-10-25 12:00 79890 ----a-w- c:\windows\system32\perfc005.dat
2010-04-22 13:06 . 2001-10-25 12:00 434008 ----a-w- c:\windows\system32\perfh005.dat
2010-04-22 07:06 . 2007-08-23 05:00 3208 ----a-w- c:\windows\im32st.dat
2010-04-21 14:22 . 2007-08-22 23:52 -------- d-----w- c:\program files\SpywareBlaster
2010-04-16 15:41 . 2009-03-13 15:57 -------- d-----w- c:\program files\Hesla JB
2010-04-14 16:47 . 2008-12-10 07:18 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-14 16:47 . 2008-12-10 07:18 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-14 16:35 . 2008-12-10 07:18 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-14 16:35 . 2008-12-10 07:18 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-14 16:31 . 2008-12-10 07:18 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-14 16:31 . 2008-12-10 07:18 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-04-14 16:31 . 2008-12-10 07:18 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-04-14 16:31 . 2008-12-10 07:18 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-14 16:30 . 2008-12-10 07:18 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-04-07 06:07 . 2007-08-23 00:11 -------- d-----w- c:\program files\CCleaner
2010-04-03 07:44 . 2008-03-17 22:20 -------- d-----w- c:\program files\uTorrent
2010-04-03 07:42 . 2009-08-20 14:55 -------- d-----w- c:\program files\Common Files\Nokia
2010-04-03 07:42 . 2009-08-20 14:54 -------- d-----w- c:\program files\Nokia
2010-03-30 21:24 . 2009-03-25 07:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-29 22:46 . 2009-03-25 07:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2009-03-25 07:20 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 17:09 . 2010-01-04 10:51 -------- d-----w- c:\program files\Decrapifier
2010-03-27 13:17 . 2010-02-01 19:23 -------- d-----w- c:\program files\Notepad++
2010-03-27 09:03 . 2007-12-20 14:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-27 09:02 . 2007-08-23 02:22 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-27 09:02 . 2009-05-24 15:39 -------- d-----w- c:\program files\Glary Utilities
2010-03-18 13:49 . 2010-03-18 13:49 -------- d-----w- c:\program files\PC Connectivity Solution
2010-03-16 13:43 . 2009-12-30 17:06 -------- d-----w- c:\program files\Hry
2010-03-16 13:42 . 2010-03-16 13:42 -------- d-----w- c:\program files\Regino v5.0
2010-03-10 06:17 . 2002-09-20 16:04 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 12:33 . 2010-03-16 13:44 -------- d-----w- c:\program files\Farpr
2010-02-25 06:18 . 2002-09-20 16:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2002-08-28 23:59 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:08 . 2002-09-20 17:12 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 19:08 . 2002-09-20 15:12 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-12 04:35 . 2002-09-20 16:03 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2002-08-28 23:37 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-04 10:20 . 2009-11-05 13:15 171552 ----a-w- c:\windows\system32\guard32.dll
2010-02-04 10:20 . 2009-11-05 13:15 134344 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-01-30 08:41 . 2009-11-05 13:15 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-01-30 08:41 . 2009-11-05 13:15 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-01-23 11:01 . 2010-01-23 11:01 0 ----a-w- c:\windows\ativpsrm.bin
2008-05-03 09:58 . 2008-05-03 09:10 90144 --sha-w- c:\windows\system32\drivers\fidbox.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-04-22_08.00.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-10-25 12:00 . 2010-04-22 07:23 68156 c:\windows\system32\perfc009.dat
+ 2001-10-25 12:00 . 2010-04-22 13:06 68156 c:\windows\system32\perfc009.dat
+ 2010-04-22 08:14 . 2010-04-22 18:07 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-08-22 10:17 . 2010-04-22 07:35 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-08-22 10:17 . 2010-04-22 18:07 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-08-22 10:17 . 2010-04-22 07:35 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-04-22 08:14 . 2010-04-22 18:07 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2001-10-25 12:00 . 2010-04-22 13:06 435260 c:\windows\system32\perfh009.dat
- 2001-10-25 12:00 . 2010-04-22 07:23 435260 c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Active Desktop Calendar"="c:\program files\XemiComputers\Active Desktop Calendar\ADC.exe" [2010-03-14 5729792]
"Google Update"="c:\documents and settings\xxx\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-03-27 136176]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe" [2009-10-26 753664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-12-16 4375032]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-12-16 962128]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-12-16 165144]
"V0530Mon.exe"="c:\windows\V0530Mon.exe" [2008-02-19 28672]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-03-15 2225208]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-01-30 1800464]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]

c:\documents and settings\xxx\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Kana StartDelay - POPPeeper.lnk - c:\program files\SDelay-1.0.0.3\SDelay.exe [2010-4-21 265728]
Kana StartDelay - PopTray.lnk - c:\program files\SDelay-1.0.0.3\SDelay.exe [2010-4-21 265728]
Kana StartDelay - qip.lnk - c:\program files\SDelay-1.0.0.3\SDelay.exe [2010-4-21 265728]
Kana StartDelay - Skype.lnk - c:\program files\SDelay-1.0.0.3\SDelay.exe [2010-4-21 265728]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
MuralPixAgent.lnk - d:\program files\MuralPix\MpAgent.exe [2005-11-20 102400]
OODefragTray.lnk - c:\windows\system32\oodtray.exe [2007-5-11 2512392]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-6-9 3565296]
SunJavaUpdateSched.lnk - c:\program files\Java\jre1.6.0_07\bin\jusched.exe [2008-7-21 144784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-06-05 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0oodbs\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Canon\\Network ScanGear\\SgTool.exe"=
"d:\\Program Files\\Flight Simulator 9\\fs9.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"d:\\Program Files\\Games\\Volejbal\\volley.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Program Files\\StrongDC++\\StrongDC.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2.2.2009 23:10 64160]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10.12.2008 9:18 162768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [5.11.2009 15:15 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [5.11.2009 15:15 25160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 11:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17.2.2010 11:15 66632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.12.2008 9:18 19024]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [12.3.2009 22:43 145952]
R3 V0530Dev;Creative Camera VF0530 Driver;c:\windows\system32\drivers\V0530Vid.sys [28.4.2008 2:00 272512]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe -s [?]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe -s [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.6.2009 14:20 12648]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17.2.2010 11:15 12872]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-22 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-05-24 12:03]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/webhp
mWindow Title = Microsoft Internet Explorer
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést vybrané vazby do Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Přidat do stávajícího PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{A28A0545-4B15-4AC0-B4A4-118ACA2A7317} - {546403CE-6D0C-4357-BA75-F0169B3AB539} - e:\abacus\Scarabay\scielib.dll
TCP: {BAEF8860-9B05-4F76-BC0F-43604BB4A876} = 192.168.1.1
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\xxx\Data aplikací\Mozilla\Firefox\Profiles\gi58eotn.default\
FF - prefs.js: browser.search.selectedEngine - Navrcholu.cz
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-22 20:28
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1456)
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\MSVCP60.dll

- - - - - - - > 'lsass.exe'(1592)
c:\windows\system32\guard32.dll
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(4632)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\program files\XemiComputers\Active Desktop Calendar\MouseHook.dll
c:\windows\system32\webcheck.dll
.
Celkový čas: 2010-04-22 20:32:43
ComboFix-quarantined-files.txt 2010-04-22 18:32
ComboFix2.txt 2010-04-22 08:02

Před spuštěním: Volných bajtů: 27 012 583 424
Po spuštění: Volných bajtů: 26 972 184 576

- - End Of File - - 6DC7E2E45EF0E11179C707809878D505

Pakl · #6 Příspěvek od **Pakl** » 22 dub 2010 19:50

Abych nezapomněl: ten TuneUp, na nějž jsem se ptal, který se objevoval v "bootsect.dat" jsem odstranil smazáním poslední řádky v boot.ini (při spuštění z Linuxu, který mám instalovaný jako paralelní systém na jiné partition, pokoušeje se do něho proniknout). Snad jsem neudělal chybu.

#7 Příspěvek od **Rudy** » 22 dub 2010 21:03

Log již vypadá čistý. Pokud vše správně funguje, chybu jste neudělal.

Pakl · #8 Příspěvek od **Pakl** » 23 dub 2010 07:12

Dík za pomoc. Jen na okraj - lze říci, co to bylo, co jsme tím CF skriptem odstraňovali?

#9 Příspěvek od **Rudy** » 23 dub 2010 18:39

V registry zbyly klíče po trojanu H:\mbvd.exe. Skriptem, který jste spustil, byly vymazány. Nemáte zač!

VIRY.CZ

RSIT prosba o kontrolu

RSIT prosba o kontrolu

Re: RSIT prosba o kontrolu

Re: RSIT prosba o kontrolu

Re: RSIT prosba o kontrolu

Re: RSIT prosba o kontrolu

Re: RSIT prosba o kontrolu

Re: RSIT prosba o kontrolu

Re: RSIT prosba o kontrolu

Re: RSIT prosba o kontrolu