VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o kontrolu logu

https://forum.viry.cz:443/viewtopic.php?t=117453

Stránka 2 z 2

Re: Prosím o kontrolu logu

Napsal: 30 lis 2011 19:46
od buk
Tady je log:
ComboFix 11-11-30.01 - Mirek 30.11.2011 19:34:50.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3327.2551 [GMT 1:00]
Spuštěný z: c:\documents and settings\Mirek\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Mirek\LOCALS~1\Temp\sfamcc00001.dll
c:\docume~1\Mirek\LOCALS~1\Temp\sfareca00001.dll
c:\documents and settings\Mirek\Local Settings\Temp\sfamcc00001.dll
c:\documents and settings\Mirek\Local Settings\Temp\sfareca00001.dll
c:\windows\IsUn0405.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\TZLog.log
c:\windows\system32\usmt\migwiz_a.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-28 do 2011-11-30 )))))))))))))))))))))))))))))))
.
.
2011-11-24 17:49 . 2011-11-24 17:49 -------- d-----r- C:\MSOCache
2011-11-21 09:39 . 2011-11-21 11:25 -------- d-----w- C:\C
2011-11-20 16:47 . 2011-11-20 16:48 -------- d-----w- C:\totalcmd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-24 16:00 . 2011-11-24 16:00 669823 ----a-w- c:\windows\M3N78-0902.zip
2011-09-28 07:06 . 2003-04-16 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 10:41 . 2008-07-29 18:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41 . 2003-04-16 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 10:41 . 2003-04-16 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-06 14:10 . 2003-04-16 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2011-11-01 1053056]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"StickyPassword"="c:\program files\Sticky Password\stpass.exe" [2011-09-29 2898776]
"RocketDock"="d:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2011-11-30 26624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-08-15 30003200]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 153672]
"ASUS Update Checker"="c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2009-12-28 121472]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"PMBVolumeWatcher"="d:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2011-03-15 650080]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
SpeedFan.lnk - d:\program files\SpeedFan\speedfan.exe [2011-11-3 4657048]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Electronic Arts\\SHIFT 2 UNLEASHED\\shift2u.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [24.11.2011 16:58 11448]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [25.11.2011 18:36 239168]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [24.11.2011 15:08 21992]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;d:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [15.3.2011 14:44 428384]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [20.11.2011 14:07 31392]
R3 PAC7311;Phenix-Q8;c:\windows\system32\drivers\PA707UCM.SYS [18.10.2005 11:48 154752]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [20.11.2011 14:06 845184]
S1 MpKsle02a0719;MpKsle02a0719;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{7FD24FC1-5C37-4502-919B-14F573F47B61}\MpKsle02a0719.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{7FD24FC1-5C37-4502-919B-14F573F47B61}\MpKsle02a0719.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28.11.2011 18:59 136176]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [25.11.2011 18:07 23456]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [28.11.2011 18:59 136176]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [16.4.2003 13:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-28 17:59]
.
2011-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-28 17:59]
.
2011-11-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]
.
2011-11-30 c:\windows\Tasks\User_Feed_Synchronization-{4AEF0513-4DCF-4821-9C16-9E49FBE42DBD}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: Interfaces\{DF5D6EE1-03B4-4B0D-B26A-E6A8C3F64EE7}: NameServer = 10.10.10.100
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-Nektra OEAPI - (no file)
HKCU-Run-WEBTRAN - (no file)
AddRemove-PC Translator - c:\docume~1\Mirek\LOCALS~1\Temp\UN32.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-30 19:39
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3960)
d:\program files\RocketDock\RocketDock.dll
c:\program files\Sticky Password\spCapBtn.dll
c:\documents and settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
c:\program files\Windows Media Player\wmpband.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\wpabaln.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
.
**************************************************************************
.
Celkový čas: 2011-11-30 19:42:44 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-30 18:42
.
Před spuštěním: Volných bajtů: 61 726 040 064
Po spuštění: Volných bajtů: 62 429 450 240
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 487B2EBF5612D5EF409B06D4B9CAEC69

Re: Prosím o kontrolu logu

Napsal: 30 lis 2011 20:00
od vyosek
:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaSuite.exe"=-
"DAEMON Tools Lite"=-
"OEXPRESS"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-
"SunJavaUpdateSched"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Antiwpa]

Collect::
C:\WINDOWS\system32\antiwpa.dll

File::
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{4AEF0513-4DCF-4821-9C16-9E49FBE42DBD}.job

Driver::
gupdate
gupdatem
MpKsle02a0719
JavaQuickStarterService

ClearJavaCache::

AtJob::

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Re: Prosím o kontrolu logu

Napsal: 30 lis 2011 20:24
od buk
další log:
ComboFix 11-11-30.01 - Mirek 30.11.2011 20:14:40.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3327.2513 [GMT 1:00]
Spuštěný z: c:\documents and settings\Mirek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Mirek\Plocha\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\User_Feed_Synchronization-{4AEF0513-4DCF-4821-9C16-9E49FBE42DBD}.job"
.
file zipped: c:\windows\system32\antiwpa.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\antiwpa.dll
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
c:\windows\tasks\User_Feed_Synchronization-{4AEF0513-4DCF-4821-9C16-9E49FBE42DBD}.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Legacy_JAVAQUICKSTARTERSERVICE
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_JavaQuickStarterService
-------\Service_MpKsle02a0719
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-28 do 2011-11-30 )))))))))))))))))))))))))))))))
.
.
2011-11-24 17:49 . 2011-11-24 17:49 -------- d-----r- C:\MSOCache
2011-11-21 09:39 . 2011-11-21 11:25 -------- d-----w- C:\C
2011-11-20 16:47 . 2011-11-20 16:48 -------- d-----w- C:\totalcmd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-24 16:00 . 2011-11-24 16:00 669823 ----a-w- c:\windows\M3N78-0902.zip
2011-09-28 07:06 . 2003-04-16 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 10:41 . 2008-07-29 18:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41 . 2003-04-16 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 10:41 . 2003-04-16 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-06 14:10 . 2003-04-16 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-30_18.39.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-04-16 12:00 . 2011-11-30 18:43 81702 c:\windows\system32\perfc009.dat
- 2003-04-16 12:00 . 2011-11-30 16:22 81702 c:\windows\system32\perfc009.dat
- 2003-04-16 12:00 . 2011-11-30 16:22 486738 c:\windows\system32\perfh009.dat
+ 2003-04-16 12:00 . 2011-11-30 18:43 486738 c:\windows\system32\perfh009.dat
+ 2003-04-16 12:00 . 2011-11-30 18:43 503264 c:\windows\system32\perfh005.dat
- 2003-04-16 12:00 . 2011-11-30 16:22 503264 c:\windows\system32\perfh005.dat
- 2003-04-16 12:00 . 2011-11-30 16:22 103272 c:\windows\system32\perfc005.dat
+ 2003-04-16 12:00 . 2011-11-30 18:43 103272 c:\windows\system32\perfc005.dat
+ 2011-11-20 16:08 . 2011-11-30 18:51 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2011-11-20 16:08 . 2011-11-30 16:43 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StickyPassword"="c:\program files\Sticky Password\stpass.exe" [2011-09-29 2898776]
"RocketDock"="d:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-08-15 30003200]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 153672]
"ASUS Update Checker"="c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2009-12-28 121472]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"PMBVolumeWatcher"="d:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2011-03-15 650080]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
SpeedFan.lnk - d:\program files\SpeedFan\speedfan.exe [2011-11-3 4657048]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Electronic Arts\\SHIFT 2 UNLEASHED\\shift2u.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
.
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [24.11.2011 16:58 11448]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [25.11.2011 18:36 239168]
R1 MpKsldb7f3790;MpKsldb7f3790;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{3ACA2141-B463-400F-B812-914033E28DC5}\MpKsldb7f3790.sys [30.11.2011 19:43 28752]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [24.11.2011 15:08 21992]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;d:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [15.3.2011 14:44 428384]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [20.11.2011 14:07 31392]
R3 PAC7311;Phenix-Q8;c:\windows\system32\drivers\PA707UCM.SYS [18.10.2005 11:48 154752]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [20.11.2011 14:06 845184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [25.11.2011 18:07 23456]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [16.4.2003 13:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: Interfaces\{DF5D6EE1-03B4-4B0D-B26A-E6A8C3F64EE7}: NameServer = 10.10.10.100
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-30 20:19
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2936)
d:\program files\RocketDock\RocketDock.dll
c:\program files\Sticky Password\spCapBtn.dll
c:\program files\Windows Media Player\wmpband.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\wpabaln.exe
.
**************************************************************************
.
Celkový čas: 2011-11-30 20:21:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-30 19:21
ComboFix2.txt 2011-11-30 18:42
.
Před spuštěním: Volných bajtů: 62 400 659 456
Po spuštění: Volných bajtů: 62 300 319 744
.
- - End Of File - - 63FABB81434F88F76426967D6E1AEAAE
Nahr nˇ probŘhlo ŁspŘçnŘ

Re: Prosím o kontrolu logu

Napsal: 30 lis 2011 20:25
od vyosek
Jak se chova PC :???:

Re: Prosím o kontrolu logu

Napsal: 30 lis 2011 20:28
od buk
PC se chová dobře, žádný okna na mě nevyskakují. Díky za vyčištění těch neřádů :thumbsup:

Re: Prosím o kontrolu logu

Napsal: 30 lis 2011 20:30
od vyosek
:arrow: Odinstalujte Combofix
  • Prejmenujte ComboFix na Uninstall
  • Spustte jej
  • Tohle smaze Combofix a jeho slozky
:arrow: T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Stahnete Ccleaner (viz muj podpis)
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za tyden

:arrow: A pokud nejsou problemy ci dotazy, je to z me strany vse :|

Re: Prosím o kontrolu logu

Napsal: 30 lis 2011 20:33
od buk
Děkuji, bylo to vyčerpávající.

Re: Prosím o kontrolu logu

Napsal: 30 lis 2011 20:34
od vyosek
Nemate zac, rad jsem pomohl :worship: Zase nekdy Obrázek


A na rozloucenou vam zahraje nase kapela :guitar: :150: :151: :152: :153: :154: :196:

Re: Prosím o kontrolu logu

Napsal: 30 lis 2011 20:52
od buk
:all_coholic:

Re: Prosím o kontrolu logu

Napsal: 30 lis 2011 20:55
od vyosek
:) :closed:
Všechny časy jsou v UTC+01:00
Stránka 2 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz