Preventivní kontrola

Zpráva

taita · #1 Příspěvek od **taita** » 12 lis 2011 14:44

Prosi Vás jestli byste mohli se podívat na můj log jestli není tam vir či něco co tam nepatř. Zdůvodu, že se mi to kouše a nevim kde je problém děkuji moc

Logfile of random's system information tool 1.09 (written by random/random)
Run by Veronika at 2011-11-12 16:53:12
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 46 GB (58%) free of 80 GB
Total RAM: 2047 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:54:05, on 12.11.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17103)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
D:\Program Files\Clip2Net\clip2net.exe
C:\Program Files\DAP\DAP.EXE
C:\Documents and Settings\Veronika\Plocha\Skype.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\RunDll32.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Veronika.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.speedbit.com/?aff=205
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: &Crawler Toolbar Helper - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: &Crawler Toolbar Helper - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [Clip2Net] D:\Program Files\Clip2Net\clip2net.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [Skype] "C:\Documents and Settings\Veronika\Plocha\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Do fronty Star Downloaderu - c:\Program Files\Star Downloader\sdieenq.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Přisát se Star Downloaderem - c:\Program Files\Star Downloader\leechie.htm
O8 - Extra context menu item: Stáhnout Star Downloaderem - c:\Program Files\Star Downloader\sdie.htm
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7346 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Veronika\Data aplikací\Mozilla\Firefox\Profiles\l81148bc.default

prefs.js - "browser.startup.homepage" - "www.centrum.cz"
prefs.js - "extensions.enabledItems" - "{4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.3, wrc@avast.com:20110101, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"=C:\Program Files\Crawler\firefox\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
crawlersrch.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Veronika\Data aplikací\Mozilla\Firefox\Profiles\l81148bc.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
&Crawler Toolbar Helper - C:\PROGRA~1\Crawler\ctbr.dll [2011-09-12 1237128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-09-06 806456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16 1164680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
DAPIELoader Class - C:\PROGRA~1\DAP\DAPIEL~1.DLL [2011-06-01 140880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-09-06 806456]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\ctbr.dll [2011-09-12 1237128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"=C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [2009-04-06 33603584]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-09-06 3722416]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2011-02-25 2216960]
"Control Center"=C:\Program Files\ASUS\WLAN Card Utilities\Center.exe [2006-03-02 1667584]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2011-02-25 3318784]
"Clip2Net"=D:\Program Files\Clip2Net\clip2net.exe [2008-01-17 1424384]
"DownloadAccelerator"=C:\Program Files\DAP\DAP.EXE [2011-06-01 2835968]
"Skype"=C:\Documents and Settings\Veronika\Plocha\Skype.exe [2011-01-26 15026056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-11-04 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Spyware Terminator Update Support"
"C:\Program Files\Metin2_TESTER\metin2.bin"="C:\Program Files\Metin2_TESTER\metin2.bin:*:Enabled:metin2"
"C:\Program Files\Metin2_TESTER\metin2client.bin"="C:\Program Files\Metin2_TESTER\metin2client.bin:*:Enabled:metin2client"
"C:\Program Files\Mozilla Firefox\Sindicate\client.bin"="C:\Program Files\Mozilla Firefox\Sindicate\client.bin:*:Enabled:client"
"C:\Documents and Settings\Veronika\Plocha\Skype.exe"="C:\Documents and Settings\Veronika\Plocha\Skype.exe:*:Enabled:Skype "
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Metin2_TESTER\metin2.exe"="C:\Program Files\Metin2_TESTER\metin2.exe:*:Enabled:metin2"
"C:\Documents and Settings\Veronika\Plocha\Sindicate\client.bin"="C:\Documents and Settings\Veronika\Plocha\Sindicate\client.bin:*:Enabled:client"
"C:\Program Files\Metin2\metin2.bin"="C:\Program Files\Metin2\metin2.bin:*:Enabled:metin2"
"C:\Program Files\Metin2\metin2.exe"="C:\Program Files\Metin2\metin2.exe:*:Enabled:metin2"
"C:\Program Files\Metin2\metin2client.bin"="C:\Program Files\Metin2\metin2client.bin:*:Enabled:metin2client"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"msacm.dvacm"=c:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"VIDC.FPS1"=frapsvid.dll
"msacm.l3fhg"=mp3fhg.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"VIDC.FFDS"=ff_vfw.dll

======List of files/folders created in the last 1 month======

2011-11-11 08:37:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2641690$
2011-11-09 03:04:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893-v2$
2011-10-26 13:57:24 ----D---- C:\Program Files\Metin2
2011-10-13 02:09:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2564958$
2011-10-13 02:01:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2567053$
2011-10-13 02:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2592799$
2011-10-13 00:10:44 ----D---- C:\Program Files\Crawler

======List of files/folders modified in the last 1 month======

2011-11-12 16:53:33 ----D---- C:\Program Files\Trend Micro
2011-11-12 16:53:16 ----D---- C:\WINDOWS\Prefetch
2011-11-12 16:51:14 ----D---- C:\Documents and Settings\Veronika\Data aplikací\Skype
2011-11-12 16:18:42 ----D---- C:\WINDOWS\Temp
2011-11-12 15:41:55 ----A---- C:\WINDOWS\wincmd.ini
2011-11-12 15:01:55 ----D---- C:\Stažené soubory
2011-11-12 14:54:23 ----SHD---- C:\WINDOWS\Installer
2011-11-12 14:22:06 ----D---- C:\WINDOWS\system32\drivers
2011-11-12 13:47:32 ----D---- C:\WINDOWS\system32
2011-11-12 13:47:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-11-12 13:44:07 ----D---- C:\WINDOWS\SoftwareDistribution
2011-11-12 13:44:01 ----D---- C:\WINDOWS
2011-11-12 13:43:43 ----A---- C:\ASWL2K.ini
2011-11-12 13:43:16 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2011-11-12 13:34:04 ----N---- C:\WINDOWS\SchedLgU.Txt
2011-11-11 11:41:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2011-11-11 08:48:34 ----D---- C:\Program Files\CCleaner
2011-11-11 08:43:19 ----D---- C:\Program Files\Mozilla Firefox
2011-11-11 08:38:05 ----HD---- C:\WINDOWS\inf
2011-11-11 08:38:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-11-11 08:11:26 ----HD---- C:\WINDOWS\$hf_mig$
2011-11-10 18:22:15 ----D---- C:\Documents and Settings\Veronika\Data aplikací\Spyware Terminator
2011-11-09 09:47:58 ----D---- C:\WINDOWS\Debug
2011-11-09 03:00:49 ----A---- C:\WINDOWS\system32\MRT.exe
2011-11-08 22:04:18 ----D---- C:\WINDOWS\system32\CatRoot2
2011-10-26 13:57:24 ----RD---- C:\Program Files
2011-10-26 11:59:51 ----D---- C:\Documents and Settings\Veronika\Data aplikací\Media Player Classic
2011-10-13 02:15:40 ----RSD---- C:\WINDOWS\assembly
2011-10-13 02:12:56 ----D---- C:\WINDOWS\Microsoft.NET
2011-10-13 02:08:01 ----D---- C:\WINDOWS\WinSxS
2011-10-13 02:01:18 ----D---- C:\WINDOWS\system32\cs-cz
2011-10-13 02:01:18 ----D---- C:\Program Files\Internet Explorer
2011-10-13 02:01:00 ----D---- C:\WINDOWS\ie7updates

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-09-06 30808]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-09-06 34392]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-09-06 442200]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-09-06 320856]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-09-06 52568]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2011-04-14 20747]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-09-06 20568]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-09-06 110552]
R2 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2010-01-27 50704]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\system32\ASNDIS5.SYS []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-11-04 4423168]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2009-08-19 100368]
R3 BCM43XX;ASUS 802.11 ovladač síťového adaptéru; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-02-11 371712]
R3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 monfilt;monfilt; C:\WINDOWS\system32\drivers\monfilt.sys [2008-02-14 1389056]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-08-01 54784]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-08-01 22016]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2008-08-24 14208]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2009-03-26 1086208]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-11-04 602112]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-09-06 44768]
R2 ezGOSvc;Easybits GO Services for Windows; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-10 189728]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2011-02-25 496128]
S2 ASWLSVC;ASWLSVC; C:\WINDOWS\system32\ASWLSVC.exe [2004-05-06 496640]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-01 136176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-01 136176]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **Roli** » 12 lis 2011 22:53

Zdravím, tohle fixni v HJT :

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R3 - URLSearchHook: &Crawler Toolbar Helper - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: &Crawler Toolbar Helper - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

HJT najdeš zde :

C:\Program Files\trend micro\Veronika.exe

Fix znamená že spustíš HJT Obrázek

jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.

Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :

Služba Google Update (gupdate)

Služba Google Update (gupdatem)

klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.

Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém

Pak použij Mbam z mého podpisu a dej mi sem z něj log, předem nic nemazat !!!

taita · #3 Příspěvek od **taita** » 12 lis 2011 23:27

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 8148

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12.11.2011 23:25:56
mbam-log-2011-11-12 (23-25-56).txt

Typ kontroly: Rychlý test
Testované objekty: 154263
Uplynulý čas: 3 minut, 19 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

snad je to dobře mám i dát screen z HJT?

#4 Příspěvek od **Roli** » 13 lis 2011 19:06

Ano je to dobře, nyní ale použijeme větší kalibr tak že pozorně čti, protože tenhle softík netoleruje chyby.

Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.

V případě nejasností je ZDE obrázkový návod.

taita · #5 Příspěvek od **taita** » 13 lis 2011 20:51

#6 Příspěvek od **Roli** » 13 lis 2011 21:29

Ta složka je v pohodě, ale ten výpis nee.

Spusť ComboFix a dej mi sem z něj log,

bude vypadat jako ten na konci TOHOTO návodu.

taita · #7 Příspěvek od **taita** » 13 lis 2011 21:51

ComboFix 11-11-13.03 - Veronika 13.11.2011 21:37:11.1.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1286 [GMT 1:00]
Spuštěný z: c:\combofix\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Veronika\Dokumenty\~WRL2116.tmp
C:\HCT3B7.tmp
C:\HCT3B8.tmp
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\ezGOSvc.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EZGOSVC
-------\Service_ezGOSvc
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-13 do 2011-11-13 )))))))))))))))))))))))))))))))
.
.
2011-11-12 22:21 . 2011-11-12 22:21 -------- d-----w- c:\documents and settings\Veronika\Data aplikací\Malwarebytes
2011-11-12 22:21 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-12 22:21 . 2011-11-12 22:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-11-12 22:21 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-12 22:21 . 2011-11-12 22:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-12 13:54 . 2011-11-12 13:54 388096 ----a-r- c:\documents and settings\Veronika\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-26 12:57 . 2011-10-26 14:25 -------- d-----w- c:\program files\Metin2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-18 12:17 . 2011-05-16 09:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2011-02-25 14:16 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2006-03-02 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 18:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2006-03-02 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2006-03-02 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-06 20:45 . 2011-02-25 16:27 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2011-02-25 16:27 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-02-25 16:27 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2011-02-25 16:27 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2011-02-25 16:27 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2011-02-25 16:27 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2011-02-25 16:27 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2011-02-25 16:27 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2011-02-25 16:27 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2011-02-25 16:27 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 14:10 . 2006-03-02 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-17 21:25 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-08-17 21:25 . 2006-03-02 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-08-17 21:25 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-08-17 21:25 . 2006-03-02 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-08-17 13:49 . 2006-03-02 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-17 12:22 . 2006-03-02 12:00 389120 ----a-w- c:\windows\system32\html.iec
2011-03-23 11:03 . 2011-10-12 16:44 108424 ----a-w- c:\program files\Common Files\APNStub.exe
2011-11-11 07:42 . 2011-10-08 02:00 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-02-25 3318784]
"Clip2Net"="d:\program files\Clip2Net\clip2net.exe" [2008-01-17 1424384]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2011-06-01 2835968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-04-06 33603584]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2011-02-25 2216960]
"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2006-03-02 1667584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\Mozilla Firefox\\Sindicate\\client.bin"=
"c:\\Documents and Settings\\Veronika\\Plocha\\Skype.exe"=
"c:\\Documents and Settings\\Veronika\\Plocha\\Sindicate\\client.bin"=
"c:\\Program Files\\Metin2\\metin2.bin"=
"c:\\Program Files\\Metin2\\metin2.exe"=
"c:\\Program Files\\Metin2\\metin2client.bin"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [25.2.2011 17:27 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [25.2.2011 17:27 320856]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [25.2.2011 17:48 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25.2.2011 17:27 20568]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27.1.2010 3:09 50704]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [25.2.2011 15:57 1086208]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1.9.2011 9:24 136176]
S4 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1.9.2011 9:24 136176]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-01 08:23]
.
2011-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-01 08:23]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.speedbit.com/?aff=205
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Do fronty Star Downloaderu - c:\program files\Star Downloader\sdieenq.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Přisát se Star Downloaderem - c:\program files\Star Downloader\leechie.htm
IE: Stáhnout Star Downloaderem - c:\program files\Star Downloader\sdie.htm
TCP: DhcpNameServer = 10.0.0.138
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\documents and settings\Veronika\Data aplikací\Mozilla\Firefox\Profiles\l81148bc.default\
FF - prefs.js: browser.startup.homepage - www.centrum.cz
.
.
**************************************************************************
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory:
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3936)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-11-13 21:49:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-13 20:49
.
Před spuštěním: Volných bajtů: 49 484 304 384
Po spuštění: Volných bajtů: 49 522 352 128
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 6DDC637009008CB877D4A1FB9CCB6225

omlouvám se

jenom mám z toho dost velký strach

#8 Příspěvek od **Roli** » 13 lis 2011 22:24

taita píše:omlouvám se jenom mám z toho dost velký strach

Neboj to zvládnem, jen ještě dočistíme

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.

Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.

Stáhni a spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:

Kód: Vybrat vše

:processes
explorer.exe       

:files 
C:\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
c:\program files\Common Files\APNStub.exe

:commands
[purity]
[emptytemp]
[start explorer]

klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\

taita · #9 Příspěvek od **taita** » 13 lis 2011 22:26

All processes killed
========== PROCESSES ==========
Unable to kill active process explorer.exe!
========== FILES ==========
File/Folder C:\*.tmp not found.
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\002570_.tmp moved successfully.
C:\WINDOWS\msdownld.tmp folder moved successfully.
C:\WINDOWS\SET21.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
c:\program files\Common Files\APNStub.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Veronika
->Temp folder emptied: 30752009 bytes
->Temporary Internet Files folder emptied: 924127 bytes
->FireFox cache emptied: 50242619 bytes
->Flash cache emptied: 706 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 78,00 mb

OTM by OldTimer - Version 3.1.19.0 log created on 11132011_223401

taita · #10 Příspěvek od **taita** » 13 lis 2011 22:42

qoobox - nejde mi odnistalovat jenom čast se mi odinstalovala ne celá

#11 Příspěvek od **Roli** » 13 lis 2011 22:45

taita píše:qoobox - nejde mi odnistalovat jenom čast se mi odinstalovala ne celá

Měl by to napravit T-Cleaner.

Znovu spusť OTMoveIt a nahoře v aplikaci klini na CleanUP!

tímto po sobě uklidí.

Pak dej vědět jaký je stav PC.

taita · #12 Příspěvek od **taita** » 13 lis 2011 22:52

Logfile of random's system information tool 1.09 (written by random/random)
Run by Veronika at 2011-11-13 22:49:38
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 54 GB (68%) free of 80 GB
Total RAM: 2047 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:50:09, on 13.11.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17103)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
D:\Program Files\Clip2Net\clip2net.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Veronika.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.speedbit.com/?aff=205
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [Clip2Net] D:\Program Files\Clip2Net\clip2net.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Do fronty Star Downloaderu - c:\Program Files\Star Downloader\sdieenq.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Přisát se Star Downloaderem - c:\Program Files\Star Downloader\leechie.htm
O8 - Extra context menu item: Stáhnout Star Downloaderem - c:\Program Files\Star Downloader\sdie.htm
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 5706 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Veronika\Data aplikací\Mozilla\Firefox\Profiles\l81148bc.default

prefs.js - "browser.startup.homepage" - "www.centrum.cz"
prefs.js - "extensions.enabledItems" - "{4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.3, wrc@avast.com:20110101, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
crawlersrch.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Veronika\Data aplikací\Mozilla\Firefox\Profiles\l81148bc.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16 1164680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
DAPIELoader Class - C:\PROGRA~1\DAP\DAPIEL~1.DLL [2011-06-01 140880]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"=C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [2009-04-06 33603584]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-09-06 3722416]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2011-02-25 2216960]
"Control Center"=C:\Program Files\ASUS\WLAN Card Utilities\Center.exe [2006-03-02 1667584]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2011-02-25 3318784]
"Clip2Net"=D:\Program Files\Clip2Net\clip2net.exe [2008-01-17 1424384]
"DownloadAccelerator"=C:\Program Files\DAP\DAP.EXE [2011-06-01 2835968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-11-04 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Spyware Terminator Update Support"
"C:\Program Files\Mozilla Firefox\Sindicate\client.bin"="C:\Program Files\Mozilla Firefox\Sindicate\client.bin:*:Enabled:client"
"C:\Documents and Settings\Veronika\Plocha\Skype.exe"="C:\Documents and Settings\Veronika\Plocha\Skype.exe:*:Enabled:Skype "
"C:\Documents and Settings\Veronika\Plocha\Sindicate\client.bin"="C:\Documents and Settings\Veronika\Plocha\Sindicate\client.bin:*:Enabled:client"
"C:\Program Files\Metin2\metin2.bin"="C:\Program Files\Metin2\metin2.bin:*:Enabled:metin2"
"C:\Program Files\Metin2\metin2.exe"="C:\Program Files\Metin2\metin2.exe:*:Enabled:metin2"
"C:\Program Files\Metin2\metin2client.bin"="C:\Program Files\Metin2\metin2client.bin:*:Enabled:metin2client"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"msacm.dvacm"=c:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"VIDC.FPS1"=frapsvid.dll
"msacm.l3fhg"=mp3fhg.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"VIDC.FFDS"=ff_vfw.dll

======List of files/folders created in the last 1 month======

2011-11-13 22:49:38 ----D---- C:\rsit
2011-11-13 22:39:07 ----SHD---- C:\RECYCLER
2011-11-13 21:49:34 ----D---- C:\WINDOWS\temp
2011-11-13 21:35:58 ----A---- C:\Boot.bak
2011-11-13 21:35:52 ----RASHD---- C:\cmdcons
2011-11-13 21:31:21 ----D---- C:\Qoobox
2011-11-12 23:21:46 ----D---- C:\Documents and Settings\Veronika\Data aplikací\Malwarebytes
2011-11-12 23:21:35 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-11-12 23:21:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-11-12 23:21:30 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-11-12 23:21:29 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-11-11 08:37:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2641690$
2011-11-09 03:04:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893-v2$
2011-10-26 13:57:24 ----D---- C:\Program Files\Metin2

======List of files/folders modified in the last 1 month======

2011-11-13 22:50:09 ----D---- C:\Program Files\Trend Micro
2011-11-13 22:47:00 ----D---- C:\Stažené soubory
2011-11-13 22:45:51 ----D---- C:\WINDOWS
2011-11-13 22:43:54 ----D---- C:\Program Files\Mozilla Firefox
2011-11-13 22:43:46 ----SHD---- C:\System Volume Information
2011-11-13 22:43:46 ----D---- C:\WINDOWS\system32\Restore
2011-11-13 22:37:19 ----A---- C:\WINDOWS\wincmd.ini
2011-11-13 22:31:02 ----D---- C:\WINDOWS\Prefetch
2011-11-13 21:50:07 ----D---- C:\Documents and Settings\Veronika\Data aplikací\Spyware Terminator
2011-11-13 21:49:35 ----D---- C:\WINDOWS\system32\drivers
2011-11-13 21:49:14 ----D---- C:\WINDOWS\system32
2011-11-13 21:49:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-11-13 21:47:50 ----D---- C:\WINDOWS\system32\CatRoot2
2011-11-13 21:46:16 ----A---- C:\WINDOWS\system.ini
2011-11-13 21:46:15 ----A---- C:\ASWL2K.ini
2011-11-13 21:45:43 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2011-11-13 21:45:23 ----D---- C:\WINDOWS\system32\drivers\etc
2011-11-13 21:43:12 ----D---- C:\WINDOWS\system32\config
2011-11-13 21:39:56 ----D---- C:\WINDOWS\AppPatch
2011-11-13 21:39:53 ----D---- C:\Program Files\Common Files
2011-11-13 21:35:58 ----RASH---- C:\boot.ini
2011-11-13 21:34:36 ----N---- C:\WINDOWS\SchedLgU.Txt
2011-11-13 21:16:46 ----D---- C:\Documents and Settings\Veronika\Data aplikací\Media Player Classic
2011-11-13 20:58:47 ----RD---- C:\Program Files
2011-11-13 20:56:27 ----SHD---- C:\WINDOWS\Installer
2011-11-13 20:20:27 ----D---- C:\Documents and Settings\Veronika\Data aplikací\Skype
2011-11-12 21:14:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2011-11-12 21:13:59 ----RD---- C:\Program Files\Skype
2011-11-12 13:44:07 ----D---- C:\WINDOWS\SoftwareDistribution
2011-11-11 11:41:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2011-11-11 08:48:34 ----D---- C:\Program Files\CCleaner
2011-11-11 08:38:05 ----HD---- C:\WINDOWS\inf
2011-11-11 08:38:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-11-11 08:11:26 ----HD---- C:\WINDOWS\$hf_mig$
2011-11-09 09:47:58 ----D---- C:\WINDOWS\Debug
2011-11-09 03:00:49 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-09-06 30808]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-09-06 34392]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-09-06 442200]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-09-06 320856]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-09-06 52568]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2011-04-14 20747]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-09-06 20568]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-09-06 110552]
R2 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2010-01-27 50704]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\system32\ASNDIS5.SYS []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-11-04 4423168]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2009-08-19 100368]
R3 BCM43XX;ASUS 802.11 ovladač síťového adaptéru; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-02-11 371712]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 monfilt;monfilt; C:\WINDOWS\system32\drivers\monfilt.sys [2008-02-14 1389056]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-08-01 54784]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-08-01 22016]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2008-08-24 14208]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2009-03-26 1086208]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-11-04 602112]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-09-06 44768]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-10 189728]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2011-02-25 496128]
S2 ASWLSVC;ASWLSVC; C:\WINDOWS\system32\ASWLSVC.exe [2004-05-06 496640]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-01 136176]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-01 136176]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

rači sem házim log novej

ale nevim kde jsem asi urobila chybu pač ten soubor nechce odinstalovat qoobox - v něm BlackEnv

vím asi jsem strašná, ale nevim kde jsem asi urobila chybu dělala jsem podle tebe, ale možná jsem něco provedla

promin fakt díky za pomoc a trpělivost

#13 Příspěvek od **Roli** » 13 lis 2011 23:11

Spusť HijackThis, kde ho najdeš jsem už psal,

neprováděj sken, ale klikni na tlačítko Open the Misc Tools Section

nahoře jsou čtyři tlačítka, musí být zamáčknuté Misc Tools

najdi vlevo tlačítko Delete a file on reboot klikni na něj, v následujícím okně najdi soubor

C:\Qoobox

a potvrď,

v dalším okně potvrď restart PC a po restartu sem zkopíruj nový log z Rsit.

taita · #14 Příspěvek od **taita** » 13 lis 2011 23:19

nejde mi to přes HJT ani

ani nejde spustit a když jo jenom přes administrátor ale ten zbytek u tam co byl zmizel potom když jsem napsala Combixfix/uninstall tak část zmizelo, ale toto ne

Promin, ale mě zmizelo u hodin jak mám i net atd.

se mi tam vždycky objevovala jakou klavesnici mám CZ či EN nevim co se stalo

taita · #15 Příspěvek od **taita** » 14 lis 2011 09:23

Promin, že otravuji znovu, ale nelibí se mi dvě složky tam qoobox - který má podsložku BlackEvn nejde odinstalovat co jsem ti psala

druhá je pagefile - skoncoovkou divnou - činské či japonské znaky a nejde také ostranit

obě dvě se dostali přes Combofix pač ty to dvě věci nebyly před ti m tam

a nevim jak je dostat pryč

a nevim co se stalo s liškou dole na pravo- pač není tam v panelu Jazyk - na jakou mám puštěnou klavesnici CZ nebo EN skusila jsem i resetnout pc a nic.

Pc jede rychle a už se ne kouše.

Teď jsem si šimla, že mi přepsalo kde bylo ř například Přip. či v jednom souboru -s připonou txt. asi je to maličkost či co, ale rači sem to píšu.

VIRY.CZ

Preventivní kontrola

Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola