VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o kontrolu logu

https://forum.viry.cz:443/viewtopic.php?t=109777

Stránka 1 z 1

Prosím o kontrolu logu

Napsal: 24 úno 2011 11:54
od gazi333
Dobrý den.

Prosím o kontrolu logu a případně nějakou radu.

Moc děkuji Martin


ComboFix 11-02-23.06 - Martina - Fišerová 24.02.2011 11:06:48.1.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1015.772 [GMT 1:00]
Spuštěný z: c:\documents and settings\Martina - Fišerová\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
/wow section - STAGE 25
Systém nemůže nalézt uvedenou cestu.
@DO nebyl nyní očekáván.


((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Martina - Fišerová\Data aplikací\Internet Security Essentials
c:\documents and settings\Martina - Fišerová\Data aplikací\Internet Security Essentials\Instructions.ini
c:\documents and settings\Martina - Fišerová\Recent\ANTIGEN.sys
c:\documents and settings\Martina - Fišerová\Recent\CLSV.exe
c:\documents and settings\Martina - Fišerová\Recent\delfile.sys
c:\documents and settings\Martina - Fišerová\Recent\dudl.drv
c:\documents and settings\Martina - Fišerová\Recent\eb.exe
c:\documents and settings\Martina - Fišerová\Recent\eb.tmp
c:\documents and settings\Martina - Fišerová\Recent\energy.exe
c:\documents and settings\Martina - Fišerová\Recent\energy.sys
c:\documents and settings\Martina - Fišerová\Recent\exec.dll
c:\documents and settings\Martina - Fišerová\Recent\fan.sys
c:\documents and settings\Martina - Fišerová\Recent\gid.drv
c:\documents and settings\Martina - Fišerová\Recent\kernel32.exe
c:\documents and settings\Martina - Fišerová\Recent\PE.dll
c:\documents and settings\Martina - Fišerová\Recent\PE.sys
c:\documents and settings\Martina - Fišerová\Recent\PE.tmp
c:\documents and settings\Martina - Fišerová\Recent\ppal.dll
c:\documents and settings\Martina - Fišerová\Recent\runddl.drv
c:\documents and settings\Martina - Fišerová\Recent\SICKBOY.exe
c:\documents and settings\Martina - Fišerová\Recent\sld.exe
c:\documents and settings\Martina - Fišerová\Recent\tjd.exe
c:\documents and settings\Martina - Fišerová\Recent\tjd.tmp
C:\Thumbs.db

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_usnjsvc


((((((((((((((((((((((((( Soubory vytvořené od 2011-01-24 do 2011-02-24 )))))))))))))))))))))))))))))))
.

2011-02-22 19:17 . 2011-02-23 20:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2011-02-21 19:47 . 2011-02-21 20:48 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-02-21 19:47 . 2011-02-21 19:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-20 10:59 . 2011-02-20 10:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2011-02-20 10:13 . 2011-02-20 10:13 -------- d-----w- c:\documents and settings\Martina - Fišerová\Local Settings\Data aplikací\ESET
2011-02-19 21:48 . 2011-02-19 21:48 -------- d-sh--w- c:\documents and settings\All Users\Data aplikací\ISVNME
2011-02-19 21:48 . 2011-02-22 19:49 -------- d-sh--w- c:\documents and settings\All Users\Data aplikací\090fbf
2011-02-16 20:33 . 2011-02-16 20:33 -------- d-----w- c:\windows\TempEF2B4472-1573-9FF5-4164-3188D6F6FE02-Signatures

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2004-08-18 08:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-12 20:03 . 2011-01-12 20:03 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2011-01-12 20:03 . 2011-01-12 20:03 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2011-01-12 20:03 . 2011-01-12 20:03 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2011-01-07 14:09 . 2004-08-18 08:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2004-08-18 08:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-18 08:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2004-08-18 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2004-08-18 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2004-08-18 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2004-08-18 08:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-18 08:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-12 12:32 . 2010-12-12 12:32 19 ----a-w- c:\documents and settings\Martina - Fišerová\Data aplikací\mdbu.bin
2010-12-09 15:15 . 2004-08-18 08:00 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2004-08-18 08:00 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 15:14 . 2004-08-18 08:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 14:30 . 2004-08-18 08:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2001-04-04 06:48 . 2001-04-04 06:48 614400 ----a-w- c:\program files\alik_ii.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-31 39408]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-01-05 424448]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-10-14 82224]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-10-03 182808]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-08-08 319000]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1310720]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 177456]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-05-23 197904]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"zCpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2008-12-11 81920]
"HPCam_Menu"="c:\program files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-10-16 1044480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-04 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-04 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-04 137752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-3-31 576104]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2009-1-31 197904]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=

R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [28.3.2008 11:14 24064]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23.2.2011 21:50 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23.2.2011 21:50 17744]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [31.1.2009 19:57 777240]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [31.1.2009 20:58 222512]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31.3.2010 13:11 135664]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [12.1.2011 21:03 13224]
S3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\drivers\ipw3gnet.sys [11.9.2009 14:50 51040]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [12.1.2011 20:58 155344]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - AVAST!_MAIL_SCANNER
*NewlyCreated* - AVAST!_WEB_SCANNER

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáře 'Naplánované úlohy'

2011-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 12:10]

2011-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 12:10]

2011-02-24 c:\windows\Tasks\User_Feed_Synchronization-{D715A0DF-484B-4849-AC23-93BF61778ED5}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:25508
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: nkp.cz\kramerius
DPF: {8C922C73-FFFA-45A3-B2C2-BC1E30074267} - hxxp://www.sony.cz/bravia/RegistrationAgent.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
HKCU-Run-Namedate - c:\documents and settings\Martina - Fišerová\Plocha\Ostatní\Nezmeskej\nezmeskej.exe
HKCU-Run-TomTomHOME.exe - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
HKCU-Run-Internet Security Essentials - c:\documents and settings\All Users\Data aplikací\090fbf\IS090_2230.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-24 11:31
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
zCpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(484)
c:\windows\system32\btmmhook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
.
**************************************************************************
.
Celkový čas: 2011-02-24 11:37:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-24 10:37

Před spuštěním: Volných bajtů: 107 659 808 768
Po spuštění: Volných bajtů: 107 405 758 464

- - End Of File - - 183078824248C61F9F40F4DCA8D3CCED

Re: Prosím o kontrolu logu

Napsal: 24 úno 2011 19:18
od Rudy
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Folder::
c:\documents and settings\All Users\Data aplikací\ISVNME
c:\documents and settings\All Users\Data aplikací\090fbf
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Dále otestujte online na www.virustotal.com tento soubor: c:\program files\alik_ii.exe .

Re: Prosím o kontrolu logu

Napsal: 24 úno 2011 20:49
od gazi333
Dobrý večer.

Posílám log po dočištění, smazal ještě nejaké soubory tak nevím jestli tam ještě něco není.

děkuji Martin

ComboFix 11-02-23.06 - Martina - Fišerová 24.02.2011 20:14:12.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1015.589 [GMT 1:00]
Spuštěný z: c:\documents and settings\Martina - Fišerová\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Martina - Fišerová\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
/wow section - STAGE 25
Systém nemůže nalézt uvedenou cestu.
grep: temp2401: No such file or directory
@DO nebyl nyní očekáván.


((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\090fbf
c:\documents and settings\All Users\Data aplikací\090fbf\347add57d17b4604277b7e8791891e89.ocx
c:\documents and settings\All Users\Data aplikací\090fbf\BackUp\Bluetooth.lnk
c:\documents and settings\All Users\Data aplikací\090fbf\BackUp\DVD Check.lnk
c:\documents and settings\All Users\Data aplikací\090fbf\BackUp\Microsoft Office.lnk
c:\documents and settings\All Users\Data aplikací\090fbf\ISE.ico
c:\documents and settings\All Users\Data aplikací\ISVNME
c:\documents and settings\All Users\Data aplikací\ISVNME\ISGQRXE.cfg

.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-24 do 2011-02-24 )))))))))))))))))))))))))))))))
.

2011-02-24 12:02 . 2011-02-24 12:02 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-02-24 12:02 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-24 12:02 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-24 12:02 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-24 12:02 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-24 12:02 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-24 12:02 . 2011-02-23 14:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-24 12:02 . 2011-02-23 14:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-24 12:02 . 2011-02-23 14:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-24 12:01 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr
2011-02-24 12:01 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-24 12:01 . 2011-02-24 12:01 -------- d-----w- c:\program files\AVAST Software
2011-02-24 12:01 . 2011-02-24 12:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-02-23 20:52 . 2005-05-20 22:44 90112 ----a-w- c:\windows\system32\AVASTSS.scr
2011-02-23 20:52 . 2004-01-09 10:13 380928 ----a-w- c:\windows\system32\actskin4.ocx
2011-02-23 20:41 . 2011-02-23 20:44 -------- d-----w- c:\documents and settings\Administrator
2011-02-22 19:17 . 2011-02-24 12:01 -------- d-----w- c:\program files\Alwil Software
2011-02-22 19:17 . 2011-02-24 11:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2011-02-21 19:47 . 2011-02-21 20:48 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-02-21 19:47 . 2011-02-21 19:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-20 10:59 . 2011-02-20 10:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2011-02-20 10:13 . 2011-02-20 10:13 -------- d-----w- c:\documents and settings\Martina - Fišerová\Local Settings\Data aplikací\ESET
2011-02-16 20:33 . 2011-02-16 20:33 -------- d-----w- c:\windows\TempEF2B4472-1573-9FF5-4164-3188D6F6FE02-Signatures

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2004-08-18 08:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-12 20:03 . 2011-01-12 20:03 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2011-01-12 20:03 . 2011-01-12 20:03 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2011-01-12 20:03 . 2011-01-12 20:03 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2011-01-07 14:09 . 2004-08-18 08:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2004-08-18 08:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-18 08:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2004-08-18 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2004-08-18 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2004-08-18 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2004-08-18 08:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-18 08:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-12 12:32 . 2010-12-12 12:32 19 ----a-w- c:\documents and settings\Martina - Fišerová\Data aplikací\mdbu.bin
2010-12-09 15:15 . 2004-08-18 08:00 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2004-08-18 08:00 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 15:14 . 2004-08-18 08:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 14:30 . 2004-08-18 08:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2001-04-04 06:48 . 2001-04-04 06:48 614400 ----a-w- c:\program files\alik_ii.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
2011-02-23 15:04 814160 ----a-w- c:\program files\AVAST Software\Avast\aswWebRepIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}"= "c:\program files\AVAST Software\Avast\aswWebRepIE.dll" [2011-02-23 814160]

[HKEY_CLASSES_ROOT\clsid\{8e5e2654-ad2d-48bf-ac2d-d17f00898d06}]
[HKEY_CLASSES_ROOT\Avast.WrcBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CD3AF781-AF1F-4400-9A30-15470BE43AD9}]
[HKEY_CLASSES_ROOT\Avast.WrcBar]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-01-05 424448]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-10-14 82224]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-10-03 182808]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-08-08 319000]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1310720]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 177456]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"zCpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2008-12-11 81920]
"HPCam_Menu"="c:\program files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-10-16 1044480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-04 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-04 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-04 137752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-3-31 576104]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^DVD Check.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-03-31 12:10 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
2008-05-23 16:23 197904 ----a-w- c:\program files\InterVideo\DVD Check\DVDCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=

R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [28.3.2008 11:14 24064]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [24.2.2011 13:02 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24.2.2011 13:02 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.2.2011 13:02 19544]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [31.1.2009 19:57 777240]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [31.1.2009 20:58 222512]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31.3.2010 13:11 135664]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [12.1.2011 21:03 13224]
S3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\drivers\ipw3gnet.sys [11.9.2009 14:50 51040]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [12.1.2011 20:58 155344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáře 'Naplánované úlohy'

2011-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 12:10]

2011-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 12:10]

2011-02-24 c:\windows\Tasks\User_Feed_Synchronization-{D715A0DF-484B-4849-AC23-93BF61778ED5}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:25508
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: nkp.cz\kramerius
DPF: {8C922C73-FFFA-45A3-B2C2-BC1E30074267} - hxxp://www.sony.cz/bravia/RegistrationAgent.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-24 20:25
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
zCpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2011-02-24 20:31:27
ComboFix-quarantined-files.txt 2011-02-24 19:31

Před spuštěním: Volných bajtů: 107 311 185 920
Po spuštění: Volných bajtů: 107 295 989 760

- - End Of File - - BC3A2AEA11B20A6233ADC571D63692D2

Re: Prosím o kontrolu logu

Napsal: 24 úno 2011 21:50
od Rudy
Log již vypadá čistý.

Re: Prosím o kontrolu logu

Napsal: 25 úno 2011 08:07
od gazi333
Dobrý den.

Děkuji za pomoc.

S pozdravem Martin

Re: Prosím o kontrolu logu

Napsal: 25 úno 2011 18:47
od Rudy
Rádo se stalo! :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz