Avast Blokace škodlivého URL

[nelval]

Dobrý den,
chtěla bych Vás požádat o radu. Používám antivirový systém Avast 6.0.1000. Dnes se mi u stahování obrázků pro prezentace stalo, že mi začal antivirus vyhazovat na plochu okno s tímto popisem.
Zablokován škodlivý URL; objekt: 62.122.73.203/545/getcfg.php
Toto varování se objevuje velice často. Během 5 minut mi naskočí na obrazovce 10x.
Budu Vám velice vděčná za radu, jak se toho zbavit, kde a v čem je chyba.

Nela

[vyosek]

Zdravim, pekny vecer preji a vitam Vas u nas na foru

Jelikoz nevime o Vasem PC nic a z kristalove koule se spatne vesti, navic i pri jasnem pocasi jake ted v okrese Kromeriz panuje, neni nic videt, navic nam tu hori a dymy vyrobna na plasty

Ale dosti legracek, kouknem na to Kliknete do meho podpisu na RSIT a dejte log z nej - navod Vas povede...

[nelval]

Dobrý den, děkuji za rychlou odezvu.
Jen pro upřesnění, ať neudělám chybu. Po kliknutí na váš RSIT mám kliknout na stažení aplikace 32bit nebo 64 bit?
Děkuji

PS:Co se týká těchto pc „vychytávek“ nejsem v tom moc zběhlá, proto se raději ptám.

[vyosek]

To poznate podle toho jaky mate system - navod jak to poznat je zde

Jak poznam, zda-li mam 32bit (x86) nebo 64bit (x64) operacni system Postup ukazuje zjisteni typu 64bit OS (Vista, W7), 32bit OS (XP). Pro oba typy (32,64) je postup vsak stejny.

Windows XP
Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

• Vyskoci na Vas okenko, do ktereho zkopirujte text nize

• Kód: Vybrat vše

  sysdm.cpl

• Kliknete na OK
• Kliknete na kartu Obecné
• V casti System je pak videt co mate za OS (v pripade 64bit to tam je napsano)
  

Windows Vista, Windows 7
Klik na Tento pocitac pravym tlacitkem mysi a vybrat Vlastnosti

• Dle obrazku je jiz typ OS jasny
  

Pripadne muzete vyuzit rady primo od Microsoftu zde http://support.microsoft.com/kb/827218/cs

[nelval]

Děkuji, už jsem přišlana to, co se po mně vlastně chce. Děkuji za radu.
Kopíruji tedy výsledek testu:

Logfile of random's system information tool 1.08 (written by random/random)
Run by vlastnik at 2011-04-08 18:48:22
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 167 GB (84%) free of 200 GB
Total RAM: 2047 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:48:42, on 8.4.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe
C:\Program Files\SMART Technologies Inc\SMART Board Software\Aware.exe
C:\Program Files\SMART Technologies Inc\SMART Board Software\Marker.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\DOCUME~1\vlastnik\LOCALS~1\Temp\_132.tmp
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\vlastnik\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\vlastnik.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60347
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies Inc\Notebook Software\NotebookPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Nástroje SMART Board.lnk = C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Služba SMART Board (SMART Board Service) - SMART Technologies Inc. - C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
O23 - Service: SMART Web Server - Unknown owner - C:\Program Files\SMART Technologies Inc\SMART Board Software\WebServer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8936 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67BCF957-85FC-4036-8DC4-D4D80E00A77B}]
CIEDownload Object - C:\Program Files\SMART Technologies Inc\Notebook Software\NotebookPlugin.dll [2007-11-02 587016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-21 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-21 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [2002-11-08 98304]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-02-23 3451496]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-05-20 98304]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-15 35736]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-15 932288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MsgCenterExe"=C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe -osboot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2010-01-14 37888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^vlastnik^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2009-02-26 97680]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Nástroje SMART Board.lnk - C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-05-16 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe"="C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"F:\EasySetupAssistant\EasySetupAssistant.exe"="F:\EasySetupAssistant\EasySetupAssistant.exe:*:Enabled:TP-LINK Easy Setup Assistant"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2011-04-08 18:48:22 ----D---- C:\rsit
2011-04-08 18:48:22 ----D---- C:\Program Files\trend micro
2011-04-05 19:43:25 ----A---- C:\WINDOWS\system32\drivers\str.sys
2011-04-03 08:28:03 ----D---- C:\Documents and Settings\vlastnik\Data aplikací\CyberLink
2011-03-25 00:31:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2524375$
2011-03-17 11:17:27 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2011-03-17 10:43:07 ----D---- C:\e9457b21d671bcc5cf73
2011-03-16 13:36:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952011$
2011-03-16 13:18:03 ----D---- C:\WINDOWS\system32\XPSViewer
2011-03-16 13:17:59 ----D---- C:\WINDOWS\system32\en-US
2011-03-16 13:17:54 ----D---- C:\Program Files\Reference Assemblies
2011-03-16 13:17:30 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2011-03-16 13:17:30 ----N---- C:\WINDOWS\system32\prntvpt.dll
2011-03-16 13:17:29 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2011-03-15 15:59:50 ----D---- C:\Documents and Settings\vlastnik\Data aplikací\ATI
2011-03-15 15:59:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\ATI
2011-03-15 15:59:11 ----ASH---- C:\hiberfil.sys
2011-03-15 15:54:56 ----D---- C:\Program Files\Common Files\ATI Technologies
2011-03-15 15:52:33 ----RSD---- C:\WINDOWS\assembly
2011-03-15 15:52:01 ----D---- C:\WINDOWS\Microsoft.NET
2011-03-15 15:50:46 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2011-03-15 15:50:43 ----RA---- C:\WINDOWS\system32\atiiiexx.dll
2011-03-15 15:50:39 ----RA---- C:\WINDOWS\system32\ATIDEMGX.dll
2011-03-15 15:49:42 ----D---- C:\Program Files\ATI Technologies
2011-03-14 16:46:04 ----A---- C:\WINDOWS\system32\h323log.txt
2011-03-14 16:39:00 ----D---- C:\WINDOWS\ie8updates
2011-03-14 16:37:54 ----D---- C:\WINDOWS\WBEM
2011-03-14 16:36:48 ----HDC---- C:\WINDOWS\ie8
2011-03-14 16:15:09 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-03-14 16:12:21 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-03-14 16:12:21 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-03-14 16:12:20 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-03-14 16:12:19 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-03-14 16:12:17 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-03-14 16:12:17 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-03-14 16:12:17 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-03-14 16:12:05 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-03-14 16:11:57 ----D---- C:\Program Files\Alwil Software
2011-03-14 16:11:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2011-03-14 15:23:10 ----A---- C:\WINDOWS\system32\ConduitEngine.tmp
2011-03-14 14:28:30 ----D---- C:\WINDOWS\pss
2011-03-12 18:15:06 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$
2011-03-12 17:57:49 ----D---- C:\Documents and Settings\vlastnik\Data aplikací\CoSoSys
2011-03-09 19:44:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$
2011-03-09 19:41:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$

======List of files/folders modified in the last 1 months======

2011-04-08 18:48:22 ----D---- C:\Program Files
2011-04-08 18:48:18 ----D---- C:\WINDOWS\Prefetch
2011-04-08 15:13:58 ----D---- C:\WINDOWS\Temp
2011-04-08 11:10:59 ----D---- C:\Program Files\Common Files\Akamai
2011-04-08 00:30:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-04-05 19:43:25 ----D---- C:\WINDOWS\system32\drivers
2011-04-05 14:29:30 ----A---- C:\WINDOWS\bi_group.ini
2011-04-04 16:38:27 ----D---- C:\WINDOWS\system32
2011-04-04 01:45:23 ----A---- C:\WINDOWS\NeroDigital.ini
2011-04-03 23:35:35 ----SHD---- C:\WINDOWS\Installer
2011-04-03 00:36:34 ----D---- C:\WINDOWS\system32\CatRoot2
2011-04-03 00:35:15 ----D---- C:\Documents and Settings\vlastnik\Data aplikací\Skype
2011-04-03 00:03:50 ----D---- C:\Documents and Settings\vlastnik\Data aplikací\skypePM
2011-04-02 11:33:36 ----D---- C:\WINDOWS\Help
2011-04-01 19:16:30 ----HD---- C:\WINDOWS\inf
2011-03-30 22:14:41 ----D---- C:\WINDOWS\WinSxS
2011-03-30 16:41:54 ----D---- C:\Program Files\Mozilla Firefox
2011-03-27 13:31:41 ----D---- C:\Program Files\Common Files\Adobe
2011-03-27 13:31:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2011-03-27 13:31:32 ----D---- C:\Program Files\Adobe
2011-03-27 09:48:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-03-25 12:06:08 ----D---- C:\WINDOWS
2011-03-25 00:31:26 ----HD---- C:\WINDOWS\$hf_mig$
2011-03-25 00:31:26 ----D---- C:\WINDOWS\system32\CatRoot
2011-03-17 12:19:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-03-17 11:17:39 ----A---- C:\WINDOWS\imsins.BAK
2011-03-16 13:18:00 ----D---- C:\Program Files\MSBuild
2011-03-16 13:17:57 ----RSD---- C:\WINDOWS\Fonts
2011-03-16 13:17:40 ----D---- C:\WINDOWS\system32\spool
2011-03-16 13:15:03 ----D---- C:\WINDOWS\system32\mui
2011-03-16 13:15:03 ----D---- C:\Program Files\Internet Explorer
2011-03-16 12:27:36 ----D---- C:\Documents and Settings\vlastnik\Data aplikací\Mozilla
2011-03-15 15:59:51 ----D---- C:\WINDOWS\system32\config
2011-03-15 15:55:15 ----HD---- C:\Program Files\InstallShield Installation Information
2011-03-15 15:54:56 ----D---- C:\Program Files\Common Files
2011-03-14 16:45:15 ----D---- C:\WINDOWS\system32\cs-cz
2011-03-14 16:37:46 ----D---- C:\WINDOWS\Media
2011-03-14 15:54:43 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-03-14 15:28:38 ----D---- C:\Program Files\DAEMON Tools Toolbar
2011-03-14 15:28:18 ----D---- C:\Program Files\Foxit Software
2011-03-14 15:28:00 ----SD---- C:\WINDOWS\Tasks
2011-03-14 15:24:23 ----RD---- C:\Program Files\Skype
2011-03-14 14:29:15 ----SH---- C:\boot.ini
2011-03-14 14:29:15 ----A---- C:\WINDOWS\win.ini
2011-03-14 14:29:15 ----A---- C:\WINDOWS\system.ini
2011-03-09 19:42:46 ----D---- C:\WINDOWS\Debug
2011-03-09 19:42:41 ----A---- C:\WINDOWS\system32\MRT.exe
2011-03-09 19:42:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-02-05 691696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-02-23 30680]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-02-23 25432]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-02-23 371544]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-02-23 301528]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-02-23 49240]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-02-23 19544]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-02-23 102232]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-05-16 4069888]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2009-04-01 93184]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-12-19 539008]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 av3l4zi6;av3l4zi6; C:\WINDOWS\system32\drivers\av3l4zi6.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS []
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-05-16 602112]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-02-23 42184]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-02-21 153376]
R2 SMART Board Service;Služba SMART Board; C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe [2007-11-02 1283336]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-05-15 593920]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-22 136176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-04-10 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-09-12 724992]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SMART Web Server;SMART Web Server; C:\Program Files\SMART Technologies Inc\SMART Board Software\WebServer.exe [2007-11-02 767240]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Nela

[vyosek]

Spustte HJT a provedeme fixnuti polozek

• HJT najdete zde C:\Program Files\trend micro\vlastnik.exe
• Otevre se Vam okno, kliknete na Do a system scan only
• V dalsim okne najdete radky které jsem Vam vypsal nize, vedle nich je ctverecek, do ktereho udelate zatrzitko
• R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60347
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60347
  
• Kliknete na Fix checked (vlevo dole)
• HJT se Vas zepta zda opravdu ANO, s tim souhlasite a je hotovo

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se pkna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[nelval]

Dobrá tedy, budu postupovat dle Vašich rad.

Jen opět malý dotaz. Vcelku je mi jasná operace, kterou mám provést až po Vašeho smajlíka (tedy fixnutí pomocí HJT).

Poté mám stáhnout ten Combofix? Docela mě tam totiž děsí ten červeně světélkující nápis v první větě . A dále moc nerozumím, co to znamená spustit systém pod účtem správce/Admina. Mám totiž ten systém XP…
Trošku asi kostrbatý dotaz, že?

Nela

[vyosek]

Ten cerveny napis je tam proto, ze hodne si uzivatele sami spousti CFko a pak nevi co s tim, ono totiz opravdu je potreba jej aplikovat jen na doporuceni...

Pokud muzete instalovat aplikace kdyz jste na PC, tak mate ucet s administratorskymi pravy, takze CFko normalne spustte...

Kdyby neco, tak se ptejte, od toho tu jsme Budu sem nakukovat v prubehu celeho vecera

[nelval]

Jdu na to, stáhla a vytiskla jsem si návod. Prostudováno mám taky, tak snad se dílo zdárně podaří.
Děkuji Vám za rady a za vstřícnost. Brzy sem zase vložím log z combofixu.
Nela

[vyosek]

Prozatim nemate zac, jeste jsme s haveti nic neudelali

[nelval]

Tak a jsem zpět. Posílám tedy výsledek z combofixu. Uf.
Je to teda pořádná litanie…


ComboFix 11-04-07.08 - vlastnik 08.04.2011 20:09:40.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1442 [GMT 2:00]
Spuštěný z: c:\documents and settings\vlastnik\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\str.sys
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-08 do 2011-04-08 )))))))))))))))))))))))))))))))
.
.
2011-04-08 16:48 . 2011-04-08 17:17 -------- d-----w- c:\program files\trend micro
2011-04-08 16:48 . 2011-04-08 16:48 -------- d-----w- C:\rsit
2011-04-03 06:28 . 2011-04-03 06:28 -------- d-----w- c:\documents and settings\vlastnik\Data aplikací\CyberLink
2011-03-17 08:43 . 2011-03-17 08:49 -------- d-----w- C:\e9457b21d671bcc5cf73
2011-03-17 08:33 . 2011-03-17 08:33 -------- d-----w- c:\documents and settings\All Users\Stažené soubory
2011-03-16 11:18 . 2011-03-16 11:18 -------- d-----w- c:\windows\system32\XPSViewer
2011-03-16 11:17 . 2011-03-16 11:17 -------- d-----w- c:\program files\Reference Assemblies
2011-03-16 11:17 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-03-16 11:17 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-03-16 11:17 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-03-16 11:17 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-03-16 11:17 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-03-16 11:17 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-03-16 11:17 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-03-16 11:17 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-03-16 11:17 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-03-15 13:59 . 2011-03-15 13:59 -------- d-----w- c:\documents and settings\vlastnik\Local Settings\Data aplikací\ATI
2011-03-15 13:59 . 2011-03-15 13:59 -------- d-----w- c:\documents and settings\vlastnik\Data aplikací\ATI
2011-03-15 13:59 . 2011-03-15 13:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2011-03-15 13:59 . 2011-03-15 13:59 0 ----a-w- c:\windows\ativpsrm.bin
2011-03-15 13:54 . 2011-03-15 13:57 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-03-15 13:50 . 2003-11-10 17:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-03-15 13:50 . 2003-11-10 17:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-03-15 13:50 . 2003-11-10 17:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-03-15 13:50 . 2003-11-10 17:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-03-15 13:50 . 2011-03-15 13:50 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-03-15 13:50 . 2011-03-15 13:50 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-03-15 13:50 . 2003-11-10 17:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-03-15 13:50 . 2009-05-15 20:05 593920 ------w- c:\windows\system32\ati2sgag.exe
2011-03-15 13:50 . 2009-05-16 02:51 311296 ----a-r- c:\windows\system32\atiiiexx.dll
2011-03-15 13:50 . 2009-05-16 03:39 442368 ----a-r- c:\windows\system32\ATIDEMGX.dll
2011-03-15 13:49 . 2011-03-15 13:57 -------- d-----w- c:\program files\ATI Technologies
2011-03-15 13:48 . 2009-05-15 20:05 212992 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2011-03-14 14:46 . 2011-03-14 14:46 -------- d-sh--w- c:\documents and settings\vlastnik\IECompatCache
2011-03-14 14:46 . 2011-03-14 14:46 -------- d-sh--w- c:\documents and settings\vlastnik\PrivacIE
2011-03-14 14:45 . 2011-03-14 14:45 -------- d-sh--w- c:\documents and settings\vlastnik\IETldCache
2011-03-14 14:36 . 2011-03-14 14:38 -------- dc-h--w- c:\windows\ie8
2011-03-14 14:34 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-03-14 14:34 . 2010-12-20 23:52 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-03-14 14:34 . 2010-12-20 23:52 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-03-14 14:34 . 2010-12-20 23:52 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-03-14 14:34 . 2010-12-20 23:52 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-03-14 14:34 . 2010-12-20 23:52 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-03-14 14:34 . 2010-12-20 23:52 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-03-14 14:34 . 2010-12-20 10:52 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-03-14 14:15 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-14 14:12 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-03-14 14:12 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-14 14:12 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-03-14 14:12 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-03-14 14:12 . 2011-02-23 14:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-03-14 14:12 . 2011-02-23 14:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-03-14 14:12 . 2011-02-23 14:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-03-14 14:12 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr
2011-03-14 14:12 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-03-14 14:11 . 2011-03-14 14:11 -------- d-----w- c:\program files\Alwil Software
2011-03-14 14:11 . 2011-03-14 14:11 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2011-03-14 13:23 . 2011-03-14 13:23 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-03-12 15:57 . 2011-03-12 15:57 -------- d-----w- c:\documents and settings\vlastnik\Data aplikací\CoSoSys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2004-08-17 13:49 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-17 13:49 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2010-01-07 07:47 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-01-07 07:47 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-17 13:49 440320 ----a-w- c:\windows\system32\shimgvw.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2002-11-08 98304]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-20 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
N stroje SMART Board.lnk - c:\program files\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe [2007-11-2 4519176]
.
[HKLM\~\startupfolder\C:^Documents and Settings^vlastnik^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\documents and settings\vlastnik\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44 37888 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5.2.2010 20:28 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14.3.2011 16:15 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [14.3.2011 16:12 301528]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [17.8.2004 15:49 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.3.2011 16:12 19544]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [22.12.2010 19:59 136176]
S3 SMART Web Server;SMART Web Server;c:\program files\SMART Technologies Inc\SMART Board Software\WebServer.exe [2.11.2007 6:48 767240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-22 17:59]
.
2011-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-22 17:59]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\vlastnik\Data aplikací\Mozilla\Firefox\Profiles\zdk1s0iw.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-MsgCenterExe - c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-08 20:19
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Celkový čas: 2011-04-08 20:23:35
ComboFix-quarantined-files.txt 2011-04-08 18:23
.
Před spuštěním: Volných bajtů: 175 143 657 472
Po spuštění: Volných bajtů: 175 616 180 224
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 404025250B5D2724EF37C8F6C6E5DA01

[nelval]

Ps: Combofix mám v Pc nechat nebo odstranit? A předpokládám, že ochranu už můžu zase pozapínat (Firewall a Avast).
Nela

[vyosek]

Jeste jej tam nechte, na zaver leceni po sobe pouklizim...ochrany muzete zase zapnout...A dejte mi chvili, napisu docistovaci skript

[vyosek]

Je to teda pořádná litanie…

Byvaji daleko lepsi logy - napr takove ze je musite delit tak do tri prispevku jak jsou dlouhe...Tohle je krasny pidi malinky log

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Registry::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "RemoteControl"=-
  "Adobe Reader Speed Launcher"=-
  "Adobe ARM"=-
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
  
  Driver::
  Akamai
  gupdate
  NBService
  
  RegLock::
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
  
  File::
  C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
  C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
  
  Netsvc::
  Akamai
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[nelval]

Můžu se, prosím Vás zeptat, ten script, když nasunu na combofix, tak se mi ukáže ikona otevřít soubor a dotaz na spustit. Je to správně, ano?