VIRY.CZ

Sloní slečna nestíhá

.
Používáte stopzillu?

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Reglock::
[HKEY_USERS\S-1-5-21-1229272821-1935655697-682003330-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3* N}Ź]
[HKEY_USERS\S-1-5-21-1229272821-1935655697-682003330-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3* N}ŹhQčţ”Ąc]

DDS::
mStart Page = hxxp://downloads.phpnuke.org/en/index.php?rvs=google

Driver::
SSPORT

Restore::
c:\windows\system32\drivers\tcpip.sys

Dirlook::
c:\windows\system32\(null)

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

sloni slecna podle obrazku...

ne podle toho jak je to u zvirat...bez urazky jsem to myslela...jdu precist podrobne co jste mi napsala...pak se ozvu...snad budu vedet co mam delat...miau...

stopzillu nemam a combofix nemam..uz jsem ho vyhodila..ale ted jsem si ho stahla z predesle rady jak jste mi predtim poslala link...uz ho mam na plose....snad uvidim, kde najdu poznamkovy blok...

nasla jsem...skopirovala a soubor jsem pojmenovala jako CFScript.txt mam to na oplose...jdu udelat to pusteni do ikony combofixu...

tak uz jsem to udelala...popisu...upustila jsem ale nespustil se sam jak jsem byla zvykla, po upusteni se otevrelo okno spustit, klikla jsem spustit a pak jsem videla, ze chc
telo aktualizace combofix, dala jsem ok...po dokonceni mam log, ktery mi po restartu udelala aplikace...snad je to tak ok a ten txt to v sobe melo po spusteni(nerozumim takovym vecem)...skopiruju a vlozim sem

ComboFix 11-11-26.04 - miau131313 27.11.2011 14:26:11.7.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.1917.1253 [GMT 1:00]
Running from: c:\documents and settings\miau131313\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\miau131313\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: avast! Antivirus *Enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\CSC\d6
c:\windows\iun6002.exe
.
Infected copy of c:\windows\system32\drivers\tcpip.sys was found and disinfected
Restored copy from - c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SSPORT
-------\Service_SSPORT
.
.
((((((((((((((((((((((((( Files Created from 2011-10-27 to 2011-11-27 )))))))))))))))))))))))))))))))
.
.
2011-11-25 16:05 . 2011-11-25 16:05 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-11-24 12:38 . 2011-11-24 13:35 512 ----a-w- C:\PhysicalMBR.bin
2011-11-23 01:13 . 2007-12-20 09:41 29440 ----a-w- c:\windows\system32\uxtuneup.dll
2011-11-22 17:46 . 2011-11-22 17:46 -------- d-----w- c:\program files\Common Files\LogiShrd
2011-11-19 22:51 . 2011-11-19 22:51 -------- d-----w- c:\documents and settings\miau131313\DoctorWeb
2011-11-14 15:08 . 2011-11-14 15:08 -------- d-----w- c:\documents and settings\miau131313\Local Settings\Data aplikací\Daňové_riaditeľstvo_SR
2011-11-12 19:44 . 2008-04-14 07:49 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2011-11-12 18:54 . 2008-04-14 07:52 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2011-11-10 20:13 . 2011-11-11 20:21 2406 ----a-w- c:\windows\system32\ASOROSet.bin
2011-11-10 20:10 . 2011-11-10 20:13 -------- d-----w- c:\documents and settings\miau131313\Data aplikací\Systweak
2011-11-10 20:10 . 2011-07-07 12:26 17280 ----a-w- c:\windows\system32\roboot.exe
2011-11-10 19:27 . 2009-11-02 16:47 11520 ----a-w- c:\windows\system32\drivers\gMouUsb.sys
2011-11-10 19:27 . 2009-11-02 16:43 20480 ----a-w- c:\windows\system32\drivers\gHidPnp.sys
2011-11-10 19:27 . 2011-11-10 19:27 -------- d-----w- C:\Genius
2011-11-09 22:27 . 2011-11-09 22:27 -------- d-----w- c:\documents and settings\miau131313\Local Settings\Data aplikací\SlimWare Utilities Inc
2011-11-07 14:26 . 2011-11-07 16:09 -------- d-----w- C:\video_output
2011-11-05 01:23 . 2011-11-22 23:18 -------- d-----w- c:\windows\system32\RTCOM
2011-11-05 00:38 . 2011-11-05 00:38 -------- d-----w- c:\program files\Lavalys
2011-11-02 20:56 . 2011-11-02 20:56 -------- d-----w- c:\program files\ESET
2011-11-02 19:55 . 2011-11-02 20:03 -------- d-----w- c:\program files\trend micro
2011-11-02 12:51 . 2011-11-02 12:51 -------- d-----w- c:\program files\SystemRequirementsLab
2011-11-02 11:52 . 2011-11-14 15:18 -------- d-----w- c:\documents and settings\miau131313\Local Settings\Data aplikací\Deployment
2011-11-02 01:27 . 2011-11-02 01:27 -------- d-----w- c:\program files\Conduit
2011-11-02 01:27 . 2011-11-02 01:27 -------- d-----w- c:\documents and settings\miau131313\Local Settings\Data aplikací\uTorrentBar
2011-11-02 01:10 . 2011-11-02 01:10 -------- d-----w- c:\program files\Analog Devices
2011-11-01 23:59 . 2011-11-01 23:59 -------- d-----w- c:\program files\Driver-Soft
2011-11-01 12:34 . 2009-03-18 16:35 26176 ----a-w- c:\windows\system32\hamachi.sys
2011-10-31 21:57 . 2011-10-31 21:57 -------- d-----w- c:\documents and settings\miau131313\Data aplikací\DesktopPwrMgr
2011-10-31 21:52 . 2011-10-31 21:52 7012 ----a-w- c:\windows\system32\drivers\pmemnt.sys
2011-10-31 20:26 . 2011-10-31 20:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Drivers HeadQuarters
2011-10-31 11:09 . 2011-10-31 11:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-10-31 11:02 . 2011-10-31 11:02 -------- d-----w- c:\documents and settings\miau131313\Local Settings\Data aplikací\PackageAware
2011-10-30 23:25 . 2008-04-14 07:51 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-10-30 23:25 . 2001-10-24 11:25 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-10-30 22:30 . 2011-10-31 13:37 -------- d-----w- c:\documents and settings\miau131313\Local Settings\Data aplikací\Facebook
2011-10-29 23:10 . 2011-11-01 00:39 -------- d-----w- c:\program files\Common Files\Lenovo
2011-10-29 20:40 . 2011-10-29 20:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SuperIO
2011-10-29 20:38 . 2011-10-29 20:38 -------- d-----w- c:\program files\Marvell
2011-10-29 18:07 . 2011-11-10 13:32 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PCDr
2011-10-29 18:04 . 2011-11-10 14:38 -------- d-----w- c:\documents and settings\miau131313\Data aplikací\Update
2011-10-29 18:04 . 2011-10-29 18:08 -------- d-----w- c:\documents and settings\miau131313\Data aplikací\PCDr
2011-10-29 09:07 . 2010-08-22 11:48 114176 ----a-w- c:\windows\system32\PCWizard.cpl
2011-10-28 18:33 . 2011-10-28 18:33 -------- d-----w- c:\windows\system32\(null)
2011-10-28 18:33 . 2011-10-31 21:52 30144 ----a-w- c:\windows\system32\drivers\psadd.sys
2011-10-28 18:13 . 2011-10-28 18:13 -------- d-----w- C:\SWTOOLS
2011-10-28 15:25 . 2010-11-05 18:03 1552 ----a-w- c:\windows\system32\drivers\SAMSfPa.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 01:13 . 2009-12-12 11:42 306432 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2011-11-12 09:41 . 2011-05-23 12:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-18 17:10 . 2011-10-28 02:24 64616 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-10-10 14:22 . 2009-12-12 11:27 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2008-04-14 06:51 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 18:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-10-25 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2001-10-25 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-06 20:45 . 2010-07-18 16:20 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2009-12-12 13:50 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-09-11 11:53 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-09-06 20:38 . 2011-04-04 23:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2009-12-12 13:51 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:37 . 2011-09-11 11:53 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-09-06 20:36 . 2009-12-12 13:51 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2009-12-12 13:51 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2009-12-12 13:51 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2009-12-12 13:51 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2009-12-12 13:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2009-12-12 13:51 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 14:10 . 2008-04-14 05:45 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-06-01 20:17 . 2011-06-01 20:16 20533281 ----a-w- c:\program files\vlc-1.1.9-win32.exe
2010-07-22 21:40 . 2010-09-24 17:59 2944904 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
2010-03-15 03:23 . 2010-03-15 03:23 18499623 -c--a-w- c:\program files\vlc-1.0.5-win32.exe
2010-02-20 19:46 . 2010-02-20 19:46 7897671 -c--a-w- c:\program files\AntikVSTB.exe
2011-11-08 23:49 . 2011-04-20 10:06 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\system32\(null) ----
.
2011-10-28 18:33 . 2011-10-31 21:55 450 ----a-w- c:\windows\system32\(null)\tvtsched.log
.
.
((((((((((((((((((((((((((((( SnapShot_2011-11-25_13.05.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-27 13:34 . 2011-11-27 13:34 16384 c:\windows\Temp\Perflib_Perfdata_71c.dat
+ 2009-12-12 11:31 . 2011-11-25 16:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-12-12 11:31 . 2011-11-19 21:37 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-11-25 15:59 . 2011-11-25 16:01 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-13 22:50 . 2008-06-20 11:59 361600 c:\windows\system32\drivers\tcpip.sys
- 2008-04-13 22:50 . 2008-06-20 11:51 361600 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-08-27 614400]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-06 488984]
"LogitechQuickCamRibbon"="c:\program files\Labtec\WebCam\WebCam10.exe" [2007-03-06 1060376]
"RTHDCPL"="RTHDCPL.EXE" [2011-10-14 20064872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2011-08-17 124928]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"StartMenuLogoff"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\rserver30\\rserver3.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\miau131313\\Local Settings\\Data aplikací\\AntikVirtualSTB\\AntikVirtualSTB.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\miau131313\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12.12.2009 12:41 64288]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [13.12.2009 11:24 911680]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5.4.2011 0:05 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12.12.2009 14:51 320856]
R1 raddrvv3;raddrvv3;c:\windows\system32\rserver30\raddrvv3.sys [9.10.2009 14:00 46304]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [13.12.2009 11:24 2480048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.12.2009 14:51 20568]
R2 GeniusMouseService;GeniusMouseService;c:\genius\ioCentre\GMouseService.exe [10.11.2011 20:27 12288]
R2 RServer3;Radmin Server V3;c:\windows\system32\rserver30\rserver3.exe [9.10.2009 14:00 1242504]
R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [3.11.2011 19:25 2358656]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [13.12.2009 11:24 160288]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [10.11.2011 20:27 20480]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [10.11.2011 20:27 11520]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [11.9.2011 12:53 111320]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS --> c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [?]
S2 avast! Firewall;avast! Firewall;"c:\program files\Alwil Software\Avast5\afwServ.exe" --> c:\program files\Alwil Software\Avast5\afwServ.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [23.11.2011 0:18 1691480]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [12.3.2010 13:45 1668352]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18.12.2009 11:58 11336]
S3 cpuz134;cpuz134;\??\c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys --> c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [?]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\DRIVERS\gMouPS2.sys --> c:\windows\system32\DRIVERS\gMouPS2.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12.7.2010 9:55 2152152]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [15.9.2010 10:52 137344]
S3 SuperIO;Lenovo ASD HWM Driver;c:\windows\system32\drivers\spio.sys [6.3.2008 13:33 5760]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [11.3.2010 10:17 25088]
S3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [25.11.2011 17:05 111872]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 07:40]
.
2011-11-27 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
mWindow Title = Microsoft Internet Explorer
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: SmarThru4 Capture Selection - (value not set)
IE: SmarThru4 Save as HTML - (value not set)
IE: SmarThru4 Save Selected Text - (value not set)
IE: SmarThru4 Web Capture - (value not set)
IE: ????3?? - c:\documents and settings\miau131313\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\miau131313\Data aplikací\FlashGetBHO\GetAllUrl.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WEBIE.DLL
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{7B03518D-B041-4815-BFE9-0EA835877B2F}: NameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\miau131313\Data aplikací\Mozilla\Firefox\Profiles\9mmw2ccj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: content.notify.interval - 100000
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.switch.threshold - 650000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-27 14:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1229272821-1935655697-682003330-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\miau131313\\Data aplikací\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-1229272821-1935655697-682003330-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\miau131313\\Data aplikací\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-1229272821-1935655697-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3520)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Acronis\Plán2\schedul2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-11-27 14:37:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-27 13:37
ComboFix2.txt 2011-11-19 22:02
ComboFix3.txt 2011-11-04 20:40
ComboFix4.txt 2011-11-03 21:30
.
Pre-Run: Volných bajtů: 32 628 813 824
Post-Run: Volných bajtů: 32 634 441 728
.
- - End Of File - - DEFB0E01E54D5844D3C814A1F3B3AC92

tak a ted cekam na krasnou upozornuji stihlounkou sloni slecnu

co mi na to vse napise a odporuci...

...kdyby to nebylo ok...udelala jsem to cele jeste jednou (snad nevadi...) a uz se to po vpusteni txt nad ikonkou spustilo samo...mam i ten druhy log...tak kdyby bylo potreba, dam ho tady take...

Tak mi sem vložte i ten druhý log. Omlouvám se za zpoždění, nějak ted nestíhám

hezky vecer, vkladam i druhy log...ja se nezlobim, jsem rada, ze mi vubec pomahate a takhle s mravenci praci..dekuju :

ComboFix 11-11-26.04 - miau131313 27.11.2011 14:57:23.8.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.1917.1339 [GMT 1:00]
Running from: c:\documents and settings\miau131313\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\miau131313\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: avast! Antivirus *Enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\CSC\d6
.
Infected copy of c:\windows\system32\drivers\tcpip.sys was found and disinfected
Restored copy from - c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-10-27 to 2011-11-27 )))))))))))))))))))))))))))))))
.
.
2011-11-25 16:05 . 2011-11-25 16:05 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-11-24 12:38 . 2011-11-24 13:35 512 ----a-w- C:\PhysicalMBR.bin
2011-11-23 01:13 . 2007-12-20 09:41 29440 ----a-w- c:\windows\system32\uxtuneup.dll
2011-11-22 17:46 . 2011-11-22 17:46 -------- d-----w- c:\program files\Common Files\LogiShrd
2011-11-19 22:51 . 2011-11-19 22:51 -------- d-----w- c:\documents and settings\miau131313\DoctorWeb
2011-11-14 15:08 . 2011-11-14 15:08 -------- d-----w- c:\documents and settings\miau131313\Local Settings\Data aplikací\Daňové_riaditeľstvo_SR
2011-11-12 19:44 . 2008-04-14 07:49 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2011-11-12 18:54 . 2008-04-14 07:52 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2011-11-10 20:13 . 2011-11-11 20:21 2406 ----a-w- c:\windows\system32\ASOROSet.bin
2011-11-10 20:10 . 2011-11-10 20:13 -------- d-----w- c:\documents and settings\miau131313\Data aplikací\Systweak
2011-11-10 20:10 . 2011-07-07 12:26 17280 ----a-w- c:\windows\system32\roboot.exe
2011-11-10 19:27 . 2009-11-02 16:47 11520 ----a-w- c:\windows\system32\drivers\gMouUsb.sys
2011-11-10 19:27 . 2009-11-02 16:43 20480 ----a-w- c:\windows\system32\drivers\gHidPnp.sys
2011-11-10 19:27 . 2011-11-10 19:27 -------- d-----w- C:\Genius
2011-11-09 22:27 . 2011-11-09 22:27 -------- d-----w- c:\documents and settings\miau131313\Local Settings\Data aplikací\SlimWare Utilities Inc
2011-11-07 14:26 . 2011-11-07 16:09 -------- d-----w- C:\video_output
2011-11-05 01:23 . 2011-11-22 23:18 -------- d-----w- c:\windows\system32\RTCOM
2011-11-05 00:38 . 2011-11-05 00:38 -------- d-----w- c:\program files\Lavalys
2011-11-02 20:56 . 2011-11-02 20:56 -------- d-----w- c:\program files\ESET
2011-11-02 19:55 . 2011-11-02 20:03 -------- d-----w- c:\program files\trend micro
2011-11-02 12:51 . 2011-11-02 12:51 -------- d-----w- c:\program files\SystemRequirementsLab
2011-11-02 11:52 . 2011-11-14 15:18 -------- d-----w- c:\documents and settings\miau131313\Local Settings\Data aplikací\Deployment
2011-11-02 01:27 . 2011-11-02 01:27 -------- d-----w- c:\program files\Conduit
2011-11-02 01:27 . 2011-11-02 01:27 -------- d-----w- c:\documents and settings\miau131313\Local Settings\Data aplikací\uTorrentBar
2011-11-02 01:10 . 2011-11-02 01:10 -------- d-----w- c:\program files\Analog Devices
2011-11-01 23:59 . 2011-11-01 23:59 -------- d-----w- c:\program files\Driver-Soft
2011-11-01 12:34 . 2009-03-18 16:35 26176 ----a-w- c:\windows\system32\hamachi.sys
2011-10-31 21:57 . 2011-10-31 21:57 -------- d-----w- c:\documents and settings\miau131313\Data aplikací\DesktopPwrMgr
2011-10-31 21:52 . 2011-10-31 21:52 7012 ----a-w- c:\windows\system32\drivers\pmemnt.sys
2011-10-31 20:26 . 2011-10-31 20:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Drivers HeadQuarters
2011-10-31 11:09 . 2011-10-31 11:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-10-31 11:02 . 2011-10-31 11:02 -------- d-----w- c:\documents and settings\miau131313\Local Settings\Data aplikací\PackageAware
2011-10-30 23:25 . 2008-04-14 07:51 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-10-30 23:25 . 2001-10-24 11:25 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-10-30 22:30 . 2011-10-31 13:37 -------- d-----w- c:\documents and settings\miau131313\Local Settings\Data aplikací\Facebook
2011-10-29 23:10 . 2011-11-01 00:39 -------- d-----w- c:\program files\Common Files\Lenovo
2011-10-29 20:40 . 2011-10-29 20:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SuperIO
2011-10-29 20:38 . 2011-10-29 20:38 -------- d-----w- c:\program files\Marvell
2011-10-29 18:07 . 2011-11-10 13:32 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PCDr
2011-10-29 18:04 . 2011-11-10 14:38 -------- d-----w- c:\documents and settings\miau131313\Data aplikací\Update
2011-10-29 18:04 . 2011-10-29 18:08 -------- d-----w- c:\documents and settings\miau131313\Data aplikací\PCDr
2011-10-29 09:07 . 2010-08-22 11:48 114176 ----a-w- c:\windows\system32\PCWizard.cpl
2011-10-28 18:33 . 2011-10-28 18:33 -------- d-----w- c:\windows\system32\(null)
2011-10-28 18:33 . 2011-10-31 21:52 30144 ----a-w- c:\windows\system32\drivers\psadd.sys
2011-10-28 18:13 . 2011-10-28 18:13 -------- d-----w- C:\SWTOOLS
2011-10-28 15:25 . 2010-11-05 18:03 1552 ----a-w- c:\windows\system32\drivers\SAMSfPa.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 01:13 . 2009-12-12 11:42 306432 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2011-11-12 09:41 . 2011-05-23 12:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-18 17:10 . 2011-10-28 02:24 64616 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-10-10 14:22 . 2009-12-12 11:27 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2008-04-14 06:51 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 18:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-10-25 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2001-10-25 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-06 20:45 . 2010-07-18 16:20 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2009-12-12 13:50 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-09-11 11:53 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-09-06 20:38 . 2011-04-04 23:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2009-12-12 13:51 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:37 . 2011-09-11 11:53 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-09-06 20:36 . 2009-12-12 13:51 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2009-12-12 13:51 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2009-12-12 13:51 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2009-12-12 13:51 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2009-12-12 13:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2009-12-12 13:51 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 14:10 . 2008-04-14 05:45 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-06-01 20:17 . 2011-06-01 20:16 20533281 ----a-w- c:\program files\vlc-1.1.9-win32.exe
2010-07-22 21:40 . 2010-09-24 17:59 2944904 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
2010-03-15 03:23 . 2010-03-15 03:23 18499623 -c--a-w- c:\program files\vlc-1.0.5-win32.exe
2010-02-20 19:46 . 2010-02-20 19:46 7897671 -c--a-w- c:\program files\AntikVSTB.exe
2011-11-08 23:49 . 2011-04-20 10:06 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\system32\(null) ----
.
2011-10-28 18:33 . 2011-10-31 21:55 450 ----a-w- c:\windows\system32\(null)\tvtsched.log
.
.
((((((((((((((((((((((((((((( SnapShot_2011-11-25_13.05.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-27 14:04 . 2011-11-27 14:04 16384 c:\windows\Temp\Perflib_Perfdata_5c0.dat
+ 2009-12-12 11:31 . 2011-11-25 16:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-12-12 11:31 . 2011-11-19 21:37 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-13 22:50 . 2008-06-20 11:59 361600 c:\windows\system32\drivers\tcpip.sys
- 2008-04-13 22:50 . 2008-06-20 11:51 361600 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-08-27 614400]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-06 488984]
"LogitechQuickCamRibbon"="c:\program files\Labtec\WebCam\WebCam10.exe" [2007-03-06 1060376]
"RTHDCPL"="RTHDCPL.EXE" [2011-10-14 20064872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2011-08-17 124928]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"StartMenuLogoff"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\rserver30\\rserver3.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\miau131313\\Local Settings\\Data aplikací\\AntikVirtualSTB\\AntikVirtualSTB.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\miau131313\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12.12.2009 12:41 64288]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [13.12.2009 11:24 911680]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5.4.2011 0:05 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12.12.2009 14:51 320856]
R1 raddrvv3;raddrvv3;c:\windows\system32\rserver30\raddrvv3.sys [9.10.2009 14:00 46304]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [13.12.2009 11:24 2480048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.12.2009 14:51 20568]
R2 GeniusMouseService;GeniusMouseService;c:\genius\ioCentre\GMouseService.exe [10.11.2011 20:27 12288]
R2 RServer3;Radmin Server V3;c:\windows\system32\rserver30\rserver3.exe [9.10.2009 14:00 1242504]
R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [3.11.2011 19:25 2358656]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [13.12.2009 11:24 160288]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [10.11.2011 20:27 20480]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [10.11.2011 20:27 11520]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [11.9.2011 12:53 111320]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS --> c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [?]
S2 avast! Firewall;avast! Firewall;"c:\program files\Alwil Software\Avast5\afwServ.exe" --> c:\program files\Alwil Software\Avast5\afwServ.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [23.11.2011 0:18 1691480]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [12.3.2010 13:45 1668352]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18.12.2009 11:58 11336]
S3 cpuz134;cpuz134;\??\c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys --> c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [?]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\DRIVERS\gMouPS2.sys --> c:\windows\system32\DRIVERS\gMouPS2.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12.7.2010 9:55 2152152]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [15.9.2010 10:52 137344]
S3 SuperIO;Lenovo ASD HWM Driver;c:\windows\system32\drivers\spio.sys [6.3.2008 13:33 5760]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [11.3.2010 10:17 25088]
S3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [25.11.2011 17:05 111872]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 07:40]
.
2011-11-27 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
mWindow Title = Microsoft Internet Explorer
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: SmarThru4 Capture Selection - (value not set)
IE: SmarThru4 Save as HTML - (value not set)
IE: SmarThru4 Save Selected Text - (value not set)
IE: SmarThru4 Web Capture - (value not set)
IE: ????3?? - c:\documents and settings\miau131313\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\miau131313\Data aplikací\FlashGetBHO\GetAllUrl.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WEBIE.DLL
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{7B03518D-B041-4815-BFE9-0EA835877B2F}: NameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\miau131313\Data aplikací\Mozilla\Firefox\Profiles\9mmw2ccj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: content.notify.interval - 100000
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.switch.threshold - 650000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-27 15:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1229272821-1935655697-682003330-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\miau131313\\Data aplikací\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-1229272821-1935655697-682003330-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\miau131313\\Data aplikací\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-1229272821-1935655697-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3588)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Acronis\Plán2\schedul2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-11-27 15:07:35 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-27 14:07
ComboFix2.txt 2011-11-19 22:02
ComboFix3.txt 2011-11-04 20:40
ComboFix4.txt 2011-11-03 21:30
.
Pre-Run: Volných bajtů: 32 645 984 256
Post-Run: Volných bajtů: 32 596 275 200
.
- - End Of File - - 5F8F3513657346D48BC5A7FCA03D2A10

Soubor c:\windows\system32\drivers\tcpip.sys otestujte na www.virustotal.com.
Pokud se bude ptát, dejte reanalyze. Pokud nepujde nahrát, napište.

hezky den,
dala jsem ho prohledat vami doporucenou aplikaci...potrebovalo kliknout REANALIZE..pak se to spustilo...ale nevim co ted...nikde nevidim, ze by mi to nabizelo nejaky log ...klikla jsem na SHOW ALL a mam to na obrazovce...staci kdyz vam to skopiruju co mi to ukazuje???

File name:
tcpip.sys
Submission date:
2011-11-29 13:58:03 (UTC)
Current status:
finished
Result:
1/ 43 (2.3%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.11.29.01 2011.11.29 -
AntiVir 7.11.18.119 2011.11.29 -
Antiy-AVL 2.0.3.7 2011.11.29 -
Avast 6.0.1289.0 2011.11.29 -
AVG 10.0.0.1190 2011.11.29 -
BitDefender 7.2 2011.11.29 -
ByteHero 1.0.0.1 2011.11.29 -
CAT-QuickHeal 12.00 2011.11.29 -
ClamAV 0.97.3.0 2011.11.29 -
Commtouch 5.3.2.6 2011.11.29 -
Comodo 10793 2011.11.29 -
DrWeb 5.0.2.03300 2011.11.29 -
Emsisoft 5.1.0.11 2011.11.29 -
eSafe 7.0.17.0 2011.11.28 -
eTrust-Vet 37.0.9593 2011.11.29 -
F-Prot 4.6.5.141 2011.11.28 -
F-Secure 9.0.16440.0 2011.11.29 -
Fortinet 4.3.370.0 2011.11.29 -
GData 22 2011.11.29 -
Ikarus T3.1.1.109.0 2011.11.29 -
Jiangmin 13.0.900 2011.11.28 -
K7AntiVirus 9.119.5555 2011.11.28 -
Kaspersky 9.0.0.837 2011.11.29 -
McAfee 5.400.0.1158 2011.11.29 -
McAfee-GW-Edition 2010.1D 2011.11.29
Microsoft 1.7801 2011.11.29 -
NOD32 6668 2011.11.29 -
Norman 6.07.13 2011.11.29 -
nProtect 2011-11-29.01 2011.11.29 -
Panda 10.0.3.5 2011.11.28 -
PCTools 8.0.0.5 2011.11.29 -
Prevx 3.0 2011.11.29 -
Rising 23.86.01.02 2011.11.29 -
Sophos 4.71.0 2011.11.29 -
SUPERAntiSpyware 4.40.0.1006 2011.11.29 -
Symantec 20111.2.0.82 2011.11.29 -
TheHacker 6.7.0.1.350 2011.11.27 -
TrendMicro 9.500.0.1008 2011.11.29 -
TrendMicro-HouseCall 9.500.0.1008 2011.11.29 -
VBA32 3.12.16.4 2011.11.28 -
VIPRE 11175 2011.11.29 -
ViRobot 2011.11.29.4799 2011.11.29 -
VirusBuster 14.1.89.0 2011.11.28 -
Additional information
MD5 : ad978a1b783b5719720cff204b666c8e
SHA1 : 3b6fd9f23491f4b42872c817da767f11b675c13e
SHA256: fa50a3664522c58e1637c06731b9cb9d56ff14f0a5f8ab496a1945585e8a2c16
ssdeep: 6144:XJVxTJMCOHOcecOeaVrith/CC/LxGh5wCQCmKLQ/NaczK:XDxTl2OzryZCAQ4CQAQ/
File size : 361600 bytes
First seen: 2009-03-14 11:42:42
Last seen : 2011-11-29 13:58:03
TrID:
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: TCP/IP Protocol Driver
original name: tcpip.sys
internal name: tcpip.sys
file version.: 5.1.2600.5625 (xpsp_sp3_qfe.080620-1309)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x50D23
timedatestamp....: 0x485B9B83 (Fri Jun 20 11:58:59 2008)
machinetype......: 0x14c (I386)

[[ 10 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x380, 0x3F05A, 0x3F080, 6.58, 5bbee22dec98348b91a78e4f639debb8
.rdata, 0x3F400, 0x574, 0x580, 4.44, 0eb5bdbba26ed4d079a201f965266cb4
.data, 0x3F980, 0xA4A4, 0xA500, 0.06, ea0c5005c163289d0c29ae80301cb86f
PAGE, 0x49E80, 0x1F85, 0x2000, 6.38, 29223020b8202f58b61651e2099c84e8
PAGELK, 0x4BE80, 0x6F2, 0x700, 6.19, d82540f4886ebcffb849774114194524
PAGEIPMc, 0x4C580, 0x2781, 0x2800, 6.43, bb13276e642dee8cf0a818967e06b022
.edata, 0x4ED80, 0x341, 0x380, 5.23, 68004ff62e9cc8260cc01b4b8679f87b
INIT, 0x4F100, 0x5936, 0x5980, 6.19, 942af094b6b7601ddf75396394e18b2e
.rsrc, 0x54A80, 0x3F0, 0x400, 3.41, cedd72d8a6b9b1628805c31eb1be7ac7
.reloc, 0x54E80, 0x3590, 0x3600, 6.79, 1e3ca28ef6ff9cf6fa16149dbf4fe144

[[ 4 import(s) ]]
HAL.dll: KfLowerIrql, KeRaiseIrqlToDpcLevel, KfReleaseSpinLock, KfAcquireSpinLock, KfRaiseIrql, KeGetCurrentIrql, KeQueryPerformanceCounter, ExAcquireFastMutex, ExReleaseFastMutex
NDIS.SYS: NdisCloseAdapter, NdisCancelSendPackets, NdisFreePacket, NdisUnchainBufferAtFront, NdisCompletePnPEvent, NdisFreePacketPool, NdisRequest, NdisAllocatePacket, NdisFreeMemory, NdisQueryAdapterInstanceName, NdisGetDriverHandle, NdisOpenAdapter, NdisAllocatePacketPoolEx, NdisGetReceivedPacket, NdisRegisterProtocol, NdisAllocateBuffer, NdisSetPacketPoolProtocolId, NdisReturnPackets, NdisCopyBuffer, NdisAllocateBufferPool, NdisFreeBufferPool, NdisReEnumerateProtocolBindings, NdisCompleteBindAdapter
ntoskrnl.exe: IoCreateDevice, _wcsicmp, wcscpy, wcsncpy, wcschr, ZwSetInformationThread, KeLeaveCriticalRegion, KeEnterCriticalRegion, KeQueryTimeIncrement, KeSetEvent, IoDeleteSymbolicLink, ExDeleteNPagedLookasideList, KeDelayExecutionThread, ZwOpenKey, KeSetTimerEx, KeInitializeTimer, KeInitializeDpc, ExInitializeNPagedLookasideList, MmLockPagableSectionByHandle, ZwQueryValueKey, ZwSetValueKey, InterlockedPopEntrySList, InterlockedPushEntrySList, ExIsProcessorFeaturePresent, RtlAddAccessAllowedAce, RtlCreateAcl, RtlLengthSid, SeExports, RtlMapGenericMask, IoGetFileObjectGenericMapping, ObReleaseObjectSecurity, SeSetSecurityDescriptorInfo, RtlLengthSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, ObGetObjectSecurity, IofCallDriver, IoBuildDeviceIoControlRequest, IoGetDeviceObjectPointer, ObfDereferenceObject, RtlAddAce, RtlGetAce, IoCreateSymbolicLink, RtlInitializeSid, RtlLengthRequiredSid, ObSetSecurityObjectByPointer, RtlSelfRelativeToAbsoluteSD, RtlGetSaclSecurityDescriptor, RtlGetGroupSecurityDescriptor, RtlGetOwnerSecurityDescriptor, RtlGetDaclSecurityDescriptor, RtlVerifyVersionInfo, VerSetConditionMask, IoWMIRegistrationControl, IoGetCurrentProcess, KeInitializeTimerEx, RtlExtendedIntegerMultiply, KeQueryInterruptTime, _aulldiv, DbgBreakPoint, KeSetTargetProcessorDpc, RtlSetBit, SeUnlockSubjectContext, SeAccessCheck, SeLockSubjectContext, ObDereferenceSecurityDescriptor, PsGetCurrentProcessId, RtlWalkFrameChain, ExNotifyCallback, ExCreateCallback, ObReferenceObjectByHandle, MmUnlockPages, SeFreePrivileges, SeAppendPrivileges, ObLogSecurityDescriptor, SeAssignSecurity, IoFileObjectType, MmProbeAndLockPages, IoAllocateMdl, _except_handler3, ProbeForWrite, ObfReferenceObject, PsGetCurrentProcess, RtlPrefetchMemoryNonTemporal, KeInitializeMutex, MmIsThisAnNtAsSystem, KeWaitForSingleObject, KeReleaseMutex, KeReadStateEvent, IoDeleteDevice, ZwEnumerateValueKey, RtlUnicodeStringToInteger, RtlIpv4StringToAddressW, RtlTimeToTimeFields, ExLocalTimeToSystemTime, RtlExtendedMagicDivide, RtlAppendUnicodeToString, ZwClose, _allmul, MmQuerySystemSize, RtlCompareUnicodeString, RtlInitializeBitMap, RtlClearAllBits, RtlSetBits, wcslen, RtlAreBitsSet, RtlClearBits, RtlFindClearBitsAndSet, RtlFindClearRuns, DbgPrint, memmove, RtlCopyUnicodeString, RtlAppendUnicodeStringToString, ZwLoadDriver, KeResetEvent, IoAcquireCancelSpinLock, IoReleaseCancelSpinLock, IofCompleteRequest, ExfInterlockedAddUlong, MmMapLockedPagesSpecifyCache, IoFreeMdl, ExfInterlockedInsertTailList, RtlInitUnicodeString, MmMapLockedPages, KeNumberProcessors, RtlUnicodeStringToAnsiString, MmLockPagableDataSection, MmUnlockPagableImageSection, RtlCompareMemory, ExAllocatePoolWithTag, KeCancelTimer, KeClearEvent, RtlAnsiStringToUnicodeString, IoRaiseInformationalHardError, KeInitializeEvent, ExFreePoolWithTag, ExAllocatePoolWithTagPriority, KeInitializeSpinLock, _alldiv, KeQuerySystemTime, KefAcquireSpinLockAtDpcLevel, KefReleaseSpinLockFromDpcLevel, KeBugCheckEx, RtlSubAuthoritySid, KeTickCount, MmBuildMdlForNonPagedPool, ZwDeviceIoControlFile, ZwCreateFile
TDI.SYS: CTESystemUpTime, CTEBlock, CTELogEvent, CTESignal, CTEBlockWithTracker, CTEStartTimer, CTEInitEvent, CTEScheduleDelayedEvent, CTEInitTimer, TdiProviderReady, CTEInitialize, TdiDeregisterNetAddress, TdiRegisterNetAddress, TdiDeregisterDeviceObject, TdiRegisterDeviceObject, TdiDeregisterProvider, TdiRegisterProvider, TdiPnPPowerRequest, TdiCopyMdlChainToMdlChain, TdiInitialize, TdiDeregisterPnPHandlers, TdiRegisterPnPHandlers, CTEScheduleEvent, TdiCopyBufferToMdl, CTERemoveBlockTracker, CTEInsertBlockTracker, TdiMapUserRequest, TdiCopyBufferToMdlWithReservedMappingAtDpcLevel

[[ 31 export(s) ]]
ARPRcv, ARPRcvPacket, FreeIprBuff, GetIFAndLink, IPAddInterface, IPAllocBuff, IPDelInterface, IPDelayedNdisReEnumerateBindings, IPDeregisterARP, IPDisableSniffer, IPEnableSniffer, IPFreeBuff, IPGetAddrType, IPGetBestInterface, IPGetInfo, IPInjectPkt, IPProxyNdisRequest, IPRcvComplete, IPRcvPacket, IPRegisterARP, IPRegisterProtocol, IPSetIPSecStatus, IPTransmit, LookupRoute, LookupRouteInformation, LookupRouteInformationWithBuffer, SendICMPErr, SetIPSecPtr, UnSetIPSecPtr, UnSetIPSecSendPtr, tcpxsum
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 301312
CompanyName: Microsoft Corporation
EntryPoint: 0x50d23
FileDescription: TCP/IP Protocol Driver
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 353 kB
FileSubtype: 7
FileType: Win32 EXE
FileVersion: 5.1.2600.5625 (xpsp_sp3_qfe.080620-1309)
FileVersionNumber: 5.1.2600.5625
ImageVersion: 5.1
InitializedDataSize: 59392
InternalName: tcpip.sys
LanguageCode: English (U.S.)
LegalCopyright: Microsoft Corporation. All rights reserved.
LinkerVersion: 7.1
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 5.1
ObjectFileType: Driver
OriginalFilename: tcpip.sys
PEType: PE32
ProductName: Microsoft Windows Operating System
ProductVersion: 5.1.2600.5625
ProductVersionNumber: 5.1.2600.5625
Subsystem: Native
SubsystemVersion: 5.1
TimeStamp: 2008:06:20 13:58:59+02:00
UninitializedDataSize: 0

...CO TED? je to takhle ok?cervenym ukazalo RESULT 1/43 (2,3%)

Super. Můžete prosím spustit naposledy combofix a dát sem log? On Vám totiž opravoval jeden soubor, tak přemýšlím jeslti je to jeho falešná detekce nebo jestli je to už ok

tady je ten log...klasicky jsem vypla stity a spustila combofix, ktery jsem mela od minula jeste na plose...myslim, ze nevadi a je to ok, snad uz v nem nebyl ten text co jsme nad nim vpousteli (chapu to tak, ze to jen tehdy do sebe vpustil a samotny combofic pak zustal prazdny, protoze se klasicky aktualizoval)

ComboFix 11-11-29.04 - miau131313 29.11.2011 22:53:57.9.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.1917.1301 [GMT 1:00]
Running from: c:\documents and settings\miau131313\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: avast! Antivirus *Enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\CSC\d6
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-29 )))))))))))))))))))))))))))))))
.
.
2011-11-25 16:05 . 2011-11-25 16:05 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-11-24 12:38 . 2011-11-24 13:35 512 ----a-w- C:\PhysicalMBR.bin
2011-11-23 01:13 . 2007-12-20 09:41 29440 ----a-w- c:\windows\system32\uxtuneup.dll
2011-11-22 17:46 . 2011-11-22 17:46 -------- d-----w- c:\program files\Common Files\LogiShrd
2011-11-19 22:51 . 2011-11-19 22:51 -------- d-----w- c:\documents and settings\miau131313\DoctorWeb
2011-11-18 13:15 . 2011-11-18 13:15 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Parallels
2011-11-14 15:08 . 2011-11-14 15:08 -------- d-----w- c:\documents and settings\miau131313\Local Settings\Data aplikací\Daňové_riaditeľstvo_SR
2011-11-12 19:44 . 2008-04-14 07:49 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2011-11-12 18:54 . 2008-04-14 07:52 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2011-11-10 20:13 . 2011-11-11 20:21 2406 ----a-w- c:\windows\system32\ASOROSet.bin
2011-11-10 20:10 . 2011-11-10 20:13 -------- d-----w- c:\documents and settings\miau131313\Data aplikací\Systweak
2011-11-10 20:10 . 2011-07-07 12:26 17280 ----a-w- c:\windows\system32\roboot.exe
2011-11-10 19:27 . 2009-11-02 16:47 11520 ----a-w- c:\windows\system32\drivers\gMouUsb.sys
2011-11-10 19:27 . 2009-11-02 16:43 20480 ----a-w- c:\windows\system32\drivers\gHidPnp.sys
2011-11-10 19:27 . 2011-11-10 19:27 -------- d-----w- C:\Genius
2011-11-09 22:27 . 2011-11-09 22:27 -------- d-----w- c:\documents and settings\miau131313\Local Settings\Data aplikací\SlimWare Utilities Inc
2011-11-07 14:26 . 2011-11-07 16:09 -------- d-----w- C:\video_output
2011-11-05 01:23 . 2011-11-22 23:18 -------- d-----w- c:\windows\system32\RTCOM
2011-11-05 00:38 . 2011-11-05 00:38 -------- d-----w- c:\program files\Lavalys
2011-11-02 20:56 . 2011-11-02 20:56 -------- d-----w- c:\program files\ESET
2011-11-02 19:55 . 2011-11-02 20:03 -------- d-----w- c:\program files\trend micro
2011-11-02 12:51 . 2011-11-02 12:51 -------- d-----w- c:\program files\SystemRequirementsLab
2011-11-02 11:52 . 2011-11-14 15:18 -------- d-----w- c:\documents and settings\miau131313\Local Settings\Data aplikací\Deployment
2011-11-02 01:27 . 2011-11-02 01:27 -------- d-----w- c:\program files\Conduit
2011-11-02 01:27 . 2011-11-02 01:27 -------- d-----w- c:\documents and settings\miau131313\Local Settings\Data aplikací\uTorrentBar
2011-11-02 01:10 . 2011-11-02 01:10 -------- d-----w- c:\program files\Analog Devices
2011-11-01 23:59 . 2011-11-01 23:59 -------- d-----w- c:\program files\Driver-Soft
2011-11-01 12:34 . 2009-03-18 16:35 26176 ----a-w- c:\windows\system32\hamachi.sys
2011-10-31 21:57 . 2011-10-31 21:57 -------- d-----w- c:\documents and settings\miau131313\Data aplikací\DesktopPwrMgr
2011-10-31 21:52 . 2011-10-31 21:52 7012 ----a-w- c:\windows\system32\drivers\pmemnt.sys
2011-10-31 20:26 . 2011-10-31 20:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Drivers HeadQuarters
2011-10-31 11:09 . 2011-10-31 11:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-10-31 11:02 . 2011-10-31 11:02 -------- d-----w- c:\documents and settings\miau131313\Local Settings\Data aplikací\PackageAware
2011-10-30 23:25 . 2008-04-14 07:51 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-10-30 23:25 . 2001-10-24 11:25 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-10-30 22:30 . 2011-10-31 13:37 -------- d-----w- c:\documents and settings\miau131313\Local Settings\Data aplikací\Facebook
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 01:13 . 2009-12-12 11:42 306432 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2011-11-12 09:41 . 2011-05-23 12:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-31 21:52 . 2011-10-28 18:33 30144 ----a-w- c:\windows\system32\drivers\psadd.sys
2011-10-18 17:10 . 2011-10-28 02:24 64616 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-10-10 14:22 . 2009-12-12 11:27 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2008-04-14 06:51 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 18:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-10-25 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2001-10-25 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-06 20:45 . 2010-07-18 16:20 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2009-12-12 13:50 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-09-11 11:53 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-09-06 20:38 . 2011-04-04 23:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2009-12-12 13:51 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:37 . 2011-09-11 11:53 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-09-06 20:36 . 2009-12-12 13:51 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2009-12-12 13:51 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2009-12-12 13:51 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2009-12-12 13:51 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2009-12-12 13:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2009-12-12 13:51 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 14:10 . 2008-04-14 05:45 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-06-01 20:17 . 2011-06-01 20:16 20533281 ----a-w- c:\program files\vlc-1.1.9-win32.exe
2010-07-22 21:40 . 2010-09-24 17:59 2944904 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
2010-03-15 03:23 . 2010-03-15 03:23 18499623 -c--a-w- c:\program files\vlc-1.0.5-win32.exe
2010-02-20 19:46 . 2010-02-20 19:46 7897671 -c--a-w- c:\program files\AntikVSTB.exe
2011-11-08 23:49 . 2011-04-20 10:06 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-11-25_13.05.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-28 00:24 . 2011-11-28 00:24 16384 c:\windows\Temp\Perflib_Perfdata_a8c.dat
+ 2009-12-12 11:31 . 2011-11-25 16:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-12-12 11:31 . 2011-11-19 21:37 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-13 22:50 . 2008-06-20 11:59 361600 c:\windows\system32\drivers\tcpip.sys
- 2008-04-13 22:50 . 2008-06-20 11:51 361600 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-08-27 614400]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-06 488984]
"LogitechQuickCamRibbon"="c:\program files\Labtec\WebCam\WebCam10.exe" [2007-03-06 1060376]
"RTHDCPL"="RTHDCPL.EXE" [2011-10-14 20064872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2011-08-17 124928]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"StartMenuLogoff"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\rserver30\\rserver3.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\miau131313\\Local Settings\\Data aplikací\\AntikVirtualSTB\\AntikVirtualSTB.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\miau131313\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12.12.2009 12:41 64288]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [13.12.2009 11:24 911680]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5.4.2011 0:05 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12.12.2009 14:51 320856]
R1 raddrvv3;raddrvv3;c:\windows\system32\rserver30\raddrvv3.sys [9.10.2009 14:00 46304]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [13.12.2009 11:24 2480048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.12.2009 14:51 20568]
R2 RServer3;Radmin Server V3;c:\windows\system32\rserver30\rserver3.exe [9.10.2009 14:00 1242504]
R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [3.11.2011 19:25 2358656]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [13.12.2009 11:24 160288]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [10.11.2011 20:27 20480]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [10.11.2011 20:27 11520]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [11.9.2011 12:53 111320]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS --> c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [?]
S2 avast! Firewall;avast! Firewall;"c:\program files\Alwil Software\Avast5\afwServ.exe" --> c:\program files\Alwil Software\Avast5\afwServ.exe [?]
S2 GeniusMouseService;GeniusMouseService;c:\genius\ioCentre\GMouseService.exe [10.11.2011 20:27 12288]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [23.11.2011 0:18 1691480]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [12.3.2010 13:45 1668352]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18.12.2009 11:58 11336]
S3 cpuz134;cpuz134;\??\c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys --> c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [?]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\DRIVERS\gMouPS2.sys --> c:\windows\system32\DRIVERS\gMouPS2.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12.7.2010 9:55 2152152]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [15.9.2010 10:52 137344]
S3 SuperIO;Lenovo ASD HWM Driver;c:\windows\system32\drivers\spio.sys [6.3.2008 13:33 5760]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [11.3.2010 10:17 25088]
S3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [25.11.2011 17:05 111872]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 07:40]
.
2011-11-29 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
mWindow Title = Microsoft Internet Explorer
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: SmarThru4 Capture Selection - (value not set)
IE: SmarThru4 Save as HTML - (value not set)
IE: SmarThru4 Save Selected Text - (value not set)
IE: SmarThru4 Web Capture - (value not set)
IE: ????3?? - c:\documents and settings\miau131313\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\miau131313\Data aplikací\FlashGetBHO\GetAllUrl.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WEBIE.DLL
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{7B03518D-B041-4815-BFE9-0EA835877B2F}: NameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\miau131313\Data aplikací\Mozilla\Firefox\Profiles\9mmw2ccj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: content.notify.interval - 100000
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.switch.threshold - 650000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-29 23:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1229272821-1935655697-682003330-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\miau131313\\Data aplikací\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-1229272821-1935655697-682003330-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\miau131313\\Data aplikací\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-1229272821-1935655697-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(5220)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-11-29 23:04:04
ComboFix-quarantined-files.txt 2011-11-29 22:04
ComboFix2.txt 2011-11-19 22:02
ComboFix3.txt 2011-11-04 20:40
ComboFix4.txt 2011-11-03 21:30
.
Pre-Run: Volných bajtů: 33 506 197 504
Post-Run: Volných bajtů: 33 492 348 928
.
- - End Of File - - 6E013CEDCF34C86CBBA558EC42653AC3

mili radcove, je zajimave, ze jsem vcera dala scanovat pc online esetem a nemela jsem infikovane nic...dnes jsem pc zapla a pohybovala jsem se jen na strance tohoto fora, udelala jedinou vec s tim scanem co mi poradili ve foru, pak combofix pri vypnutych stitech (ale podotykam na internet jsem nesla a po logu jsme stity zapla a tak sla na forum) a zas jen sledovani fora, nikde jsem nebyla a nic jsem nestahovala a ted jsem dala scanovat online esetem a uz vidim 3 infikovane soubory a to jsem asi jen v 30 % scanu. Zatim jsou tyhle 3 x nalezeny infiltrace HTML/ScrInject.B.Gen virus...co si mam myslet? takze mozna v tom logu se je potreba zamerit, zda tam prece neco neni ok...jak to dokonci, zkusim skopirovat z karanteny spravu z online esetu...

C:\Documents and Settings\miau131313\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\9mmw2ccj.default\Cache\0\FB\CF71Bd01 HTML/ScrInject.B.Gen virus smazán - ulo?en do karantény

C:\Documents and Settings\miau131313\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\9mmw2ccj.default\Cache\7\BE\B4434d01 HTML/ScrInject.B.Gen virus smazán - ulo?en do karantény

C:\Documents and Settings\miau131313\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\9mmw2ccj.default\Cache\D\05\3AF65d01 HTML/ScrInject.B.Gen virus smazán - ulo?en do karantény

To jsou viry v cache prohlížeče, to smažeme

Smažte cache Opery/Firefoxu bud ručně nebo ATF Cleanerem
http://www.slunecnice.cz/sw/atf-cleaner/

- v menu nahoře vyberte záložku Firefox / Opera a klikněte na ni
- zatrhněte Select All a pak klikněte na Empty Selected

pozor - přijdete o všechna hesla uložená ve FF /Opere!

- Na záložce main zaškrtněte All users temp a potvrdte Empty selected

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.

***********

Stáhněte T-Cleaner
http://tharifas.sweb.cz/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir

***********

Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

Obrázek

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

Obrázek

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy

ok

zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.

***********

Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech

***********

Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?

..jen mala technicka: ccleaner uz mas, ale novou verzi ( http://www.filehippo.com/download_ccleaner - Download new version ) urcite stahni

udelala jsem zatim vse po bod s tim otc...jinak..zmeny nastali, ze ted na strankach jako je markiza.sk nemam vubec nabidku na spusteni videi z archivu dane televize...prima a joj,ct1 mi jde..asi maji jiny internet. player...a nevim ted jak to v mozille opravit (mozna se to dalo pryc ze prave tam sedeli ty ukrite cervy infikaci) na int. exploreru dane videa tv stanic jdou spustit.jdu na dalsi krok, co jste mi popsala...apropo, starsi cleaner jsem mela asi odinstalovat...? tak jsem ho dala pryc, je to ok??

K prehravaci videi: Chybi nejaky plugin, flash, silverlight, prip. divX - nechame to na 'Sloni slecnu'.
K instalaci cleaneru: Nova verze sice kompletne prepise tu starou, nicmene odinstalaci stare a cistou instalaci nove nic nezkazis. Takze bez obav, udelala jsi dobre

VIRY.CZ

Nefunkční zvuk, nelze opravit (kód 39)

Re: Nefunkční zvuk, nelze opravit (kód 39)

Re: Nefunkční zvuk, nelze opravit (kód 39)

Re: Nefunkční zvuk, nelze opravit (kód 39)

Re: Nefunkční zvuk, nelze opravit (kód 39)

Re: Nefunkční zvuk, nelze opravit (kód 39)

Re: Nefunkční zvuk, nelze opravit (kód 39)

Re: Nefunkční zvuk, nelze opravit (kód 39)

Re: Nefunkční zvuk, nelze opravit (kód 39)

Re: Nefunkční zvuk, nelze opravit (kód 39)

Re: Nefunkční zvuk, nelze opravit (kód 39)

Re: Nefunkční zvuk, nelze opravit (kód 39)

Re: Nefunkční zvuk, nelze opravit (kód 39)

Re: Nefunkční zvuk, nelze opravit (kód 39)

Re: Nefunkční zvuk, nelze opravit (kód 39)

Re: Nefunkční zvuk, nelze opravit (kód 39)