VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Spamy na Facebooku

https://forum.viry.cz:443/viewtopic.php?t=122417

Stránka 1 z 1

Spamy na Facebooku

Napsal: 19 čer 2012 14:33
od simeczek
Zdravím, mám problém (nejspíše s nějakým virem) na sociální síti Facebook - dále jen FB. Jedná se o to, že jsem nerozvážně stáhl nějaký podezřelý soubor (v zip), který mi poslal přes chat můj přítel. Vím, že teď jsem asi udělal obrovskou chybu, ale já jsem ten soubor otevřel. Nic se nestalo, ale od té doby, když pošlu na FB nějakou zprávu nebo nepíšu příspěvek či komentář, tak místo mého textu se objeví jen odkaz na nějaké chorvatské noviny nebo na stažení toho souboru, co jsem sám stáhl. Zkusím sem dodat obrázky na "před" a "po" naspání komentáře. Další problém je, že tyto komentáře nejdou smazat (normálně jdou) a ujistil jsem se i , že chyba je v mém PC, protože z jiného mi to jde v pořádku. Prosím o pomoc nebo alespoň o nějakou jinou odpověď. S pozdravem M.Š.

před - http://2i.cz/51265872a1 (odkaz na server imgupload)
po - http://2i.cz/26512f05d6 (odkaz na server imgupload)

------------------------------------------------------------------------------------------------------------------------------------------------------------------

Logfile of random's system information tool 1.09 (written by random/random)
Run by xx at 2012-06-19 15:31:35
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 81 GB (27%) free of 305 GB
Total RAM: 2047 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:31:41, on 19.6.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\windows\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Jet Screenshot\jetScreenshot.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\System32\svchost.exe
C:\Documents and Settings\xx\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\xx\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\xx\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\xx\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\xx\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\windows\system32\wscntfy.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.17.48\ccSvcHst.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\xx\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\xx.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search13.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://zonedirector.com/1/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search13.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: GdfrDUEn - {A3CF7606-E683-4375-A372-96B75DA0AEF7} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O2 - BHO: Help the General-Search Project - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\DOCUME~1\xx\DATAAP~1\Media Finder\Extensions\gencrawler_gc.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - (no file)
O3 - Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Monitor] C:\windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Windows Login access] C:\Documents and Settings\xx\Data aplikací\web2net.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [System] C:\Documents and Settings\xx\Music\lst.exe
O4 - HKCU\..\Run: [Jet Screenshot] "C:\Program Files\Jet Screenshot\jetScreenshot.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\xx\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Microsoft Windows System] C:\Documents and Settings\xx\P-7-78-8964-9648-3874\winsam.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\xx\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\windows\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\windows\system32\shdocvw.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\windows\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\windows\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9632077046
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati ... 0.31.0.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} (Battlefield Play4Free Updater) - https://battlefield.play4free.com/stati ... 0.66.2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ArcGIS License Manager - Unknown owner - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (file missing)
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.17.48\SymcPCCULaunchSvc.exe
O23 - Service: Overwolf Updater Service (OverwolfUpdaterService) - Unknown owner - C:\Program Files\Overwolf\OverwolfUpdater.exe (file missing)
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.17.48\ccSvcHst.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\windows\system32\sfrem01.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 12645 bytes

======Scheduled tasks folder======

C:\windows\tasks\Adobe Flash Player Updater.job
C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1409082233-1592454029-839522115-1003Core.job
C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1409082233-1592454029-839522115-1003UA.job
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1592454029-839522115-1003Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1592454029-839522115-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
Babylon toolbar helper - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll [2011-08-14 270960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-05-30 4014280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D}]
Help the General-Search Project - C:\DOCUME~1\xx\DATAAP~1\Media Finder\Extensions\gencrawler_gc.dll [2012-03-06 431104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-10-18 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440}
{855F3B16-6D32-4FE6-8A56-BBB695989046}
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
{EEE6C35B-6118-11DC-9C72-001320C79847}
{98889811-442D-49dd-99D7-DC866BE87DBC} - Babylon Toolbar - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll [2011-08-14 237680]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\windows\RTHDCPL.EXE [2008-10-28 17331200]
"Alcmtr"=C:\windows\ALCMTR.EXE [2008-06-19 57344]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Monitor"=C:\windows\PixArt\PAC207\Monitor.exe []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"avast!"=C:\Program Files\Alwil Software\Avast4\ashDisp.exe [2009-02-05 81000]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"Windows Login access"=C:\Documents and Settings\xx\Data aplikací\web2net.exe [2012-06-17 122880]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\windows\system32\ctfmon.exe [2008-04-14 15360]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-08-09 1961984]
"System"=C:\Documents and Settings\xx\Music\lst.exe [2010-08-01 10752]
"Jet Screenshot"=C:\Program Files\Jet Screenshot\jetScreenshot.exe [2011-08-01 1761280]
"Facebook Update"=C:\Documents and Settings\xx\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe [2011-10-18 137536]
"Microsoft Windows System"=C:\Documents and Settings\xx\P-7-78-8964-9648-3874\winsam.exe [2012-06-16 16380413]
"Google Update"=C:\Documents and Settings\xx\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2012-03-26 116648]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\windows\system32\Ati2evxx.dll [2009-02-03 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
WgaLogon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\FlatOut2\FlatOut2.exe"="C:\Program Files\FlatOut2\FlatOut2.exe:*:Enabled:FlatOut2"
"C:\Program Files\Ubi Soft\IL-2 Sturmovik Forgotten Battles\il2fb.exe"="C:\Program Files\Ubi Soft\IL-2 Sturmovik Forgotten Battles\il2fb.exe:*:Enabled:il2fb"
"C:\Program Files\Cenega Czech\VIETCONG\vietcong.exe"="C:\Program Files\Cenega Czech\VIETCONG\vietcong.exe:*:Enabled:vietcong"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe"="C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader"
"C:\Program Files\Track Mania\TrackMania.exe"="C:\Program Files\Track Mania\TrackMania.exe:*:Enabled:TrackMania"
"C:\Program Files\TmNationsForever\TmForever.exe"="C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Ubi Soft\IL-2 Sturmovik Forgotten Battles\il2.exe"="C:\Program Files\Ubi Soft\IL-2 Sturmovik Forgotten Battles\il2.exe:*:Enabled:il2"
"C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat"="C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\patchget.dat"="C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\patchget.dat:*:Enabled:patchgrabber"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ"
"C:\Documents and Settings\xx\Plocha\Star Trek Downloader ST.0.20100123a.5.exe"="C:\Documents and Settings\xx\Plocha\Star Trek Downloader ST.0.20100123a.5.exe:*:Enabled:Star Trek Downloader ST.0.20100123a.5"
"C:\Program Files\id Software\Quake 4\Quake4.exe"="C:\Program Files\id Software\Quake 4\Quake4.exe:*:Enabled:Quake 4"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\Cenega Czech\VIETCONG\vcded.exe"="C:\Program Files\Cenega Czech\VIETCONG\vcded.exe:*:Enabled:vcded"
"C:\Program Files\MC2\Sniper Elite\SniperElite.exe"="C:\Program Files\MC2\Sniper Elite\SniperElite.exe:*:Enabled:SniperElite"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\EA GAMES\Battlefield 2\Bf2_w32ded.exe"="C:\Program Files\EA GAMES\Battlefield 2\Bf2_w32ded.exe:*:Enabled:Bf2_w32ded"
"C:\Documents and Settings\xx\Local Settings\Temp\Rar$EX01.218\Grand Theft Auto IV\GTAIV.exe"="C:\Documents and Settings\xx\Local Settings\Temp\Rar$EX01.218\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Documents and Settings\xx\Plocha\Rockstar Games\GTAIV.exe"="C:\Documents and Settings\xx\Plocha\Rockstar Games\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Program Files\Rockstar Games\gta 4\Grand Theft Auto IV\GTAIV.exe"="C:\Program Files\Rockstar Games\gta 4\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Documents and Settings\xx\Plocha\STO_Demo_Installer.exe"="C:\Documents and Settings\xx\Plocha\STO_Demo_Installer.exe:*:Enabled:STO_Demo_Installer"
"C:\Program Files\Ubisoft\Silent Hunter Wolves of the Pacific\sh4.exe"="C:\Program Files\Ubisoft\Silent Hunter Wolves of the Pacific\sh4.exe:*:Enabled:Silent Hunter IV"
"C:\Program Files\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2BetaUpdater.exe"="C:\Program Files\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2BetaUpdater.exe:*:Enabled:Battlefield Bad Company 2 - BETA"
"C:\Program Files\Ubisoft\Eagle Dynamics\Lock On\LockOn.exe"="C:\Program Files\Ubisoft\Eagle Dynamics\Lock On\LockOn.exe:*:Enabled:LOCK ON"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Documents and Settings\xx\Local Settings\Temp\Rar$EX00.390\utorrent.exe"="C:\Documents and Settings\xx\Local Settings\Temp\Rar$EX00.390\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\xx\Local Settings\Temp\Rar$EX00.906\utorrent.exe"="C:\Documents and Settings\xx\Local Settings\Temp\Rar$EX00.906\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\xx\Local Settings\Temp\Rar$EX00.890\utorrent.exe"="C:\Documents and Settings\xx\Local Settings\Temp\Rar$EX00.890\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\xx\Plocha\utorrent.exe"="C:\Documents and Settings\xx\Plocha\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\EA GAMES\Battlefield 2 Demo\Bf2_w32ded.exe"="C:\Program Files\EA GAMES\Battlefield 2 Demo\Bf2_w32ded.exe:*:Enabled:Bf2_w32ded"
"C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe"="C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2"
"C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe"="C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2 Update"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\EA Sports\FIFA 11\Game\fifa.exe"="C:\Program Files\EA Sports\FIFA 11\Game\fifa.exe:*:Enabled:FIFA 11"
"C:\Program Files\Sierra\Empire Earth\Empire Earth.exe"="C:\Program Files\Sierra\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp"
"C:\Documents and Settings\xx\Plocha\left 4 dead\left4dead.exe"="C:\Documents and Settings\xx\Plocha\left 4 dead\left4dead.exe:*:Enabled:left4dead"
"C:\Documents and Settings\xx\Plocha\Nová složka\left4dead2.exe"="C:\Documents and Settings\xx\Plocha\Nová složka\left4dead2.exe:*:Enabled:left4dead2"
"C:\Program Files\Left 4 Dead 2\left4dead2.exe"="C:\Program Files\Left 4 Dead 2\left4dead2.exe:*:Enabled:left4dead2"
"C:\Documents and Settings\xx\Plocha\Left 4 Dead2\left4dead2.exe"="C:\Documents and Settings\xx\Plocha\Left 4 Dead2\left4dead2.exe:*:Enabled:left4dead2"
"C:\Program Files\Electronic Arts\Medal of Honor\Binaries\moh.exe"="C:\Program Files\Electronic Arts\Medal of Honor\Binaries\moh.exe:*:Enabled:Medal of Honor™"
"C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe"="C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"C:\Program Files\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe"="C:\Program Files\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe:*:Enabled:Far Cry"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\Activision\Call of Duty - Black Ops\BlackOps.exe"="C:\Program Files\Activision\Call of Duty - Black Ops\BlackOps.exe:*:Disabled:BlackOps"
"C:\Program Files\Activision\Call of Duty - Black Ops\BlackOpsMP.exe"="C:\Program Files\Activision\Call of Duty - Black Ops\BlackOpsMP.exe:*:Enabled:BlackOpsMP"
"C:\Program Files\sh5.exe"="C:\Program Files\sh5.exe:*:Enabled:Silent Hunter 5"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\Program Files\Truck_Racing_By_Renault_Trucks\Bin\RTR.exe"="C:\Program Files\Truck_Racing_By_Renault_Trucks\Bin\RTR.exe:*:Enabled:Truck Racing by Renault Trucks"
"C:\Program Files\Counter-Strike Source\hl2.exe"="C:\Program Files\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\DownVision\DownVision.exe"="C:\Program Files\DownVision\DownVision.exe:*:Enabled:DownVision"
"C:\Program Files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe"="C:\Program Files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:*:Enabled:Tom Clancy's H.A.W.X"
"C:\Program Files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe"="C:\Program Files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:*:Enabled:Tom Clancy's H.A.W.X"
"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe"="C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Disabled:Sentinel Protection Server"
"C:\Program Files\FIFA 12\Game\fifa.exe"="C:\Program Files\FIFA 12\Game\fifa.exe:*:Disabled:FIFA 12"
"C:\Program Files\Firefly Studios\Stronghold 3\bin\win32_release\Stronghold3.exe"="C:\Program Files\Firefly Studios\Stronghold 3\bin\win32_release\Stronghold3.exe:*:Enabled:Stronghold3"
"C:\Documents and Settings\xx\Dokumenty\Downloads\Call of Duty 4 Modern Warfare full game v_1.7 -=AviaRa=-\Call of Duty 4\iw3mp.exe"="C:\Documents and Settings\xx\Dokumenty\Downloads\Call of Duty 4 Modern Warfare full game v_1.7 -=AviaRa=-\Call of Duty 4\iw3mp.exe:*:Enabled:iw3mp"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Ubisoft\Silent Hunter 5\sh5.exe"="C:\Ubisoft\Silent Hunter 5\sh5.exe:*:Enabled:Silent Hunter 5"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Program Files\Ubisoft\Assassin's Creed Revelations\ACRSP.exe"="C:\Program Files\Ubisoft\Assassin's Creed Revelations\ACRSP.exe:*:Enabled:Assassin's Creed Revelations"
"C:\Program Files\Ubisoft\Assassin's Creed Revelations\ACRMP.exe"="C:\Program Files\Ubisoft\Assassin's Creed Revelations\ACRMP.exe:*:Enabled:Assassin's Creed Revelations Multiplayer"
"C:\Program Files\Ubisoft\Assassin's Creed Revelations\AssassinsCreedRevelations.exe"="C:\Program Files\Ubisoft\Assassin's Creed Revelations\AssassinsCreedRevelations.exe:*:Enabled:Assassin's Creed Revelations Update"
"C:\Program Files\EA GAMES\Battlefield Play4Free\BFP4f.exe"="C:\Program Files\EA GAMES\Battlefield Play4Free\BFP4f.exe:*:Enabled:BFP4f"
"C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe"="C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\Cryptic Studios\Star Trek Online\Live\GameClient.exe"="C:\Program Files\Cryptic Studios\Star Trek Online\Live\GameClient.exe:*:Enabled:GameClient"
"C:\Documents and Settings\xx\Dokumenty\Downloads\Counter-Strike Global Offensive\csgo.exe"="C:\Documents and Settings\xx\Dokumenty\Downloads\Counter-Strike Global Offensive\csgo.exe:*:Enabled:csgo"
"C:\Program Files\Ubisoft\Driver San Francisco\Driver.exe"="C:\Program Files\Ubisoft\Driver San Francisco\Driver.exe:*:Enabled:Driver San Francisco"
"C:\Documents and Settings\xx\Local Settings\Data aplikací\Facebook\Video\Skype\FacebookVideoCalling.exe"="C:\Documents and Settings\xx\Local Settings\Data aplikací\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\ACBSP.exe"="C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\ACBSP.exe:*:Enabled:Assassin's Creed Brotherhood"
"C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe"="C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe:*:Enabled:Assassin's Creed Brotherhood Multiplayer"
"C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe"="C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe:*:Enabled:Assassin's Creed Brotherhood Update"
"C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\UPlayBrowser.exe"="C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\UPlayBrowser.exe:*:Enabled:Assassin's Creed Brotherhood Uplay"
"C:\Program Files\Mass Effect 3\Binaries\Win32\MassEffect3.exe"="C:\Program Files\Mass Effect 3\Binaries\Win32\MassEffect3.exe:*:Enabled:Mass Effect™ 3"
"C:\Documents and Settings\xx\Dokumenty\Downloads\Diablo-III-8370-enGB-Installer-downloader.exe"="C:\Documents and Settings\xx\Dokumenty\Downloads\Diablo-III-8370-enGB-Installer-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\All Users\Data aplikací\Battle.net\Agent\Agent.524\Agent.exe"="C:\Documents and Settings\All Users\Data aplikací\Battle.net\Agent\Agent.524\Agent.exe:*:Enabled:Blizzard Update Agent"
"C:\Documents and Settings\All Users\Data aplikací\Battle.net\Agent\Agent.954\Agent.exe"="C:\Documents and Settings\All Users\Data aplikací\Battle.net\Agent\Agent.954\Agent.exe:*:Enabled:Battle.net Update Agent"
"C:\Documents and Settings\xx\Dokumenty\Diablo-III-8370-enGB-Installer\Diablo-III-8370-enGB-Installer-downloader.exe"="C:\Documents and Settings\xx\Dokumenty\Diablo-III-8370-enGB-Installer\Diablo-III-8370-enGB-Installer-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\xx\Plocha\Diablo-III-8370-enGB-Installer-downloader.exe"="C:\Documents and Settings\xx\Plocha\Diablo-III-8370-enGB-Installer-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Diablo III\Diablo III.exe"="C:\Program Files\Diablo III\Diablo III.exe:*:Enabled:Diablo III"
"C:\Program Files\Runes of Magic\Client.exe"="C:\Program Files\Runes of Magic\Client.exe:*:Enabled:Runes of Magic"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\xx\P-7-78-8964-9648-3874\winsam.exe"=""

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.FPS1"=frapsvid.dll

======List of files/folders created in the last 1 month======

2012-06-19 15:31:35 ----D---- C:\rsit
2012-06-19 15:31:35 ----D---- C:\Program Files\trend micro
2012-06-18 22:28:04 ----A---- C:\windows\NeroDigital.ini
2012-06-18 21:49:35 ----A---- C:\windows\system32\FlashPlayerApp.exe
2012-06-17 03:19:42 ----SH---- C:\Documents and Settings\xx\Data aplikací\web2net.exe
2012-06-16 19:06:38 ----AH---- C:\Documents and Settings\xx\Data aplikací\msnsvconfig.txt
2012-06-14 07:23:20 ----HDC---- C:\windows\$NtUninstallKB2707511$
2012-06-14 07:18:41 ----HDC---- C:\windows\$NtUninstallKB2685939$
2012-06-14 07:16:02 ----HDC---- C:\windows\$NtUninstallKB2709162$
2012-06-04 07:48:28 ----A---- C:\windows\imsins.BAK
2012-06-04 07:48:24 ----HDC---- C:\windows\$NtUninstallKB2718704$
2012-05-27 21:13:10 ----D---- C:\Documents and Settings\xx\Data aplikací\XnView
2012-05-25 16:05:16 ----D---- C:\Documents and Settings\xx\Data aplikací\FOG Downloader
2012-05-24 21:14:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Blizzard Entertainment
2012-05-24 19:45:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\Battle.net

======List of files/folders modified in the last 1 month======

2012-06-19 15:31:35 ----RD---- C:\Program Files
2012-06-19 15:30:00 ----D---- C:\windows\Temp
2012-06-19 15:29:59 ----D---- C:\windows\Prefetch
2012-06-18 22:32:43 ----D---- C:\WINDOWS
2012-06-18 22:26:01 ----D---- C:\Program Files\Webcam 1200
2012-06-18 22:18:18 ----D---- C:\windows\system32
2012-06-18 21:50:36 ----D---- C:\Documents and Settings\xx\Data aplikací\Skype
2012-06-18 21:49:39 ----SD---- C:\windows\Tasks
2012-06-18 21:41:15 ----D---- C:\windows\system32\CatRoot2
2012-06-18 21:33:28 ----D---- C:\Program Files\Common Files
2012-06-18 21:01:42 ----SHD---- C:\windows\Installer
2012-06-18 20:58:16 ----RSHDC---- C:\windows\system32\dllcache
2012-06-18 20:58:10 ----D---- C:\Program Files\Internet Explorer
2012-06-17 15:29:30 ----HD---- C:\windows\inf
2012-06-17 04:15:43 ----A---- C:\windows\system32\PnkBstrB.exe
2012-06-14 21:53:45 ----RSD---- C:\windows\assembly
2012-06-14 21:52:50 ----D---- C:\windows\Microsoft.NET
2012-06-14 07:23:17 ----SHD---- C:\Config.Msi
2012-06-14 07:23:11 ----AC---- C:\windows\system32\PerfStringBackup.INI
2012-06-14 07:22:59 ----D---- C:\windows\WinSxS
2012-06-14 07:19:33 ----D---- C:\windows\Debug
2012-06-14 07:19:29 ----A---- C:\windows\system32\MRT.exe
2012-06-14 07:19:05 ----D---- C:\windows\ie8updates
2012-06-14 07:18:50 ----HD---- C:\windows\$hf_mig$
2012-06-14 07:18:45 ----D---- C:\windows\system32\drivers
2012-06-13 17:26:13 ----D---- C:\Documents and Settings\xx\Data aplikací\.minecraft
2012-06-13 14:49:32 ----D---- C:\Program Files\Counter-Strike Source
2012-06-10 20:27:25 ----D---- C:\Documents and Settings\xx\Data aplikací\Football Superstars
2012-06-07 21:18:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2012-06-03 06:04:52 ----A---- C:\windows\system32\PnkBstrA.exe
2012-06-02 14:06:12 ----D---- C:\Program Files\Wise Disk Cleaner
2012-06-02 03:36:53 ----D---- C:\windows\system32\config
2012-06-02 03:02:21 ----D---- C:\windows\Minidump
2012-06-02 03:01:44 ----D---- C:\Program Files\Wise Registry Cleaner
2012-06-02 03:00:12 ----D---- C:\Documents and Settings\xx\Data aplikací\Babylon
2012-06-02 03:00:11 ----D---- C:\Documents and Settings\xx\Data aplikací\uTorrent
2012-06-02 03:00:06 ----D---- C:\Program Files\Cryptic Studios
2012-05-31 15:22:06 ----A---- C:\windows\system32\crypt32.dll
2012-05-24 16:42:28 ----D---- C:\windows\system32\LogFiles

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 prohlp02;StarForce Protection Helper Driver v2; C:\windows\System32\drivers\prohlp02.sys [2004-08-09 114016]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\windows\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 PxHelp20;PxHelp20; C:\windows\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:\windows\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
R0 sfhlp01;StarForce Protection Helper Driver; C:\windows\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\windows\System32\drivers\sfvfs02.sys [2006-06-14 78184]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2010-02-06 691696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\windows\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\windows\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\windows\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 easdrv;easdrv; C:\windows\system32\DRIVERS\easdrv.sys [2007-12-21 30216]
R1 intelppm;Řadič procesoru Intel; C:\windows\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\windows\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 MpFilter;Microsoft Malware Protection Driver; C:\windows\system32\DRIVERS\MpFilter.sys [2009-12-02 149040]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\windows\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\windows\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R2 aswFsBlk;aswFsBlk; C:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\windows\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\windows\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\windows\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\windows\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R2 Sentinel;Sentinel; C:\windows\System32\Drivers\SENTINEL.SYS [2006-03-14 90176]
R3 AmdLLD;AMD Low Level Device Driver; C:\windows\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 ati2mtag;ati2mtag; C:\windows\system32\DRIVERS\ati2mtag.sys [2009-02-03 3452928]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\windows\system32\drivers\AtiHdmi.sys [2008-10-31 93184]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\windows\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\windows\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RtkHDAud.sys [2008-10-31 4942336]
R3 mouhid;Ovladač myši standardu HID; C:\windows\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NWRDR;NetWare Rdr; C:\windows\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
R3 PAC207;Webcam 1200; C:\windows\system32\DRIVERS\PFC027.SYS [2007-06-29 611584]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\windows\system32\DRIVERS\Rtenicxp.sys [2008-08-07 111360]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\windows\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\windows\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\windows\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication; C:\windows\system32\DRIVERS\adusbser.sys [2007-11-14 100992]
S3 aqqpeemf;aqqpeemf; C:\windows\system32\drivers\aqqpeemf.sys []
S3 Avgfwdx;Avgfwdx; C:\windows\system32\DRIVERS\avgfwdx.sys [2010-12-09 29208]
S3 Avgfwfd;AVG network filter service; C:\windows\system32\DRIVERS\avgfwdx.sys [2010-12-09 29208]
S3 CCDECODE;Dekodér Closed Caption; C:\windows\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 dgderdrv;dgderdrv; C:\windows\System32\drivers\dgderdrv.sys []
S3 esihdrv;esihdrv; C:\windows\system32\drivers\esihdrv.sys []
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
S3 hamachi;Hamachi Network Interface; C:\windows\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
S3 massfilter;Mass Storage Filter Driver; C:\windows\system32\drivers\massfilter.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\windows\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\windows\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\windows\system32\DRIVERS\pccsmcfd.sys []
S3 SLIP;BDA Slip De-Framer; C:\windows\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\windows\system32\DRIVERS\ss_bbus.sys [2011-10-27 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\windows\system32\DRIVERS\ss_bmdfl.sys [2011-10-27 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\windows\system32\DRIVERS\ss_bmdm.sys [2011-10-27 123648]
S3 streamip;BDA IPSink; C:\windows\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 WSTCODEC;World Standard Teletext Codec; C:\windows\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\windows\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\windows\system32\DRIVERS\ZTEusbmdm6k.sys []
S3 ZTEusbnmea;ZTE NMEA Port; C:\windows\system32\DRIVERS\ZTEusbnmea.sys []
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\windows\system32\DRIVERS\ZTEusbser6k.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\windows\system32\svchost.exe [2008-04-14 14336]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\windows\system32\Ati2evxx.exe [2009-02-03 598016]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 NWCWorkstation;Klient systému NetWare; C:\windows\system32\svchost.exe [2008-04-14 14336]
R2 PCCUJobMgr;Common Client Job Manager Service; C:\Program Files\Norton PC Checkup\Engine\2.0.17.48\ccSvcHst.exe [2011-12-14 126392]
R2 PnkBstrA;PnkBstrA; C:\windows\system32\PnkBstrA.exe [2012-06-03 76888]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S2 ArcGIS License Manager;ArcGIS License Manager; C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe []
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-26 136176]
S2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe []
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-10-03 153376]
S2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe []
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher; C:\Program Files\Norton PC Checkup\Engine\2.0.17.48\SymcPCCULaunchSvc.exe [2011-12-14 177080]
S2 SentinelProtectionServer;Sentinel Protection Server; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2006-03-14 206400]
S2 sfrem01;SF FrontLine Drivers Auto Removal (v1); C:\windows\system32\sfrem01.exe [2006-05-10 353912]
S2 Skype C2C Service;Skype C2C Service; C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-05-30 3048136]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-06-05 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-18 257696]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-26 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 OverwolfUpdaterService;Overwolf Updater Service; C:\Program Files\Overwolf\OverwolfUpdater.exe []
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: Spamy na Facebooku

Napsal: 19 čer 2012 14:40
od vyosek
Zdravim, pekne odpoledne preji a vitam vas u nas na foru :welcome:

:arrow: Poprosim o log z DDS :arrow: Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Re: Spamy na Facebooku

Napsal: 19 čer 2012 15:20
od simeczek
Děkuji za brzkou odpověď. Postupoval jsem podle návodu a tady Vám zasílám log z DSS a log z ComboFix

log z DSS
DDS (Ver_2011-09-30.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by xx at 15:48:42 on 2012-06-19
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1505 [GMT 2:00]
.
AV: avast! antivirus 4.8.1335 [VPS 090319-0] *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ================
.
C:\windows\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\windows\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Jet Screenshot\jetScreenshot.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\System32\alg.exe
C:\windows\system32\wscntfy.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.17.48\ccSvcHst.exe
C:\DOCUME~1\xx\LOCALS~1\Temp\RarSFX0\nircmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k HTTPFilter
C:\windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://zonedirector.com/1/
uSearch Bar = hxxp://search13.net/
uSearch Page = hxxp://search13.net/
uDefault_Page_URL = hxxp://search13.net/
uDefault_Search_URL = hxxp://search13.net/
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/
uURLSearchHooks: {855F3B16-6D32-4fe6-8A56-BBB695989046} - <orphaned>
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>
uURLSearchHooks: {EEE6C35D-6118-11DC-9C72-001320C79847} - <orphaned>
BHO: Podpora odkazu pro Adobe PDF Reader: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: {A3CF7606-E683-4375-A372-96B75DA0AEF7} - <orphaned>
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>
BHO: Help the General-Search Project: {CA4520F3-AE13-4FB1-A513-58E23991C86D} - c:\documents and settings\xx\data aplikací\media finder\extensions\gencrawler_gc.dll
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {EEE6C35C-6118-11DC-9C72-001320C79847} - <orphaned>
TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll
EB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - <orphaned>
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [System] c:\documents and settings\xx\music\lst.exe
uRun: [Jet Screenshot] "c:\program files\jet screenshot\jetScreenshot.exe"
uRun: [Facebook Update] "c:\documents and settings\xx\local settings\data aplikací\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Microsoft Windows System] c:\documents and settings\xx\p-7-78-8964-9648-3874\winsam.exe
uRun: [Google Update] "c:\documents and settings\xx\local settings\data aplikací\google\update\GoogleUpdate.exe" /c
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Windows Login access] c:\documents and settings\xx\data aplikací\web2net.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Download with &Media Finder - c:\program files\media finder\hook.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdat ... 9632077046
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/update ... 0.31.0.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: NameServer = 192.168.9.30 192.168.0.1
TCP: Interfaces\{FAB8F7AF-0D1B-4D95-82B2-06DDED357489} : DHCPNameServer = 192.168.9.30 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau
.
============= SERVICES / DRIVERS ===============
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-7-5 63352]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2011-7-14 114768]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-14 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2011-7-14 138680]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.17.48\ccSvcHst.exe [2012-1-8 126392]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2011-7-14 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2011-7-14 352920]
R3 PAC207;Webcam 1200;c:\windows\system32\drivers\PFC027.SYS [2010-1-7 611584]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-8-4 69120]
S2 ArcGIS License Manager;ArcGIS License Manager;c:\progra~1\esri\license\arcgis9x\lmgrd.exe --> c:\progra~1\esri\license\arcgis9x\lmgrd.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-26 136176]
S2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\icq service.exe --> c:\program files\icq6toolbar\ICQ Service.exe [?]
S2 iWinTrusted;iWinTrusted; [x]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.17.48\SymcPCCULaunchSvc.exe [2012-1-8 177080]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\data aplikací\skype\toolbars\skype c2c service\c2c_service.exe [2012-5-30 3048136]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-5 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-18 257696]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [2009-9-4 100992]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-12-9 29208]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-12-9 29208]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 esihdrv;esihdrv; [x]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-11-4 36608]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-26 136176]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files\overwolf\overwolfupdater.exe --> c:\program files\overwolf\OverwolfUpdater.exe [?]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2011-11-14 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2011-11-14 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2011-11-14 123648]
.
=============== Created Last 30 ================
.
2012-06-19 13:31:35 -------- d-----w- c:\program files\trend micro
2012-06-18 19:49:35 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-17 01:19:42 122880 --sh--w- c:\documents and settings\xx\data aplikací\web2net.exe
2012-06-16 17:06:36 -------- d-----w- c:\documents and settings\xx\P-7-78-8964-9648-3874
2012-06-14 05:04:55 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-05-27 19:13:10 -------- d-----w- c:\documents and settings\xx\data aplikací\XnView
2012-05-25 14:05:16 -------- d-----w- c:\documents and settings\xx\data aplikací\FOG Downloader
.
==================== Find3M ====================
.
2012-06-18 20:18:17 70304 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-17 02:15:49 139424 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-06-17 02:15:43 282104 -c--a-w- c:\windows\system32\PnkBstrB.xtr
2012-06-17 02:15:43 282104 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-06-17 01:33:21 282104 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-06-03 04:04:52 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-05-31 13:22:06 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:09:43 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:55:54 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:44:09 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:44:09 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-09 17:47:54 768848 ----a-w- c:\windows\system32\msvcr100.dll
2012-05-09 17:47:50 421200 ----a-w- c:\windows\system32\msvcp100.dll
2012-05-05 03:14:53 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14:53 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:39 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 15:48:48,46 ===============


log z ComboFix

ComboFix 12-06-19.01 - xx 19.06.2012 16:07:22.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1504 [GMT 2:00]
Spuštěný z: c:\documents and settings\xx\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090319-0] *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\xx\LOCALS~1\Temp\7504383.exe
c:\documents and settings\xx\Local Settings\Temp\7504383.exe
c:\documents and settings\xx\P-7-78-8964-9648-3874
c:\documents and settings\xx\P-7-78-8964-9648-3874\winsam.exe
c:\documents and settings\xx\Plocha\Internet Explorer.lnk
c:\documents and settings\xx\WINDOWS
c:\windows\iun6002.exe
c:\windows\msmqinst.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\2d2ca2ce-704a-428c-8cbe-0736b29190aa.dll
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\muzapp.exe
c:\windows\system32\OLD154.tmp
c:\windows\system32\OLD157.tmp
c:\windows\system32\scrnrdr.exe
c:\windows\system32\SET11C.tmp
c:\windows\system32\SET16D.tmp
c:\windows\system32\SET16E.tmp
c:\windows\system32\SET172.tmp
c:\windows\system32\SET173.tmp
c:\windows\system32\SET174.tmp
c:\windows\system32\SET178.tmp
c:\windows\system32\SET17A.tmp
c:\windows\system32\SET1A9.tmp
c:\windows\system32\SET1DA.tmp
c:\windows\system32\SET1E1.tmp
c:\windows\system32\SET1E5.tmp
c:\windows\system32\VIRepair
c:\windows\system32\VIRepair\RESHAC~1.ini
c:\windows\system32\VIRepair\vi.sif
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-19 do 2012-06-19 )))))))))))))))))))))))))))))))
.
.
2012-06-19 13:31 . 2012-06-19 13:31 -------- d-----w- C:\rsit
2012-06-19 13:31 . 2012-06-19 13:31 -------- d-----w- c:\program files\trend micro
2012-06-18 19:49 . 2012-06-18 20:18 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-17 01:19 . 2012-06-17 01:19 122880 --sh--w- c:\documents and settings\xx\Data aplikací\web2net.exe
2012-06-14 05:04 . 2012-05-11 14:44 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-05-27 19:13 . 2012-06-02 01:00 -------- d-----w- c:\documents and settings\xx\Data aplikací\XnView
2012-05-27 16:43 . 2012-05-27 16:44 -------- d-----w- c:\documents and settings\xx\Local Settings\Data aplikací\Overwolf
2012-05-25 14:05 . 2012-05-27 16:45 -------- d-----w- c:\documents and settings\xx\Data aplikací\FOG Downloader
2012-05-24 19:14 . 2012-05-24 19:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Blizzard Entertainment
2012-05-24 17:45 . 2012-05-24 17:45 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Battle.net
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-18 20:18 . 2011-06-25 06:41 70304 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-17 02:15 . 2010-06-13 14:59 139424 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-06-17 02:15 . 2010-06-13 15:06 282104 -c--a-w- c:\windows\system32\PnkBstrB.xtr
2012-06-17 02:15 . 2010-06-13 14:58 282104 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-06-17 01:33 . 2010-06-13 14:58 282104 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-06-03 04:04 . 2010-06-13 14:58 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-05-31 13:22 . 2004-08-17 14:49 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:09 . 2004-08-17 14:49 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:55 . 2004-08-17 14:44 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:44 . 2004-08-17 14:49 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 14:44 . 2004-08-17 14:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 11:38 . 2004-08-17 14:44 385024 ----a-w- c:\windows\system32\html.iec
2012-05-09 17:47 . 2012-05-09 17:47 768848 ----a-w- c:\windows\system32\msvcr100.dll
2012-05-09 17:47 . 2012-05-09 17:47 421200 ----a-w- c:\windows\system32\msvcp100.dll
2012-05-05 03:14 . 2004-08-17 15:45 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-05 03:14 . 2004-08-17 14:45 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-02 13:46 . 2009-09-02 14:23 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . 880D66BC6ABD1E895458CF05A653D52D . 1424384 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
.
[-] 2008-04-14 . 5648B719B01FA33103C17F623438B951 . 226304 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[7] 2008-04-14 . FDEB1D02CAE38665CBF114F44E6B997E . 147968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-08-09 1961984]
"Jet Screenshot"="c:\program files\Jet Screenshot\jetScreenshot.exe" [2011-08-01 1761280]
"Facebook Update"="c:\documents and settings\xx\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe" [2011-10-18 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Windows Login access"="c:\documents and settings\xx\Data aplikací\web2net.exe" [2012-06-17 122880]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-9-2 98304]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ubi Soft\\IL-2 Sturmovik Forgotten Battles\\il2fb.exe"=
"c:\\Program Files\\Cenega Czech\\VIETCONG\\vietcong.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Ubi Soft\\IL-2 Sturmovik Forgotten Battles\\il2.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\patchget.dat"=
"c:\\Program Files\\Cenega Czech\\VIETCONG\\vcded.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Left 4 Dead 2\\left4dead2.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor\\Binaries\\moh.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's H.A.W.X\\HAWX.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\FIFA 12\\Game\\fifa.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Revelations\\ACRSP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Revelations\\ACRMP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Revelations\\AssassinsCreedRevelations.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield Play4Free\\BFP4f.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Cryptic Studios\\Star Trek Online\\Live\\GameClient.exe"=
"c:\\Documents and Settings\\xx\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBSP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBMP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\AssassinsCreedBrotherhood.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\UPlayBrowser.exe"=
"c:\\Program Files\\Mass Effect 3\\Binaries\\Win32\\MassEffect3.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.524\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.954\\Agent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\documents and settings\xx\P-7-78-8964-9648-3874\winsam.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58124:TCP"= 58124:TCP:Pando Media Booster
"58124:UDP"= 58124:UDP:Pando Media Booster
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.2.2010 17:02 691696]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [14.7.2011 16:54 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.7.2011 16:54 20560]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.17.48\SymcPCCULaunchSvc.exe [8.1.2012 22:39 177080]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.17.48\ccSvcHst.exe [8.1.2012 22:39 126392]
R3 PAC207;Webcam 1200;c:\windows\system32\drivers\PFC027.SYS [7.1.2010 17:04 611584]
S2 ArcGIS License Manager;ArcGIS License Manager;c:\progra~1\ESRI\License\arcgis9x\lmgrd.exe --> c:\progra~1\ESRI\License\arcgis9x\lmgrd.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26.9.2011 18:12 136176]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe --> c:\program files\ICQ6Toolbar\ICQ Service.exe [?]
S2 iWinTrusted;iWinTrusted; [x]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [30.5.2012 13:56 3048136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5.6.2012 15:17 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [18.6.2012 21:49 257696]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [4.9.2009 0:19 100992]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [9.12.2010 20:24 29208]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [9.12.2010 20:24 29208]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 esihdrv;esihdrv; [x]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [4.11.2010 18:37 36608]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26.9.2011 18:12 136176]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files\Overwolf\OverwolfUpdater.exe --> c:\program files\Overwolf\OverwolfUpdater.exe [?]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [14.11.2011 17:57 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [14.11.2011 17:57 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [14.11.2011 17:57 123648]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-18 20:18]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-26 16:11]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-26 16:11]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://zonedirector.com/1/
uDefault_Search_URL = hxxp://search13.net/
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 192.168.9.30 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
BHO-{A3CF7606-E683-4375-A372-96B75DA0AEF7} - (no file)
BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-Microsoft Windows System - c:\documents and settings\xx\P-7-78-8964-9648-3874\winsam.exe
HKLM-Run-Monitor - c:\windows\PixArt\PAC207\Monitor.exe
AddRemove-Winamp Detect - c:\program files\Winamp Detect\UninstWaDetect.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-19 16:13
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
c:\docume~1\xx\LOCALS~1\Temp\7504383.exe [2732] 0x8955D5D8
.
skenování skrytých položek 'Po spuštění' ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Microsoft Windows System = c:\documents and settings\xx\P-7-78-8964-9648-3874\winsam.exe??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.17.48\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.17.48\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1409082233-1592454029-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:12,19,a3,cc,d3,6c,9d,02,82,5e,06,75,ec,3d,51,e5,fc,7e,a0,6f,ee,63,b3,
cd,53,aa,a3,68,c7,1e,db,21,e2,16,0b,22,72,a3,85,4d,35,91,ff,ca,45,74,d6,1b,\
"??"=hex:ba,e9,63,8f,2f,17,77,bc,af,c0,44,42,97,db,b0,00
.
[HKEY_USERS\S-1-5-21-1409082233-1592454029-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:d4,98,cf,ad,20,3b,88,87,fc,0e,49,47,e0,31,23,ad,aa,a9,e4,44,13,
fc,b7,54,a8,d7,7c,83,0b,03,88,a3,a0,cf,df,b2,90,1c,d7,fe,cc,31,e4,5c,c9,46,\
"rkeysecu"=hex:79,ca,e5,1f,c4,09,10,27,4c,c9,ff,0a,d9,cb,43,a0
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(828)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscui.dll
.
Celkový čas: 2012-06-19 16:15:06
ComboFix-quarantined-files.txt 2012-06-19 14:15
.
Před spuštěním: Volných bajtů: 84 801 826 816
Po spuštění: Volných bajtů: 85 175 005 184
.
- - End Of File - - A9DFDD986151DC343AC09B29AC5414DC

Re: Spamy na Facebooku

Napsal: 19 čer 2012 16:23
od vyosek
:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

Restore::
c:\windows\explorer.exe
c:\windows\regedit.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"=-
"Jet Screenshot"=-
"Facebook Update"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=-
"Adobe Reader Speed Launcher"=-
"amd_dc_opt"=-
"SunJavaUpdateSched"=-
"Windows Login access"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\documents and settings\xx\P-7-78-8964-9648-3874\winsam.exe"=-

Collect::
c:\docume~1\xx\LOCALS~1\Temp\7504383.exe
c:\documents and settings\xx\Data aplikací\web2net.exe
c:\documents and settings\xx\P-7-78-8964-9648-3874\winsam.exe

Folder::
c:\documents and settings\xx\P-7-78-8964-9648-3874
c:\program files\ICQ6Toolbar

File::
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

DDS::
uStart Page = hxxp://zonedirector.com/1/
uDefault_Search_URL = hxxp://search13.net/
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/
uRun: [System] c:\documents and settings\xx\music\lst.exe

Driver::
ICQ Service
gupdate
gupdatem
iWinTrusted

Rootkit::
c:\docume~1\xx\LOCALS~1\Temp\7504383.exe
c:\documents and settings\xx\P-7-78-8964-9648-3874\winsam.exe

RegNull::
[HKEY_USERS\S-1-5-21-1409082233-1592454029-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
[HKEY_USERS\S-1-5-21-1409082233-1592454029-839522115-1003\Software\SecuROM\License information*]

ClearJavaCache::

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Re: Spamy na Facebooku

Napsal: 19 čer 2012 18:30
od simeczek
zde je ten log:

ComboFix 12-06-19.01 - xx 19.06.2012 19:16:39.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1353 [GMT 2:00]
Spuštěný z: c:\documents and settings\xx\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\xx\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090319-0] *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
file zipped: c:\documents and settings\xx\Data aplikací\web2net.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\xx\music\lst.exe
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
c:\windows\explorer.exe . . . je infikován!!
.
c:\windows\regedit.exe . . . je infikován!!
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Legacy_ICQ_SERVICE
-------\Legacy_IWINTRUSTED
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_ICQ Service
-------\Service_iWinTrusted
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-19 do 2012-06-19 )))))))))))))))))))))))))))))))
.
.
2012-06-19 13:31 . 2012-06-19 13:31 -------- d-----w- C:\rsit
2012-06-19 13:31 . 2012-06-19 13:31 -------- d-----w- c:\program files\trend micro
2012-06-18 19:49 . 2012-06-18 20:18 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-17 01:19 . 2012-06-17 01:19 122880 --sha-w- c:\documents and settings\xx\Data aplikací\web2net.exe
2012-06-14 05:04 . 2012-05-11 14:44 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-05-27 19:13 . 2012-06-02 01:00 -------- d-----w- c:\documents and settings\xx\Data aplikací\XnView
2012-05-27 16:43 . 2012-05-27 16:44 -------- d-----w- c:\documents and settings\xx\Local Settings\Data aplikací\Overwolf
2012-05-25 14:05 . 2012-05-27 16:45 -------- d-----w- c:\documents and settings\xx\Data aplikací\FOG Downloader
2012-05-24 19:14 . 2012-05-24 19:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Blizzard Entertainment
2012-05-24 17:45 . 2012-05-24 17:45 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Battle.net
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-18 20:18 . 2011-06-25 06:41 70304 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-17 02:15 . 2010-06-13 14:59 139424 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-06-17 02:15 . 2010-06-13 15:06 282104 -c--a-w- c:\windows\system32\PnkBstrB.xtr
2012-06-17 02:15 . 2010-06-13 14:58 282104 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-06-17 01:33 . 2010-06-13 14:58 282104 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-06-03 04:04 . 2010-06-13 14:58 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-05-31 13:22 . 2004-08-17 14:49 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:09 . 2004-08-17 14:49 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:55 . 2004-08-17 14:44 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:44 . 2004-08-17 14:49 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 14:44 . 2004-08-17 14:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 11:38 . 2004-08-17 14:44 385024 ----a-w- c:\windows\system32\html.iec
2012-05-09 17:47 . 2012-05-09 17:47 768848 ----a-w- c:\windows\system32\msvcr100.dll
2012-05-09 17:47 . 2012-05-09 17:47 421200 ----a-w- c:\windows\system32\msvcp100.dll
2012-05-05 03:14 . 2004-08-17 15:45 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-05 03:14 . 2004-08-17 14:45 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-02 13:46 . 2009-09-02 14:23 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . 880D66BC6ABD1E895458CF05A653D52D . 1424384 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
.
[-] 2008-04-14 . 5648B719B01FA33103C17F623438B951 . 226304 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[7] 2008-04-14 . FDEB1D02CAE38665CBF114F44E6B997E . 147968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
.
((((((((((((((((((((((((((((( SnapShot@2012-06-19_14.13.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-19 17:21 . 2012-06-19 17:21 16384 c:\windows\Temp\Perflib_Perfdata_7f8.dat
+ 2012-06-19 17:21 . 2012-06-19 17:21 16384 c:\windows\Temp\Perflib_Perfdata_650.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-02-05 81000]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-9-2 98304]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ubi Soft\\IL-2 Sturmovik Forgotten Battles\\il2fb.exe"=
"c:\\Program Files\\Cenega Czech\\VIETCONG\\vietcong.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Ubi Soft\\IL-2 Sturmovik Forgotten Battles\\il2.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\patchget.dat"=
"c:\\Program Files\\Cenega Czech\\VIETCONG\\vcded.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Left 4 Dead 2\\left4dead2.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor\\Binaries\\moh.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's H.A.W.X\\HAWX.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\FIFA 12\\Game\\fifa.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Revelations\\ACRSP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Revelations\\ACRMP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Revelations\\AssassinsCreedRevelations.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield Play4Free\\BFP4f.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Cryptic Studios\\Star Trek Online\\Live\\GameClient.exe"=
"c:\\Documents and Settings\\xx\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBSP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBMP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\AssassinsCreedBrotherhood.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\UPlayBrowser.exe"=
"c:\\Program Files\\Mass Effect 3\\Binaries\\Win32\\MassEffect3.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.524\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.954\\Agent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\documents and settings\xx\P-7-78-8964-9648-3874\winsam.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58124:TCP"= 58124:TCP:Pando Media Booster
"58124:UDP"= 58124:UDP:Pando Media Booster
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.2.2010 17:02 691696]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [14.7.2011 16:54 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.7.2011 16:54 20560]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.17.48\SymcPCCULaunchSvc.exe [8.1.2012 22:39 177080]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.17.48\ccSvcHst.exe [8.1.2012 22:39 126392]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [30.5.2012 13:56 3048136]
R3 PAC207;Webcam 1200;c:\windows\system32\drivers\PFC027.SYS [7.1.2010 17:04 611584]
S2 ArcGIS License Manager;ArcGIS License Manager;c:\progra~1\ESRI\License\arcgis9x\lmgrd.exe --> c:\progra~1\ESRI\License\arcgis9x\lmgrd.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5.6.2012 15:17 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [18.6.2012 21:49 257696]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [4.9.2009 0:19 100992]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [9.12.2010 20:24 29208]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [9.12.2010 20:24 29208]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 esihdrv;esihdrv; [x]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [4.11.2010 18:37 36608]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files\Overwolf\OverwolfUpdater.exe --> c:\program files\Overwolf\OverwolfUpdater.exe [?]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [14.11.2011 17:57 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [14.11.2011 17:57 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [14.11.2011 17:57 123648]
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://search13.net/
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 192.168.9.30 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-19 19:22
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.17.48\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.17.48\diMaster.dll\" /prefetch:1"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(828)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'explorer.exe'(2724)
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\windows\RTHDCPL.EXE
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-06-19 19:25:11 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-06-19 17:25
ComboFix2.txt 2012-06-19 14:15
.
Před spuštěním: Volných bajtů: 85 181 595 648
Po spuštění: Volných bajtů: 85 115 432 960
.
- - End Of File - - 5D6282F56E2B65509AC4A108151651F7

Re: Spamy na Facebooku

Napsal: 19 čer 2012 18:36
od vyosek
Jeste jeden skript pro CF, postup stejny

Kód: Vybrat vše

KillAll::

FCopy::
c:\windows\ServicePackFiles\i386\explorer.exe | c:\windows\explorer.exe
c:\windows\ServicePackFiles\i386\regedit.exe | c:\windows\regedit.exe

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\documents and settings\xx\P-7-78-8964-9648-3874\winsam.exe"= -

Folder::
c:\documents and settings\xx\P-7-78-8964-9648-3874

Collect::
c:\documents and settings\xx\Data aplikací\web2net.exe

Rootkit::
c:\documents and settings\xx\Data aplikací\web2net.exe

Reboot::

Re: Spamy na Facebooku

Napsal: 19 čer 2012 19:20
od simeczek
Ještě nějaký krok? Nechci to zkoušet, dokud si nebudu jistý, že je to pryč, abych nenakazil počítače mých přátel. Zde je výsledek:

ComboFix 12-06-19.01 - xx 19.06.2012 20:03:35.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1580 [GMT 2:00]
Spuštěný z: c:\documents and settings\xx\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\xx\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090319-0] *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
file zipped: c:\documents and settings\xx\Data aplikací\web2net.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\ServicePackFiles\i386\explorer.exe --> c:\windows\explorer.exe
c:\windows\ServicePackFiles\i386\regedit.exe --> c:\windows\regedit.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-19 do 2012-06-19 )))))))))))))))))))))))))))))))
.
.
2012-06-19 13:31 . 2012-06-19 13:31 -------- d-----w- C:\rsit
2012-06-19 13:31 . 2012-06-19 13:31 -------- d-----w- c:\program files\trend micro
2012-06-18 19:49 . 2012-06-18 20:18 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-14 05:04 . 2012-05-11 14:44 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-05-27 19:13 . 2012-06-02 01:00 -------- d-----w- c:\documents and settings\xx\Data aplikací\XnView
2012-05-27 16:43 . 2012-05-27 16:44 -------- d-----w- c:\documents and settings\xx\Local Settings\Data aplikací\Overwolf
2012-05-25 14:05 . 2012-05-27 16:45 -------- d-----w- c:\documents and settings\xx\Data aplikací\FOG Downloader
2012-05-24 19:14 . 2012-05-24 19:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Blizzard Entertainment
2012-05-24 17:45 . 2012-05-24 17:45 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Battle.net
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-18 20:18 . 2011-06-25 06:41 70304 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-17 02:15 . 2010-06-13 14:59 139424 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-06-17 02:15 . 2010-06-13 15:06 282104 -c--a-w- c:\windows\system32\PnkBstrB.xtr
2012-06-17 02:15 . 2010-06-13 14:58 282104 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-06-17 01:33 . 2010-06-13 14:58 282104 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-06-03 04:04 . 2010-06-13 14:58 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-05-31 13:22 . 2004-08-17 14:49 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:09 . 2004-08-17 14:49 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:55 . 2004-08-17 14:44 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:44 . 2004-08-17 14:49 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 14:44 . 2004-08-17 14:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 11:38 . 2004-08-17 14:44 385024 ----a-w- c:\windows\system32\html.iec
2012-05-09 17:47 . 2012-05-09 17:47 768848 ----a-w- c:\windows\system32\msvcr100.dll
2012-05-09 17:47 . 2012-05-09 17:47 421200 ----a-w- c:\windows\system32\msvcp100.dll
2012-05-05 03:14 . 2004-08-17 15:45 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-05 03:14 . 2004-08-17 14:45 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-02 13:46 . 2009-09-02 14:23 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-19_14.13.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-19 18:08 . 2012-06-19 18:08 16384 c:\windows\Temp\Perflib_Perfdata_65c.dat
+ 2012-06-19 18:09 . 2012-06-19 18:09 16384 c:\windows\Temp\Perflib_Perfdata_1b8.dat
+ 2004-08-17 14:49 . 2008-04-14 03:22 147968 c:\windows\system32\dllcache\regedit.exe
+ 2004-08-17 14:49 . 2008-04-14 03:22 1034240 c:\windows\system32\dllcache\explorer.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-02-05 81000]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-9-2 98304]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ubi Soft\\IL-2 Sturmovik Forgotten Battles\\il2fb.exe"=
"c:\\Program Files\\Cenega Czech\\VIETCONG\\vietcong.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Ubi Soft\\IL-2 Sturmovik Forgotten Battles\\il2.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\patchget.dat"=
"c:\\Program Files\\Cenega Czech\\VIETCONG\\vcded.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Left 4 Dead 2\\left4dead2.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor\\Binaries\\moh.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's H.A.W.X\\HAWX.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\FIFA 12\\Game\\fifa.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Revelations\\ACRSP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Revelations\\ACRMP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Revelations\\AssassinsCreedRevelations.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield Play4Free\\BFP4f.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Cryptic Studios\\Star Trek Online\\Live\\GameClient.exe"=
"c:\\Documents and Settings\\xx\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBSP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBMP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\AssassinsCreedBrotherhood.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\UPlayBrowser.exe"=
"c:\\Program Files\\Mass Effect 3\\Binaries\\Win32\\MassEffect3.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.524\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.954\\Agent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\documents and settings\xx\P-7-78-8964-9648-3874\winsam.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58124:TCP"= 58124:TCP:Pando Media Booster
"58124:UDP"= 58124:UDP:Pando Media Booster
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.2.2010 17:02 691696]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [14.7.2011 16:54 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.7.2011 16:54 20560]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.17.48\SymcPCCULaunchSvc.exe [8.1.2012 22:39 177080]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.17.48\ccSvcHst.exe [8.1.2012 22:39 126392]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [30.5.2012 13:56 3048136]
R3 PAC207;Webcam 1200;c:\windows\system32\drivers\PFC027.SYS [7.1.2010 17:04 611584]
S2 ArcGIS License Manager;ArcGIS License Manager;c:\progra~1\ESRI\License\arcgis9x\lmgrd.exe --> c:\progra~1\ESRI\License\arcgis9x\lmgrd.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5.6.2012 15:17 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [18.6.2012 21:49 257696]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [4.9.2009 0:19 100992]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [9.12.2010 20:24 29208]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [9.12.2010 20:24 29208]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 esihdrv;esihdrv; [x]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [4.11.2010 18:37 36608]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files\Overwolf\OverwolfUpdater.exe --> c:\program files\Overwolf\OverwolfUpdater.exe [?]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [14.11.2011 17:57 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [14.11.2011 17:57 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [14.11.2011 17:57 123648]
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://search13.net/
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 192.168.9.30 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-19 20:14
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.17.48\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.17.48\diMaster.dll\" /prefetch:1"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(828)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'explorer.exe'(4012)
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Celkový čas: 2012-06-19 20:18:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-06-19 18:18
ComboFix2.txt 2012-06-19 17:25
ComboFix3.txt 2012-06-19 14:15
.
Před spuštěním: Volných bajtů: 85 157 269 504
Po spuštění: Volných bajtů: 85 131 087 872
.
- - End Of File - - 42DA6A5511C2C1F095928F60DE4141B3

Re: Spamy na Facebooku

Napsal: 19 čer 2012 19:33
od vyosek
:arrow: Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe
  • Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

  • Kód: Vybrat vše

    :reg
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\documents and settings\xx\P-7-78-8964-9648-3874\winsam.exe"= -

:files
c:\documents and settings\xx\Data aplikací\web2net.exe
c:\documents and settings\xx\P-7-78-8964-9648-3874
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
  • Kliknete na cervene tlacitko MoveIt!
  • Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

Re: Spamy na Facebooku

Napsal: 19 čer 2012 19:41
od simeczek
provedl jsem, zde je výsledek:

All processes killed
========== REGISTRY ==========
Unable to set value : HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List\\"c:\documents and settings\xx\P-7-78-8964-9648-3874\winsam.exe"| - /E!
========== FILES ==========
File/Folder c:\documents and settings\xx\Data aplikací\web2net.exe not found.
File/Folder c:\documents and settings\xx\P-7-78-8964-9648-3874 not found.
File/Folder C:\windows\system32\*.tmp.dll not found.
File/Folder C:\windows\system32\SET*.tmp not found.
C:\windows\msdownld.tmp folder moved successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: xx
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 335254 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 43253693 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 57486 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18432 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 42,00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

Re: Spamy na Facebooku

Napsal: 19 čer 2012 19:43
od vyosek
Fajn, nyni vyzkousejte co nas pacient

Re: Spamy na Facebooku

Napsal: 19 čer 2012 20:08
od simeczek
Nejsou žádné problémy. Velice Vám děkuji, ani si nedovedete představit, jak jste mi pomohl(a), protože jinak už mě napadala jedině kompletní přeinstalace systému a to bych opravdu nechtěl. Vážím si Vašeho času, který jste na to vynaložil(a) a už jsem se ponaučil, že nemám klikat na žádné automaticky stažené soubory. :wink:

Re: Spamy na Facebooku

Napsal: 19 čer 2012 20:40
od vyosek
Tak jeste uklidime :James008:

:arrow: Odinstalujte Combofix
  • Prejmenujte ComboFix na Uninstall
  • Spustte jej
  • Tohle smaze Combofix a jeho slozky
:arrow: T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse :|
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz