VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o RADU

https://forum.viry.cz:443/viewtopic.php?t=103335

Stránka 2 z 5

Re: Prosím o RADU

Napsal: 04 srp 2010 11:13
od holvyy
Zůstal jsem před problémem co dělat ja to všechno už v PC nemám možná jenom výsledky omlouvám se ale je to tak co dále už nic nevymažu

Re: Prosím o RADU

Napsal: 04 srp 2010 18:57
od motji
Promiňte, ale já Vám vůbec nerozumím :o

Re: Prosím o RADU

Napsal: 04 srp 2010 19:27
od holvyy
Dobrý večer,mám ve zvyku než vypnu PC ho vyčistit a tak se stalo že jsem vymazal Combofix včetně"příslušenství",takže co jsem nedal na internet to tam není.Udelal jsem další stažení a celý postup znovu a zde je výsl.log.
ComboFix 10-08-03.04 - Bohuslav 04.08.2010 16:38:39.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.767.497 [GMT 2:00]
Spuštěný z: c:\documents and settings\Bohuslav\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Kerio Personal Firewall *disabled* {CB8DE467-2367-41d1-87BA-D0AE12284F9A}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-07-04 do 2010-08-04 )))))))))))))))))))))))))))))))
.

2010-08-03 13:29 . 2010-08-03 13:31 -------- d-----w- c:\program files\trend micro
2010-08-03 13:29 . 2010-08-03 13:33 -------- d-----w- C:\rsit
2010-08-03 01:50 . 2008-04-13 22:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-08-03 01:50 . 2008-04-13 22:10 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-08-03 01:50 . 2008-04-13 22:11 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-08-03 01:50 . 2008-04-13 22:11 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-08-03 01:50 . 2008-04-13 22:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-08-03 01:50 . 2008-04-13 22:11 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-08-03 01:49 . 2010-08-03 08:12 0 ----a-w- c:\windows\system32\drivers\sdljptvc.sys
2010-07-15 14:14 . 2010-07-15 14:14 -------- d-----w- c:\program files\Common Files\Skype
2010-07-13 16:21 . 2010-07-13 16:21 -------- d-----w- c:\program files\Common Files\PCSuite
2010-07-13 16:21 . 2010-07-13 16:21 -------- d-----w- c:\program files\Common Files\Nokia
2010-07-13 16:18 . 2010-07-13 16:18 -------- d-----w- c:\program files\DIFX
2010-07-13 16:18 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-07-13 16:18 . 2010-07-13 16:18 -------- d-----w- c:\program files\PC Connectivity Solution
2010-07-13 16:18 . 2010-02-26 12:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-07-13 16:18 . 2010-02-26 12:32 22528 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-07-13 16:18 . 2010-02-26 12:32 662016 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-07-13 16:18 . 2010-02-26 12:32 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-07-13 16:18 . 2010-02-26 12:19 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-03 01:50 . 2010-06-07 14:29 -------- d-----w- c:\program files\DScaler
2010-08-02 17:45 . 2001-10-25 12:00 47410 ----a-w- c:\windows\system32\perfc005.dat
2010-08-02 17:45 . 2001-10-25 12:00 312606 ----a-w- c:\windows\system32\perfh005.dat
2010-07-31 02:34 . 2010-03-17 16:15 -------- d-----w- c:\program files\Spyware Terminator
2010-07-28 11:31 . 2010-03-20 03:17 -------- d-----w- c:\program files\Ask.com
2010-07-27 10:33 . 2010-03-29 22:08 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-07-15 14:13 . 2005-09-15 19:28 -------- d-----w- c:\program files\Skype
2010-07-13 16:30 . 2010-07-13 16:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2010-07-13 16:30 . 2010-07-13 16:30 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf
2010-07-13 16:29 . 2010-07-13 16:29 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-07-13 16:29 . 2010-07-13 16:29 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-13 16:21 . 2008-02-12 00:01 -------- d-----w- c:\program files\Nokia
2010-07-13 03:03 . 2010-03-20 03:45 -------- d-----w- c:\program files\Burn4Free
2010-07-12 03:19 . 2010-07-12 03:19 113322 ----a-w- c:\program files\_JPOD, 6. dub 1931.sav
2010-07-07 15:35 . 2010-03-25 09:14 -------- d-----w- c:\program files\ICQ7.1
2010-07-01 14:05 . 2007-12-09 15:24 -------- d-----w- c:\program files\GRETECH
2010-06-28 20:57 . 2010-06-29 06:07 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2010-04-28 13:25 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-04-28 13:25 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-04-28 13:25 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-04-28 13:25 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-04-28 13:25 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-04-28 13:25 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-04-28 13:25 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-04-28 13:25 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-24 15:25 . 2004-04-01 20:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-23 14:48 . 2010-06-23 14:48 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-06-23 14:48 . 2010-06-23 14:48 -------- d-----w- c:\program files\Common Files\Ulead Systems
2010-06-23 14:48 . 2010-06-23 14:47 -------- d-----w- c:\program files\WinFast
2010-06-23 14:48 . 2010-06-23 14:48 -------- d-----w- c:\program files\Windows Sidebar
2010-06-23 14:41 . 2010-06-23 14:41 -------- d-----w- c:\program files\Leadtek Research Inc
2010-06-23 14:08 . 2010-06-07 13:21 -------- d-----w- c:\program files\Driver Genius
2010-06-23 13:50 . 2010-06-23 13:50 -------- d-----w- c:\program files\win fst
2010-06-23 13:36 . 2010-06-07 13:58 -------- d-----w- c:\program files\ChrisTV PVR
2010-06-14 15:47 . 2010-06-13 20:29 -------- d-----w- c:\program files\LifeView MVP
2010-06-13 18:10 . 2006-01-24 17:45 -------- d-----w- c:\program files\CCleaner
2010-06-12 19:55 . 2010-03-01 17:20 -------- d-----w- c:\program files\Ashampoo
2010-06-08 10:08 . 2010-06-08 10:08 -------- d-----w- c:\program files\Common Files\NacreWare
2010-06-08 10:08 . 2010-06-08 10:08 -------- d-----w- c:\program files\AMC2000
2010-06-07 14:02 . 2010-05-05 10:16 4456 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-07 14:00 . 2010-04-21 12:02 -------- d-----w- c:\program files\BS_Player
2010-06-07 13:17 . 2010-06-07 13:17 -------- d-----w- c:\program files\ATI Technologies
2008-08-18 08:55 . 2008-08-18 08:55 148766 ----a-w- c:\program files\PC Tools Firewall Plus_40045_cz.exe
2008-08-18 08:37 . 2008-08-18 08:37 2405 ----a-w- c:\program files\Přečti si!.txt
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-06-07 14:00 2515552 ----a-w- c:\program files\BS_Player\tbBS_1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-06-07 2515552]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-06-07 2515552]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2010-03-01 451224]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-03-17 3037696]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2010-03-25 2924544]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-03-17 2166784]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-31 185872]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2010-04-07 79360]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Bohuslav\Nabˇdka Start\Programy\Po spuçtŘnˇ\
updpxe32.exe [2008-4-14 32256]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\program files\ICQ7.1\ICQ.exe" silent loginmode=4
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"SoundMan"=SOUNDMAN.EXE
"WinampAgent"=c:\program files\Winamp\winampa.exe
"DTVRemote"="c:\program files\LifeView MVP\RemoteControl.exe"
"ChrisTV Agent"="c:\program files\ChrisTV PVR\ChrisTV_Agent.exe" /SILENT

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\DVBTAP.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\LiveUpdate\\LiveUpdate.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\Bohuslav\\Plocha\\Skype.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28.4.2010 15:25 165456]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [17.3.2010 18:15 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.4.2010 15:25 17744]
R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [23.6.2010 16:41 59776]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [25.3.2010 11:28 246520]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [25.2.2010 10:59 1047880]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [23.6.2010 16:41 19456]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [23.6.2010 16:41 9600]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25.2.2010 10:18 10064]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27.8.2007 22:37 685816]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
utvmhdnl

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9CD2822B-5E90-0FD3-7957-4DAA46499ED8}]
2010-04-08 08:58 3131655 ----a-w- c:\program files\windfcyg\windfcyg.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80096&lng=cs
uInternet Settings,ProxyServer = 192.168.200.221:3128
IE: &ICQ Toolbar Search - c:\progra~1\ICQTOO~1\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WEBIE.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Bohuslav\Data aplikací\Mozilla\Firefox\Profiles\qnbnrney.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://portal.mpsv.cz/sz/obcane/vmjedno
FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tmpl=11&tbid=80096&language=cs&qkw=
FF - component: c:\documents and settings\Bohuslav\Data aplikací\Mozilla\Firefox\Profiles\qnbnrney.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Bohuslav\Data aplikací\Mozilla\Firefox\Profiles\qnbnrney.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Bohuslav\Data aplikací\Mozilla\Firefox\Profiles\qnbnrney.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Bohuslav\Data aplikací\Mozilla\Firefox\Profiles\qnbnrney.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-04 16:46
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ASFWHide]
"ImagePath"="\??\c:\docume~1\Bohuslav\LOCALS~1\Temp\ASFWHide"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG06.00.00.01WORKSTATION"="BEDF0E162D592E52B7BAEC663700D6CC162A0B998B7A3A05471626057DE6BF7A1F7FCC5C48F133D3934FD843F437292DC3433D6109AAB1FD52E1A112079E5E888C014FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D140700F9F580EE9F7A3F509BB07F5125FBB180A42937C0B26B9F8A1A02A1A309A0A413872200E3F2285D9B7BB1595FEEC2CCB7D8A957E9A7011FD7F8F360E03868AFA89B16944ECBA769F4A7718F997FDE75A9B815FB4C2178315904157763308C00590683492FBED5686E05E1E7CB913E7A035D3BC71E9FEF9372A8BB06E8577D64E629E15AEE3597D1420ABB5BA532D5A394743892F6768CF7AE6A7FE29464B018337CEABAD8EED113CAC4F99A3CC69DA7543E65E8D54EF6843BDEBE15EB642250458A9C8E1CFB708A08D45A0787048FB5DB90E3881AA2DCD26A301A59DA39CCB24773B9AF4C42608C9DEEE0B66575ABEBE55618E58BC16D72311DF5A0AE96355C09EA472B617C96E1545BD4F514F9F663D389AAA9D2515EE3AAF6FB0E98865E59FDB7904435B688C418F541C138C3F8212BBD062C7C48671E14A5997CB164522FBAB5A3EE0855B068F7AE74CD5BDABBA49498DB017AF2460BCFA18076F26220D4FB5251D47E0C8E6DA90A037E6A9850DDDD519F6821703B87E37AA4BDBA84D8332193B0541EE4236E82A0C270B3ACCA3276B60ADBABB48A66F8524046CB23912CAA8E1C7E53BEF6F57F1F5072ED9941FA74A91706B7887CEEDDDF4FB94C6C641042EE32186CCA130440C50A8430364F848F9F8647C4855FD8846B1471465FEE27B0F3D49C9E8D870E8AE613DFF5AC1690A522DBB0399D02D383D59382A8D1D2ACE67228B78063657AC3ECD26DA17CB8D3B74D600D5E92B981920F16ADC66B3550F5CF194B0C7745267853734DF6785E7769D4A0D6617EDF77121F296D552BC0B2150854ED234DC0615A2B65509D47339705FAEBBCD44BD040029F1E6DEEDF236D202A4C6887B976EFBB18DB7DA2E36646779A5622ACBA6C5A0ABD8A0E932F8C0A15DA37376166890993524D10761D2C885020389F435E9736F23EC6652391B38897CF8F0DBBD29FD900A5F3F4EC143BD6C58E2E80D41EBB3BA975F03AE6D4D25BEDD3135006CEE402BF735051BEC1509F307998C384B74543424EE90A8798A5E883C7449893010715B62F26F888EFAB428C0B1A9CD6B8241C7147D50592D0F00DE61F68359C63381CEC61FAF7CABD8E147B001C73B387CD8791719E107CC77717CBDE8AA5BAC2AF118E261B8C691E435EC1AA4AE36B59B93B207571C29A1A834987A479A1EE422867EAAE15A82ED6135E4A6F153D2DBB66E23F0BBFE9A7B863DA951F45129C56E07FF53E3CF343"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(632)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-08-04 16:50:03
ComboFix-quarantined-files.txt 2010-08-04 14:49
ComboFix2.txt 2010-08-03 22:36

Před spuštěním: Volných bajtů: 30 068 899 840
Po spuštění: Volných bajtů: 30 027 751 424

Current=4 Default=4 Failed=1 LastKnownGood=3 Sets=1,2,3,4
- - End Of File - - 5C0F4A8F289E32C1B239DFAC65008004

Re: Prosím o RADU

Napsal: 04 srp 2010 19:31
od motji
Zopakujte tento postup
motji píše:Tak jsem to stihla dřív.


:arrow: Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Collect::
c:\documents and settings\Bohuslav\Nabídka Start\Programy\Po spuštění\updpxe32.exe 
c:\program files\windfcyg\windfcyg.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9CD2822B-5E90-0FD3-7957-4DAA46499ED8}]

Firefox::
FF - ProfilePath - c:\documents and settings\Bohuslav\Data aplikací\Mozilla\Firefox\Profiles\qnbnrney.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatc ... ge=cs&qkw=
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek


-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci



:arrow: Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken
NIC NEMAZAT :!:
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

Re: Prosím o RADU

Napsal: 04 srp 2010 20:18
od holvyy
ComboFix 10-08-03.04 - Bohuslav 04.08.2010 20:56:41.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.767.255 [GMT 2:00]
Spuštěný z: c:\documents and settings\Bohuslav\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Bohuslav\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Kerio Personal Firewall *disabled* {CB8DE467-2367-41d1-87BA-D0AE12284F9A}

file zipped: c:\program files\windfcyg\windfcyg.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\windfcyg\windfcyg.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-04 do 2010-08-04 )))))))))))))))))))))))))))))))
.

2010-08-03 13:29 . 2010-08-03 13:31 -------- d-----w- c:\program files\trend micro
2010-08-03 13:29 . 2010-08-03 13:33 -------- d-----w- C:\rsit
2010-08-03 01:50 . 2008-04-13 22:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-08-03 01:50 . 2008-04-13 22:10 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-08-03 01:50 . 2008-04-13 22:11 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-08-03 01:50 . 2008-04-13 22:11 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-08-03 01:50 . 2008-04-13 22:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-08-03 01:50 . 2008-04-13 22:11 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-08-03 01:49 . 2010-08-03 08:12 0 ----a-w- c:\windows\system32\drivers\sdljptvc.sys
2010-07-15 14:14 . 2010-07-15 14:14 -------- d-----w- c:\program files\Common Files\Skype
2010-07-13 16:21 . 2010-07-13 16:21 -------- d-----w- c:\program files\Common Files\PCSuite
2010-07-13 16:21 . 2010-07-13 16:21 -------- d-----w- c:\program files\Common Files\Nokia
2010-07-13 16:18 . 2010-07-13 16:18 -------- d-----w- c:\program files\DIFX
2010-07-13 16:18 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-07-13 16:18 . 2010-07-13 16:18 -------- d-----w- c:\program files\PC Connectivity Solution
2010-07-13 16:18 . 2010-02-26 12:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-07-13 16:18 . 2010-02-26 12:32 22528 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-07-13 16:18 . 2010-02-26 12:32 662016 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-07-13 16:18 . 2010-02-26 12:32 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-07-13 16:18 . 2010-02-26 12:19 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-04 19:03 . 2010-03-25 04:20 -------- d-----w- c:\program files\windfcyg
2010-08-04 14:54 . 2006-01-24 17:45 -------- d-----w- c:\program files\CCleaner
2010-08-03 01:50 . 2010-06-07 14:29 -------- d-----w- c:\program files\DScaler
2010-08-02 17:45 . 2001-10-25 12:00 47410 ----a-w- c:\windows\system32\perfc005.dat
2010-08-02 17:45 . 2001-10-25 12:00 312606 ----a-w- c:\windows\system32\perfh005.dat
2010-07-31 02:34 . 2010-03-17 16:15 -------- d-----w- c:\program files\Spyware Terminator
2010-07-28 11:31 . 2010-03-20 03:17 -------- d-----w- c:\program files\Ask.com
2010-07-27 10:33 . 2010-03-29 22:08 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-07-15 14:13 . 2005-09-15 19:28 -------- d-----w- c:\program files\Skype
2010-07-13 16:30 . 2010-07-13 16:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2010-07-13 16:30 . 2010-07-13 16:30 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf
2010-07-13 16:29 . 2010-07-13 16:29 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-07-13 16:29 . 2010-07-13 16:29 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-13 16:21 . 2008-02-12 00:01 -------- d-----w- c:\program files\Nokia
2010-07-13 03:03 . 2010-03-20 03:45 -------- d-----w- c:\program files\Burn4Free
2010-07-12 03:19 . 2010-07-12 03:19 113322 ----a-w- c:\program files\_JPOD, 6. dub 1931.sav
2010-07-07 15:35 . 2010-03-25 09:14 -------- d-----w- c:\program files\ICQ7.1
2010-07-01 14:05 . 2007-12-09 15:24 -------- d-----w- c:\program files\GRETECH
2010-06-28 20:57 . 2010-06-29 06:07 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2010-04-28 13:25 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-04-28 13:25 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-04-28 13:25 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-04-28 13:25 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-04-28 13:25 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-04-28 13:25 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-04-28 13:25 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-04-28 13:25 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-24 15:25 . 2004-04-01 20:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-23 14:48 . 2010-06-23 14:48 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-06-23 14:48 . 2010-06-23 14:48 -------- d-----w- c:\program files\Common Files\Ulead Systems
2010-06-23 14:48 . 2010-06-23 14:47 -------- d-----w- c:\program files\WinFast
2010-06-23 14:48 . 2010-06-23 14:48 -------- d-----w- c:\program files\Windows Sidebar
2010-06-23 14:41 . 2010-06-23 14:41 -------- d-----w- c:\program files\Leadtek Research Inc
2010-06-23 14:08 . 2010-06-07 13:21 -------- d-----w- c:\program files\Driver Genius
2010-06-23 13:50 . 2010-06-23 13:50 -------- d-----w- c:\program files\win fst
2010-06-23 13:36 . 2010-06-07 13:58 -------- d-----w- c:\program files\ChrisTV PVR
2010-06-14 15:47 . 2010-06-13 20:29 -------- d-----w- c:\program files\LifeView MVP
2010-06-12 19:55 . 2010-03-01 17:20 -------- d-----w- c:\program files\Ashampoo
2010-06-08 10:08 . 2010-06-08 10:08 -------- d-----w- c:\program files\Common Files\NacreWare
2010-06-08 10:08 . 2010-06-08 10:08 -------- d-----w- c:\program files\AMC2000
2010-06-07 14:02 . 2010-05-05 10:16 4456 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-07 14:00 . 2010-04-21 12:02 -------- d-----w- c:\program files\BS_Player
2010-06-07 13:17 . 2010-06-07 13:17 -------- d-----w- c:\program files\ATI Technologies
2008-08-18 08:55 . 2008-08-18 08:55 148766 ----a-w- c:\program files\PC Tools Firewall Plus_40045_cz.exe
2008-08-18 08:37 . 2008-08-18 08:37 2405 ----a-w- c:\program files\Přečti si!.txt
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-06-07 14:00 2515552 ----a-w- c:\program files\BS_Player\tbBS_1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-06-07 2515552]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-06-07 2515552]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2010-03-01 451224]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-03-17 3037696]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2010-03-25 2924544]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-03-17 2166784]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-31 185872]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2010-04-07 79360]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\program files\ICQ7.1\ICQ.exe" silent loginmode=4
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"SoundMan"=SOUNDMAN.EXE
"WinampAgent"=c:\program files\Winamp\winampa.exe
"DTVRemote"="c:\program files\LifeView MVP\RemoteControl.exe"
"ChrisTV Agent"="c:\program files\ChrisTV PVR\ChrisTV_Agent.exe" /SILENT

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\DVBTAP.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\LiveUpdate\\LiveUpdate.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\Bohuslav\\Plocha\\Skype.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28.4.2010 15:25 165456]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [17.3.2010 18:15 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.4.2010 15:25 17744]
R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [23.6.2010 16:41 59776]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [25.3.2010 11:28 246520]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [25.2.2010 10:59 1047880]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [23.6.2010 16:41 19456]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [23.6.2010 16:41 9600]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25.2.2010 10:18 10064]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27.8.2007 22:37 685816]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
utvmhdnl
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80096&lng=cs
uInternet Settings,ProxyServer = 192.168.200.221:3128
IE: &ICQ Toolbar Search - c:\progra~1\ICQTOO~1\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WEBIE.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Bohuslav\Data aplikací\Mozilla\Firefox\Profiles\qnbnrney.default\
FF - prefs.js: browser.startup.homepage - hxxp://portal.mpsv.cz/sz/obcane/vmjedno
FF - component: c:\documents and settings\Bohuslav\Data aplikací\Mozilla\Firefox\Profiles\qnbnrney.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Bohuslav\Data aplikací\Mozilla\Firefox\Profiles\qnbnrney.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Bohuslav\Data aplikací\Mozilla\Firefox\Profiles\qnbnrney.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Bohuslav\Data aplikací\Mozilla\Firefox\Profiles\qnbnrney.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-04 21:04
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ASFWHide]
"ImagePath"="\??\c:\docume~1\Bohuslav\LOCALS~1\Temp\ASFWHide"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG06.00.00.01WORKSTATION"="BEDF0E162D592E52B7BAEC663700D6CC162A0B998B7A3A05471626057DE6BF7A1F7FCC5C48F133D3934FD843F437292DC3433D6109AAB1FD52E1A112079E5E888C014FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D140700F9F580EE9F7A3F509BB07F5125FBB180A42937C0B26B9F8A1A02A1A309A0A413872200E3F2285D9B7BB1595FEEC2CCB7D8A957E9A7011FD7F8F360E03868AFA89B16944ECBA769F4A7718F997FDE75A9B815FB4C2178315904157763308C00590683492FBED5686E05E1E7CB913E7A035D3BC71E9FEF9372A8BB06E8577D64E629E15AEE3597D1420ABB5BA532D5A394743892F6768CF7AE6A7FE29464B018337CEABAD8EED113CAC4F99A3CC69DA7543E65E8D54EF6843BDEBE15EB642250458A9C8E1CFB708A08D45A0787048FB5DB90E3881AA2DCD26A301A59DA39CCB24773B9AF4C42608C9DEEE0B66575ABEBE55618E58BC16D72311DF5A0AE96355C09EA472B617C96E1545BD4F514F9F663D389AAA9D2515EE3AAF6FB0E98865E59FDB7904435B688C418F541C138C3F8212BBD062C7C48671E14A5997CB164522FBAB5A3EE0855B068F7AE74CD5BDABBA49498DB017AF2460BCFA18076F26220D4FB5251D47E0C8E6DA90A037E6A9850DDDD519F6821703B87E37AA4BDBA84D8332193B0541EE4236E82A0C270B3ACCA3276B60ADBABB48A66F8524046CB23912CAA8E1C7E53BEF6F57F1F5072ED9941FA74A91706B7887CEEDDDF4FB94C6C641042EE32186CCA130440C50A8430364F848F9F8647C4855FD8846B1471465FEE27B0F3D49C9E8D870E8AE613DFF5AC1690A522DBB0399D02D383D59382A8D1D2ACE67228B78063657AC3ECD26DA17CB8D3B74D600D5E92B981920F16ADC66B3550F5CF194B0C7745267853734DF6785E7769D4A0D6617EDF77121F296D552BC0B2150854ED234DC0615A2B65509D47339705FAEBBCD44BD040029F1E6DEEDF236D202A4C6887B976EFBB18DB7DA2E36646779A5622ACBA6C5A0ABD8A0E932F8C0A15DA37376166890993524D10761D2C885020389F435E9736F23EC6652391B38897CF8F0DBBD29FD900A5F3F4EC143BD6C58E2E80D41EBB3BA975F03AE6D4D25BEDD3135006CEE402BF735051BEC1509F307998C384B74543424EE90A8798A5E883C7449893010715B62F26F888EFAB428C0B1A9CD6B8241C7147D50592D0F00DE61F68359C63381CEC61FAF7CABD8E147B001C73B387CD8791719E107CC77717CBDE8AA5BAC2AF118E261B8C691E435EC1AA4AE36B59B93B207571C29A1A834987A479A1EE422867EAAE15A82ED6135E4A6F153D2DBB66E23F0BBFE9A7B863DA951F45129C56E07FF53E3CF343"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(632)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-08-04 21:07:49
ComboFix-quarantined-files.txt 2010-08-04 19:07
ComboFix2.txt 2010-08-04 14:50
ComboFix3.txt 2010-08-03 22:36

Před spuštěním: Volných bajtů: 29 999 505 408
Po spuštění: Volných bajtů: 29 973 913 600

Current=4 Default=4 Failed=1 LastKnownGood=3 Sets=1,2,3,4
- - End Of File - - 9CCE1F1CFA88A50B1584CF8F74178BD9
Nahr nˇ probŘhlo ŁspŘçnŘ

Re: Prosím o RADU

Napsal: 04 srp 2010 20:35
od motji
Prosím Vás, ještě smažte složku
c:\program files\windfcyg.

Ještě se mi tam něco nelíbí, uvidíme, co najde mbam.

Re: Prosím o RADU

Napsal: 04 srp 2010 20:43
od holvyy
Nerozimím mam smazat c:\program files\windfcyg.
a odkaď kde to najdu

Re: Prosím o RADU

Napsal: 04 srp 2010 21:08
od motji
Já to pak smažu přes combofix, at to nemusíte tedy hledat :) .
Ted počkám na ten mbam :)

Re: Prosím o RADU

Napsal: 04 srp 2010 21:21
od holvyy
Tak ja tušim že mam neco provést ale nevim co mam stahnout mbam a?

Re: Prosím o RADU

Napsal: 04 srp 2010 21:34
od holvyy
již běží uplný scan

Re: Prosím o RADU

Napsal: 04 srp 2010 22:16
od holvyy
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4390

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

4.8.2010 23:14:41
mbam-log-2010-08-04 (23-14-41).txt

Typ skenu: Úplný sken (C:\|)
Skenované objekty: 185918
Uplynulý čas: 47 minuta(y), 46 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Program Files\Driver Genius\SetKey.exe (Worm.Agent) -> No action taken.
C:\Documents and Settings\Bohuslav\Data aplikací\addons.dat (Bifrose.Trace) -> No action taken.
C:\Documents and Settings\Bohuslav\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.

Re: Prosím o RADU

Napsal: 04 srp 2010 22:25
od motji
Co našel mbam, smažte, a napište stav počítače.
skript do combofixu napíšu zítra :)

Re: Prosím o RADU

Napsal: 04 srp 2010 22:33
od holvyy
Nevím co mám smazat,stav počítače -jestli je změna k lepšímu .Prosím podrobněji popsat co a jak aby jsem zase nesmazal co nemám.Programy co jsem stáhl si mám nechat nebo .. zatim dík

Re: Prosím o RADU

Napsal: 05 srp 2010 08:38
od motji
Já Vám to smažu přes combofix :) .
Mbam můžete odinstalovat.

:arrow: Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Collect::
C:\Program Files\Driver Genius\SetKey.exe
C:\Documents and Settings\Bohuslav\Data aplikací\addons.dat
C:\Documents and Settings\Bohuslav\Data aplikací\avdrn.dat

Folder::
c:\program files\windfcyg
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek


-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Re: Prosím o RADU

Napsal: 05 srp 2010 11:17
od holvyy
ComboFix se chtěl během svého skenováni spojit se servrem ja jsem neměl pripojení k internetu..
Jinak se mi zdá že je PC -ok.Snad jsem to nezakřiknul takže čekám na další rady zatím Vam děkuji
Všechny časy jsou v UTC+01:00
Stránka 2 z 5

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz