SpyBot najde:
Microsoft.Windows.RedirectedHosts
Fraud.WindowsProtectionSuite
HOST nelze opravit
log.txt je pro vložení příliž velký, takže je v příloze
Vaše zpráva obsahuje 110614 znaků. Maximální povolený počet znaků je 60000.
Díky
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Windows.RedirectedHosts
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Windows.RedirectedHosts
- Přílohy
-
- log.zip
- log.txt
- (8.68 KiB) Staženo 44 x
-
stell
- VIP in memoriam
- Příspěvky: 5175
- Registrován: 09 pro 2007 09:27
- Bydliště: SK-REVUCA
- Kontaktovat uživatele:
Re: Windows.RedirectedHosts
zdravim
no mas tam toho dost:
Stiahnes>>mbam-setup
Nainstalovat, aktualizovat, a spustit skan.
Spravit UPLNY skan, co najde daj zmazat, a
Log vloz sem.
Podrobny Navod:
http://www.viry.cz/forum/viewtopic.php?f=29&t=67229
no mas tam toho dost:
Stiahnes>>mbam-setup
Nainstalovat, aktualizovat, a spustit skan.
Spravit UPLNY skan, co najde daj zmazat, a
Log vloz sem.
Podrobny Navod:
http://www.viry.cz/forum/viewtopic.php?f=29&t=67229
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Re: Windows.RedirectedHosts
log přiložen, opět příliš velký
- Přílohy
-
- mbam-log-2011-01-06.zip
- (6.51 KiB) Staženo 54 x
-
stell
- VIP in memoriam
- Příspěvky: 5175
- Registrován: 09 pro 2007 09:27
- Bydliště: SK-REVUCA
- Kontaktovat uživatele:
Re: Windows.RedirectedHosts
ok, ak vypise ze log je prilis velky, treba to rozdelit. do viac prispevkov, no nic pokracuj
Stiahnes>>OTMoveIt3 by OldTimer >.podla navodu vloz text a klik-Moveit>>log po restarte vloz sem
Stiahnes>>OTMoveIt3 by OldTimer >.podla navodu vloz text a klik-Moveit>>log po restarte vloz sem
Kód: Vybrat vše
:processes
explorer.exe
:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
:Files
ipconfig /flushdns /c
:Commands
[resethosts]
[CreateRestorePoint]
[emptytemp]
[start explorer]
[Reboot]Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Re: Windows.RedirectedHosts
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
C:\WINDOWS\system32\SET4A5.tmp moved successfully.
C:\WINDOWS\system32\SET4A9.tmp moved successfully.
C:\WINDOWS\system32\SET4AA.tmp moved successfully.
C:\WINDOWS\system32\SET4B1.tmp moved successfully.
C:\WINDOWS\002809_.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP217.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP23F.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2F8.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3F8.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD0E.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD17.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE00.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE2C.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE3C.tmp folder moved successfully.
C:\WINDOWS\Installer\MSIF7.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\Temp\CR_3.tmp folder moved successfully.
C:\WINDOWS\Temp\CR_343.tmp folder moved successfully.
C:\WINDOWS\Temp\CR_35D.tmp folder moved successfully.
C:\WINDOWS\Temp\CR_3CC.tmp folder moved successfully.
C:\WINDOWS\Temp\slu3AA.tmp moved successfully.
C:\WINDOWS\Temp\slu3AB.tmp moved successfully.
C:\WINDOWS\Temp\slu3AC.tmp moved successfully.
C:\WINDOWS\Temp\slu470.tmp moved successfully.
C:\WINDOWS\Temp\slu471.tmp moved successfully.
C:\WINDOWS\Temp\slu472.tmp moved successfully.
C:\WINDOWS\twain_32\hpqgnds2.tmp moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Konfigurace protokolu IP systému Windows
Mezipaměť překládání DNS byla úspěšně vyprázdněna.
G:\cmd.bat deleted successfully.
G:\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTM Restore Point (0)
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Lenka Banachov
->Temporary Internet Files folder emptied: 33170 bytes
User: Lenka Banachová
->Temp folder emptied: 67775 bytes
->Temporary Internet Files folder emptied: 3172573385 bytes
->FireFox cache emptied: 113428822 bytes
->Google Chrome cache emptied: 557424 bytes
->Flash cache emptied: 521987 bytes
User: LocalService
->Temp folder emptied: 70597 bytes
->Temporary Internet Files folder emptied: 162267 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4051699 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 13734944 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 3 152,00 mb
OTM by OldTimer - Version 3.1.17.2 log created on 01062011_102249
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
C:\WINDOWS\system32\SET4A5.tmp moved successfully.
C:\WINDOWS\system32\SET4A9.tmp moved successfully.
C:\WINDOWS\system32\SET4AA.tmp moved successfully.
C:\WINDOWS\system32\SET4B1.tmp moved successfully.
C:\WINDOWS\002809_.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP217.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP23F.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2F8.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3F8.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD0E.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD17.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE00.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE2C.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE3C.tmp folder moved successfully.
C:\WINDOWS\Installer\MSIF7.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\Temp\CR_3.tmp folder moved successfully.
C:\WINDOWS\Temp\CR_343.tmp folder moved successfully.
C:\WINDOWS\Temp\CR_35D.tmp folder moved successfully.
C:\WINDOWS\Temp\CR_3CC.tmp folder moved successfully.
C:\WINDOWS\Temp\slu3AA.tmp moved successfully.
C:\WINDOWS\Temp\slu3AB.tmp moved successfully.
C:\WINDOWS\Temp\slu3AC.tmp moved successfully.
C:\WINDOWS\Temp\slu470.tmp moved successfully.
C:\WINDOWS\Temp\slu471.tmp moved successfully.
C:\WINDOWS\Temp\slu472.tmp moved successfully.
C:\WINDOWS\twain_32\hpqgnds2.tmp moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Konfigurace protokolu IP systému Windows
Mezipaměť překládání DNS byla úspěšně vyprázdněna.
G:\cmd.bat deleted successfully.
G:\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTM Restore Point (0)
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Lenka Banachov
->Temporary Internet Files folder emptied: 33170 bytes
User: Lenka Banachová
->Temp folder emptied: 67775 bytes
->Temporary Internet Files folder emptied: 3172573385 bytes
->FireFox cache emptied: 113428822 bytes
->Google Chrome cache emptied: 557424 bytes
->Flash cache emptied: 521987 bytes
User: LocalService
->Temp folder emptied: 70597 bytes
->Temporary Internet Files folder emptied: 162267 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4051699 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 13734944 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 3 152,00 mb
OTM by OldTimer - Version 3.1.17.2 log created on 01062011_102249
-
stell
- VIP in memoriam
- Příspěvky: 5175
- Registrován: 09 pro 2007 09:27
- Bydliště: SK-REVUCA
- Kontaktovat uživatele:
Re: Windows.RedirectedHosts
PROSIM CITAJTE POZORNE NAVOD!!!,
Použij ComboFix podle tohoto návodu: http://www.bleepingcomputer.com/combofi ... t-combofix
Log znej vloz sem.
Použij ComboFix podle tohoto návodu: http://www.bleepingcomputer.com/combofi ... t-combofix
Log znej vloz sem.
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Re: Windows.RedirectedHosts
ComboFix 11-01-05.05 - Lenka Banachovß 06.01.2011 10:44:08.1.2 - x86
SystÚm Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1015.475 [GMT 1:00]
SpuÜtýnř z: c:\tmp\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Personal Security Sentinel *Enabled/Updated* {CE2FBB99-DDEE-44AC-8E9A-23A99D89BE35}
FW: Personal Security Sentinel *Enabled* {5CCDC963-5D14-4118-8CB5-45E0D303D7AD}
.
((((((((((((((((((((((((((((((((((((((( OstatnÝ vřmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Lenka Banachovß\Recent\tjd.sys
D:\Autorun.inf
.
((((((((((((((((((((((((( Soubory vytvo°enÚ od 2010-12-06 do 2011-01-06 )))))))))))))))))))))))))))))))
.
2011-01-06 09:35 . 2011-01-06 09:35 -------- d-----w- C:\tmp
2011-01-06 08:43 . 2011-01-06 08:43 -------- d-----w- c:\documents and settings\Lenka Banachovß\Data aplikacÝ\Malwarebytes
2011-01-06 08:43 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-06 08:42 . 2011-01-06 08:42 -------- d-----w- c:\documents and settings\All Users\Data aplikacÝ\Malwarebytes
2011-01-06 08:42 . 2011-01-06 09:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-06 08:42 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-06 08:09 . 2011-01-06 08:09 -------- d-----w- c:\program files\trend micro
2011-01-06 08:09 . 2011-01-06 08:09 -------- d-----w- C:\rsit
2011-01-04 19:18 . 2011-01-04 19:18 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-01-04 16:52 . 2011-01-04 16:53 -------- d-----w- c:\program files\Common Files\Adobe
2011-01-02 17:46 . 2011-01-02 17:46 -------- d-sh--w- c:\documents and settings\All Users\Data aplikacÝ\PSYIPSS
2010-12-22 16:47 . 2010-12-22 16:47 -------- d-----r- c:\documents and settings\LocalService\OblÝbenÚ polo×ky
2010-12-16 08:51 . 2010-12-16 08:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikacÝ\Temp
2010-12-16 08:10 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-16 08:09 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-07 16:10 . 2010-12-07 16:10 -------- d-----w- c:\documents and settings\Lenka Banachovß\Local Settings\Data aplikacÝ\WMTools Downloaded Files
2010-12-07 14:47 . 2008-04-13 18:46 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2010-12-07 14:47 . 2008-04-13 18:46 51200 ----a-w- c:\windows\system32\drivers\msdv.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M vřpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-31 20:06 . 2010-10-15 05:40 38848 ----a-w- c:\windows\avastSS.scr
2010-12-31 20:06 . 2008-06-14 07:42 188216 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-31 20:00 . 2008-06-14 07:49 293968 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-31 19:59 . 2008-06-14 07:42 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-31 19:59 . 2008-06-14 07:42 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-12-31 19:59 . 2008-06-14 07:42 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-12-31 19:56 . 2008-06-14 07:42 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-31 19:56 . 2008-06-14 07:42 29264 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-12-31 19:56 . 2008-06-14 07:49 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-04 16:43 . 2010-12-04 16:43 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2010-11-18 18:15 . 2008-03-05 17:17 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-05 05:02 . 2004-08-18 11:00 668160 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 15:17 . 2004-08-18 11:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2004-08-18 11:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:58 . 2004-08-18 11:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.
(((((((((((((((((((((((((((((((((( SpouÜtýcÝ body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznßmka* prßzdnÚ zßznamy a legitimnÝ vřchozÝ ˙daje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ7.1\ICQ.exe" [2010-10-27 133432]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-12-31 3395600]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-20 141848]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-11-01 1101824]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-11-01 995328]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-20 137752]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-09 806912]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-07-24 677144]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-20 166424]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-01-02 40960]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2010-12-4 67128]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-03-14 05:03 74752 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [14.8.2007 17:59 101167]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [9.10.2006 13:31 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [14.6.2007 16:22 13184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [14.6.2008 8:49 293968]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [24.7.2007 8:21 38816]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [14.8.2007 17:59 5840]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [18.8.2004 12:00 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [18.8.2004 12:00 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.6.2008 8:49 17744]
R2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\drivers\ethpdrv.sys [12.3.2008 15:28 9728]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [6.9.2007 13:26 221184]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [22.3.2009 8:54 246520]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [24.7.2007 8:21 41216]
S2 gupdate;Slu×ba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15.10.2010 6:41 136176]
S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\DRIVERS\HP24X.sys --> c:\windows\system32\DRIVERS\HP24X.sys [?]
S3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\drivers\ipw3gnet.sys [12.3.2008 15:29 51040]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
Obsah adresß°e 'NaplßnovanÚ ˙lohy'
2011-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-15 05:41]
2011-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-15 05:41]
.
.
------- Dopl˛kovř sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:25494
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Lenka Banachovß\Data aplikacÝ\Mozilla\Firefox\Profiles\86ppfllp.default\
FF - prefs.js: browser.startup.homepage - hxxp://cs.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:cs:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.6&q=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATN╔ POLOÄKY ODSTRAN╠N╔ Z REGISTRU - - - -
HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
HKLM-Run-hpWirelessAssistant - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-06 10:51
Windows 5.1.2600 Service Pack 3 NTFS
skenovßnÝ skrytřch proces¨ ...
skenovßnÝ skrytřch polo×ek 'Po spuÜtýnÝ' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe??????????????@? ???0O????????@???????@
skenovßnÝ skrytřch soubor¨ ...
sken byl ˙speÜný dokonŔen
skrytÚ soubory: 0
**************************************************************************
.
--------------------- Knihovny navßzanÚ na bý×ÝcÝ procesy ---------------------
- - - - - - - > 'winlogon.exe'(960)
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\program files\Hewlett-Packard\IAM\bin\HPBrand.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASChnl.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItDAC.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItReports.DLL
c:\program files\Hewlett-Packard\IAM\Bin\BioAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\ittal.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASBIoAT.dll
c:\program files\Hewlett-Packard\IAM\Bin\STEngine.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll
c:\program files\Hewlett-Packard\IAM\Bin\AuthWiz.dll
c:\windows\system32\netprovcredman.dll
c:\windows\SbHpNp.DLL
- - - - - - - > 'explorer.exe'(9652)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\APSHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ JinÚ spuÜtenÚ procesy ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\windows\system32\IFXTCS.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Hewlett-Packard\IAM\bin\asghost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkovř Ŕas: 2011-01-06 10:57:14 - poŔÝtaŔ byl restartovßn
ComboFix-quarantined-files.txt 2011-01-06 09:57
P°ed spuÜtýnÝm: Volnřch bajt¨: 50á570á534á912
Po spuÜtýnÝ: Volnřch bajt¨: 50á425á180á160
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - E9AD676199A78DCB7F1FED3944674DB5
SystÚm Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1015.475 [GMT 1:00]
SpuÜtýnř z: c:\tmp\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Personal Security Sentinel *Enabled/Updated* {CE2FBB99-DDEE-44AC-8E9A-23A99D89BE35}
FW: Personal Security Sentinel *Enabled* {5CCDC963-5D14-4118-8CB5-45E0D303D7AD}
.
((((((((((((((((((((((((((((((((((((((( OstatnÝ vřmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Lenka Banachovß\Recent\tjd.sys
D:\Autorun.inf
.
((((((((((((((((((((((((( Soubory vytvo°enÚ od 2010-12-06 do 2011-01-06 )))))))))))))))))))))))))))))))
.
2011-01-06 09:35 . 2011-01-06 09:35 -------- d-----w- C:\tmp
2011-01-06 08:43 . 2011-01-06 08:43 -------- d-----w- c:\documents and settings\Lenka Banachovß\Data aplikacÝ\Malwarebytes
2011-01-06 08:43 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-06 08:42 . 2011-01-06 08:42 -------- d-----w- c:\documents and settings\All Users\Data aplikacÝ\Malwarebytes
2011-01-06 08:42 . 2011-01-06 09:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-06 08:42 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-06 08:09 . 2011-01-06 08:09 -------- d-----w- c:\program files\trend micro
2011-01-06 08:09 . 2011-01-06 08:09 -------- d-----w- C:\rsit
2011-01-04 19:18 . 2011-01-04 19:18 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-01-04 16:52 . 2011-01-04 16:53 -------- d-----w- c:\program files\Common Files\Adobe
2011-01-02 17:46 . 2011-01-02 17:46 -------- d-sh--w- c:\documents and settings\All Users\Data aplikacÝ\PSYIPSS
2010-12-22 16:47 . 2010-12-22 16:47 -------- d-----r- c:\documents and settings\LocalService\OblÝbenÚ polo×ky
2010-12-16 08:51 . 2010-12-16 08:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikacÝ\Temp
2010-12-16 08:10 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-16 08:09 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-07 16:10 . 2010-12-07 16:10 -------- d-----w- c:\documents and settings\Lenka Banachovß\Local Settings\Data aplikacÝ\WMTools Downloaded Files
2010-12-07 14:47 . 2008-04-13 18:46 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2010-12-07 14:47 . 2008-04-13 18:46 51200 ----a-w- c:\windows\system32\drivers\msdv.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M vřpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-31 20:06 . 2010-10-15 05:40 38848 ----a-w- c:\windows\avastSS.scr
2010-12-31 20:06 . 2008-06-14 07:42 188216 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-31 20:00 . 2008-06-14 07:49 293968 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-31 19:59 . 2008-06-14 07:42 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-31 19:59 . 2008-06-14 07:42 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-12-31 19:59 . 2008-06-14 07:42 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-12-31 19:56 . 2008-06-14 07:42 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-31 19:56 . 2008-06-14 07:42 29264 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-12-31 19:56 . 2008-06-14 07:49 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-04 16:43 . 2010-12-04 16:43 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2010-11-18 18:15 . 2008-03-05 17:17 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-05 05:02 . 2004-08-18 11:00 668160 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 15:17 . 2004-08-18 11:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2004-08-18 11:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:58 . 2004-08-18 11:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.
(((((((((((((((((((((((((((((((((( SpouÜtýcÝ body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznßmka* prßzdnÚ zßznamy a legitimnÝ vřchozÝ ˙daje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ7.1\ICQ.exe" [2010-10-27 133432]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-12-31 3395600]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-20 141848]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-11-01 1101824]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-11-01 995328]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-20 137752]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-09 806912]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-07-24 677144]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-20 166424]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-01-02 40960]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2010-12-4 67128]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-03-14 05:03 74752 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [14.8.2007 17:59 101167]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [9.10.2006 13:31 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [14.6.2007 16:22 13184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [14.6.2008 8:49 293968]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [24.7.2007 8:21 38816]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [14.8.2007 17:59 5840]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [18.8.2004 12:00 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [18.8.2004 12:00 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.6.2008 8:49 17744]
R2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\drivers\ethpdrv.sys [12.3.2008 15:28 9728]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [6.9.2007 13:26 221184]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [22.3.2009 8:54 246520]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [24.7.2007 8:21 41216]
S2 gupdate;Slu×ba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15.10.2010 6:41 136176]
S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\DRIVERS\HP24X.sys --> c:\windows\system32\DRIVERS\HP24X.sys [?]
S3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\drivers\ipw3gnet.sys [12.3.2008 15:29 51040]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
Obsah adresß°e 'NaplßnovanÚ ˙lohy'
2011-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-15 05:41]
2011-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-15 05:41]
.
.
------- Dopl˛kovř sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:25494
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Lenka Banachovß\Data aplikacÝ\Mozilla\Firefox\Profiles\86ppfllp.default\
FF - prefs.js: browser.startup.homepage - hxxp://cs.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:cs:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.6&q=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATN╔ POLOÄKY ODSTRAN╠N╔ Z REGISTRU - - - -
HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
HKLM-Run-hpWirelessAssistant - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-06 10:51
Windows 5.1.2600 Service Pack 3 NTFS
skenovßnÝ skrytřch proces¨ ...
skenovßnÝ skrytřch polo×ek 'Po spuÜtýnÝ' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe??????????????@? ???0O????????@???????@
skenovßnÝ skrytřch soubor¨ ...
sken byl ˙speÜný dokonŔen
skrytÚ soubory: 0
**************************************************************************
.
--------------------- Knihovny navßzanÚ na bý×ÝcÝ procesy ---------------------
- - - - - - - > 'winlogon.exe'(960)
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\program files\Hewlett-Packard\IAM\bin\HPBrand.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASChnl.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItDAC.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItReports.DLL
c:\program files\Hewlett-Packard\IAM\Bin\BioAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\ittal.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASBIoAT.dll
c:\program files\Hewlett-Packard\IAM\Bin\STEngine.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll
c:\program files\Hewlett-Packard\IAM\Bin\AuthWiz.dll
c:\windows\system32\netprovcredman.dll
c:\windows\SbHpNp.DLL
- - - - - - - > 'explorer.exe'(9652)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\APSHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ JinÚ spuÜtenÚ procesy ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\windows\system32\IFXTCS.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Hewlett-Packard\IAM\bin\asghost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkovř Ŕas: 2011-01-06 10:57:14 - poŔÝtaŔ byl restartovßn
ComboFix-quarantined-files.txt 2011-01-06 09:57
P°ed spuÜtýnÝm: Volnřch bajt¨: 50á570á534á912
Po spuÜtýnÝ: Volnřch bajt¨: 50á425á180á160
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - E9AD676199A78DCB7F1FED3944674DB5
-
stell
- VIP in memoriam
- Příspěvky: 5175
- Registrován: 09 pro 2007 09:27
- Bydliště: SK-REVUCA
- Kontaktovat uživatele:
Re: Windows.RedirectedHosts
proxy ?? vies o tom nieco??
uInternet Settings,ProxyServer = http=127.0.0.1:25494
uInternet Settings,ProxyServer = http=127.0.0.1:25494
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Re: Windows.RedirectedHosts
ne, není to můj noťas ....
-
stell
- VIP in memoriam
- Příspěvky: 5175
- Registrován: 09 pro 2007 09:27
- Bydliště: SK-REVUCA
- Kontaktovat uživatele:
Re: Windows.RedirectedHosts
Pri tejto akcii je nutné mať ComboFix na ploche.
Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.
Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:
Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :
Po skonceni skenu vlož log čo ComboFix vytvorí
Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.
Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:
Kód: Vybrat vše
KILLALL::
SecCenter::
{CE2FBB99-DDEE-44AC-8E9A-23A99D89BE35}
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=-
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:25494
uStart Page = hxxp://start.icq.com/
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :
Po skonceni skenu vlož log čo ComboFix vytvorí
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Re: Windows.RedirectedHosts
ComboFix tvrdí, že Avast a nějaký Personal Security Sentinel má zapnuté štíty. Avast vypnu, ale to druhé nikde nevidím ...
-
stell
- VIP in memoriam
- Příspěvky: 5175
- Registrován: 09 pro 2007 09:27
- Bydliště: SK-REVUCA
- Kontaktovat uživatele:
Re: Windows.RedirectedHosts
ten druhy je smejd, a ideme to mazat, len daj ok,ok,ignoruj hlasky.
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Re: Windows.RedirectedHosts
ComboFix 11-01-05.05 - Lenka Banachovß 06.01.2011 12:12:08.2.2 - x86
SystÚm Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1015.419 [GMT 1:00]
SpuÜtýnř z: c:\documents and settings\Lenka Banachovß\Plocha\ComboFix.exe
Pou×itÚ ovlßdacÝ p°epÝnaŔe :: c:\documents and settings\Lenka Banachovß\Plocha\CFscript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Personal Security Sentinel *Enabled* {5CCDC963-5D14-4118-8CB5-45E0D303D7AD}
.
((((((((((((((((((((((((( Soubory vytvo°enÚ od 2010-12-06 do 2011-01-06 )))))))))))))))))))))))))))))))
.
2011-01-06 09:35 . 2011-01-06 09:35 -------- d-----w- C:\tmp
2011-01-06 08:43 . 2011-01-06 08:43 -------- d-----w- c:\documents and settings\Lenka Banachovß\Data aplikacÝ\Malwarebytes
2011-01-06 08:43 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-06 08:42 . 2011-01-06 08:42 -------- d-----w- c:\documents and settings\All Users\Data aplikacÝ\Malwarebytes
2011-01-06 08:42 . 2011-01-06 09:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-06 08:42 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-06 08:09 . 2011-01-06 08:09 -------- d-----w- c:\program files\trend micro
2011-01-06 08:09 . 2011-01-06 08:09 -------- d-----w- C:\rsit
2011-01-04 19:18 . 2011-01-04 19:18 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-01-04 16:52 . 2011-01-04 16:53 -------- d-----w- c:\program files\Common Files\Adobe
2010-12-22 16:47 . 2010-12-22 16:47 -------- d-----r- c:\documents and settings\LocalService\OblÝbenÚ polo×ky
2010-12-16 08:51 . 2010-12-16 08:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikacÝ\Temp
2010-12-16 08:10 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-16 08:09 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-07 16:10 . 2010-12-07 16:10 -------- d-----w- c:\documents and settings\Lenka Banachovß\Local Settings\Data aplikacÝ\WMTools Downloaded Files
2010-12-07 14:47 . 2008-04-13 18:46 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2010-12-07 14:47 . 2008-04-13 18:46 51200 ----a-w- c:\windows\system32\drivers\msdv.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M vřpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-31 20:06 . 2010-10-15 05:40 38848 ----a-w- c:\windows\avastSS.scr
2010-12-31 20:06 . 2008-06-14 07:42 188216 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-31 20:00 . 2008-06-14 07:49 293968 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-31 19:59 . 2008-06-14 07:42 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-31 19:59 . 2008-06-14 07:42 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-12-31 19:59 . 2008-06-14 07:42 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-12-31 19:56 . 2008-06-14 07:42 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-31 19:56 . 2008-06-14 07:42 29264 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-12-31 19:56 . 2008-06-14 07:49 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-04 16:43 . 2010-12-04 16:43 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2010-11-18 18:15 . 2008-03-05 17:17 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-05 05:02 . 2004-08-18 11:00 668160 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 15:17 . 2004-08-18 11:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2004-08-18 11:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:58 . 2004-08-18 11:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.
(((((((((((((((((((((((((((((((((( SpouÜtýcÝ body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznßmka* prßzdnÚ zßznamy a legitimnÝ vřchozÝ ˙daje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ICQ"="c:\program files\ICQ7.1\ICQ.exe" [2011-01-05 133432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-12-31 3395600]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-20 141848]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-11-01 1101824]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-11-01 995328]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-20 137752]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-09 806912]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-07-24 677144]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-20 166424]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-01-02 40960]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2010-12-4 67128]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-03-14 05:03 74752 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [14.8.2007 17:59 101167]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [9.10.2006 13:31 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [14.6.2007 16:22 13184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [14.6.2008 8:49 293968]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [24.7.2007 8:21 38816]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [14.8.2007 17:59 5840]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [18.8.2004 12:00 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [18.8.2004 12:00 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.6.2008 8:49 17744]
R2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\drivers\ethpdrv.sys [12.3.2008 15:28 9728]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [6.9.2007 13:26 221184]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [22.3.2009 8:54 246520]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [24.7.2007 8:21 41216]
S2 gupdate;Slu×ba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15.10.2010 6:41 136176]
S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\DRIVERS\HP24X.sys --> c:\windows\system32\DRIVERS\HP24X.sys [?]
S3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\drivers\ipw3gnet.sys [12.3.2008 15:29 51040]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
Obsah adresß°e 'NaplßnovanÚ ˙lohy'
2011-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-15 05:41]
2011-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-15 05:41]
.
.
------- Dopl˛kovř sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Lenka Banachovß\Data aplikacÝ\Mozilla\Firefox\Profiles\86ppfllp.default\
FF - prefs.js: browser.startup.homepage - hxxp://cs.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:cs:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.6&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-06 12:18
Windows 5.1.2600 Service Pack 3 NTFS
skenovßnÝ skrytřch proces¨ ...
skenovßnÝ skrytřch polo×ek 'Po spuÜtýnÝ' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe??????????????@? ???`Q????????@???????@
skenovßnÝ skrytřch soubor¨ ...
sken byl ˙speÜný dokonŔen
skrytÚ soubory: 0
**************************************************************************
.
--------------------- Knihovny navßzanÚ na bý×ÝcÝ procesy ---------------------
- - - - - - - > 'winlogon.exe'(956)
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\program files\Hewlett-Packard\IAM\bin\HPBrand.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASChnl.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItDAC.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItReports.DLL
c:\windows\system32\netprovcredman.dll
c:\windows\SbHpNp.DLL
c:\program files\Hewlett-Packard\IAM\Bin\BioAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASBIoAT.dll
c:\program files\Hewlett-Packard\IAM\Bin\ittal.dll
c:\program files\Hewlett-Packard\IAM\Bin\STEngine.dll
- - - - - - - > 'explorer.exe'(8988)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\APSHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ JinÚ spuÜtenÚ procesy ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\windows\system32\IFXTCS.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Hewlett-Packard\IAM\bin\asghost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe
c:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\progra~1\ICQ7.1\ICQ.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Celkovř Ŕas: 2011-01-06 12:23:50 - poŔÝtaŔ byl restartovßn
ComboFix-quarantined-files.txt 2011-01-06 11:23
ComboFix2.txt 2011-01-06 09:57
P°ed spuÜtýnÝm: Volnřch bajt¨: 50á438á307á840
Po spuÜtýnÝ: Volnřch bajt¨: 50á444á107á776
- - End Of File - - CE7824706ABADF64539D75D034439104
SystÚm Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1015.419 [GMT 1:00]
SpuÜtýnř z: c:\documents and settings\Lenka Banachovß\Plocha\ComboFix.exe
Pou×itÚ ovlßdacÝ p°epÝnaŔe :: c:\documents and settings\Lenka Banachovß\Plocha\CFscript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Personal Security Sentinel *Enabled* {5CCDC963-5D14-4118-8CB5-45E0D303D7AD}
.
((((((((((((((((((((((((( Soubory vytvo°enÚ od 2010-12-06 do 2011-01-06 )))))))))))))))))))))))))))))))
.
2011-01-06 09:35 . 2011-01-06 09:35 -------- d-----w- C:\tmp
2011-01-06 08:43 . 2011-01-06 08:43 -------- d-----w- c:\documents and settings\Lenka Banachovß\Data aplikacÝ\Malwarebytes
2011-01-06 08:43 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-06 08:42 . 2011-01-06 08:42 -------- d-----w- c:\documents and settings\All Users\Data aplikacÝ\Malwarebytes
2011-01-06 08:42 . 2011-01-06 09:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-06 08:42 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-06 08:09 . 2011-01-06 08:09 -------- d-----w- c:\program files\trend micro
2011-01-06 08:09 . 2011-01-06 08:09 -------- d-----w- C:\rsit
2011-01-04 19:18 . 2011-01-04 19:18 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-01-04 16:52 . 2011-01-04 16:53 -------- d-----w- c:\program files\Common Files\Adobe
2010-12-22 16:47 . 2010-12-22 16:47 -------- d-----r- c:\documents and settings\LocalService\OblÝbenÚ polo×ky
2010-12-16 08:51 . 2010-12-16 08:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikacÝ\Temp
2010-12-16 08:10 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-16 08:09 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-07 16:10 . 2010-12-07 16:10 -------- d-----w- c:\documents and settings\Lenka Banachovß\Local Settings\Data aplikacÝ\WMTools Downloaded Files
2010-12-07 14:47 . 2008-04-13 18:46 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2010-12-07 14:47 . 2008-04-13 18:46 51200 ----a-w- c:\windows\system32\drivers\msdv.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M vřpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-31 20:06 . 2010-10-15 05:40 38848 ----a-w- c:\windows\avastSS.scr
2010-12-31 20:06 . 2008-06-14 07:42 188216 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-31 20:00 . 2008-06-14 07:49 293968 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-31 19:59 . 2008-06-14 07:42 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-31 19:59 . 2008-06-14 07:42 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-12-31 19:59 . 2008-06-14 07:42 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-12-31 19:56 . 2008-06-14 07:42 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-31 19:56 . 2008-06-14 07:42 29264 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-12-31 19:56 . 2008-06-14 07:49 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-04 16:43 . 2010-12-04 16:43 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2010-11-18 18:15 . 2008-03-05 17:17 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-05 05:02 . 2004-08-18 11:00 668160 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 15:17 . 2004-08-18 11:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2004-08-18 11:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:58 . 2004-08-18 11:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.
(((((((((((((((((((((((((((((((((( SpouÜtýcÝ body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznßmka* prßzdnÚ zßznamy a legitimnÝ vřchozÝ ˙daje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ICQ"="c:\program files\ICQ7.1\ICQ.exe" [2011-01-05 133432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-12-31 3395600]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-20 141848]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-11-01 1101824]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-11-01 995328]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-20 137752]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-09 806912]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-07-24 677144]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-20 166424]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-01-02 40960]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2010-12-4 67128]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-03-14 05:03 74752 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [14.8.2007 17:59 101167]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [9.10.2006 13:31 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [14.6.2007 16:22 13184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [14.6.2008 8:49 293968]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [24.7.2007 8:21 38816]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [14.8.2007 17:59 5840]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [18.8.2004 12:00 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [18.8.2004 12:00 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.6.2008 8:49 17744]
R2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\drivers\ethpdrv.sys [12.3.2008 15:28 9728]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [6.9.2007 13:26 221184]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [22.3.2009 8:54 246520]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [24.7.2007 8:21 41216]
S2 gupdate;Slu×ba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15.10.2010 6:41 136176]
S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\DRIVERS\HP24X.sys --> c:\windows\system32\DRIVERS\HP24X.sys [?]
S3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\drivers\ipw3gnet.sys [12.3.2008 15:29 51040]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
Obsah adresß°e 'NaplßnovanÚ ˙lohy'
2011-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-15 05:41]
2011-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-15 05:41]
.
.
------- Dopl˛kovř sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Lenka Banachovß\Data aplikacÝ\Mozilla\Firefox\Profiles\86ppfllp.default\
FF - prefs.js: browser.startup.homepage - hxxp://cs.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:cs:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.6&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-06 12:18
Windows 5.1.2600 Service Pack 3 NTFS
skenovßnÝ skrytřch proces¨ ...
skenovßnÝ skrytřch polo×ek 'Po spuÜtýnÝ' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe??????????????@? ???`Q????????@???????@
skenovßnÝ skrytřch soubor¨ ...
sken byl ˙speÜný dokonŔen
skrytÚ soubory: 0
**************************************************************************
.
--------------------- Knihovny navßzanÚ na bý×ÝcÝ procesy ---------------------
- - - - - - - > 'winlogon.exe'(956)
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\program files\Hewlett-Packard\IAM\bin\HPBrand.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASChnl.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItDAC.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItReports.DLL
c:\windows\system32\netprovcredman.dll
c:\windows\SbHpNp.DLL
c:\program files\Hewlett-Packard\IAM\Bin\BioAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASBIoAT.dll
c:\program files\Hewlett-Packard\IAM\Bin\ittal.dll
c:\program files\Hewlett-Packard\IAM\Bin\STEngine.dll
- - - - - - - > 'explorer.exe'(8988)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\APSHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ JinÚ spuÜtenÚ procesy ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\windows\system32\IFXTCS.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Hewlett-Packard\IAM\bin\asghost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe
c:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\progra~1\ICQ7.1\ICQ.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Celkovř Ŕas: 2011-01-06 12:23:50 - poŔÝtaŔ byl restartovßn
ComboFix-quarantined-files.txt 2011-01-06 11:23
ComboFix2.txt 2011-01-06 09:57
P°ed spuÜtýnÝm: Volnřch bajt¨: 50á438á307á840
Po spuÜtýnÝ: Volnřch bajt¨: 50á444á107á776
- - End Of File - - CE7824706ABADF64539D75D034439104
-
stell
- VIP in memoriam
- Příspěvky: 5175
- Registrován: 09 pro 2007 09:27
- Bydliště: SK-REVUCA
- Kontaktovat uživatele:
Re: Windows.RedirectedHosts
zopakuj akciu, na Firewall som zabudol
Kód: Vybrat vše
KILLALL::
SecCenter::
{5CCDC963-5D14-4118-8CB5-45E0D303D7AD}
Driver::
PersonalSecureDriveDôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
-
stell
- VIP in memoriam
- Příspěvky: 5175
- Registrován: 09 pro 2007 09:27
- Bydliště: SK-REVUCA
- Kontaktovat uživatele:
Re: Windows.RedirectedHosts
pockaj moment.
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Přispějete na provoz fóra?