Prosim o kompletni kontrolu :( spyfalcon ovladl firewall
Napsal: 18 dub 2012 12:14
Dobry den. Ahoj. 
Muj PC to neni, a uzivatel ma problem poradit se (profil je zalozen pro nej, ale prozatim jen preposila text), - pomaham zdarma pote co se uzivatel nemohl dostat na net > uz muze (kabel+wi-fi, modem /dns-cache/ byl na kasi, viz dale), ...ja se o PC nezajimam a presahuje to moje moznosti
Prosim o radu. Dekuji za uzivatele "wercon".
Popis : ...kdyz najdu chyby, podela se dalsi, v registrech je polozka s nazvem jako ''cinske znaky'', Bod obnovy to neprijme, ve Start menu mizi slozky.
- Windows Vista Home Premium CZ (OEM) Service Pack 2, 32bit / Stolni PC, deska: ASUS P5LD2 SE / Intel Core 2 Duo 1,8 GHz / RAM 2x512 MB / OEM: reinstall CD neni (nedostal), recovery disk take ne, alokovane misto bylo, ale obsah neni. (obrazek)
http://img94.imageshack.us/img94/6495/diskyq.jpg
- Avira (jadro 2011, neproveden produkt update 2012) + Ccleaner v.2.23 (misto v.3.27)
- Zone Alarm : podle inslal logu 2009 chyba pri instalaci produktove aktualizace, nasledek: ridici proces "vsmon" nebezel pod ZA, ale primo z C:Windows = ovladal funkci ZA,
- i nastaveni Mozilly bylo ''pouzivej systemove nastaveni proxy'' = evidentne byl zajem kontrolovat firewall a proxy.
- Modem / Cache : DNS cache drzi cestu k napr.: noogle.it, tisacli.it... (neexistujici prekliky), a naopak nezobrazuje cestu/cache k napr. microsoft, zolelabs (viz vsmon), ani ZADNOU navstivenou www. /flushdns nic nereseni = zaznamy se drzi < po cisteni a prvnich zasazich je DNS cache OK, po zapnuti: microsoft, zonelabs, zobrazuje i navstivene www.
- Windows Defender nejede po spusteni PC (nastaven je), pristup pres Panely hodi chybu "chyba inicializace 0x800106ba" < nastaven ve sluzbach na Automaticky.
- REVO Uninstaller nedelal body obnovy. Java U26 (novejsi U31 nebyla) s sebou pryc tahla i jakesi polozky Ad-ware (nikoli Ad-ware 2007).
- NERO : pri odinstalaci Nero General-Cleanerem zacaly litat hlasky ''Microsoft registy writer nepracuje'', a nasledkem NGC pod ikonkou Start/Spustit Start Menu chybi slozky programu i napr. Prislusenstvi postrada skoro vse - kalulacku, notepad..., i systemove nastroje - disk defrag, disk clean... (obrazek)
http://img42.imageshack.us/img42/8713/menumf.jpg
Malwarebytes + Avira - o.k.
* * * HiJACK THIS * * * prvotne ani nesel spustit, chyba pod C++ jakoby ho odmitly registry, a ja uz s tim nic nedelam, protoze to nema vyzmam bez odbornejsiho reseni...
RSIT nesel spustit, ...u nekterych programu to odmita spravce, i kdyz uzivatel spravce je.
A dokud sem nehledal spy-dll ani se neslo pripojit na net, aniz by modem nedelal co chtel (viz o DNS cache), a tak sem ''to prorval'' Combo Fixem, a po nem a nalezu spy-dll to nastesti uz slo > ale reseni to neni...
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:29:43, on 18.4.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskmgr.exe
C:\HiJack This\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [Print2PDF Print Monitor] "C:\Program Files\Software602\Print2PDF\Print2PDF.exe" /server
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 6395 bytes
/
* * * COMBO FIX - KARANTENA * * *
( PC byl porizen 3/2007 jako novy, a tak prosim o vyjadreni ''co je ten zapis 2005?'' - dekuji extra )
2012-04-15 17:12:39 . 2012-04-15 17:12:39 460 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Crypta v1.3.reg.dat
2012-04-15 17:12:17 . 2012-04-15 17:12:17 146 ----a-w- C:\Qoobox\Quarantine\Registry_backups\ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}.reg.dat
2012-04-15 17:07:22 . 2012-04-15 17:07:22 3,639 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-04-15 16:59:43 . 2012-04-15 17:02:53 82 ----a-w- C:\Qoobox\Quarantine\catchme.log
2010-05-26 07:40:51 . 1998-11-13 11:58:08 307,200 ----a-w- C:\Qoobox\Quarantine\C\Windows\IsUn0405.exe.vir
2008-05-13 15:44:03 . 2008-03-03 13:06:04 279,440 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\drivers\~GLH0014.TMP.vir
2007-08-22 19:48:28 . 2007-06-21 05:01:00 545 ----a-w- C:\Qoobox\Quarantine\C\Windows\pkunzip.pif.vir
2007-08-22 19:48:28 . 2007-06-21 05:01:00 545 ----a-w- C:\Qoobox\Quarantine\C\Windows\pkzip.pif.vir
2005-12-07 11:31:00 . 2005-12-07 11:31:00 202,752 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\CddbCdda.dll.vir
/
* * * COMBO FIX - LOG * * *
ComboFix 12-04-15.02 - Jaroslav 15.04.2012 19:02:53.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.1022.425 [GMT 2:00]
Spuštěný z: c:\users\Jaroslav\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0405.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\CddbCdda.dll
c:\windows\system32\drivers\~GLH0014.TMP
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-15 do 2012-04-15 )))))))))))))))))))))))))))))))
.
.
2012-04-15 17:09 . 2012-04-15 17:10 -------- d-----w- c:\users\Jaroslav\AppData\Local\temp
2012-04-15 17:09 . 2012-04-15 17:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-15 14:01 . 2012-04-15 14:01 -------- d-----w- c:\program files\Lavalys
2012-04-15 13:09 . 2012-04-15 13:09 -------- d-----w- c:\program files\SecurityXploded
2012-04-15 12:31 . 2012-04-15 12:31 -------- d-----w- c:\users\Jaroslav\AppData\Roaming\CleanMyPC Software
2012-04-14 20:14 . 2012-04-14 20:14 -------- d-----w- c:\users\Jaroslav\AppData\Local\ATI
2012-04-14 19:43 . 2012-04-14 19:43 -------- d-----w- c:\users\Jaroslav\AppData\Local\Adobe
2012-04-14 19:36 . 2012-04-14 19:40 -------- d-----w- C:\ccleaner_zaloha registru
2012-04-14 17:54 . 2012-04-14 20:11 -------- d-----w- c:\windows\system32\C2MP
2012-04-14 17:02 . 2012-04-14 17:02 -------- d-----w- C:\UsbFix
2012-04-14 17:01 . 2012-04-14 17:52 -------- d-----w- C:\HiJack This
2012-04-14 17:01 . 2012-04-14 17:02 -------- d-----w- c:\program files\OpenOffice.org 3
2012-04-14 16:46 . 2012-04-15 13:11 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-14 16:46 . 2012-04-15 13:11 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-14 16:45 . 2012-04-14 16:45 -------- d-----w- c:\program files\Common Files\Java
2012-04-14 16:43 . 2012-04-14 16:43 -------- d-----w- c:\program files\Java
2012-04-14 16:14 . 2012-04-14 16:14 -------- d-----w- c:\users\Jaroslav\AppData\Roaming\CheckPoint
2012-04-14 16:12 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2012-04-14 16:10 . 2012-04-14 16:10 -------- d-----w- c:\programdata\CheckPoint
2012-04-14 15:51 . 2012-04-14 15:51 -------- d-----w- c:\users\Jaroslav\AppData\Roaming\Avira
2012-04-14 15:45 . 2012-01-31 06:57 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-04-14 15:45 . 2012-01-31 06:57 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-04-14 15:45 . 2011-09-16 14:09 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-04-14 15:45 . 2012-04-14 15:45 -------- d--h--w- c:\programdata\Avira
2012-04-14 15:45 . 2012-04-14 15:45 -------- d-----w- c:\program files\Avira
2012-04-13 17:45 . 2012-04-13 17:45 -------- d-----w- c:\program files\Auslogics
2012-04-13 17:44 . 2012-04-13 17:44 -------- d-----w- c:\program files\CCleaner
2012-04-13 17:42 . 2012-04-13 17:42 -------- d-----w- C:\totalcmd
2012-04-13 15:39 . 2012-04-13 15:39 -------- d-----w- c:\program files\VS Revo Group
2012-04-13 12:26 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FF0BCCD-9D2A-433E-8F82-1F0A0003B690}\mpengine.dll
2012-04-12 14:25 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 14:25 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 14:25 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 14:25 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 14:25 . 2012-03-06 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 14:25 . 2012-03-06 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 10:17 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 16:43 . 2010-05-10 13:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-23 08:18 . 2009-10-04 07:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-14 15:45 . 2012-03-14 17:14 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 17:14 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-14 17:14 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-14 17:14 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-14 17:14 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-02 15:16 . 2012-03-14 17:14 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 04:38 . 2012-04-14 16:32 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Print2PDF Print Monitor"="c:\program files\Software602\Print2PDF\Print2PDF.exe" [2010-12-03 141368]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 19:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 21:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Print2PDF Print Monitor]
2010-12-03 15:47 141368 ----a-w- c:\program files\Software602\Print2PDF\Print2PDF.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 14:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4208946421-1332506679-3958708609-1000]
"EnableNotificationsRef"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]
S2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [2010-04-14 73728]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 13:11]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Jaroslav\AppData\Roaming\Mozilla\Firefox\Profiles\uw2wm0ru.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
AddRemove-Crypta v1.3 - c:\windows\IsUn0405.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-15 19:10
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2012-04-15 19:14:04
ComboFix-quarantined-files.txt 2012-04-15 17:14
.
Před spuštěním: Volných bajtů: 97 733 365 760
Po spuštění: Volných bajtů: 97 361 006 592
.
- - End Of File - - 6408CB3B51E416D456FAF9C68E478AAF
/
* * * MWAV * * * doplneno o cestu k registrum
Preferences: All Files
CRITICAL: 8
ERRORs: 192
Object "AntiMalware Spyware/Adware" found in File System! Action Taken: No Action Taken.
>>>
16 IV 2012 12:50:08 - System found infected with AntiMalware Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{5E2121EE-0300-11D4-8D3B-444553540000})! Action taken: No Action Taken.
Object "Generic Protect Antivirus" found in File System! Action Taken: No Action Taken.
>>>
16 IV 2012 12:50:10 - Offending file found: C:\Windows\TEMP\IswTmp\WH\0
16 IV 2012 12:50:11 - Offending file found: C:\Users\Jaroslav\AppData\Local\temp\IswTmp\WH\0
16 IV 2012 12:50:11 - System found infected with Generic Protect Antivirus (0)! Action taken: No Action Taken.
Object "Backdoor (IRCBot) Trojans Spyware/Adware" found in File System! Action Taken: No Action Taken.
>>>
6 IV 2012 12:50:18 - Offending Registry Entry found: HKCU\SOFTWARE\Wget
16 IV 2012 12:50:18 - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\SOFTWARE\Wget)! Action taken: No Action Taken.
Object "Backdoor (IRCBot) Trojans Spyware/Adware" found in File System! Action Taken: No Action Taken.
>>>
16 IV 2012 12:50:18 - Offending Registry Entry found: HKCU\Software\Microsoft\OLE
16 IV 2012 12:50:18 - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\Software\Microsoft\OLE)! Action taken: No Action Taken.
Object "AntiSpyware Pro XP Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
>>>
16 IV 2012 12:50:20 - Offending Registry Entry found: HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers
16 IV 2012 12:50:20 - System found infected with AntiSpyware Pro XP Corrupted Adware/Spyware (HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers)! Action taken: No Action Taken.
File C:\$RECYCLE.BIN\S-1-5-21-4208946421-1332506679-3958708609-1000\$RMWLUJ1.exe infected by "THREAT_TYPE_ARCHBOMB (DB)" Virus! Action Taken: No Action Taken.
>>>
17 IV 2012 09:29:41 - ScanFile took 20.03 Secs [C:\$RECYCLE.BIN\S-1-5-21-4208946421-1332506679-3958708609-1000\$RMWLUJ1.exe]...
17 IV 2012 09:29:41 - File C:\$RECYCLE.BIN\S-1-5-21-4208946421-1332506679-3958708609-1000\$RMWLUJ1.exe infected by "THREAT_TYPE_ARCHBOMB (DB)" Virus! Action Taken: No Action Taken.
File C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\3f0-0\System.Data.Entity.dll infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
>>>
17 IV 2012 10:09:22 - Scanning File C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\3f0-0\System.Data.Entity.dll
17 IV 2012 10:09:22 - File C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\3f0-0\System.Data.Entity.dll infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\3f0-0\System.Data.Entity.dll infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
>>>
17 IV 2012 11:31:31 - Scanning File C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\3f0-0\System.Data.Entity.dll
17 IV 2012 11:31:31 - File C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\3f0-0\System.Data.Entity.dll infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Windows\Installer\{235BBFC6-D863-4066-A01A-3BD504C31029}\". Action Taken: No Action Taken.
Nalezy NERO/Ahead nejsou v textu, celkem 150 zaznamu :
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Nero\Nero 7\Nero Toolkit\". Action Taken: No Action Taken.
( ... )
Nalezy FileExts nejsou v textu, celkem 20 zaznamu :
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jtd". Action Taken: No Action Taken.
( ... )
* * * Dekuji * * *
Muj PC to neni, a uzivatel ma problem poradit se (profil je zalozen pro nej, ale prozatim jen preposila text), - pomaham zdarma pote co se uzivatel nemohl dostat na net > uz muze (kabel+wi-fi, modem /dns-cache/ byl na kasi, viz dale), ...ja se o PC nezajimam a presahuje to moje moznosti
Prosim o radu. Dekuji za uzivatele "wercon".
Popis : ...kdyz najdu chyby, podela se dalsi, v registrech je polozka s nazvem jako ''cinske znaky'', Bod obnovy to neprijme, ve Start menu mizi slozky.
- Windows Vista Home Premium CZ (OEM) Service Pack 2, 32bit / Stolni PC, deska: ASUS P5LD2 SE / Intel Core 2 Duo 1,8 GHz / RAM 2x512 MB / OEM: reinstall CD neni (nedostal), recovery disk take ne, alokovane misto bylo, ale obsah neni. (obrazek)
http://img94.imageshack.us/img94/6495/diskyq.jpg
- Avira (jadro 2011, neproveden produkt update 2012) + Ccleaner v.2.23 (misto v.3.27)
- Zone Alarm : podle inslal logu 2009 chyba pri instalaci produktove aktualizace, nasledek: ridici proces "vsmon" nebezel pod ZA, ale primo z C:Windows = ovladal funkci ZA,
- i nastaveni Mozilly bylo ''pouzivej systemove nastaveni proxy'' = evidentne byl zajem kontrolovat firewall a proxy.
- Modem / Cache : DNS cache drzi cestu k napr.: noogle.it, tisacli.it... (neexistujici prekliky), a naopak nezobrazuje cestu/cache k napr. microsoft, zolelabs (viz vsmon), ani ZADNOU navstivenou www. /flushdns nic nereseni = zaznamy se drzi < po cisteni a prvnich zasazich je DNS cache OK, po zapnuti: microsoft, zonelabs, zobrazuje i navstivene www.
- Windows Defender nejede po spusteni PC (nastaven je), pristup pres Panely hodi chybu "chyba inicializace 0x800106ba" < nastaven ve sluzbach na Automaticky.
- REVO Uninstaller nedelal body obnovy. Java U26 (novejsi U31 nebyla) s sebou pryc tahla i jakesi polozky Ad-ware (nikoli Ad-ware 2007).
- NERO : pri odinstalaci Nero General-Cleanerem zacaly litat hlasky ''Microsoft registy writer nepracuje'', a nasledkem NGC pod ikonkou Start/Spustit Start Menu chybi slozky programu i napr. Prislusenstvi postrada skoro vse - kalulacku, notepad..., i systemove nastroje - disk defrag, disk clean... (obrazek)
http://img42.imageshack.us/img42/8713/menumf.jpg
Malwarebytes + Avira - o.k.
* * * HiJACK THIS * * * prvotne ani nesel spustit, chyba pod C++ jakoby ho odmitly registry, a ja uz s tim nic nedelam, protoze to nema vyzmam bez odbornejsiho reseni...
RSIT nesel spustit, ...u nekterych programu to odmita spravce, i kdyz uzivatel spravce je.
A dokud sem nehledal spy-dll ani se neslo pripojit na net, aniz by modem nedelal co chtel (viz o DNS cache), a tak sem ''to prorval'' Combo Fixem, a po nem a nalezu spy-dll to nastesti uz slo > ale reseni to neni...
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:29:43, on 18.4.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskmgr.exe
C:\HiJack This\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [Print2PDF Print Monitor] "C:\Program Files\Software602\Print2PDF\Print2PDF.exe" /server
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 6395 bytes
/
* * * COMBO FIX - KARANTENA * * *
( PC byl porizen 3/2007 jako novy, a tak prosim o vyjadreni ''co je ten zapis 2005?'' - dekuji extra )
2012-04-15 17:12:39 . 2012-04-15 17:12:39 460 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Crypta v1.3.reg.dat
2012-04-15 17:12:17 . 2012-04-15 17:12:17 146 ----a-w- C:\Qoobox\Quarantine\Registry_backups\ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}.reg.dat
2012-04-15 17:07:22 . 2012-04-15 17:07:22 3,639 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-04-15 16:59:43 . 2012-04-15 17:02:53 82 ----a-w- C:\Qoobox\Quarantine\catchme.log
2010-05-26 07:40:51 . 1998-11-13 11:58:08 307,200 ----a-w- C:\Qoobox\Quarantine\C\Windows\IsUn0405.exe.vir
2008-05-13 15:44:03 . 2008-03-03 13:06:04 279,440 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\drivers\~GLH0014.TMP.vir
2007-08-22 19:48:28 . 2007-06-21 05:01:00 545 ----a-w- C:\Qoobox\Quarantine\C\Windows\pkunzip.pif.vir
2007-08-22 19:48:28 . 2007-06-21 05:01:00 545 ----a-w- C:\Qoobox\Quarantine\C\Windows\pkzip.pif.vir
2005-12-07 11:31:00 . 2005-12-07 11:31:00 202,752 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\CddbCdda.dll.vir
/
* * * COMBO FIX - LOG * * *
ComboFix 12-04-15.02 - Jaroslav 15.04.2012 19:02:53.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.1022.425 [GMT 2:00]
Spuštěný z: c:\users\Jaroslav\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0405.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\CddbCdda.dll
c:\windows\system32\drivers\~GLH0014.TMP
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-15 do 2012-04-15 )))))))))))))))))))))))))))))))
.
.
2012-04-15 17:09 . 2012-04-15 17:10 -------- d-----w- c:\users\Jaroslav\AppData\Local\temp
2012-04-15 17:09 . 2012-04-15 17:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-15 14:01 . 2012-04-15 14:01 -------- d-----w- c:\program files\Lavalys
2012-04-15 13:09 . 2012-04-15 13:09 -------- d-----w- c:\program files\SecurityXploded
2012-04-15 12:31 . 2012-04-15 12:31 -------- d-----w- c:\users\Jaroslav\AppData\Roaming\CleanMyPC Software
2012-04-14 20:14 . 2012-04-14 20:14 -------- d-----w- c:\users\Jaroslav\AppData\Local\ATI
2012-04-14 19:43 . 2012-04-14 19:43 -------- d-----w- c:\users\Jaroslav\AppData\Local\Adobe
2012-04-14 19:36 . 2012-04-14 19:40 -------- d-----w- C:\ccleaner_zaloha registru
2012-04-14 17:54 . 2012-04-14 20:11 -------- d-----w- c:\windows\system32\C2MP
2012-04-14 17:02 . 2012-04-14 17:02 -------- d-----w- C:\UsbFix
2012-04-14 17:01 . 2012-04-14 17:52 -------- d-----w- C:\HiJack This
2012-04-14 17:01 . 2012-04-14 17:02 -------- d-----w- c:\program files\OpenOffice.org 3
2012-04-14 16:46 . 2012-04-15 13:11 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-14 16:46 . 2012-04-15 13:11 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-14 16:45 . 2012-04-14 16:45 -------- d-----w- c:\program files\Common Files\Java
2012-04-14 16:43 . 2012-04-14 16:43 -------- d-----w- c:\program files\Java
2012-04-14 16:14 . 2012-04-14 16:14 -------- d-----w- c:\users\Jaroslav\AppData\Roaming\CheckPoint
2012-04-14 16:12 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2012-04-14 16:10 . 2012-04-14 16:10 -------- d-----w- c:\programdata\CheckPoint
2012-04-14 15:51 . 2012-04-14 15:51 -------- d-----w- c:\users\Jaroslav\AppData\Roaming\Avira
2012-04-14 15:45 . 2012-01-31 06:57 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-04-14 15:45 . 2012-01-31 06:57 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-04-14 15:45 . 2011-09-16 14:09 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-04-14 15:45 . 2012-04-14 15:45 -------- d--h--w- c:\programdata\Avira
2012-04-14 15:45 . 2012-04-14 15:45 -------- d-----w- c:\program files\Avira
2012-04-13 17:45 . 2012-04-13 17:45 -------- d-----w- c:\program files\Auslogics
2012-04-13 17:44 . 2012-04-13 17:44 -------- d-----w- c:\program files\CCleaner
2012-04-13 17:42 . 2012-04-13 17:42 -------- d-----w- C:\totalcmd
2012-04-13 15:39 . 2012-04-13 15:39 -------- d-----w- c:\program files\VS Revo Group
2012-04-13 12:26 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FF0BCCD-9D2A-433E-8F82-1F0A0003B690}\mpengine.dll
2012-04-12 14:25 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 14:25 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 14:25 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 14:25 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 14:25 . 2012-03-06 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 14:25 . 2012-03-06 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 10:17 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 16:43 . 2010-05-10 13:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-23 08:18 . 2009-10-04 07:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-14 15:45 . 2012-03-14 17:14 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 17:14 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-14 17:14 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-14 17:14 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-14 17:14 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-02 15:16 . 2012-03-14 17:14 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 04:38 . 2012-04-14 16:32 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Print2PDF Print Monitor"="c:\program files\Software602\Print2PDF\Print2PDF.exe" [2010-12-03 141368]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 19:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 21:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Print2PDF Print Monitor]
2010-12-03 15:47 141368 ----a-w- c:\program files\Software602\Print2PDF\Print2PDF.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 14:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4208946421-1332506679-3958708609-1000]
"EnableNotificationsRef"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]
S2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [2010-04-14 73728]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 13:11]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Jaroslav\AppData\Roaming\Mozilla\Firefox\Profiles\uw2wm0ru.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
AddRemove-Crypta v1.3 - c:\windows\IsUn0405.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-15 19:10
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2012-04-15 19:14:04
ComboFix-quarantined-files.txt 2012-04-15 17:14
.
Před spuštěním: Volných bajtů: 97 733 365 760
Po spuštění: Volných bajtů: 97 361 006 592
.
- - End Of File - - 6408CB3B51E416D456FAF9C68E478AAF
/
* * * MWAV * * * doplneno o cestu k registrum
Preferences: All Files
CRITICAL: 8
ERRORs: 192
Object "AntiMalware Spyware/Adware" found in File System! Action Taken: No Action Taken.
>>>
16 IV 2012 12:50:08 - System found infected with AntiMalware Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{5E2121EE-0300-11D4-8D3B-444553540000})! Action taken: No Action Taken.
Object "Generic Protect Antivirus" found in File System! Action Taken: No Action Taken.
>>>
16 IV 2012 12:50:10 - Offending file found: C:\Windows\TEMP\IswTmp\WH\0
16 IV 2012 12:50:11 - Offending file found: C:\Users\Jaroslav\AppData\Local\temp\IswTmp\WH\0
16 IV 2012 12:50:11 - System found infected with Generic Protect Antivirus (0)! Action taken: No Action Taken.
Object "Backdoor (IRCBot) Trojans Spyware/Adware" found in File System! Action Taken: No Action Taken.
>>>
6 IV 2012 12:50:18 - Offending Registry Entry found: HKCU\SOFTWARE\Wget
16 IV 2012 12:50:18 - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\SOFTWARE\Wget)! Action taken: No Action Taken.
Object "Backdoor (IRCBot) Trojans Spyware/Adware" found in File System! Action Taken: No Action Taken.
>>>
16 IV 2012 12:50:18 - Offending Registry Entry found: HKCU\Software\Microsoft\OLE
16 IV 2012 12:50:18 - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\Software\Microsoft\OLE)! Action taken: No Action Taken.
Object "AntiSpyware Pro XP Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
>>>
16 IV 2012 12:50:20 - Offending Registry Entry found: HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers
16 IV 2012 12:50:20 - System found infected with AntiSpyware Pro XP Corrupted Adware/Spyware (HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers)! Action taken: No Action Taken.
File C:\$RECYCLE.BIN\S-1-5-21-4208946421-1332506679-3958708609-1000\$RMWLUJ1.exe infected by "THREAT_TYPE_ARCHBOMB (DB)" Virus! Action Taken: No Action Taken.
>>>
17 IV 2012 09:29:41 - ScanFile took 20.03 Secs [C:\$RECYCLE.BIN\S-1-5-21-4208946421-1332506679-3958708609-1000\$RMWLUJ1.exe]...
17 IV 2012 09:29:41 - File C:\$RECYCLE.BIN\S-1-5-21-4208946421-1332506679-3958708609-1000\$RMWLUJ1.exe infected by "THREAT_TYPE_ARCHBOMB (DB)" Virus! Action Taken: No Action Taken.
File C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\3f0-0\System.Data.Entity.dll infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
>>>
17 IV 2012 10:09:22 - Scanning File C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\3f0-0\System.Data.Entity.dll
17 IV 2012 10:09:22 - File C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\3f0-0\System.Data.Entity.dll infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\3f0-0\System.Data.Entity.dll infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
>>>
17 IV 2012 11:31:31 - Scanning File C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\3f0-0\System.Data.Entity.dll
17 IV 2012 11:31:31 - File C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\3f0-0\System.Data.Entity.dll infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Windows\Installer\{235BBFC6-D863-4066-A01A-3BD504C31029}\". Action Taken: No Action Taken.
Nalezy NERO/Ahead nejsou v textu, celkem 150 zaznamu :
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Nero\Nero 7\Nero Toolkit\". Action Taken: No Action Taken.
( ... )
Nalezy FileExts nejsou v textu, celkem 20 zaznamu :
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jtd". Action Taken: No Action Taken.
( ... )
* * * Dekuji * * *
ja uz neveril tomu co delam, byt' delam zadarno a uzivatel neme zalozni cd, tak by clovek litoval kazdeho spatneho rozhodnuti...
nestacim... ale prozatim, ale vse musim delat ja, uzivatel na to nestaci...
