Spuštěné programy ukazují místo diaktitiky - azbuku. Zkoušel jsem Spyboot,Terminator,ale žádná detekce přítomnosti viru.
Děkuji za odpověd.
Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-09-01 09:36:05
System Microsoft Windows XP Professional Service Pack 3
System drive C: has 55 GB (23%) free of 238 GB
Total RAM: 1023 MB (39% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:38:02, on 1.9.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
C:\Program Files\ClamAV for Windows\2.0.14\agent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\logon.scr
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\76VDKZ3M\RSIT[1].exe
C:\Program Files\trend micro\Administrator.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60347
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crawler.com/homepage.aspx?tbid=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60347
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: &Crawler lista - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [Immunet Protect] "C:\Program Files\ClamAV for Windows\2.0.14\iptray.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [EPSON Stylus SX600FW(Sit) (od LIBRA)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE /FU "C:\WINDOWS\TEMP\E_S7.tmp" /EF "HKCU" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [EPSON Stylus SX600FW(Sit) (od MAANACER)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE /FU "C:\WINDOWS\TEMP\E_SAC.tmp" /EF "HKCU" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [EPSON Stylus SX600FW(Sit) (od PENTIUMIV)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE /FU "C:\WINDOWS\TEMP\E_SB9.tmp" /EF "HKCU" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [EPSON Stylus SX600FW(Sit) (od HPNX6110)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE /FU "C:\WINDOWS\TEMP\E_S5.tmp" /EF "HKCU" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [EPSON Stylus SX600FW(Sit) (od PENTIUMIV) relace 1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE /FU "C:\WINDOWS\TEMP\E_S6.tmp" /EF "HKCU" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [EPSON Stylus SX600FW(Sit) (od MAANACER) relace 2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE /FU "C:\WINDOWS\TEMP\E_S4.tmp" /EF "HKCU" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [EPSON Stylus SX600FW(Sit) (od MAAN-SERVER) relace 4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE /FU "C:\WINDOWS\TEMP\E_S21.tmp" /EF "HKCU" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [EPSON Stylus SX600FW(Sit) (od MAAN-SERVER) relace 1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE /FU "C:\WINDOWS\TEMP\E_S3.tmp" /EF "HKCU" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [EPSON Stylus SX600FW(Sit) (od MAAN-SERVER) relace 2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE /FU "C:\WINDOWS\TEMP\E_S18.tmp" /EF "HKCU" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [EPSON Stylus SX600FW(Sit) (od HPNX6110) relace 2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE /FU "C:\WINDOWS\TEMP\E_S5.tmp" /EF "HKCU" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Zdroje informaci - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://192.168.1.102/VatDec.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9280005598
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {B0781EB7-16EA-49F1-9C1D-9716D88206CF} (CSQ Object) - http://192.168.1.102/view.cab
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} (Java Plug-in 1.6.0_19) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipameti kategorii soucasti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
O23 - Service: Sluzba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Immunet Protect (ImmunetProtect) - Immunet Corporation - C:\Program Files\ClamAV for Windows\2.0.14\agent.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 11750 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GlaryInitialize.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{1F445F9E-2214-4A38-AB8D-6985D37EFE83}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-06-19 61888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-08-26 1241552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-10 278192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-07-10 814648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-11-18 1196936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-17 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-17 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-10 278192]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-11-18 1196936]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lista - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-08-26 1241552]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-06-28 2837864]
"FinePrint Dispatcher v5"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe [2003-10-20 380928]
"Immunet Protect"=C:\Program Files\ClamAV for Windows\2.0.14\iptray.exe [2010-08-30 2570056]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-09-01 2176512]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-09-01 3037696]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus SX600FW(Sit) (od MAAN-SERVER) relace 0]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE [2008-03-05 188928]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-03-30 437584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-26 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-01-25 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\SERVER\PPPPPPPPPPPPPP\install\EPSONSX600FW\EpsonNet EasyInstall\EasyInstall.exe"="C:\SERVER\PPPPPPPPPPPPPP\install\EPSONSX600FW\EpsonNet EasyInstall\EasyInstall.exe:*:Enabled:EasyInstall"
"C:\Documents and Settings\Administrator\Plocha\ded.2.socks4\svchost.exe"="C:\Documents and Settings\Administrator\Plocha\ded.2.socks4\svchost.exe:*:Disabled:svchost"
"C:\Documents and Settings\expit\Plocha\HackMap1.24\Garena.exe"="C:\Documents and Settings\expit\Plocha\HackMap1.24\Garena.exe:*:Enabled:Garena"
"C:\Documents and Settings\expit\Plocha\Garena MeX4\Garena.exe"="C:\Documents and Settings\expit\Plocha\Garena MeX4\Garena.exe:*:Enabled:Garena"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Konzola Microsoft Management Console"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-09-01 09:36:06 ----D---- C:\Program Files\trend micro
2010-09-01 09:36:05 ----D---- C:\rsit
2010-09-01 07:31:27 ----D---- C:\Program Files\Crawler
2010-09-01 07:31:19 ----A---- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2010-09-01 07:31:14 ----D---- C:\Program Files\Spyware Terminator
2010-08-31 21:55:05 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-08-31 21:55:01 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-31 21:55:01 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-08-31 09:07:43 ----A---- C:\mbam-log-2010-08-31 (09-05-24).txt
2010-08-31 08:13:22 ----A---- C:\WINDOWS\wininit.ini
2010-08-30 11:46:05 ----D---- C:\Documents and Settings\Administrator\Data aplikaci\Immunet
2010-08-30 11:45:42 ----A---- C:\WINDOWS\system32\drivers\ImmunetSelfProtect.sys
2010-08-30 11:45:39 ----A---- C:\WINDOWS\system32\drivers\ImmunetProtect.sys
2010-08-30 11:45:36 ----D---- C:\Program Files\ClamAV for Windows
2010-08-30 11:39:36 ----D---- C:\Program Files\Ask.com
2010-08-30 11:39:19 ----D---- C:\Program Files\Glary Utilities
2010-08-29 14:39:27 ----D---- C:\Program Files\CCleaner
2010-08-29 12:28:32 ----D---- C:\Documents and Settings\Administrator\Data aplikaci\TeamViewer
2010-08-29 12:28:07 ----D---- C:\Program Files\TeamViewer
2010-08-28 13:46:09 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2010-08-28 13:46:09 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2010-08-28 13:46:09 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2010-08-28 13:46:09 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2010-08-28 13:46:09 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2010-08-28 13:46:09 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010-08-28 13:46:09 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2010-08-28 13:46:01 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-08-28 13:45:56 ----D---- C:\Program Files\Alwil Software
2010-08-28 13:45:56 ----D---- C:\Documents and Settings\All Users\Data aplikaci\Alwil Software
2010-08-26 09:00:08 ----A---- C:\WINDOWS\system32\drivers\USBSTOR.SYS
2010-08-09 10:13:39 ----A---- C:\WINDOWS\system32\javaws.exe
2010-08-09 10:13:39 ----A---- C:\WINDOWS\system32\javaw.exe
2010-08-09 10:13:38 ----A---- C:\WINDOWS\system32\java.exe
======List of files/folders modified in the last 1 months======
2010-09-01 09:36:06 ----RD---- C:\Program Files
2010-09-01 09:35:49 ----D---- C:\WINDOWS\Prefetch
2010-09-01 09:19:23 ----D---- C:\WINDOWS\Temp
2010-09-01 09:03:39 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-09-01 08:54:45 ----A---- C:\WINDOWS\wincmd.ini
2010-09-01 08:54:43 ----D---- C:\INSTALL
2010-09-01 08:38:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-01 07:31:23 ----D---- C:\WINDOWS\system32\drivers
2010-08-31 16:33:13 ----SD---- C:\WINDOWS\Tasks
2010-08-31 13:27:18 ----D---- C:\SERVER
2010-08-31 11:15:40 ----D---- C:\WINDOWS\system32
2010-08-31 10:52:07 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-31 08:13:22 ----D---- C:\WINDOWS
2010-08-30 11:45:42 ----HD---- C:\WINDOWS\inf
2010-08-30 11:45:42 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-08-30 11:45:34 ----SHD---- C:\WINDOWS\Installer
2010-08-30 11:45:34 ----D---- C:\WINDOWS\WinSxS
2010-08-30 10:54:14 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-30 10:54:14 ----D---- C:\Program Files\Canon
2010-08-30 07:48:08 ----SHD---- C:\RECYCLER
2010-08-30 07:47:54 ----A---- C:\WINDOWS\system.ini
2010-08-30 07:40:02 ----D---- C:\totalcmd
2010-08-30 07:37:45 ----D---- C:\Program Files\MRP
2010-08-30 07:35:38 ----D---- C:\Documents and Settings
2010-08-29 19:37:34 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-08-28 14:04:39 ----D---- C:\Program Files\Full Tilt Poker
2010-08-28 13:46:05 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-08-28 13:36:35 ----D---- C:\WINDOWS\system32\config
2010-08-28 13:00:59 ----D---- C:\WINDOWS\repair
2010-08-28 11:07:47 ----D---- C:\fcca3d6d5e265f9794c4f21a31
2010-08-26 09:00:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-26 00:11:45 ----SD---- C:\WINDOWS\system32\Microsoft
2010-08-26 00:00:41 ----D---- C:\WINDOWS\system32\Restore
2010-08-25 23:57:10 ----D---- C:\WINDOWS\Debug
2010-08-25 23:57:09 ----D---- C:\WINDOWS\Minidump
2010-08-25 22:59:42 ----D---- C:\WINDOWS\system32\Lang
2010-08-25 22:56:05 ----D---- C:\WINDOWS\security
2010-08-25 20:00:24 ----D---- C:\Documents and Settings\Administrator\Data aplikaci\Spyware Terminator
2010-08-25 16:16:08 ----D---- C:\MRPIMPOR
2010-08-25 11:23:09 ----D---- C:\Documents and Settings\All Users\Data aplikaci\Spyware Terminator
2010-08-22 10:59:10 ----D---- C:\WINDOWS\Registration
2010-08-12 14:49:28 ----D---- C:\MRPPRN
2010-08-12 14:45:09 ----D---- C:\WINDOWS\Microsoft.NET
2010-08-12 14:45:06 ----RSD---- C:\WINDOWS\assembly
2010-08-12 14:37:12 ----D---- C:\Program Files\Internet Explorer
2010-08-12 14:07:37 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-12 14:05:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-12 14:01:45 ----D---- C:\WINDOWS\ie8updates
2010-08-12 13:58:32 ----D---- C:\Program Files\Movie Maker
2010-08-09 10:21:01 ----D---- C:\Program Files\Common Files\Java
2010-08-09 10:13:24 ----D---- C:\Program Files\Java
2010-08-03 20:09:31 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 mv614x;mv614x; C:\WINDOWS\system32\drivers\mv614x.sys [2006-01-06 34432]
R0 ohci1394;Hostitelsky radic IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-06-28 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-06-28 165456]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-06-28 46672]
R1 ImmunetProtectDriver;ImmunetProtectDriver; C:\WINDOWS\system32\DRIVERS\ImmunetProtect.sys [2010-08-30 41296]
R1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver; C:\WINDOWS\system32\DRIVERS\ImmunetSelfProtect.sys [2010-08-30 31184]
R1 intelppm;Radic procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-06-28 17744]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-06-28 100176]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-06-28 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-01-25 1478656]
R3 HDAudBus;Ovladac Microsoft UAA pro sbernici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-11-25 4064256]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 usbuhci;Ovladac Microsoft univerzalniho hostitelskeho radice USB od spolecnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-03-30 230400]
S3 BulkUsb;Usb2.0 Video Capture; C:\WINDOWS\System32\Drivers\usbscan.sys [2004-01-12 14000]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2007-08-11 25544]
S3 USBSTOR;Ovladac velkokapacitniho pametoveho zarizeni USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-01-25 405504]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R2 EpsonBidirectionalService;EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe [2006-12-19 94208]
R2 ImmunetProtect;Immunet Protect; C:\Program Files\ClamAV for Windows\2.0.14\agent.exe [2010-08-30 751536]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-09-01 488960]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-01-26 520192]
S2 gupdate;Sluzba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-09 135664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-26 182768]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 scan;Tetra Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Misto diagritiky - azbuka
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Misto diagritiky - azbuka
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Misto diagritiky - azbuka
spustil jsem combofixa,ale pporad to pise chyba v souboru PEV.exe a PEV.cfxxe
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Misto diagritiky - azbuka
Zkuste to v nouz. režimu, nebo soubor ComboFixu přejmenujte na cokoli.com (například) a zkuste spustit.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Misto diagritiky - azbuka
V nouzovem rezimu a prejmenovany combofix jak jsste napsal.Porad to hlasilo chybu PEV.EXE ale na treti restart Combofix probehl a vygeneroval toto logo a hlasku ROOTKIT !!
Dekuji za pomoc.
ComboFix 10-09-03.02 - Administrator 04.09.2010 19:21:52.3.2 - x86
System Microsoft Windows XP Professional 5.1.2600.3.1251.7.1029.18.1023.699 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Plocha\Cokoli.com
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Data aplikacн\64dlls.exe
c:\documents and settings\Administrator\Data aplikacн\intel64.exe
c:\documents and settings\Administrator\Data aplikacн\Kernel32.exe
c:\documents and settings\Administrator\Data aplikacн\localsys64.exe
c:\documents and settings\Administrator\Data aplikacн\ntos.exe
c:\documents and settings\Administrator\Data aplikacн\oembios.exe
c:\documents and settings\Administrator\Data aplikacн\sdra64.exe
c:\documents and settings\Administrator\Data aplikacн\sdra73.exe
c:\documents and settings\Administrator\Data aplikacн\swin32.exe
c:\documents and settings\Administrator\Data aplikacн\twex.exe
c:\documents and settings\Administrator\Data aplikacн\twext.exe
c:\documents and settings\Administrator\Data aplikacн\wsnpoema.exe
c:\documents and settings\Administrator\Dokumenty\cc_20100830_104410.reg
C:\Thumbs.db
.
((((((((((((((((((((((((( Files Created from 2010-08-04 to 2010-09-04 )))))))))))))))))))))))))))))))
.
2010-09-04 17:09 . 2010-09-04 17:09 -------- d-----w- C:\Cokoli
2010-09-04 16:49 . 2010-09-04 17:09 -------- d-----w- C:\ComboFix
2010-09-03 11:44 . 2010-09-03 11:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-01 13:23 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-01 13:23 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-01 10:15 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-01 10:15 . 2010-09-01 10:15 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-01 09:18 . 2010-09-01 09:18 -------- d-----w- c:\documents and settings\Administrator\Data aplikaci\Sammsoft
2010-09-01 07:36 . 2010-09-01 07:38 -------- d-----w- c:\program files\trend micro
2010-09-01 07:36 . 2010-09-01 07:38 -------- d-----w- C:\rsit
2010-09-01 06:54 . 2010-09-01 06:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikaci\GHISLER
2010-09-01 05:31 . 2010-09-01 05:31 -------- d-----w- c:\program files\Crawler
2010-08-30 11:54 . 2010-08-30 13:56 -------- d-----w- c:\documents and settings\Administrator\Data aplikaci\GetRightToGo
2010-08-30 09:46 . 2010-08-30 09:46 -------- d-----w- c:\documents and settings\All Users\Immunet
2010-08-30 09:45 . 2010-09-04 17:13 -------- d-----w- c:\program files\ClamAV for Windows
2010-08-30 09:41 . 2010-08-30 13:56 -------- d-----w- c:\documents and settings\Administrator\Data aplikaci\GlarySoft
2010-08-30 09:39 . 2010-08-30 09:39 -------- d-----w- c:\program files\Ask.com
2010-08-30 09:39 . 2010-08-31 14:33 -------- d-----w- c:\program files\Glary Utilities
2010-08-29 17:24 . 2010-08-29 17:24 -------- d-----w- c:\documents and settings\Administrator\Data aplikaci\Malwarebytes
2010-08-29 17:18 . 2010-09-01 12:32 -------- d-----w- c:\documents and settings\Administrator\Data aplikaci
2010-08-29 12:39 . 2010-08-29 12:39 -------- d-----w- c:\documents and settings\Administrator\Nabidka Start
2010-08-29 12:39 . 2010-08-29 12:39 -------- d-----w- c:\program files\CCleaner
2010-08-29 10:28 . 2010-08-29 10:28 -------- d-----w- c:\documents and settings\All Users\Nabidka Start
2010-08-29 10:28 . 2010-08-29 10:28 -------- d-----w- c:\program files\TeamViewer
2010-08-28 11:46 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-28 11:46 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-28 11:46 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-28 11:46 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-08-28 11:46 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-08-28 11:46 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-28 11:46 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-28 11:46 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-28 11:46 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-28 11:45 . 2010-08-28 11:45 -------- d-----w- c:\program files\Alwil Software
2010-08-28 11:42 . 2010-08-28 11:42 -------- d-sh--w- c:\documents and settings\Administrator\Local Settings\Data aplikaci\Microsoft
2010-08-26 07:00 . 2008-04-13 18:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-08-25 20:59 . 2010-09-02 09:55 -------- d-----w- c:\documents and settings\All Users\Data aplikaci
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-01 13:26 . 2010-07-29 18:54 -------- d-----w- c:\program files\sala termiserv 2
2010-08-30 08:54 . 2009-10-08 15:41 -------- d-----w- c:\program files\Canon
2010-08-30 08:54 . 2007-03-20 14:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-30 05:37 . 2008-12-17 10:55 -------- d-----w- c:\program files\MRP
2010-08-28 12:04 . 2010-07-29 19:12 -------- d-----w- c:\program files\Full Tilt Poker
2010-08-25 21:04 . 2009-01-06 10:31 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-12 12:05 . 2006-03-02 12:00 79062 ----a-w- c:\windows\system32\perfc005.dat
2010-08-12 12:05 . 2006-03-02 12:00 432004 ----a-w- c:\windows\system32\perfh005.dat
2010-08-09 08:21 . 2008-12-24 15:32 -------- d-----w- c:\program files\Common Files\Java
2010-08-09 08:13 . 2008-12-24 15:32 -------- d-----w- c:\program files\Java
2010-07-17 03:00 . 2010-05-12 06:30 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-09 14:57 . 2007-08-26 12:24 -------- d-----w- c:\program files\Google
2010-06-30 12:33 . 2006-03-02 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2006-03-02 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-03-02 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2006-03-02 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2007-03-20 00:56 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-11-18 16:40 1196936 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-11-18 1196936]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-11-18 1196936]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"EPSON Stylus SX600FW(Sit)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
"EPSON Stylus SX600FW(Sit) (od LIBRA)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
"EPSON Stylus SX600FW(Sit) (od MAANACER)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
"EPSON Stylus SX600FW(Sit) (od PENTIUMIV)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
"EPSON Stylus SX600FW(Sit) (od HPNX6110)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
"EPSON Stylus SX600FW(Sit) (od PENTIUMIV) relace 1"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
"EPSON Stylus SX600FW(Sit) (od MAANACER) relace 2"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
"EPSON Stylus SX600FW(Sit) (od MAAN-SERVER) relace 4"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
"EPSON Stylus SX600FW(Sit) (od MAAN-SERVER) relace 1"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
"EPSON Stylus SX600FW(Sit) (od MAAN-SERVER) relace 2"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
"EPSON Stylus SX600FW(Sit) (od HPNX6110) relace 2"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus SX600FW(Sit) (od MAAN-SERVER) relace 0]
2008-03-05 15:00 188928 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIEKE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FinePrint Dispatcher v5]
2003-10-20 14:12 380928 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\fpdisp5a.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-04-29 13:39 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-08-26 13:26 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1.9.2010 12:15 64288]
R0 mv614x;mv614x;c:\windows\system32\drivers\mv614x.sys [11.1.2006 19:44 34432]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28.8.2010 13:46 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.8.2010 13:46 17744]
S2 gupdate;Sluzba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9.7.2010 16:57 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S3 BulkUsb;Usb2.0 Video Capture;c:\windows\system32\drivers\usbscan.sys [26.8.2007 14:11 14000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2010-09-04 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-08-30 09:21]
2010-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-09 14:57]
2010-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-09 14:57]
2010-09-04 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-11-18 16:40]
2010-09-04 c:\windows\Tasks\User_Feed_Synchronization-{1F445F9E-2214-4A38-AB8D-6985D37EFE83}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60347
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://192.168.1.102/VatDec.cab
DPF: {B0781EB7-16EA-49F1-9C1D-9716D88206CF} - hxxp://192.168.1.102/view.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-AROReminder - c:\program files\Advanced Registry Optimizer\aro.exe
MSConfigStartUp-Immunet Protect - c:\program files\ClamAV for Windows\2.0.14\iptray.exe
AddRemove-Advanced Registry Optimizer_is1 - c:\program files\Advanced Registry Optimizer\unins000.exe
AddRemove-Kalkulace nove kominy_is1 - c:\program files\Kalkulace nove kominy\unins000.exe
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-861567501-583907252-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,98,7b,b8,18,fb,bf,4d,a0,5b,fd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,98,7b,b8,18,fb,bf,4d,a0,5b,fd,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,98,7b,b8,18,fb,bf,4d,a0,5b,fd,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-09-04 19:29:41
ComboFix-quarantined-files.txt 2010-09-04 17:29
Pre-Run: Volnych bajtu: 71 150 764 032
Post-Run: Volnych bajtu: 71 448 469 504
- - End Of File - - 1C39CB948AD76807DFD458368D6E02E0
Dekuji za pomoc.
ComboFix 10-09-03.02 - Administrator 04.09.2010 19:21:52.3.2 - x86
System Microsoft Windows XP Professional 5.1.2600.3.1251.7.1029.18.1023.699 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Plocha\Cokoli.com
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Data aplikacн\64dlls.exe
c:\documents and settings\Administrator\Data aplikacн\intel64.exe
c:\documents and settings\Administrator\Data aplikacн\Kernel32.exe
c:\documents and settings\Administrator\Data aplikacн\localsys64.exe
c:\documents and settings\Administrator\Data aplikacн\ntos.exe
c:\documents and settings\Administrator\Data aplikacн\oembios.exe
c:\documents and settings\Administrator\Data aplikacн\sdra64.exe
c:\documents and settings\Administrator\Data aplikacн\sdra73.exe
c:\documents and settings\Administrator\Data aplikacн\swin32.exe
c:\documents and settings\Administrator\Data aplikacн\twex.exe
c:\documents and settings\Administrator\Data aplikacн\twext.exe
c:\documents and settings\Administrator\Data aplikacн\wsnpoema.exe
c:\documents and settings\Administrator\Dokumenty\cc_20100830_104410.reg
C:\Thumbs.db
.
((((((((((((((((((((((((( Files Created from 2010-08-04 to 2010-09-04 )))))))))))))))))))))))))))))))
.
2010-09-04 17:09 . 2010-09-04 17:09 -------- d-----w- C:\Cokoli
2010-09-04 16:49 . 2010-09-04 17:09 -------- d-----w- C:\ComboFix
2010-09-03 11:44 . 2010-09-03 11:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-01 13:23 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-01 13:23 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-01 10:15 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-01 10:15 . 2010-09-01 10:15 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-01 09:18 . 2010-09-01 09:18 -------- d-----w- c:\documents and settings\Administrator\Data aplikaci\Sammsoft
2010-09-01 07:36 . 2010-09-01 07:38 -------- d-----w- c:\program files\trend micro
2010-09-01 07:36 . 2010-09-01 07:38 -------- d-----w- C:\rsit
2010-09-01 06:54 . 2010-09-01 06:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikaci\GHISLER
2010-09-01 05:31 . 2010-09-01 05:31 -------- d-----w- c:\program files\Crawler
2010-08-30 11:54 . 2010-08-30 13:56 -------- d-----w- c:\documents and settings\Administrator\Data aplikaci\GetRightToGo
2010-08-30 09:46 . 2010-08-30 09:46 -------- d-----w- c:\documents and settings\All Users\Immunet
2010-08-30 09:45 . 2010-09-04 17:13 -------- d-----w- c:\program files\ClamAV for Windows
2010-08-30 09:41 . 2010-08-30 13:56 -------- d-----w- c:\documents and settings\Administrator\Data aplikaci\GlarySoft
2010-08-30 09:39 . 2010-08-30 09:39 -------- d-----w- c:\program files\Ask.com
2010-08-30 09:39 . 2010-08-31 14:33 -------- d-----w- c:\program files\Glary Utilities
2010-08-29 17:24 . 2010-08-29 17:24 -------- d-----w- c:\documents and settings\Administrator\Data aplikaci\Malwarebytes
2010-08-29 17:18 . 2010-09-01 12:32 -------- d-----w- c:\documents and settings\Administrator\Data aplikaci
2010-08-29 12:39 . 2010-08-29 12:39 -------- d-----w- c:\documents and settings\Administrator\Nabidka Start
2010-08-29 12:39 . 2010-08-29 12:39 -------- d-----w- c:\program files\CCleaner
2010-08-29 10:28 . 2010-08-29 10:28 -------- d-----w- c:\documents and settings\All Users\Nabidka Start
2010-08-29 10:28 . 2010-08-29 10:28 -------- d-----w- c:\program files\TeamViewer
2010-08-28 11:46 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-28 11:46 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-28 11:46 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-28 11:46 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-08-28 11:46 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-08-28 11:46 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-28 11:46 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-28 11:46 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-28 11:46 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-28 11:45 . 2010-08-28 11:45 -------- d-----w- c:\program files\Alwil Software
2010-08-28 11:42 . 2010-08-28 11:42 -------- d-sh--w- c:\documents and settings\Administrator\Local Settings\Data aplikaci\Microsoft
2010-08-26 07:00 . 2008-04-13 18:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-08-25 20:59 . 2010-09-02 09:55 -------- d-----w- c:\documents and settings\All Users\Data aplikaci
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-01 13:26 . 2010-07-29 18:54 -------- d-----w- c:\program files\sala termiserv 2
2010-08-30 08:54 . 2009-10-08 15:41 -------- d-----w- c:\program files\Canon
2010-08-30 08:54 . 2007-03-20 14:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-30 05:37 . 2008-12-17 10:55 -------- d-----w- c:\program files\MRP
2010-08-28 12:04 . 2010-07-29 19:12 -------- d-----w- c:\program files\Full Tilt Poker
2010-08-25 21:04 . 2009-01-06 10:31 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-12 12:05 . 2006-03-02 12:00 79062 ----a-w- c:\windows\system32\perfc005.dat
2010-08-12 12:05 . 2006-03-02 12:00 432004 ----a-w- c:\windows\system32\perfh005.dat
2010-08-09 08:21 . 2008-12-24 15:32 -------- d-----w- c:\program files\Common Files\Java
2010-08-09 08:13 . 2008-12-24 15:32 -------- d-----w- c:\program files\Java
2010-07-17 03:00 . 2010-05-12 06:30 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-09 14:57 . 2007-08-26 12:24 -------- d-----w- c:\program files\Google
2010-06-30 12:33 . 2006-03-02 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2006-03-02 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-03-02 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2006-03-02 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2007-03-20 00:56 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-11-18 16:40 1196936 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-11-18 1196936]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-11-18 1196936]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"EPSON Stylus SX600FW(Sit)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
"EPSON Stylus SX600FW(Sit) (od LIBRA)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
"EPSON Stylus SX600FW(Sit) (od MAANACER)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
"EPSON Stylus SX600FW(Sit) (od PENTIUMIV)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
"EPSON Stylus SX600FW(Sit) (od HPNX6110)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
"EPSON Stylus SX600FW(Sit) (od PENTIUMIV) relace 1"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
"EPSON Stylus SX600FW(Sit) (od MAANACER) relace 2"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
"EPSON Stylus SX600FW(Sit) (od MAAN-SERVER) relace 4"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
"EPSON Stylus SX600FW(Sit) (od MAAN-SERVER) relace 1"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
"EPSON Stylus SX600FW(Sit) (od MAAN-SERVER) relace 2"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
"EPSON Stylus SX600FW(Sit) (od HPNX6110) relace 2"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus SX600FW(Sit) (od MAAN-SERVER) relace 0]
2008-03-05 15:00 188928 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIEKE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FinePrint Dispatcher v5]
2003-10-20 14:12 380928 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\fpdisp5a.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-04-29 13:39 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-08-26 13:26 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1.9.2010 12:15 64288]
R0 mv614x;mv614x;c:\windows\system32\drivers\mv614x.sys [11.1.2006 19:44 34432]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28.8.2010 13:46 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.8.2010 13:46 17744]
S2 gupdate;Sluzba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9.7.2010 16:57 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S3 BulkUsb;Usb2.0 Video Capture;c:\windows\system32\drivers\usbscan.sys [26.8.2007 14:11 14000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2010-09-04 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-08-30 09:21]
2010-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-09 14:57]
2010-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-09 14:57]
2010-09-04 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-11-18 16:40]
2010-09-04 c:\windows\Tasks\User_Feed_Synchronization-{1F445F9E-2214-4A38-AB8D-6985D37EFE83}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60347
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://192.168.1.102/VatDec.cab
DPF: {B0781EB7-16EA-49F1-9C1D-9716D88206CF} - hxxp://192.168.1.102/view.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-AROReminder - c:\program files\Advanced Registry Optimizer\aro.exe
MSConfigStartUp-Immunet Protect - c:\program files\ClamAV for Windows\2.0.14\iptray.exe
AddRemove-Advanced Registry Optimizer_is1 - c:\program files\Advanced Registry Optimizer\unins000.exe
AddRemove-Kalkulace nove kominy_is1 - c:\program files\Kalkulace nove kominy\unins000.exe
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-861567501-583907252-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,98,7b,b8,18,fb,bf,4d,a0,5b,fd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,98,7b,b8,18,fb,bf,4d,a0,5b,fd,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,98,7b,b8,18,fb,bf,4d,a0,5b,fd,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-09-04 19:29:41
ComboFix-quarantined-files.txt 2010-09-04 17:29
Pre-Run: Volnych bajtu: 71 150 764 032
Post-Run: Volnych bajtu: 71 448 469 504
- - End Of File - - 1C39CB948AD76807DFD458368D6E02E0
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Misto diagritiky - azbuka
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plolchu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Folder::
c:\program files\Ask.com
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Misto diagritiky - azbuka
spustil jsem to v nouz.rezimu ,probehlo ale porad stejny. hacky carky = azbuka.
nevim jestli nedelam nekde chybu,ale zastavil jsem vsechny stity,antivir taky a spustil jsem to jako cokoli.com + *.txt.
ComboFix 10-09-03.02 - Administrator 05.09.2010 17:44:37.5.2 - x86
System Microsoft Windows XP Professional 5.1.2600.3.1251.7.1029.18.1023.762 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Plocha\Cokoli.com
Command switches used :: c:\docume~1\ADMINI~1\Plocha\CFScript.txt
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Data aplikací\64dlls.exe
c:\documents and settings\Administrator\Data aplikací\intel64.exe
c:\documents and settings\Administrator\Data aplikací\Kernel32.exe
c:\documents and settings\Administrator\Data aplikací\localsys64.exe
c:\documents and settings\Administrator\Data aplikací\ntos.exe
c:\documents and settings\Administrator\Data aplikací\oembios.exe
c:\documents and settings\Administrator\Data aplikací\sdra64.exe
c:\documents and settings\Administrator\Data aplikací\sdra73.exe
c:\documents and settings\Administrator\Data aplikací\swin32.exe
c:\documents and settings\Administrator\Data aplikací\twex.exe
c:\documents and settings\Administrator\Data aplikací\twext.exe
c:\documents and settings\Administrator\Data aplikací\wsnpoema.exe
.
((((((((((((((((((((((((( Files Created from 2010-08-05 to 2010-09-05 )))))))))))))))))))))))))))))))
.
2010-09-04 17:58 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2010-09-04 17:15 . 2010-09-04 17:29 -------- d-----w- C:\Cokoli32115C
2010-09-04 17:09 . 2010-09-04 17:09 -------- d-----w- C:\Cokoli
2010-09-04 16:49 . 2010-09-04 17:09 -------- d-----w- C:\ComboFix
2010-09-01 10:15 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-01 10:15 . 2010-09-01 10:15 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-01 09:18 . 2010-09-01 09:18 -------- d-----w- c:\documents and settings\Administrator\Data aplikaci\Sammsoft
2010-09-01 07:36 . 2010-09-01 07:38 -------- d-----w- c:\program files\trend micro
2010-09-01 07:36 . 2010-09-01 07:38 -------- d-----w- C:\rsit
2010-09-01 06:54 . 2010-09-01 06:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikaci\GHISLER
2010-09-01 05:31 . 2010-09-01 05:31 -------- d-----w- c:\program files\Crawler
2010-08-30 11:54 . 2010-08-30 13:56 -------- d-----w- c:\documents and settings\Administrator\Data aplikaci\GetRightToGo
2010-08-30 09:46 . 2010-08-30 09:46 -------- d-----w- c:\documents and settings\All Users\Immunet
2010-08-30 09:45 . 2010-09-04 17:13 -------- d-----w- c:\program files\ClamAV for Windows
2010-08-30 09:41 . 2010-08-30 13:56 -------- d-----w- c:\documents and settings\Administrator\Data aplikaci\GlarySoft
2010-08-30 09:39 . 2010-08-31 14:33 -------- d-----w- c:\program files\Glary Utilities
2010-08-29 17:24 . 2010-08-29 17:24 -------- d-----w- c:\documents and settings\Administrator\Data aplikaci\Malwarebytes
2010-08-29 17:18 . 2010-09-01 12:32 -------- d-----w- c:\documents and settings\Administrator\Data aplikaci
2010-08-29 12:39 . 2010-08-29 12:39 -------- d-----w- c:\documents and settings\Administrator\Nabidka Start
2010-08-29 12:39 . 2010-08-29 12:39 -------- d-----w- c:\program files\CCleaner
2010-08-29 10:28 . 2010-08-29 10:28 -------- d-----w- c:\documents and settings\All Users\Nabidka Start
2010-08-29 10:28 . 2010-08-29 10:28 -------- d-----w- c:\program files\TeamViewer
2010-08-28 11:45 . 2010-08-28 11:45 -------- d-----w- c:\program files\Alwil Software
2010-08-28 11:42 . 2010-08-28 11:42 -------- d-sh--w- c:\documents and settings\Administrator\Local Settings\Data aplikaci\Microsoft
2010-08-26 07:00 . 2008-04-13 18:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-08-25 20:59 . 2010-09-02 09:55 -------- d-----w- c:\documents and settings\All Users\Data aplikaci
.
nevim jestli nedelam nekde chybu,ale zastavil jsem vsechny stity,antivir taky a spustil jsem to jako cokoli.com + *.txt.
ComboFix 10-09-03.02 - Administrator 05.09.2010 17:44:37.5.2 - x86
System Microsoft Windows XP Professional 5.1.2600.3.1251.7.1029.18.1023.762 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Plocha\Cokoli.com
Command switches used :: c:\docume~1\ADMINI~1\Plocha\CFScript.txt
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Data aplikací\64dlls.exe
c:\documents and settings\Administrator\Data aplikací\intel64.exe
c:\documents and settings\Administrator\Data aplikací\Kernel32.exe
c:\documents and settings\Administrator\Data aplikací\localsys64.exe
c:\documents and settings\Administrator\Data aplikací\ntos.exe
c:\documents and settings\Administrator\Data aplikací\oembios.exe
c:\documents and settings\Administrator\Data aplikací\sdra64.exe
c:\documents and settings\Administrator\Data aplikací\sdra73.exe
c:\documents and settings\Administrator\Data aplikací\swin32.exe
c:\documents and settings\Administrator\Data aplikací\twex.exe
c:\documents and settings\Administrator\Data aplikací\twext.exe
c:\documents and settings\Administrator\Data aplikací\wsnpoema.exe
.
((((((((((((((((((((((((( Files Created from 2010-08-05 to 2010-09-05 )))))))))))))))))))))))))))))))
.
2010-09-04 17:58 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2010-09-04 17:15 . 2010-09-04 17:29 -------- d-----w- C:\Cokoli32115C
2010-09-04 17:09 . 2010-09-04 17:09 -------- d-----w- C:\Cokoli
2010-09-04 16:49 . 2010-09-04 17:09 -------- d-----w- C:\ComboFix
2010-09-01 10:15 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-01 10:15 . 2010-09-01 10:15 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-01 09:18 . 2010-09-01 09:18 -------- d-----w- c:\documents and settings\Administrator\Data aplikaci\Sammsoft
2010-09-01 07:36 . 2010-09-01 07:38 -------- d-----w- c:\program files\trend micro
2010-09-01 07:36 . 2010-09-01 07:38 -------- d-----w- C:\rsit
2010-09-01 06:54 . 2010-09-01 06:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikaci\GHISLER
2010-09-01 05:31 . 2010-09-01 05:31 -------- d-----w- c:\program files\Crawler
2010-08-30 11:54 . 2010-08-30 13:56 -------- d-----w- c:\documents and settings\Administrator\Data aplikaci\GetRightToGo
2010-08-30 09:46 . 2010-08-30 09:46 -------- d-----w- c:\documents and settings\All Users\Immunet
2010-08-30 09:45 . 2010-09-04 17:13 -------- d-----w- c:\program files\ClamAV for Windows
2010-08-30 09:41 . 2010-08-30 13:56 -------- d-----w- c:\documents and settings\Administrator\Data aplikaci\GlarySoft
2010-08-30 09:39 . 2010-08-31 14:33 -------- d-----w- c:\program files\Glary Utilities
2010-08-29 17:24 . 2010-08-29 17:24 -------- d-----w- c:\documents and settings\Administrator\Data aplikaci\Malwarebytes
2010-08-29 17:18 . 2010-09-01 12:32 -------- d-----w- c:\documents and settings\Administrator\Data aplikaci
2010-08-29 12:39 . 2010-08-29 12:39 -------- d-----w- c:\documents and settings\Administrator\Nabidka Start
2010-08-29 12:39 . 2010-08-29 12:39 -------- d-----w- c:\program files\CCleaner
2010-08-29 10:28 . 2010-08-29 10:28 -------- d-----w- c:\documents and settings\All Users\Nabidka Start
2010-08-29 10:28 . 2010-08-29 10:28 -------- d-----w- c:\program files\TeamViewer
2010-08-28 11:45 . 2010-08-28 11:45 -------- d-----w- c:\program files\Alwil Software
2010-08-28 11:42 . 2010-08-28 11:42 -------- d-sh--w- c:\documents and settings\Administrator\Local Settings\Data aplikaci\Microsoft
2010-08-26 07:00 . 2008-04-13 18:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-08-25 20:59 . 2010-09-02 09:55 -------- d-----w- c:\documents and settings\All Users\Data aplikaci
.
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Misto diagritiky - azbuka
Log není kompletní.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Misto diagritiky - azbuka
ComboFix 10-09-03.02 - Administrator 05.09.2010 17:44:37.5.2 - x86
System Microsoft Windows XP Professional 5.1.2600.3.1251.7.1029.18.1023.762 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Plocha\Cokoli.com
Command switches used :: c:\docume~1\ADMINI~1\Plocha\CFScript.txt
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Data aplikací\64dlls.exe
c:\documents and settings\Administrator\Data aplikací\intel64.exe
c:\documents and settings\Administrator\Data aplikací\Kernel32.exe
c:\documents and settings\Administrator\Data aplikací\localsys64.exe
c:\documents and settings\Administrator\Data aplikací\ntos.exe
c:\documents and settings\Administrator\Data aplikací\oembios.exe
c:\documents and settings\Administrator\Data aplikací\sdra64.exe
c:\documents and settings\Administrator\Data aplikací\sdra73.exe
c:\documents and settings\Administrator\Data aplikací\swin32.exe
c:\documents and settings\Administrator\Data aplikací\twex.exe
c:\documents and settings\Administrator\Data aplikací\twext.exe
c:\documents and settings\Administrator\Data aplikací\wsnpoema.exe
.
((((((((((((((((((((((((( Files Created from 2010-08-05 to 2010-09-05 )))))))))))))))))))))))))))))))
.
2010-09-04 17:58 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2010-09-04 17:15 . 2010-09-04 17:29 -------- d-----w- C:\Cokoli32115C
2010-09-04 17:09 . 2010-09-04 17:09 -------- d-----w- C:\Cokoli
2010-09-04 16:49 . 2010-09-04 17:09 -------- d-----w- C:\ComboFix
2010-09-01 10:15 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-01 10:15 . 2010-09-01 10:15 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-01 09:18 . 2010-09-01 09:18 -------- d-----w- c:\documents and settings\Administrator\Data aplikaci\Sammsoft
2010-09-01 07:36 . 2010-09-01 07:38 -------- d-----w- c:\program files\trend micro
2010-09-01 07:36 . 2010-09-01 07:38 -------- d-----w- C:\rsit
2010-09-01 06:54 . 2010-09-01 06:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikaci\GHISLER
2010-09-01 05:31 . 2010-09-01 05:31 -------- d-----w- c:\program files\Crawler
2010-08-30 11:54 . 2010-08-30 13:56 -------- d-----w- c:\documents and settings\Administrator\Data aplikaci\GetRightToGo
2010-08-30 09:46 . 2010-08-30 09:46 -------- d-----w- c:\documents and settings\All Users\Immunet
2010-08-30 09:45 . 2010-09-04 17:13 -------- d-----w- c:\program files\ClamAV for Windows
2010-08-30 09:41 . 2010-08-30 13:56 -------- d-----w- c:\documents and settings\Administrator\Data aplikaci\GlarySoft
2010-08-30 09:39 . 2010-08-31 14:33 -------- d-----w- c:\program files\Glary Utilities
2010-08-29 17:24 . 2010-08-29 17:24 -------- d-----w- c:\documents and settings\Administrator\Data aplikaci\Malwarebytes
2010-08-29 17:18 . 2010-09-01 12:32 -------- d-----w- c:\documents and settings\Administrator\Data aplikaci
2010-08-29 12:39 . 2010-08-29 12:39 -------- d-----w- c:\documents and settings\Administrator\Nabidka Start
2010-08-29 12:39 . 2010-08-29 12:39 -------- d-----w- c:\program files\CCleaner
2010-08-29 10:28 . 2010-08-29 10:28 -------- d-----w- c:\documents and settings\All Users\Nabidka Start
2010-08-29 10:28 . 2010-08-29 10:28 -------- d-----w- c:\program files\TeamViewer
2010-08-28 11:45 . 2010-08-28 11:45 -------- d-----w- c:\program files\Alwil Software
2010-08-28 11:42 . 2010-08-28 11:42 -------- d-sh--w- c:\documents and settings\Administrator\Local Settings\Data aplikaci\Microsoft
2010-08-26 07:00 . 2008-04-13 18:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-08-25 20:59 . 2010-09-02 09:55 -------- d-----w- c:\documents and settings\All Users\Data aplikaci
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-01 13:26 . 2010-07-29 18:54 -------- d-----w- c:\program files\sala termiserv 2
2010-08-30 08:54 . 2009-10-08 15:41 -------- d-----w- c:\program files\Canon
2010-08-30 08:54 . 2007-03-20 14:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-30 05:37 . 2008-12-17 10:55 -------- d-----w- c:\program files\MRP
2010-08-28 12:04 . 2010-07-29 19:12 -------- d-----w- c:\program files\Full Tilt Poker
2010-08-25 21:04 . 2009-01-06 10:31 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-12 12:05 . 2006-03-02 12:00 79062 ----a-w- c:\windows\system32\perfc005.dat
2010-08-12 12:05 . 2006-03-02 12:00 432004 ----a-w- c:\windows\system32\perfh005.dat
2010-08-09 08:21 . 2008-12-24 15:32 -------- d-----w- c:\program files\Common Files\Java
2010-08-09 08:13 . 2008-12-24 15:32 -------- d-----w- c:\program files\Java
2010-07-17 03:00 . 2010-05-12 06:30 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-09 14:57 . 2007-08-26 12:24 -------- d-----w- c:\program files\Google
2010-06-30 12:33 . 2006-03-02 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2006-03-02 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-03-02 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2006-03-02 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2007-03-20 00:56 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-09-04_17.28.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-05 15:40 . 2010-09-05 15:40 16384 c:\windows\Temp\Perflib_Perfdata_16c.dat
+ 2007-01-31 13:33 . 2007-01-31 13:33 5632 c:\windows\system32\drivers\avgarkt.sys
+ 2010-09-05 15:34 . 2010-09-05 15:34 262144 c:\windows\system32\config\systemprofile\NtUser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus SX600FW(Sit) (od MAAN-SERVER) relace 0"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"EPSON Stylus SX600FW(Sit)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
"EPSON Stylus SX600FW(Sit) (od LIBRA)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
"EPSON Stylus SX600FW(Sit) (od MAANACER)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
"EPSON Stylus SX600FW(Sit) (od PENTIUMIV)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
"EPSON Stylus SX600FW(Sit) (od HPNX6110)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
"EPSON Stylus SX600FW(Sit) (od PENTIUMIV) relace 1"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
"EPSON Stylus SX600FW(Sit) (od MAANACER) relace 2"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
"EPSON Stylus SX600FW(Sit) (od MAAN-SERVER) relace 4"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
"EPSON Stylus SX600FW(Sit) (od MAAN-SERVER) relace 1"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
"EPSON Stylus SX600FW(Sit) (od MAAN-SERVER) relace 2"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
"EPSON Stylus SX600FW(Sit) (od HPNX6110) relace 2"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus SX600FW(Sit) (od MAAN-SERVER) relace 0]
2008-03-05 15:00 188928 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIEKE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FinePrint Dispatcher v5]
2003-10-20 14:12 380928 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\fpdisp5a.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-08-26 13:26 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1.9.2010 12:15 64288]
R0 mv614x;mv614x;c:\windows\system32\drivers\mv614x.sys [11.1.2006 19:44 34432]
S2 gupdate;Sluzba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9.7.2010 16:57 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S3 BulkUsb;Usb2.0 Video Capture;c:\windows\system32\drivers\usbscan.sys [26.8.2007 14:11 14000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2010-09-05 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-08-30 09:21]
2010-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-09 14:57]
2010-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-09 14:57]
2010-09-05 c:\windows\Tasks\User_Feed_Synchronization-{1F445F9E-2214-4A38-AB8D-6985D37EFE83}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60347
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://192.168.1.102/VatDec.cab
DPF: {B0781EB7-16EA-49F1-9C1D-9716D88206CF} - hxxp://192.168.1.102/view.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
AddRemove-Kalkulace nove kominy_is1 - c:\program files\Kalkulace nove kominy\unins000.exe
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus SX600FW(Síť) (od MAAN-SERVER) relace 0"="c:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIEKE.EXE /FU \"c:\\WINDOWS\\TEMP\\E_SE.tmp\" /EF \"HKCU\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-861567501-583907252-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,98,7b,b8,18,fb,bf,4d,a0,5b,fd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,98,7b,b8,18,fb,bf,4d,a0,5b,fd,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,98,7b,b8,18,fb,bf,4d,a0,5b,fd,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-09-05 17:51:23
ComboFix-quarantined-files.txt 2010-09-05 15:51
ComboFix2.txt 2010-09-05 14:11
ComboFix3.txt 2010-09-04 17:29
Pre-Run: Volnych bajtu: 71 457 046 528
Post-Run: Volnych bajtu: 71 446 470 656
- - End Of File - - 7A3EDA7DABA381E5CCFCD526AC229564
System Microsoft Windows XP Professional 5.1.2600.3.1251.7.1029.18.1023.762 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Plocha\Cokoli.com
Command switches used :: c:\docume~1\ADMINI~1\Plocha\CFScript.txt
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Data aplikací\64dlls.exe
c:\documents and settings\Administrator\Data aplikací\intel64.exe
c:\documents and settings\Administrator\Data aplikací\Kernel32.exe
c:\documents and settings\Administrator\Data aplikací\localsys64.exe
c:\documents and settings\Administrator\Data aplikací\ntos.exe
c:\documents and settings\Administrator\Data aplikací\oembios.exe
c:\documents and settings\Administrator\Data aplikací\sdra64.exe
c:\documents and settings\Administrator\Data aplikací\sdra73.exe
c:\documents and settings\Administrator\Data aplikací\swin32.exe
c:\documents and settings\Administrator\Data aplikací\twex.exe
c:\documents and settings\Administrator\Data aplikací\twext.exe
c:\documents and settings\Administrator\Data aplikací\wsnpoema.exe
.
((((((((((((((((((((((((( Files Created from 2010-08-05 to 2010-09-05 )))))))))))))))))))))))))))))))
.
2010-09-04 17:58 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2010-09-04 17:15 . 2010-09-04 17:29 -------- d-----w- C:\Cokoli32115C
2010-09-04 17:09 . 2010-09-04 17:09 -------- d-----w- C:\Cokoli
2010-09-04 16:49 . 2010-09-04 17:09 -------- d-----w- C:\ComboFix
2010-09-01 10:15 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-01 10:15 . 2010-09-01 10:15 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-01 09:18 . 2010-09-01 09:18 -------- d-----w- c:\documents and settings\Administrator\Data aplikaci\Sammsoft
2010-09-01 07:36 . 2010-09-01 07:38 -------- d-----w- c:\program files\trend micro
2010-09-01 07:36 . 2010-09-01 07:38 -------- d-----w- C:\rsit
2010-09-01 06:54 . 2010-09-01 06:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikaci\GHISLER
2010-09-01 05:31 . 2010-09-01 05:31 -------- d-----w- c:\program files\Crawler
2010-08-30 11:54 . 2010-08-30 13:56 -------- d-----w- c:\documents and settings\Administrator\Data aplikaci\GetRightToGo
2010-08-30 09:46 . 2010-08-30 09:46 -------- d-----w- c:\documents and settings\All Users\Immunet
2010-08-30 09:45 . 2010-09-04 17:13 -------- d-----w- c:\program files\ClamAV for Windows
2010-08-30 09:41 . 2010-08-30 13:56 -------- d-----w- c:\documents and settings\Administrator\Data aplikaci\GlarySoft
2010-08-30 09:39 . 2010-08-31 14:33 -------- d-----w- c:\program files\Glary Utilities
2010-08-29 17:24 . 2010-08-29 17:24 -------- d-----w- c:\documents and settings\Administrator\Data aplikaci\Malwarebytes
2010-08-29 17:18 . 2010-09-01 12:32 -------- d-----w- c:\documents and settings\Administrator\Data aplikaci
2010-08-29 12:39 . 2010-08-29 12:39 -------- d-----w- c:\documents and settings\Administrator\Nabidka Start
2010-08-29 12:39 . 2010-08-29 12:39 -------- d-----w- c:\program files\CCleaner
2010-08-29 10:28 . 2010-08-29 10:28 -------- d-----w- c:\documents and settings\All Users\Nabidka Start
2010-08-29 10:28 . 2010-08-29 10:28 -------- d-----w- c:\program files\TeamViewer
2010-08-28 11:45 . 2010-08-28 11:45 -------- d-----w- c:\program files\Alwil Software
2010-08-28 11:42 . 2010-08-28 11:42 -------- d-sh--w- c:\documents and settings\Administrator\Local Settings\Data aplikaci\Microsoft
2010-08-26 07:00 . 2008-04-13 18:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-08-25 20:59 . 2010-09-02 09:55 -------- d-----w- c:\documents and settings\All Users\Data aplikaci
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-01 13:26 . 2010-07-29 18:54 -------- d-----w- c:\program files\sala termiserv 2
2010-08-30 08:54 . 2009-10-08 15:41 -------- d-----w- c:\program files\Canon
2010-08-30 08:54 . 2007-03-20 14:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-30 05:37 . 2008-12-17 10:55 -------- d-----w- c:\program files\MRP
2010-08-28 12:04 . 2010-07-29 19:12 -------- d-----w- c:\program files\Full Tilt Poker
2010-08-25 21:04 . 2009-01-06 10:31 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-12 12:05 . 2006-03-02 12:00 79062 ----a-w- c:\windows\system32\perfc005.dat
2010-08-12 12:05 . 2006-03-02 12:00 432004 ----a-w- c:\windows\system32\perfh005.dat
2010-08-09 08:21 . 2008-12-24 15:32 -------- d-----w- c:\program files\Common Files\Java
2010-08-09 08:13 . 2008-12-24 15:32 -------- d-----w- c:\program files\Java
2010-07-17 03:00 . 2010-05-12 06:30 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-09 14:57 . 2007-08-26 12:24 -------- d-----w- c:\program files\Google
2010-06-30 12:33 . 2006-03-02 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2006-03-02 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-03-02 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2006-03-02 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2007-03-20 00:56 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-09-04_17.28.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-05 15:40 . 2010-09-05 15:40 16384 c:\windows\Temp\Perflib_Perfdata_16c.dat
+ 2007-01-31 13:33 . 2007-01-31 13:33 5632 c:\windows\system32\drivers\avgarkt.sys
+ 2010-09-05 15:34 . 2010-09-05 15:34 262144 c:\windows\system32\config\systemprofile\NtUser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus SX600FW(Sit) (od MAAN-SERVER) relace 0"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"EPSON Stylus SX600FW(Sit)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
"EPSON Stylus SX600FW(Sit) (od LIBRA)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
"EPSON Stylus SX600FW(Sit) (od MAANACER)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
"EPSON Stylus SX600FW(Sit) (od PENTIUMIV)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
"EPSON Stylus SX600FW(Sit) (od HPNX6110)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
"EPSON Stylus SX600FW(Sit) (od PENTIUMIV) relace 1"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
"EPSON Stylus SX600FW(Sit) (od MAANACER) relace 2"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
"EPSON Stylus SX600FW(Sit) (od MAAN-SERVER) relace 4"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
"EPSON Stylus SX600FW(Sit) (od MAAN-SERVER) relace 1"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
"EPSON Stylus SX600FW(Sit) (od MAAN-SERVER) relace 2"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
"EPSON Stylus SX600FW(Sit) (od HPNX6110) relace 2"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE" [2008-03-05 188928]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus SX600FW(Sit) (od MAAN-SERVER) relace 0]
2008-03-05 15:00 188928 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIEKE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FinePrint Dispatcher v5]
2003-10-20 14:12 380928 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\fpdisp5a.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-08-26 13:26 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1.9.2010 12:15 64288]
R0 mv614x;mv614x;c:\windows\system32\drivers\mv614x.sys [11.1.2006 19:44 34432]
S2 gupdate;Sluzba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9.7.2010 16:57 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S3 BulkUsb;Usb2.0 Video Capture;c:\windows\system32\drivers\usbscan.sys [26.8.2007 14:11 14000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2010-09-05 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-08-30 09:21]
2010-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-09 14:57]
2010-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-09 14:57]
2010-09-05 c:\windows\Tasks\User_Feed_Synchronization-{1F445F9E-2214-4A38-AB8D-6985D37EFE83}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60347
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://192.168.1.102/VatDec.cab
DPF: {B0781EB7-16EA-49F1-9C1D-9716D88206CF} - hxxp://192.168.1.102/view.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
AddRemove-Kalkulace nove kominy_is1 - c:\program files\Kalkulace nove kominy\unins000.exe
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus SX600FW(Síť) (od MAAN-SERVER) relace 0"="c:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIEKE.EXE /FU \"c:\\WINDOWS\\TEMP\\E_SE.tmp\" /EF \"HKCU\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-861567501-583907252-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,98,7b,b8,18,fb,bf,4d,a0,5b,fd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,98,7b,b8,18,fb,bf,4d,a0,5b,fd,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,98,7b,b8,18,fb,bf,4d,a0,5b,fd,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-09-05 17:51:23
ComboFix-quarantined-files.txt 2010-09-05 15:51
ComboFix2.txt 2010-09-05 14:11
ComboFix3.txt 2010-09-04 17:29
Pre-Run: Volnych bajtu: 71 457 046 528
Post-Run: Volnych bajtu: 71 446 470 656
- - End Of File - - 7A3EDA7DABA381E5CCFCD526AC229564
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Misto diagritiky - azbuka
Log již vypadá čistý. Zkuste obnovu systému k datu, kdy korketně fungoval.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Misto diagritiky - azbuka
To jsem zkusil,ale nejde. obnova jde jen k 1.9 a to uz byl napadeny. Pořad to pise misto diakritiky azbuku. Co ted ? preinstalovat system? Pořád se tomu bráním,slouží mi tento počitač jako server a jsou na to vsichni v lokalní siti napojeny. Znate jeste jinny zpusob?
Dekuji za odpoved.
Dekuji za odpoved.
Re: Misto diagritiky - azbuka
s dovolenim vstupim:
skus SDFix - vid 11:44 http://www.viry.cz/forum/viewtopic.php? ... ix#p881075
skus SDFix - vid 11:44 http://www.viry.cz/forum/viewtopic.php? ... ix#p881075
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Misto diagritiky - azbuka
program neohasil zadnou chybu,ale po restartu jsou spustene proramy pod WIN ((např. Total com.,CClener) OK!!!!!!! Ted uz zbyva jen vyresit problem pod DOSEM. Napocitaci jede ucto od Slusovic a to mne dela tu nejvetsi starost - zde je stale misto hačku čarek - azbuka. Jinak diky za program ,mysl.ze je super. Stejne dik i za cisty LOG Rudov.
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Misto diagritiky - azbuka
I za JaRona: Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Misto diagritiky - azbuka
+
doporucujem este preventivne prescanovat PC s MWAV
doporucujem este preventivne prescanovat PC s MWAV
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Přispějete na provoz fóra?