Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o pomoc vir v PC

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
pajinka
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 08 zář 2010 17:23

Prosím o pomoc vir v PC

#1 Příspěvek od pajinka »

Dobrý den mohl by mi prosím kěkdo poradit ?.Dostal se mi do PC vir Win32/kryptik.GID .Eset Smart Security ho deně oběvý ale líhne se to stále dál .Nikde nemužu vyguuglit co je to za vir.Předem děkuji za pomoc .
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Prosím o pomoc vir v PC

#2 Příspěvek od vyosek »

Zdravim, pekny vecer preji a vitam Vas u nas na foru Obrázek

:arrow: Jelikoz nevime o Vasem PC nic a z kristalove koule se spatne vesti, navic pri zatazenem pocasi jake ted v okrese Kromeriz panuje, neni nic videt :o

:arrow: Ale dosti legracek, kouknem na to :wink: Kliknete do meho podpisu na RSIT a dejte log z nej - navod Vas povede...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
pajinka
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 08 zář 2010 17:23

Re: Prosím o pomoc vir v PC

#3 Příspěvek od pajinka »

Logfile of random's system information tool 1.08 (written by random/random)
Run by pavel at 2010-09-08 19:30:34
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 213 GB (89%) free of 238 GB
Total RAM: 1024 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:30:44, on 8.9.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\VSO\ConvertX\4\ConvertXtoDvd.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\pavel\Dokumenty\Downloads\Programs\RSIT.exe
C:\Program Files\trend micro\pavel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatc ... &%language
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com/homepage.aspx?tbid=80096&lng=cs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx ... =11&lng=cs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_custom ... tbid=80096
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx ... =11&lng=cs
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_custom ... tbid=80096
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: CHelper Class - {99A7C4DD-B2E6-4CA0-BB6E-737A61364155} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [XBV6RD5SZF] C:\DOCUME~1\pavel\LOCALS~1\Temp\Kkh.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM obsah FLV videa - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O9 - Extra 'Tools' menuitem: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8975 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2010-04-26 193968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-08-10 1224656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99A7C4DD-B2E6-4CA0-BB6E-737A61364155}]
CHelper Class - C:\PROGRA~1\EUROTR~1\e2003i.dll [2010-05-31 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Inbox Toolbar - C:\PROGRA~1\INBOXT~1\Inbox.dll [2010-07-29 806904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-23 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-23 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2010-05-17 1444664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2010-05-17 1444664]
{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - &Inbox Toolbar - C:\PROGRA~1\INBOXT~1\Inbox.dll [2010-07-29 806904]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-08-10 1224656]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [2003-05-05 143360]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-02-06 2021400]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"LFAgent"= []
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2010-05-05 111928]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe [2010-05-24 3220912]
"XBV6RD5SZF"=C:\DOCUME~1\pavel\LOCALS~1\Temp\Kkh.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2010-05-23 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TO2SSM_McciTrayApp]
C:\Program Files\TO2SSM\McciTrayApp.exe [2008-08-15 1473536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
C:\PROGRA~1\WINDOW~2\WINDOW~1.EXE [2009-09-28 123904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-03-22 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-09-28 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2009-09-28 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-09-28 304128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Documents and Settings\pavel\Dokumenty\Downloads\Programs\SweetImSetup.exe"="C:\Documents and Settings\pavel\Dokumenty\Downloads\Programs\SweetImSetup.exe:*:Enabled:SweetIM Installer"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2010-09-08 19:30:35 ----D---- C:\Program Files\trend micro
2010-09-08 19:30:34 ----D---- C:\rsit
2010-09-07 19:41:07 ----D---- C:\Program Files\Gabest
2010-09-07 19:40:35 ----A---- C:\WINDOWS\system32\xvidcore.dll
2010-09-07 19:40:34 ----D---- C:\Program Files\Xvid
2010-09-07 19:40:34 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2010-09-07 19:39:53 ----D---- C:\Program Files\AviSynth 2.5
2010-09-07 19:38:53 ----D---- C:\Program Files\AVI ReComp
2010-09-07 17:29:36 ----D---- C:\Documents and Settings\pavel\Data aplikací\Media Player Classic
2010-09-04 19:22:32 ----D---- C:\Program Files\RadioGet
2010-09-04 14:02:53 ----A---- C:\WINDOWS\Podcasts.INI
2010-09-04 13:58:38 ----D---- C:\Program Files\PixiePack Codec Pack
2010-09-04 13:57:21 ----D---- C:\Program Files\RapidSolution
2010-09-04 13:57:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\RapidSolution
2010-08-28 23:36:32 ----D---- C:\WINDOWS\Sun
2010-08-26 18:22:43 ----D---- C:\Documents and Settings\pavel\Data aplikací\foobar2000
2010-08-26 18:22:36 ----D---- C:\Program Files\foobar2000
2010-08-24 12:59:46 ----D---- C:\Documents and Settings\pavel\Data aplikací\skypePM
2010-08-24 12:53:46 ----D---- C:\Documents and Settings\pavel\Data aplikací\Skype
2010-08-24 12:53:20 ----D---- C:\Program Files\Common Files\Skype
2010-08-24 12:53:16 ----RD---- C:\Program Files\Skype
2010-08-24 12:53:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2010-08-15 21:32:09 ----D---- C:\Program Files\Crawler
2010-08-15 21:31:51 ----D---- C:\Documents and Settings\pavel\Data aplikací\Inbox Toolbar
2010-08-15 21:31:49 ----D---- C:\Program Files\Inbox Toolbar
2010-08-15 09:04:29 ----D---- C:\Program Files\TopCD

======List of files/folders modified in the last 1 months======

2010-09-08 19:30:36 ----D---- C:\WINDOWS\Temp
2010-09-08 19:30:35 ----RD---- C:\Program Files
2010-09-08 19:30:20 ----D---- C:\WINDOWS\Prefetch
2010-09-08 17:20:33 ----D---- C:\Documents and Settings\pavel\Data aplikací\Vso
2010-09-08 17:08:49 ----D---- C:\Documents and Settings\pavel\Data aplikací\IDM
2010-09-08 17:08:37 ----D---- C:\Documents and Settings\pavel\Data aplikací\DMCache
2010-09-08 16:24:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-07 19:45:18 ----A---- C:\WINDOWS\NeroDigital.ini
2010-09-07 19:41:08 ----D---- C:\WINDOWS\system32
2010-09-07 15:18:33 ----SHD---- C:\WINDOWS\Installer
2010-09-05 17:59:55 ----SD---- C:\WINDOWS\Tasks
2010-09-05 11:35:27 ----D---- C:\WINDOWS
2010-09-04 13:58:10 ----D---- C:\WINDOWS\WinSxS
2010-09-02 15:02:17 ----D---- C:\Documents and Settings\pavel\Data aplikací\ICQ
2010-08-26 18:15:28 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-25 17:20:50 ----D---- C:\Program Files\ICQ7.2
2010-08-14 10:21:35 ----D---- C:\WINDOWS\Minidump
2010-08-14 10:21:35 ----D---- C:\WINDOWS\Debug

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 si3112r;Silicon Image SiI 3512 SATARaid Controller; C:\WINDOWS\system32\drivers\si3112r.sys [2007-02-01 110128]
R0 SiFilter;SATALink driver accelerator; C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys [2007-02-01 17328]
R0 SiWinAcc;SiWinAcc; C:\WINDOWS\system32\drivers\SiWinAcc.sys [2007-02-01 17328]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-05-24 691696]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-14 44672]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2003-07-02 27904]
R0 videX32;videX32; C:\WINDOWS\system32\DRIVERS\videX32.sys [2009-09-28 13976]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2009-09-28 41600]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-02-06 56280]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-02-06 130952]
R2 LF30FS;LF30FS; \??\C:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys []
R2 rspndr;Odpovídající zařízení zjišťování topologie linkové vrstvy; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2009-09-28 62848]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-03-22 1522688]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-02-06 33096]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-05-24 47360]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-07-15 578368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 DumpDrv;Crash Dump Driver; C:\WINDOWS\system32\drivers\DumpDrv.sys [2009-09-28 9472]
S3 axi9ura7;axi9ura7; C:\WINDOWS\system32\drivers\axi9ura7.sys []
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-09-28 82944]
S4 exFat;exFat; C:\WINDOWS\system32\drivers\exFat.sys [2009-09-28 133632]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-03-22 405504]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-05-23 153376]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-03-17 520192]
S2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2009-09-28 14848]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-02-06 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-09-28 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-09-28 14848]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Prosím o pomoc vir v PC

#4 Příspěvek od vyosek »

Uprimne, zaliskane jak jetel to mate :arcisit:

:arrow: Spustte HJT a provedeme fixnuti polozek
  • HJT najdete zde C:\Program Files\trend micro\pavel.exe
  • Otevre se Vam okno, kliknete na Do a system scan only
  • V dalsim okne najdete radky které jsem Vam vypsal nize, vedle nich je ctverecek, do ktereho udelate zatrzitko
  • R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatc ... pl=11&qkw=%s&tbid=%tb_id&%language
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com/homepage.aspx?tbid=80096&lng=cs
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx ... =11&lng=cs
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_custom ... tbid=80096
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx ... =11&lng=cs
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_custom ... tbid=80096
    R3 - URLSearchHook: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
    R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
  • Kliknete na Fix checked (vlevo dole)
  • HJT se Vas zepta zda opravdu ANO, s tim souhlasite a je hotovo Obrázek
PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
pajinka
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 08 zář 2010 17:23

Re: Prosím o pomoc vir v PC

#5 Příspěvek od pajinka »

ComboFix 10-09-07.03 - pavel 08.09.2010 21:18:54.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1024.703 [GMT 2:00]
Spuštěný z: c:\documents and settings\pavel\Dokumenty\Downloads\Programs\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\pavel\Data aplikací\inst.exe
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Service_SSHNAS


((((((((((((((((((((((((( Soubory vytvořené od 2010-08-08 do 2010-09-08 )))))))))))))))))))))))))))))))
.

2010-09-08 17:30 . 2010-09-08 18:09 -------- d-----w- c:\program files\trend micro
2010-09-08 17:30 . 2010-09-08 17:30 -------- d-----w- C:\rsit
2010-09-07 17:41 . 2010-09-07 17:41 -------- d-----w- c:\program files\Gabest
2010-09-07 17:40 . 2006-11-01 12:52 765952 ----a-w- c:\windows\system32\xvidcore.dll
2010-09-07 17:40 . 2010-09-07 17:40 -------- d-----w- c:\program files\Xvid
2010-09-07 17:40 . 2006-11-01 12:54 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-09-07 17:39 . 2010-09-07 17:40 -------- d-----w- c:\program files\AviSynth 2.5
2010-09-07 17:38 . 2010-09-07 17:46 -------- d-----w- c:\program files\AVI ReComp
2010-09-04 17:22 . 2010-09-05 09:42 -------- d-----w- c:\program files\RadioGet
2010-09-04 11:58 . 2010-09-04 11:58 -------- d-----w- c:\program files\PixiePack Codec Pack
2010-09-04 11:57 . 2010-09-05 09:43 -------- d-----w- c:\program files\RapidSolution
2010-08-28 21:36 . 2010-08-28 21:36 -------- d-----w- c:\windows\Sun
2010-08-26 16:22 . 2010-08-26 16:22 -------- d-----w- c:\program files\foobar2000
2010-08-24 10:59 . 2010-08-24 10:59 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-08-24 10:53 . 2010-08-24 10:53 -------- d-----w- c:\program files\Common Files\Skype
2010-08-24 10:53 . 2010-08-24 10:53 -------- d-----r- c:\program files\Skype
2010-08-15 19:32 . 2010-08-15 19:32 -------- d-----w- c:\program files\Crawler
2010-08-15 19:31 . 2010-08-15 19:31 -------- d-----w- c:\program files\Inbox Toolbar
2010-08-15 07:04 . 2010-08-15 07:04 -------- d-----w- c:\program files\TopCD

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-25 15:20 . 2010-06-03 15:15 -------- d-----w- c:\program files\ICQ7.2
.

------- Sigcheck -------

[-] 2009-09-28 . 66E217E5E009815E06BA4F632794B731 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2010-05-17 14:55 1444664 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-05-17 1444664]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-05-17 1444664]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-05-24 3220912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-05-05 111928]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-09-28 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 15:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-23 09:04 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TO2SSM_McciTrayApp]
2008-08-15 16:33 1473536 ----a-w- c:\program files\TO2SSM\McciTrayApp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Documents and Settings\\pavel\\Dokumenty\\Downloads\\Programs\\SweetImSetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 si3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\si3112r.sys [9.2.2010 20:38 110128]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [9.2.2010 20:38 17328]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [6.2.2009 14:23 727720]
R2 LF30FS;LF30FS;c:\program files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [19.11.2004 18:07 101488]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [28.9.2009 15:38 9472]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.5.2010 20:22 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
IE: Crawler Search - tbr:iemenu
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
IE: {{572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - {DB7FBFE3-82CB-49E0-9C41-39C2A80B4966} - c:\progra~1\EUROTR~1\e2003i.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-LFAgent - (no file)
AddRemove-AviSynth - c:\program files\AviSynth 2.5\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-08 21:27
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):8d,63,7e,95,09,44,ac,91,67,5a,92,bc,17,5f,69,73,fe,f7,04,c4,e1,
ec,e0,33,d8,a6,1b,b3,9d,e0,7f,f5,ab,c0,2c,59,46,a1,1a,2a,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{fc77c8e2-9595-4a51-9240-fa7a7c3e6bd3}]
@Denied: (Full) (Everyone)
"Model"=dword:000000ce
"Therad"=dword:00000008
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Data aplikací\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:00000405
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000001
"ProductCode"="{C22F45F8-3BDF-4D0A-99FC-C901E4303E41}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="4.0.314.0"
"UniqueId"="0015A63C4BF8FF28"
"ScannerBuild"=dword:00001124
"ScannerVersionId"=dword:00000ef8
"ScannerVersion"="Open window for status."
"FixId"=dword:00000007
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(896)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3140)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Celkový čas: 2010-09-08 21:29:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-09-08 19:29

Před spuštěním: Volných bajtů: 223 676 411 904
Po spuštění: Volných bajtů: 224 445 362 176

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - FDC195EA56E8790A18CB208310080697
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Prosím o pomoc vir v PC

#6 Příspěvek od vyosek »

Omlouvam se za pozdni odpoved :oops: Pracovni povinnosti me drive nepustili k PC :(

:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=-
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
"{D7E97865-918F-41E4-9CD0-25AB1C574CE8}"=-
"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"LFAgent"=-
"SweetIM"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=-
"DAEMON Tools Lite"=-
"XBV6RD5SZF"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
[-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-

Folder::
C:\PROGRA~1\Crawler\Toolbar
C:\Program Files\DAEMON Tools Toolbar
C:\Program Files\SweetIM\Toolbars

File::
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

DDS::
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{fc77c8e2-9595-4a51-9240-fa7a7c3e6bd3}]
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
pajinka
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 08 zář 2010 17:23

Re: Prosím o pomoc vir v PC

#7 Příspěvek od pajinka »

ComboFix 10-09-07.03 - pavel 09.09.2010 19:09:55.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1024.659 [GMT 2:00]
Spuštěný z: c:\documents and settings\pavel\Dokumenty\Downloads\Programs\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\pavel\Plocha\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

FILE ::
"c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
"c:\windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~1\Crawler\Toolbar
c:\progra~1\Crawler\Toolbar\adrkeys.dat
c:\progra~1\Crawler\Toolbar\Cache\COMMON\CLEANUP_CHBMP.dat
c:\progra~1\Crawler\Toolbar\Cache\COMMON\CLEANUP_MENU.dat
c:\progra~1\Crawler\Toolbar\Cache\COMMON\DIRLIST_CHBMP.dat
c:\progra~1\Crawler\Toolbar\Cache\COMMON\DIRLIST_MENU.dat
c:\progra~1\Crawler\Toolbar\Cache\COMMON\ECARDS_CHBMP.dat
c:\progra~1\Crawler\Toolbar\Cache\COMMON\ECARDS_MENU.dat
c:\progra~1\Crawler\Toolbar\Cache\COMMON\EMAIL_CHBMP.dat
c:\progra~1\Crawler\Toolbar\Cache\COMMON\GAMES_CHBMP.dat
c:\progra~1\Crawler\Toolbar\Cache\COMMON\GAMES_MENU.dat
c:\progra~1\Crawler\Toolbar\Cache\COMMON\SHOP_CHBMP.dat
c:\progra~1\Crawler\Toolbar\Cache\COMMON\SPELL_CHBMP.dat
c:\progra~1\Crawler\Toolbar\Cache\COMMON\TRAVEL_CHBMP.dat
c:\progra~1\Crawler\Toolbar\Cache\COMMON\WAYBACK_CHBMP.dat
c:\progra~1\Crawler\Toolbar\Cache\COMMON\WP_CHBMP.dat
c:\progra~1\Crawler\Toolbar\Cache\COMMON\YP_CHBMP.dat
c:\progra~1\Crawler\Toolbar\confirm.dat
c:\progra~1\Crawler\Toolbar\ctbcomm.dll
c:\progra~1\Crawler\Toolbar\ctbr.dll
c:\progra~1\Crawler\Toolbar\CTConf.dat
c:\progra~1\Crawler\Toolbar\CTipsDef.dll
c:\progra~1\Crawler\Toolbar\CToolbar.exe
c:\progra~1\Crawler\Toolbar\CUpdate.exe
c:\progra~1\Crawler\Toolbar\Languages\TBR5_CS.cab
c:\progra~1\Crawler\Toolbar\Languages\TBR5_DA.cab
c:\progra~1\Crawler\Toolbar\Languages\TBR5_DE.cab
c:\progra~1\Crawler\Toolbar\Languages\TBR5_EN.cab
c:\progra~1\Crawler\Toolbar\Languages\TBR5_ES.cab
c:\progra~1\Crawler\Toolbar\Languages\TBR5_FR.cab
c:\progra~1\Crawler\Toolbar\Languages\TBR5_IT.cab
c:\progra~1\Crawler\Toolbar\Languages\TBR5_NL.cab
c:\progra~1\Crawler\Toolbar\Languages\TBR5_PL.cab
c:\progra~1\Crawler\Toolbar\Languages\TBR5_PT-BR.cab
c:\progra~1\Crawler\Toolbar\Languages\TBR5_PT.cab
c:\progra~1\Crawler\Toolbar\Languages\TBR5_RU.cab
c:\progra~1\Crawler\Toolbar\lookfor.dat
c:\progra~1\Crawler\Toolbar\majorse.dat
c:\progra~1\Crawler\Toolbar\rootmenu.dat
c:\progra~1\Crawler\Toolbar\services.dat
c:\progra~1\Crawler\Toolbar\TBR5LanguageAct\info.ini
c:\progra~1\Crawler\Toolbar\TBR5LanguageAct\language.ini
c:\program files\DAEMON Tools Toolbar
c:\program files\DAEMON Tools Toolbar\_DTLite.xml
c:\program files\DAEMON Tools Toolbar\DTToolbar.dll
c:\program files\DAEMON Tools Toolbar\Resources\about.ico
c:\program files\DAEMON Tools Toolbar\Resources\AboutWindow.ico
c:\program files\DAEMON Tools Toolbar\Resources\accept.ico
c:\program files\DAEMON Tools Toolbar\Resources\AddRadioStation.ico
c:\program files\DAEMON Tools Toolbar\Resources\as.ico
c:\program files\DAEMON Tools Toolbar\Resources\as.png
c:\program files\DAEMON Tools Toolbar\Resources\astro.ico
c:\program files\DAEMON Tools Toolbar\Resources\astro_buy.ico
c:\program files\DAEMON Tools Toolbar\Resources\astro_download.ico
c:\program files\DAEMON Tools Toolbar\Resources\astro_feedback.ico
c:\program files\DAEMON Tools Toolbar\Resources\astro_forum.ico
c:\program files\DAEMON Tools Toolbar\Resources\astro_home.ico
c:\program files\DAEMON Tools Toolbar\Resources\astro_lite.ico
c:\program files\DAEMON Tools Toolbar\Resources\astroburn_site.ico
c:\program files\DAEMON Tools Toolbar\Resources\astroLite_16.ico
c:\program files\DAEMON Tools Toolbar\Resources\az.ico
c:\program files\DAEMON Tools Toolbar\Resources\b1.png
c:\program files\DAEMON Tools Toolbar\Resources\burn_files.ico
c:\program files\DAEMON Tools Toolbar\Resources\burn_image.ico
c:\program files\DAEMON Tools Toolbar\Resources\burn_imgs.ico
c:\program files\DAEMON Tools Toolbar\Resources\BurnImage.ico
c:\program files\DAEMON Tools Toolbar\Resources\buy.ico
c:\program files\DAEMON Tools Toolbar\Resources\Config.ico
c:\program files\DAEMON Tools Toolbar\Resources\d.ico
c:\program files\DAEMON Tools Toolbar\Resources\d2.ico
c:\program files\DAEMON Tools Toolbar\Resources\daemon.ico
c:\program files\DAEMON Tools Toolbar\Resources\daemon_search.ico
c:\program files\DAEMON Tools Toolbar\Resources\daemon_search_site.ico
c:\program files\DAEMON Tools Toolbar\Resources\dot_disabled.bmp
c:\program files\DAEMON Tools Toolbar\Resources\dot_enabled.bmp
c:\program files\DAEMON Tools Toolbar\Resources\dot_on_over.bmp
c:\program files\DAEMON Tools Toolbar\Resources\download.ico
c:\program files\DAEMON Tools Toolbar\Resources\ds.ico
c:\program files\DAEMON Tools Toolbar\Resources\dsearch.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt-home.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt_about.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt_buy.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt_download.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt_faq.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt_feedback.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt_forum.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt_line.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt_lite.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt_manual.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt_pro.ico
c:\program files\DAEMON Tools Toolbar\Resources\DTPro.ico
c:\program files\DAEMON Tools Toolbar\Resources\dtt16.ico
c:\program files\DAEMON Tools Toolbar\Resources\dtt32.ico
c:\program files\DAEMON Tools Toolbar\Resources\Dwnl.ico
c:\program files\DAEMON Tools Toolbar\Resources\emulation.ico
c:\program files\DAEMON Tools Toolbar\Resources\faq.ico
c:\program files\DAEMON Tools Toolbar\Resources\favicon.ico
c:\program files\DAEMON Tools Toolbar\Resources\features.ico
c:\program files\DAEMON Tools Toolbar\Resources\feedback.ico
c:\program files\DAEMON Tools Toolbar\Resources\forum.ico
c:\program files\DAEMON Tools Toolbar\Resources\GameCentrix.ico
c:\program files\DAEMON Tools Toolbar\Resources\GameCentrixCristals.ico
c:\program files\DAEMON Tools Toolbar\Resources\GameCentrixDownload.ico
c:\program files\DAEMON Tools Toolbar\Resources\GameCentrixPlayOnline.ico
c:\program files\DAEMON Tools Toolbar\Resources\GameCentrixTop.ico
c:\program files\DAEMON Tools Toolbar\Resources\GameS.ico
c:\program files\DAEMON Tools Toolbar\Resources\games_search.ico
c:\program files\DAEMON Tools Toolbar\Resources\games_search_SA.ico
c:\program files\DAEMON Tools Toolbar\Resources\GameSA.ico
c:\program files\DAEMON Tools Toolbar\Resources\gct16.ico
c:\program files\DAEMON Tools Toolbar\Resources\gd.ico
c:\program files\DAEMON Tools Toolbar\Resources\genre.xml
c:\program files\DAEMON Tools Toolbar\Resources\globe.ico
c:\program files\DAEMON Tools Toolbar\Resources\GrabImage.ico
c:\program files\DAEMON Tools Toolbar\Resources\hb.bmp
c:\program files\DAEMON Tools Toolbar\Resources\hb.ico
c:\program files\DAEMON Tools Toolbar\Resources\help.ico
c:\program files\DAEMON Tools Toolbar\Resources\hide.ico
c:\program files\DAEMON Tools Toolbar\Resources\home.ico
c:\program files\DAEMON Tools Toolbar\Resources\image_search.ico
c:\program files\DAEMON Tools Toolbar\Resources\image_search_SA.ico
c:\program files\DAEMON Tools Toolbar\Resources\ImageS.ico
c:\program files\DAEMON Tools Toolbar\Resources\ImageSA.ico
c:\program files\DAEMON Tools Toolbar\Resources\ip.ico
c:\program files\DAEMON Tools Toolbar\Resources\lang.xml
c:\program files\DAEMON Tools Toolbar\Resources\lingvo.ico
c:\program files\DAEMON Tools Toolbar\Resources\m.ico
c:\program files\DAEMON Tools Toolbar\Resources\mail.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mail_disable.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mail_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mail_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mail_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mailc.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mailc_disable.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mailc_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mailc_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mailc_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\manual.ico
c:\program files\DAEMON Tools Toolbar\Resources\map.ico
c:\program files\DAEMON Tools Toolbar\Resources\MenuRadioConfig.ico
c:\program files\DAEMON Tools Toolbar\Resources\MenuRadioStation.ico
c:\program files\DAEMON Tools Toolbar\Resources\MenuRSCur.ico
c:\program files\DAEMON Tools Toolbar\Resources\MenuTr.ico
c:\program files\DAEMON Tools Toolbar\Resources\mount.ico
c:\program files\DAEMON Tools Toolbar\Resources\mount_n_drive.ico
c:\program files\DAEMON Tools Toolbar\Resources\next.bmp
c:\program files\DAEMON Tools Toolbar\Resources\next_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\next_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\next_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\none.bmp
c:\program files\DAEMON Tools Toolbar\Resources\none_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\op.ico
c:\program files\DAEMON Tools Toolbar\Resources\play.bmp
c:\program files\DAEMON Tools Toolbar\Resources\play.ico
c:\program files\DAEMON Tools Toolbar\Resources\play_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\play_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\play_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\pragma.ico
c:\program files\DAEMON Tools Toolbar\Resources\prev.bmp
c:\program files\DAEMON Tools Toolbar\Resources\prev_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\prev_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\prev_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\prod.ico
c:\program files\DAEMON Tools Toolbar\Resources\Radio.ico
c:\program files\DAEMON Tools Toolbar\Resources\RadioBg.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioBg.ico
c:\program files\DAEMON Tools Toolbar\Resources\RadioBgMask.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDisp.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDisp_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDown.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDown.ico
c:\program files\DAEMON Tools Toolbar\Resources\RadioDown_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDown_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDown_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioE.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioG.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioL.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioLDotMask.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioLeft.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioLeftMask.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioLM.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioM.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioN.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioR.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioR.ico
c:\program files\DAEMON Tools Toolbar\Resources\RadioRM.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioRU.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioVolume.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioVolume_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioVolume_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioVolume_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioW.bmp
c:\program files\DAEMON Tools Toolbar\Resources\rbcheck.ico
c:\program files\DAEMON Tools Toolbar\Resources\rbtxt.ico
c:\program files\DAEMON Tools Toolbar\Resources\refresh.bmp
c:\program files\DAEMON Tools Toolbar\Resources\refresh_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\refresh_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\refresh_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Rss.ico
c:\program files\DAEMON Tools Toolbar\Resources\Rss1.ico
c:\program files\DAEMON Tools Toolbar\Resources\RssA.ico
c:\program files\DAEMON Tools Toolbar\Resources\RssA1.ico
c:\program files\DAEMON Tools Toolbar\Resources\rssClose.ico
c:\program files\DAEMON Tools Toolbar\Resources\rssL.bmp
c:\program files\DAEMON Tools Toolbar\Resources\rssOpen.ico
c:\program files\DAEMON Tools Toolbar\Resources\RssRefresh.ico
c:\program files\DAEMON Tools Toolbar\Resources\s2.ico
c:\program files\DAEMON Tools Toolbar\Resources\show.ico
c:\program files\DAEMON Tools Toolbar\Resources\size.bmp
c:\program files\DAEMON Tools Toolbar\Resources\size_lr.ico
c:\program files\DAEMON Tools Toolbar\Resources\size_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\size_rl.ico
c:\program files\DAEMON Tools Toolbar\Resources\skins.ico
c:\program files\DAEMON Tools Toolbar\Resources\soft24.ico
c:\program files\DAEMON Tools Toolbar\Resources\soft24_SA.ico
c:\program files\DAEMON Tools Toolbar\Resources\spt.ico
c:\program files\DAEMON Tools Toolbar\Resources\stop.bmp
c:\program files\DAEMON Tools Toolbar\Resources\stop.ico
c:\program files\DAEMON Tools Toolbar\Resources\stop_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\stop_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\stop_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\style.ico
c:\program files\DAEMON Tools Toolbar\Resources\SupportRequest.ico
c:\program files\DAEMON Tools Toolbar\Resources\timer.ico
c:\program files\DAEMON Tools Toolbar\Resources\TitleIcon.ico
c:\program files\DAEMON Tools Toolbar\Resources\toolbar.xml
c:\program files\DAEMON Tools Toolbar\Resources\trans.ico
c:\program files\DAEMON Tools Toolbar\Resources\Trash.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Trash_disable.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Trash_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Trash_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Trash_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\u.ico
c:\program files\DAEMON Tools Toolbar\Resources\unmount-all.ico
c:\program files\DAEMON Tools Toolbar\Resources\vol.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol.ico
c:\program files\DAEMON Tools Toolbar\Resources\vol_back.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_dott.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_dott_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_mute.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_mute_check.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtClose.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtClose_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtClose_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtClose_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtText.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtText_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtText_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtText_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\web_resources.ico
c:\program files\DAEMON Tools Toolbar\Resources\web_search.ico
c:\program files\DAEMON Tools Toolbar\Resources\web_search_SA.ico
c:\program files\DAEMON Tools Toolbar\Resources\WebS.ico
c:\program files\DAEMON Tools Toolbar\Resources\WebSa.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi0.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi1.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi10.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi11.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi12.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi13.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi14.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi2.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi3.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi4.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi5.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi6.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi7.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi8.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi9.ico
c:\program files\DAEMON Tools Toolbar\uninst.exe
c:\program files\SweetIM\Toolbars
c:\program files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\default.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\mghooking.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mglogger.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcm90.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcp90.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcr90.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\about.html
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\bing.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\dating.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\find.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\games.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\glitter.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\google.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\help.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\highlight.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\locales.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\music.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\news.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\options.html
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\photos.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\shopping.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\version.txt
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\video.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\web-search.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\web-toolbar.js
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-09 do 2010-09-09 )))))))))))))))))))))))))))))))
.

2010-09-08 17:30 . 2010-09-08 18:09 -------- d-----w- c:\program files\trend micro
2010-09-08 17:30 . 2010-09-08 17:30 -------- d-----w- C:\rsit
2010-09-07 17:41 . 2010-09-07 17:41 -------- d-----w- c:\program files\Gabest
2010-09-07 17:40 . 2006-11-01 12:52 765952 ----a-w- c:\windows\system32\xvidcore.dll
2010-09-07 17:40 . 2010-09-07 17:40 -------- d-----w- c:\program files\Xvid
2010-09-07 17:40 . 2006-11-01 12:54 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-09-07 17:39 . 2010-09-07 17:40 -------- d-----w- c:\program files\AviSynth 2.5
2010-09-07 17:38 . 2010-09-07 17:46 -------- d-----w- c:\program files\AVI ReComp
2010-09-04 17:22 . 2010-09-05 09:42 -------- d-----w- c:\program files\RadioGet
2010-09-04 11:58 . 2010-09-04 11:58 -------- d-----w- c:\program files\PixiePack Codec Pack
2010-09-04 11:57 . 2010-09-05 09:43 -------- d-----w- c:\program files\RapidSolution
2010-08-28 21:36 . 2010-08-28 21:36 -------- d-----w- c:\windows\Sun
2010-08-26 16:22 . 2010-08-26 16:22 -------- d-----w- c:\program files\foobar2000
2010-08-24 10:59 . 2010-08-24 10:59 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-08-24 10:53 . 2010-08-24 10:53 -------- d-----w- c:\program files\Common Files\Skype
2010-08-24 10:53 . 2010-08-24 10:53 -------- d-----r- c:\program files\Skype
2010-08-15 19:32 . 2010-09-09 17:14 -------- d-----w- c:\program files\Crawler
2010-08-15 19:31 . 2010-08-15 19:31 -------- d-----w- c:\program files\Inbox Toolbar
2010-08-15 07:04 . 2010-08-15 07:04 -------- d-----w- c:\program files\TopCD

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-09 17:14 . 2010-06-18 12:06 -------- d-----w- c:\program files\SweetIM
2010-08-25 15:20 . 2010-06-03 15:15 -------- d-----w- c:\program files\ICQ7.2
.

------- Sigcheck -------

[-] 2009-09-28 . 66E217E5E009815E06BA4F632794B731 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-05-24 3220912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-09-28 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 15:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TO2SSM_McciTrayApp]
2008-08-15 16:33 1473536 ----a-w- c:\program files\TO2SSM\McciTrayApp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Documents and Settings\\pavel\\Dokumenty\\Downloads\\Programs\\SweetImSetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 si3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\si3112r.sys [9.2.2010 20:38 110128]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [9.2.2010 20:38 17328]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [6.2.2009 14:23 727720]
R2 LF30FS;LF30FS;c:\program files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [19.11.2004 18:07 101488]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [28.9.2009 15:38 9472]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.5.2010 20:22 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
.
------- Doplňkový sken -------
.
IE: Crawler Search - tbr:iemenu
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
IE: {{572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - {DB7FBFE3-82CB-49E0-9C41-39C2A80B4966} - c:\progra~1\EUROTR~1\e2003i.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-CToolbar_UNINSTALL - c:\progra~1\Crawler\Toolbar\CToolbar.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-09 19:14
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Data aplikací\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:00000405
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000001
"ProductCode"="{C22F45F8-3BDF-4D0A-99FC-C901E4303E41}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="4.0.314.0"
"UniqueId"="0015A63C4BF8FF28"
"ScannerBuild"=dword:00001124
"ScannerVersionId"=dword:00000ef8
"ScannerVersion"="Open window for status."
"FixId"=dword:00000007
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-09-09 19:16:07
ComboFix-quarantined-files.txt 2010-09-09 17:16
ComboFix2.txt 2010-09-08 19:29

Před spuštěním: Volných bajtů: 224 448 131 072
Po spuštění: Volných bajtů: 224 430 514 176

- - End Of File - - B0A9D9FC489E23BAA885E6C9FB50685D
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Prosím o pomoc vir v PC

#8 Příspěvek od vyosek »

:arrow: Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)
  • c:\windows\system32\sfcfiles.dll
  • Kliknete na Prochazet
  • Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
  • Pokud napise Soubor byl jiz testovan, dejte otestovat znovu
  • Kliknete na Otestovat soubor
  • Vysledek analyzy sem vlozte (jako odkaz)
:arrow: Stahnete SytemLook (viz muj podpis) a ulozte jej na plochu
  • Do okna vlozte skript nize

  • Kód: Vybrat vše

    :filefind
sfcfiles.dll
  • Kliknete na Look
  • Tlacitko Look se zmeni na Scanning a zsedne
  • Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
  • Vyskoci na Vas log s nazvem SystemLook (pripadne bude ulozen na plose), jeho obsah mi sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
pajinka
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 08 zář 2010 17:23

Re: Prosím o pomoc vir v PC

#9 Příspěvek od pajinka »

http://www.virustotal.com/file-scan/rep ... 1284053625
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Prosím o pomoc vir v PC

#10 Příspěvek od vyosek »

Jeste poprosim o ten SystemLook, zrejme jde o falesnou indikaci CF, ale pro jistotu...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
pajinka
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 08 zář 2010 17:23

Re: Prosím o pomoc vir v PC

#11 Příspěvek od pajinka »

SystemLook 04.09.10 by jpshortstuff
Log created at 19:48 on 09/09/2010 by pavel
Administrator - Elevation successful

========== filefind ==========

Searching for "sfcfiles.dll"
C:\WINDOWS\system32\sfcfiles.dll --a---- 1571840 bytes [14:00 28/09/2009] [14:00 28/09/2009] 66E217E5E009815E06BA4F632794B731

-= EOF =-
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Prosím o pomoc vir v PC

#12 Příspěvek od vyosek »

Jak se chova PC, Eset stale hlasi havet :???:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
pajinka
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 08 zář 2010 17:23

Re: Prosím o pomoc vir v PC

#13 Příspěvek od pajinka »

Dnes eset nic nehlásil takže snad OK?
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Prosím o pomoc vir v PC

#14 Příspěvek od vyosek »

To uvidime, jeste jeden sken udelame, resp. dva :) Jelikoz PC bylo hodne zaneseno, tak budem proverovat, snad se nezlobite :happy:

:arrow: Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)
  • Provedte aktualizaci - treti zalozka
  • Provedte uplny sken - nic nemazte :!:
  • MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni
:arrow: Udelejte kontrolu Esetem a dejte vedet jestli neco nasel...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
pajinka
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 08 zář 2010 17:23

Re: Prosím o pomoc vir v PC

#15 Příspěvek od pajinka »

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4583

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9.9.2010 20:36:36
mbam-log-2010-09-09 (20-36-36).txt

Typ skenu: Úplný sken (C:\|F:\|)
Skenované objekty: 174264
Uplynulý čas: 27 minuta(y), 38 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XBV6RD5SZF (Trojan.FakeAlert) -> No action taken.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
F:\prográmky\Eurotran 2003+crack\Eurotran 2003+crack\eturan203\etran2003\Crack\KEYGEN.EXE (Malware.Packer.Gen) -> No action taken.
F:\prográmky\TuneUp_Utilities_2010_v9.0.4600.3.CZ_deni96\TuneUp Utilities 2010 v9.0.4600.3.CZ_deni96\TuneUp Utilities 2010 v9.0.4600.3\Keygen\Keygen.exe (Trojan.Agent.CK) -> No action taken.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“