opravoval jsem PC s Win Vista, který byl naprosto dokonale zamořen viry. Nejotravnější byl jakýsi "Vista internet security", který po mně chtěl zaplatit detoxikaci počítače. Ten jsem odstranil. Použil jsem hijackthis, ComboFix, MBAM a antivir NOD32 - ten se ovšem ani po startu PC nenačte sám a viry, které odstraní, jsou tam po restartu znova. Zbytek to samé. Co mi hodně kazí plány je to, že mi vždycky po chvíli PC ohlásí, že bude restartovat, nechť uložím práci. Stane se to jenom když je internet aktivní. Stane se to i v nouzovém režimu. Příkaz "Shutdown -a" nepomáhá. Počítač je navíc řádně aktualizovaný záplatama Windows, proto nevím, kde by mohla být trhlina.
Nicméně jsem udělal výpis z HJthis a ComboFixu. Přikládám oba soubory. Pokud něco najdete a najdete i řešení, tak vám bude vděčno více lidí, jak jeden.
________________________________________
HIJACKTHIS:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:14:51, on 18.3.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18385)
Boot mode: Safe mode
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\cmd.exe
C:\Users\Kristýna\AppData\Local\ave.exe
C:\Program Files\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search13.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1572363
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search13.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ooVoo Chat Toolbar - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files\ooVoo_Chat\tbooVo.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ooVoo Chat Toolbar - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files\ooVoo_Chat\tbooVo.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: ooVoo Chat Toolbar - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files\ooVoo_Chat\tbooVo.dll
O4 - HKLM\..\Run: [23361] C:\Users\KRISTN~1\AppData\Local\Temp\igqjj.exe
O4 - HKLM\..\Run: [Regedit32] C:\Windows\system32\regedit.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ihaupd32.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: zipdkg32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm (file missing)
O9 - Extra 'Tools' menuitem: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm (file missing)
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Chytrý výběr - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {574940E0-1B7A-4881-8FA3-1E809714B156} - C:\Users\Kristýna\AppData\LocalLow\Microńoft\redir.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 6547 bytes
________________________________________
ComboFix:
ComboFix 10-03-17.07 - Kristýna 18.03.2010 21:46:44.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.2037.1367 [GMT 1:00]
Spuštěný z: c:\program files\Hijack\Tools\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-18 do 2010-03-18 )))))))))))))))))))))))))))))))
.
2010-03-18 20:55 . 2010-03-18 20:55 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-18 20:55 . 2010-03-18 20:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-18 20:07 . 2010-03-18 20:07 -------- d-----w- c:\program files\Sysinternals utilities
2010-03-18 19:10 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-18 19:10 . 2010-03-18 19:10 -------- d-----w- c:\programdata\Malwarebytes
2010-03-18 19:10 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-18 19:10 . 2010-03-18 19:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-18 19:09 . 2010-03-18 19:45 -------- d-----w- c:\programdata\Kaspersky Lab
2010-03-18 19:06 . 2010-03-18 20:00 -------- d-----w- c:\program files\Virus Removal Tool
2010-03-18 18:23 . 2007-08-20 18:13 176128 ----a-w- c:\windows\system32\igfxres.dll
2010-03-18 18:16 . 2010-03-18 20:55 -------- d-----r- c:\program files\Hijack
2010-03-17 05:32 . 2010-03-17 05:32 -------- d-----w- c:\programdata\WindowsSearch
2010-03-17 04:06 . 2010-03-18 20:11 -------- d-----w- c:\program files\ESET
2010-03-17 03:41 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-17 03:39 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-17 03:39 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-17 03:39 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-03-11 15:03 . 2010-03-11 15:04 -------- d-----w- c:\program files\TO2SSM
2010-03-10 08:03 . 2010-03-11 15:04 -------- d-----w- c:\program files\Common Files\Motive
2010-03-10 08:03 . 2010-03-11 15:05 -------- d-----w- c:\programdata\Motive
2010-03-09 09:13 . 2010-03-09 09:13 96896 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2010-03-09 09:13 . 2010-03-09 09:13 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-03-09 09:11 . 2010-03-09 09:11 133512 ----a-w- c:\windows\system32\drivers\eamonm.sys
2010-02-24 22:06 . 2010-02-24 22:06 -------- d-----w- c:\program files\DesetiPrsty
2010-02-24 10:44 . 2010-01-23 09:44 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 10:44 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 10:44 . 2010-01-25 08:34 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 10:44 . 2010-01-25 12:48 472064 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 10:44 . 2010-01-25 08:35 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 10:44 . 2010-01-25 08:34 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 10:44 . 2010-01-25 12:48 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 10:44 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 10:44 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 10:44 . 2010-01-25 12:45 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 06:18 . 2010-02-24 06:18 -------- d-----w- c:\program files\Conduit
2010-02-24 06:18 . 2010-02-24 06:20 -------- d-----w- c:\program files\ooVoo_Chat
2010-02-24 06:18 . 2010-02-24 06:20 -------- d-----w- c:\program files\ooVoo
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-18 20:27 . 2007-01-08 21:09 598838 ----a-w- c:\windows\system32\perfh005.dat
2010-03-18 20:27 . 2007-01-08 21:09 115014 ----a-w- c:\windows\system32\perfc005.dat
2010-03-18 18:14 . 2010-03-18 18:14 6548 ----a-w- c:\program files\hijackthis.log
2010-03-17 06:09 . 2009-11-14 17:49 -------- d-----w- c:\program files\Label Wizard
2010-03-17 06:05 . 2009-11-05 21:07 -------- d-----w- c:\program files\Stylish Profile
2010-03-17 06:05 . 2009-06-28 15:05 -------- d-----w- c:\program files\Winamp
2010-03-17 06:03 . 2009-07-23 19:22 -------- d-----w- c:\program files\IncrediMail
2010-03-17 06:02 . 2010-02-12 06:06 -------- d-----w- c:\program files\Get Styles
2010-03-17 04:13 . 2009-08-04 18:19 -------- d-----w- c:\programdata\HP
2010-03-17 03:48 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-24 09:16 . 2009-10-03 11:22 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 06:18 . 2009-06-28 14:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-11 03:08 . 2010-01-23 20:01 -------- d-----w- c:\program files\Google
2010-01-27 20:33 . 2010-01-27 07:08 -------- d-----w- c:\program files\PVD15
2010-01-27 11:37 . 2010-01-27 11:37 -------- d-----w- c:\program files\UPSANI
2009-12-28 12:35 . 2010-02-10 06:31 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35 . 2010-02-10 06:31 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:32 . 2010-02-10 06:31 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:32 . 2010-02-10 06:31 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:32 . 2010-02-10 06:31 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:32 . 2010-02-10 06:31 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:31 . 2010-02-10 06:31 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:31 . 2010-02-10 06:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:28 . 2010-02-10 06:31 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-12-28 12:28 . 2010-02-10 06:31 91136 ----a-w- c:\windows\system32\avifil32.dll
2008-12-16 22:34 . 2008-12-16 21:59 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}"= "c:\program files\ooVoo_Chat\tbooVo.dll" [2009-10-01 2166296]
[HKEY_CLASSES_ROOT\clsid\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}]
2009-10-01 16:29 2166296 ----a-w- c:\program files\ooVoo_Chat\tbooVo.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}"= "c:\program files\ooVoo_Chat\tbooVo.dll" [2009-10-01 2166296]
[HKEY_CLASSES_ROOT\clsid\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E5A1E26F-0D1D-4307-868F-FBD9A374AB54}"= "c:\program files\ooVoo_Chat\tbooVo.dll" [2009-10-01 2166296]
[HKEY_CLASSES_ROOT\clsid\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-7-9 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-23 135664]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-03-09 114984]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-03-09 133512]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-09 810120]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-03-09 96896]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - EKRN
*Deregistered* - jluqc
*Deregistered* - PROCEXP100
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-23 20:01]
2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-23 20:01]
2010-03-18 c:\windows\Tasks\User_Feed_Synchronization-{7FCA5642-8FDD-41ED-8DE4-15E81E91D2EA}.job
- c:\windows\system32\msfeedssync.exe [2008-12-16 22:26]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1572363
uDefault_Search_URL = hxxp://www.Google.com
uSearchAssistant = hxxp://www.Google.com/
uCustomizeSearch = hxxp://www.Google.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Get Styles\ct.htm
FF - ProfilePath - c:\users\Kristýna\AppData\Roaming\Mozilla\Firefox\Profiles\pjl51xr5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1572363&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ooVoo Chat Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://ahoolly.com
FF - prefs.js: keyword.URL - hxxp://search13.net/search.php?clid=486&q=
FF - component: c:\users\Kristýna\AppData\Roaming\Mozilla\Firefox\Profiles\pjl51xr5.default\extensions\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-18 21:55
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\jluqc]
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(2316)
c:\program files\Microsoft Office\Office12\1029\GrooveIntlResource.dll
c:\windows\system32\igfxpph.dll
c:\windows\system32\hccutils.DLL
c:\windows\system32\igfxres.dll
c:\windows\system32\igfxress.dll
c:\windows\system32\igfxsrvc.dll
.
Celkový čas: 2010-03-18 22:01:28
ComboFix-quarantined-files.txt 2010-03-18 21:01
ComboFix2.txt 2010-03-18 19:40
ComboFix3.txt 2010-03-18 18:54
Před spuštěním: Volných bajtů: 51 650 490 368
Po spuštění: Volných bajtů: 51 613 499 392
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 245C81963B8B0A5139DE03FB777B4AA8
pokud jste tak jeste neucinil(a), presunte Combofix na plochu
Přispějete na provoz fóra?