VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

POMOC PROSIM

https://forum.viry.cz:443/viewtopic.php?t=116182

Stránka 2 z 2

Re: POMOC PROSIM

Napsal: 19 říj 2011 23:18
od abdul99
ComboFix 11-10-19.06 - Uživatel 20.10.2011 0:06.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1788.1208 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Microsoft Security Essentials
c:\program files\Microsoft Security Essentials\Backup\amloc-cs-cz.msi
c:\program files\Microsoft Security Essentials\Backup\cs-cz\SetupRes.dll.mui
c:\program files\Microsoft Security Essentials\Backup\legitlib.dll
c:\program files\Microsoft Security Essentials\Backup\mp_ambits.msi
c:\program files\Microsoft Security Essentials\Backup\msse.msi
c:\program files\Microsoft Security Essentials\Backup\setup.exe
c:\program files\Microsoft Security Essentials\Backup\setup.ini
c:\program files\Microsoft Security Essentials\Backup\SetupRes.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-19 do 2011-10-19 )))))))))))))))))))))))))))))))
.
.
2011-10-19 14:27 . 2011-10-19 14:27 -------- d-----w- c:\documents and settings\Uživatel\Local Settings\Data aplikací\womble
2011-10-18 13:36 . 2011-10-18 13:36 -------- d-----w- c:\program files\Womble Multimedia
2011-10-17 20:38 . 2011-10-17 20:38 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\Malwarebytes
2011-10-17 20:38 . 2010-11-29 15:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-17 20:37 . 2011-10-17 20:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-17 20:37 . 2010-11-29 15:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-17 20:08 . 2011-10-17 20:34 -------- d-----w- c:\program files\trend micro
2011-10-17 20:08 . 2011-10-17 20:09 -------- d-----w- C:\rsit
2011-10-16 13:39 . 2011-10-17 18:19 -------- d-----w- c:\program files\Serif Standa
2011-10-15 18:56 . 2011-10-15 18:56 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\DivX
2011-10-15 18:54 . 2005-09-23 20:18 171520 ----a-w- c:\windows\system32\drivers\MarvinBus.sys
2011-10-15 18:54 . 2011-10-15 18:54 -------- d-----w- c:\program files\Common Files\Pinnacle
2011-10-15 18:54 . 2011-10-15 18:54 -------- d-----w- c:\documents and settings\Uživatel\Local Settings\Data aplikací\Downloaded Installations
2011-10-15 18:54 . 2011-10-19 17:11 -------- d-----w- c:\documents and settings\Uživatel\Local Settings\Data aplikací\Pinnacle
2011-10-15 18:53 . 2011-10-15 18:56 -------- d-----w- c:\documents and settings\All Users\Data aplikac
2011-10-15 18:48 . 2011-10-15 18:48 -------- d-----w- c:\program files\Common Files\Pegasus Imaging
2011-10-15 18:48 . 2011-10-15 18:48 -------- d-----w- c:\program files\Common Files\Yahoo!
2011-10-15 18:44 . 2011-10-15 18:48 -------- d-----w- c:\program files\Pinnacle
2011-10-15 10:04 . 2011-10-15 10:04 -------- d-----w- c:\program files\TerraTec
2011-10-15 08:55 . 2004-07-20 07:15 146109 ----a-r- c:\windows\system32\cpnotify.ax
2011-10-15 08:55 . 2005-04-27 07:26 1548800 ----a-r- c:\windows\system32\drivers\p2usbwdm.sys
2011-10-15 08:37 . 2005-06-10 02:44 81920 ------r- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
2011-10-15 08:37 . 2005-06-10 02:44 618496 ------r- c:\program files\Common Files\InstallShield\UpdateService\agent.exe
2011-10-15 08:37 . 2005-06-10 02:44 368640 ------r- c:\program files\Common Files\InstallShield\UpdateService\_isusres.dll
2011-10-15 08:37 . 2005-06-10 02:44 278528 ------r- c:\program files\Common Files\InstallShield\UpdateService\ISDM.exe
2011-10-15 08:36 . 2002-11-21 08:57 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll
2011-10-15 08:36 . 2002-11-21 08:57 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll
2011-10-15 08:36 . 2002-11-21 08:57 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll
2011-10-15 08:36 . 2002-11-21 08:57 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll
2011-10-15 08:36 . 2002-11-21 08:57 188416 ----a-w- c:\windows\system32\IVIresizePX.dll
2011-10-15 08:36 . 2002-11-21 08:57 20480 ----a-w- c:\windows\system32\IVIresize.dll
2011-10-15 08:36 . 2011-10-15 08:36 -------- d-----w- c:\windows\system32\windows media
2011-10-15 08:35 . 2011-10-15 08:36 -------- d--h--w- c:\windows\msdownld.tmp
2011-10-15 08:35 . 2011-10-15 08:35 -------- d-----w- c:\program files\Windows Media Components
2011-10-15 08:29 . 2011-10-17 18:20 -------- d-----w- c:\program files\Common Files\Ulead Systems
2011-10-09 20:14 . 2011-10-09 20:14 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\BlamGames
2011-10-09 20:13 . 2011-10-09 20:14 -------- d-----w- c:\program files\Auta snu
2011-10-07 20:08 . 2011-10-07 20:08 -------- d-----w- c:\program files\MotoRacer
2011-10-07 19:40 . 2011-10-07 19:40 -------- d-----w- c:\program files\Electronic Arts
2011-10-07 19:40 . 1996-11-05 14:13 299008 ----a-w- c:\windows\uninst.exe
2011-10-07 19:40 . 2011-10-07 19:40 -------- d-----w- c:\documents and settings\Uživatel\WINDOWS
2011-10-06 18:25 . 2011-10-17 17:27 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\PriceGong
2011-10-03 17:58 . 2011-10-17 18:54 -------- d-----w- c:\documents and settings\Uživatel\Local Settings\Data aplikací\Research In Motion
2011-10-03 15:23 . 2009-01-09 14:18 27136 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2011-10-03 15:08 . 2008-11-07 16:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-10-03 15:07 . 2011-10-03 15:07 53248 ----a-r- c:\documents and settings\Uživatel\Data aplikací\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
2011-10-03 15:07 . 2011-10-17 18:52 -------- d-----w- c:\program files\Common Files\Research In Motion
2011-09-29 19:20 . 2011-09-29 19:20 -------- d-----w- c:\program files\Speccy
2011-09-29 16:01 . 2011-09-29 16:23 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\GARMIN
2011-09-29 16:00 . 2011-09-29 16:12 -------- d-----w- C:\Garmin
2011-09-29 11:57 . 2011-09-29 11:57 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\Search Settings
2011-09-29 11:57 . 2011-09-29 11:57 -------- d-----w- c:\program files\Application Updater
2011-09-21 16:54 . 2011-09-21 16:54 -------- d-----w- c:\program files\Core Temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 16:29 . 2011-08-07 05:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 09:41 . 2008-07-29 18:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2008-04-14 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2008-04-14 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-09 09:12 . 2008-04-14 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 20:45 . 2011-02-27 12:56 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2011-02-27 12:56 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-02-27 12:56 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2011-02-27 12:56 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2011-02-27 12:56 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2011-02-27 12:56 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2011-02-27 12:56 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2011-02-27 12:56 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2011-02-27 12:56 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2011-02-27 12:56 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 14:10 . 2008-04-14 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:41 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:41 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:41 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2011-08-19 14:33 . 2011-09-08 20:32 25944 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-08-17 13:49 . 2008-04-14 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2006-09-02 08:45 . 2010-09-22 20:37 159744 ----a-w- c:\program files\Trayer.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-17_21.41.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-19 13:27 . 2011-10-19 13:27 16384 c:\windows\Temp\Perflib_Perfdata_e24.dat
- 2008-04-14 12:00 . 2011-10-17 21:25 69304 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2011-10-19 13:31 69304 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2011-10-19 13:31 79932 c:\windows\system32\perfc005.dat
- 2008-04-14 12:00 . 2011-10-17 21:25 79932 c:\windows\system32\perfc005.dat
+ 2011-10-18 01:02 . 2011-10-18 01:02 22016 c:\windows\Installer\caff9e.msi
- 2008-04-14 12:00 . 2011-10-17 21:25 435822 c:\windows\system32\perfh009.dat
+ 2008-04-14 12:00 . 2011-10-19 13:31 435822 c:\windows\system32\perfh009.dat
+ 2008-04-14 12:00 . 2011-10-19 13:31 432450 c:\windows\system32\perfh005.dat
- 2008-04-14 12:00 . 2011-10-17 21:25 432450 c:\windows\system32\perfh005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Core Temp"="c:\program files\Core Temp\Core Temp.exe" [2011-09-01 722384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2010-03-31 64048]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"Family Tree Builder Update"="c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2011-06-21 225280]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\
Trayer.lnk - c:\program files\Trayer.exe [2010-9-22 159744]
.
c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\
Trayer.lnk - c:\program files\Trayer.exe [2010-9-22 159744]
.
c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\
Trayer.lnk - c:\program files\Trayer.exe [2010-9-22 159744]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-4-12 636256]
.
c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\
Trayer.lnk - c:\program files\Trayer.exe [2010-9-22 159744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AESTFltr]
2009-04-21 19:01 737280 ----a-w- c:\windows\system32\AESTFltr.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Codemasters\\MTV Music Generator\\client.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8777:TCP"= 8777:TCP:BitComet 8777 TCP
"8777:UDP"= 8777:UDP:BitComet 8777 UDP
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [8.9.2011 22:32 14776]
R0 vax347b;vax347b;c:\windows\system32\drivers\vax347b.sys [26.6.2011 16:19 159616]
R0 vax347s;vax347s;c:\windows\system32\drivers\vax347s.sys [26.6.2011 16:19 5248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [27.2.2011 14:56 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [27.2.2011 14:56 320856]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [17.8.2011 13:00 402328]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27.2.2011 14:56 20568]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [27.8.2009 18:09 1253376]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [31.3.2010 23:32 54960]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [22.9.2010 19:40 113664]
R3 ALSysIO;ALSysIO;\??\c:\docume~1\UIVATE~1\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\UIVATE~1\LOCALS~1\Temp\ALSysIO.sys [?]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [9.11.2010 17:05 47360]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [16.9.2010 14:25 30392]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9.4.2011 13:23 136176]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [7.8.2008 12:10 3276800]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9.4.2011 13:23 136176]
S3 iComp;Python2 USB WDM Encoder;c:\windows\system32\drivers\p2usbwdm.sys [15.10.2011 10:55 1548800]
S3 MSICDSetup;MSICDSetup;\??\e:\cdriver.sys --> e:\CDriver.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14.4.2008 14:00 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-09 11:23]
.
2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-09 11:23]
.
2011-10-19 c:\windows\Tasks\User_Feed_Synchronization-{9D3722B8-9C39-44F8-8D83-E5790B933727}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
TCP: DhcpNameServer = 192.168.15.1
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\2hx07fx5.default\
FF - prefs.js: browser.search.selectedEngine - SluneÄŤnice
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=382950&p=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Live HTTP Headers: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} - %profile%\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
FF - Ext: ComplitlyEngine - Speed up your search with your personal search suggestions tool: {33e0daa6-3af3-d8b5-6752-10e949c61516} - %profile%\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-20 00:13
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-448539723-1647877149-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0AA451B8-E300-12A4-F482-805EBE7E96D1}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"nabfmepphkdjfggmbadjeomgaedb"=hex:6a,61,65,65,61,70,64,6c,6c,6c,65,65,68,69,
69,62,69,6f,6f,6e,00,f7
"mahenkinkpbjjngpejffimjncc"=hex:6b,61,66,65,65,6e,67,6c,6c,62,61,6a,6c,62,6d,
6c,69,68,6c,69,62,67,00,00
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1200)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
.
- - - - - - - > 'lsass.exe'(1256)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
.
Celkový čas: 2011-10-20 00:16:37
ComboFix-quarantined-files.txt 2011-10-19 22:16
ComboFix2.txt 2011-10-18 21:21
ComboFix3.txt 2011-10-18 18:35
ComboFix4.txt 2011-10-17 21:44
.
Před spuštěním: Volných bajtů: 33 240 756 224
Po spuštění: Volných bajtů: 33 217 372 160
.
- - End Of File - - F08F6CE165F98446ACA3F7E9B950D4C2

Re: POMOC PROSIM

Napsal: 20 říj 2011 21:41
od Roli
Ten zmetek antivir je tam pořád.

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Stáhni a spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:

Kód: Vybrat vše

:processes
explorer.exe       

:files 
C:\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
c:\documents and settings\Uživatel\Data aplikací\Search Settings

:commands
[purity]
[emptytemp]
[start explorer]
klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\


Dále stáhni a ulož na plochu SecurityCheck

spusť aplikaci a pokračuj podle instrukcí,

pak mi sem zkopíruj log který na tebe po chvíli vypadne

Re: POMOC PROSIM

Napsal: 21 říj 2011 14:26
od abdul99
OTM LOG


All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\*.tmp not found.
C:\WINDOWS\System32\ConduitEngine.tmp moved successfully.
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\msdownld.tmp folder moved successfully.
File move failed. C:\WINDOWS\S3A2E445B.tmp scheduled to be moved on reboot.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
c:\documents and settings\Uživatel\Data aplikací\Search Settings\temp folder moved successfully.
c:\documents and settings\Uživatel\Data aplikací\Search Settings\res folder moved successfully.
c:\documents and settings\Uživatel\Data aplikací\Search Settings folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Uživatel
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33103 bytes
->FireFox cache emptied: 50533500 bytes
->Flash cache emptied: 1683 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 24 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8192 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 48,00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 10212011_152059

Files moved on Reboot...
C:\WINDOWS\S3A2E445B.tmp moved successfully.
C:\WINDOWS\temp\_avast_\Webshlock.txt moved successfully.
C:\WINDOWS\temp\BtwEventTrace_5_6_0_4500.etl moved successfully.

Registry entries deleted on Reboot...

Re: POMOC PROSIM

Napsal: 21 říj 2011 14:28
od abdul99
Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
avast! Free Antivirus
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Adobe Flash Player ( 10.3.183.10) Flash Player Out of Date!
Mozilla Firefox (3.6.23) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````

Re: POMOC PROSIM

Napsal: 21 říj 2011 21:52
od Roli
Konečně je všechen nepořádek pryč.

Znovu spusť OTMoveIt a nahoře v aplikaci klini na CleanUP!

tímto po sobě uklidí.


Pak dej vědět jaký je stav PC.

Re: POMOC PROSIM

Napsal: 22 říj 2011 08:09
od abdul99
Všechno je OK a PC funguje bez problémů a je rychlejší než předtím. Takže strašně moc děkuju.. Dají se nějak podpořit tyhle stránky?

Re: POMOC PROSIM

Napsal: 22 říj 2011 20:30
od Roli
abdul99 píše:Dají se nějak podpořit tyhle stránky?
Ano dají, TADY je jak na to :)
abdul99 píše:Všechno je OK a PC funguje bez problémů a je rychlejší než předtím. Takže strašně moc děkuju..
Není zač a kdyby byl zase problém klidně písni :wink:
Všechny časy jsou v UTC+01:00
Stránka 2 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz