dobry den- našel jsem na pc havět kterou jsem nemohl odstranit tak jsem použil combofix a tet bych chtel poprosit o kontrolu logu a případné rady
predem moc dekuji
Logfile of random's system information tool 1.08 (written by random/random)
Run by Ája at 2010-11-07 13:11:15
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 39 GB (51%) free of 76 GB
Total RAM: 1015 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:11:26, on 7.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\sttray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\stacsv.exe
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ája\Plocha\RSIT.exe
C:\Program Files\trend micro\Ája.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: CentrumczToolbar BHO - {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: CentrumczToolbar BHO - {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
O2 - BHO: SafeOnline BHO - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Lišta Centrum.cz Toolbar - {D5D47440-0750-463D-BAEF-A47D02414806} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IDTSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AESTFltr] "C:\WINDOWS\system32\AESTFltr.exe" /NoDlg
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Hledání panelu &AOL Toolbar - C:\Documents and Settings\All Users\Data aplikací\AOL\ieToolbar\resources\cs-CZ\local\search.html
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: BOTService - Sonic Solutions - C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\wdm\stacsv.exe
--
End of file - 8784 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\BackOnTrack Instant Restore Idle.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-06 1082880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A}]
CentrumczToolbar BHO - C:\Program Files\CentrumczToolbar\IEToolbar.dll [2010-03-26 1286448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69D72956-317C-44bd-B369-8E44D4EF9801}]
SafeOnline BHO - C:\WINDOWS\system32\PxSecure.dll [2010-11-07 71880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar BHO - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-07-02 1185120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-10-04 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-10-04 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-07-02 1185120]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-08-16 962808]
{D5D47440-0750-463D-BAEF-A47D02414806} - Lišta Centrum.cz Toolbar - C:\Program Files\CentrumczToolbar\IEToolbar.dll [2010-03-26 1286448]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-15 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-15 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-15 131072]
"IDTSysTrayApp"=C:\WINDOWS\sttray.exe [2008-09-11 446556]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2008-09-11 446556]
"AESTFltr"=C:\WINDOWS\system32\AESTFltr.exe [2008-12-03 729088]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-12-04 1410344]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-12-11 286720]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CursorFX"=C:\Program Files\Stardock\CursorFX\CursorFX.exe [2008-07-07 416768]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe [2005-12-10 133016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Mobile Broadband]
c:\SWsetup\HPQWWAN\HPMobileBroadband.exe [2008-07-08 439600]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-12-11 286720]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\Winampa.exe [2003-04-02 12288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2009-05-05 607584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Nikon Monitor.lnk]
C:\PROGRA~1\COMMON~1\Nikon\Monitor\NKMONI~1.EXE [2008-04-10 479232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
======List of files/folders created in the last 1 months======
2010-11-07 13:11:16 ----D---- C:\Program Files\trend micro
2010-11-07 13:11:15 ----D---- C:\rsit
2010-11-07 11:52:03 ----A---- C:\ComboFix.txt
2010-11-07 11:44:22 ----A---- C:\WINDOWS\system.ini
2010-11-07 11:30:25 ----A---- C:\Boot.bak
2010-11-07 11:30:15 ----RASHD---- C:\cmdcons
2010-11-07 11:28:13 ----A---- C:\WINDOWS\MBR.exe
2010-11-07 11:28:12 ----A---- C:\WINDOWS\zip.exe
2010-11-07 11:28:12 ----A---- C:\WINDOWS\SWREG.exe
2010-11-07 11:28:12 ----A---- C:\WINDOWS\PEV.exe
2010-11-07 11:28:12 ----A---- C:\WINDOWS\NIRCMD.exe
2010-11-07 11:28:11 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-11-07 11:28:11 ----A---- C:\WINDOWS\SWSC.exe
2010-11-07 11:28:11 ----A---- C:\WINDOWS\sed.exe
2010-11-07 11:28:11 ----A---- C:\WINDOWS\grep.exe
2010-11-07 11:27:52 ----D---- C:\WINDOWS\ERDNT
2010-11-07 11:24:11 ----D---- C:\Qoobox
2010-11-06 15:47:16 ----D---- C:\Program Files\RegTweaker
2010-10-29 00:45:44 ----ASH---- C:\hiberfil.sys
2010-10-29 00:39:31 ----A---- C:\WINDOWS\ntbtlog.txt
2010-10-28 13:11:26 ----A---- C:\WINDOWS\system32\drivers\serenum.sys
2010-10-28 10:54:20 ----D---- C:\Documents and Settings\Ája\Data aplikací\Malwarebytes
2010-10-28 10:53:50 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-10-28 10:53:39 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-10-28 10:53:37 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-10-28 10:53:35 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-10-28 10:10:25 ----A---- C:\WINDOWS\system32\PxSecure.dll-upgrade4576187.tmp
2010-10-28 10:10:25 ----A---- C:\WINDOWS\system32\PxSecure.dll
2010-10-28 10:10:24 ----A---- C:\WINDOWS\system32\drivers\pxscan.sys
2010-10-28 10:10:24 ----A---- C:\WINDOWS\system32\drivers\pxrts.sys
2010-10-28 10:10:23 ----D---- C:\Program Files\Prevx
2010-10-28 10:10:23 ----A---- C:\WINDOWS\system32\drivers\pxkbf.sys
2010-10-28 10:10:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\PrevxCSI
2010-10-28 10:10:06 ----A---- C:\WINDOWS\wininit.ini
2010-10-25 21:13:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2010-10-25 21:12:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2279986$
2010-10-25 21:12:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2010-10-25 21:12:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2010-10-25 21:10:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2010-10-25 21:10:17 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2010-10-25 21:10:00 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2010-10-25 21:06:10 ----HDC---- C:\WINDOWS\$NtUninstallKB981957$
2010-10-18 22:25:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$
2010-10-18 20:58:19 ----A---- C:\WINDOWS\system32\mfc42.dll
2010-10-18 20:58:19 ----A---- C:\WINDOWS\system32\mfc40u.dll
2010-10-18 20:58:19 ----A---- C:\WINDOWS\system32\mfc40.dll
2010-10-18 20:58:04 ----A---- C:\WINDOWS\system32\comctl32.dll
2010-10-18 20:56:29 ----A---- C:\WINDOWS\system32\rpcrt4.dll
======List of files/folders modified in the last 1 months======
2010-11-07 13:11:22 ----D---- C:\WINDOWS\Prefetch
2010-11-07 13:11:16 ----RD---- C:\Program Files
2010-11-07 11:44:23 ----D---- C:\WINDOWS
2010-11-07 11:42:53 ----D---- C:\WINDOWS\Temp
2010-11-07 11:37:50 ----D---- C:\WINDOWS\system32\drivers
2010-11-07 11:37:50 ----D---- C:\WINDOWS\system32
2010-11-07 11:37:49 ----D---- C:\WINDOWS\AppPatch
2010-11-07 11:37:07 ----D---- C:\Program Files\Common Files
2010-11-07 11:31:47 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-07 11:30:25 ----RASH---- C:\boot.ini
2010-11-07 11:28:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-07 11:28:09 ----SHD---- C:\System Volume Information
2010-11-07 11:28:09 ----D---- C:\WINDOWS\system32\Restore
2010-11-07 09:30:30 ----D---- C:\WINDOWS\Registration
2010-11-07 09:17:32 ----SD---- C:\WINDOWS\Tasks
2010-11-03 21:56:29 ----A---- C:\WINDOWS\WINCMD.INI
2010-10-29 22:21:32 ----D---- C:\Program Files\Mozilla Firefox
2010-10-29 00:09:32 ----HD---- C:\WINDOWS\inf
2010-10-28 17:10:41 ----D---- C:\Programy
2010-10-28 14:44:52 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-10-27 19:21:10 ----A---- C:\WINDOWS\winamp.ini
2010-10-25 21:13:11 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-10-25 21:12:57 ----HD---- C:\WINDOWS\$hf_mig$
2010-10-25 21:12:53 ----A---- C:\WINDOWS\imsins.BAK
2010-10-25 21:12:15 ----D---- C:\WINDOWS\WinSxS
2010-10-25 21:11:28 ----D---- C:\WINDOWS\system32\cs-cz
2010-10-25 21:11:27 ----D---- C:\Program Files\Internet Explorer
2010-10-25 21:11:01 ----D---- C:\WINDOWS\ie7updates
2010-10-25 21:08:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-25 21:06:40 ----A---- C:\WINDOWS\system32\MRT.exe
2010-10-10 19:53:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\CentrumczToolbar
2010-10-08 21:00:25 ----RSD---- C:\WINDOWS\assembly
2010-10-08 20:55:35 ----D---- C:\WINDOWS\Microsoft.NET
2010-10-08 19:59:38 ----D---- C:\Config.Msi
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-15 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-06-16 44944]
R0 pxscan;pxscan; C:\WINDOWS\System32\drivers\pxscan.sys [2010-11-07 32008]
R0 SahdIa32;HDD Filter Driver; C:\WINDOWS\System32\Drivers\SahdIa32.sys [2008-12-11 21488]
R0 SaibIa32;Volume Filter Driver; C:\WINDOWS\System32\Drivers\SaibIa32.sys [2008-12-11 15856]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-10-04 642560]
R0 SysCow;SysCow; C:\WINDOWS\system32\drivers\syscow32x.sys [2008-09-24 103792]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-09-07 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-09-07 46672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-15 40192]
R1 pxrts;pxrts; C:\WINDOWS\System32\drivers\pxrts.sys [2010-11-07 76440]
R1 SaibVd32;Virtual Disk Driver; C:\WINDOWS\System32\Drivers\SaibVd32.sys [2008-12-11 25584]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-09-07 100176]
R3 AESTAud;AE Audio Service; C:\WINDOWS\system32\drivers\AESTAud.sys [2008-12-03 112128]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-09-07 23376]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2010-04-12 1950336]
R3 btaudio;Zvukové zařízení Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2009-05-06 534312]
R3 BTDriver;Ovladač virtuálních komunikací Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2009-05-06 37160]
R3 BTKRNL;Enumenátor sběrnice Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2009-05-06 992424]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2009-05-06 47272]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2010-10-04 223128]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-15 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 pxkbf;pxkbf; C:\WINDOWS\System32\drivers\pxkbf.sys [2010-11-07 26096]
R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2008-09-11 1390323]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-12-04 204976]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S1 SRTSP;SRTSP; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSP.SYS []
S1 SRTSPX;SRTSPX; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSPX.SYS []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-15 60800]
S3 BTWDNDIS;Server pro přístup k síti LAN Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2009-05-06 156816]
S3 catchme;catchme; \??\C:\DOCUME~1\JA5B1C~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mbr;mbr; \??\C:\DOCUME~1\JA5B1C~1\LOCALS~1\Temp\mbr.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS []
S3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-15 61824]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-15 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-29 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-29 82944]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-06-27 289024]
S4 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952]
S4 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\drivers\iaStor.sys [2008-09-12 327192]
S4 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service; C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [2008-12-11 125424]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 BOTService;BOTService; C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [2008-12-25 203248]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2009-05-05 349528]
R2 CSIScanner;CSIScanner; C:\Program Files\Prevx\prevx.exe [2010-11-07 6415608]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-08-16 222968]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-10-04 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 STacSV;Audio Service; c:\program files\idt\wdm\stacsv.exe [2008-09-11 237650]
S2 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 []
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-04-16 165192]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-06 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-15 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
prosim o kontrolu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: prosim o kontrolu
Zdravim a pekny den preji 
V podminkach CFka je ze svevolnym pouzitim, bez doporuceni radce, ztracite narok na podporu. Navic kdyz ho umite pouzit, tak log uz lustit neumite 
Dale si nize prectete nebezpeci CF
Nebezpeci CFka
S jakou haveti a kde jste mel problemy
Vlozte mi sem tedy log z CF, jelioz RSIT je mi s prominutim na nic...
V podminkach CFka je ze svevolnym pouzitim, bez doporuceni radce, ztracite narok na podporu. Navic kdyz ho umite pouzit, tak log uz lustit neumite Dale si nize prectete nebezpeci CF Nebezpeci CFka
- Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
- Maze stopy po haveti, takze v logu z RSIT neni nic videt
- Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
- CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
- CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal
S jakou haveti a kde jste mel problemy Vlozte mi sem tedy log z CF, jelioz RSIT je mi s prominutim na nic..."Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: prosim o kontrolu
zdarvim a moc se omlouvám. Dlouho jsem tu nebyl a par vecí se tu změnilo.
log z combofixu po čištění které jsem neměl dělat přikládám
u pc jsem nebyl tak doufám že se mi dostane odpovědi, mužu popř. udělat nový log (programu) dle vaši rady
předem díky a ještě jednou se omlouvám, na tomhle foru my vždy někdo učelně poradil a proto jej vždy doporučuji
ComboFix 10-11-07.03 - Ája 07.11.2010 11:32:29.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1015.343 [GMT 1:00]
Spuštěný z: c:\documents and settings\Ája\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee Anti-Virus a Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-07 do 2010-11-07 )))))))))))))))))))))))))))))))
.
2010-11-06 14:47 . 2010-11-06 14:47 -------- d-----w- c:\program files\RegTweaker
2010-11-05 21:28 . 2010-11-05 21:28 1409 ----a-w- c:\windows\QTFont.for
2010-10-28 12:11 . 2008-04-13 22:10 15744 ----a-w- c:\windows\system32\drivers\serenum.sys
2010-10-28 09:54 . 2010-10-28 09:54 -------- d-----w- c:\documents and settings\Ája\Data aplikací\Malwarebytes
2010-10-28 09:53 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-28 09:53 . 2010-10-28 09:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-10-28 09:53 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-28 09:53 . 2010-10-28 09:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-28 09:10 . 2010-11-07 09:32 71880 ----a-w- c:\windows\system32\PxSecure.dll
2010-10-28 09:10 . 2010-10-28 09:10 70192 ----a-w- c:\windows\system32\PxSecure.dll-upgrade4576187.tmp
2010-10-28 09:10 . 2010-11-07 09:32 76440 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-10-28 09:10 . 2010-11-07 09:32 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-10-28 09:10 . 2010-11-07 09:32 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-10-28 09:10 . 2010-11-07 09:32 -------- d-----w- c:\program files\Prevx
2010-10-28 09:10 . 2010-11-07 10:07 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PrevxCSI
2010-10-18 19:58 . 2010-09-18 06:53 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-10-18 19:58 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-18 19:58 . 2010-09-18 06:53 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-10-18 19:58 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-18 19:58 . 2010-09-18 06:53 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-18 19:58 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-18 19:58 . 2010-08-23 16:12 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-10-18 19:58 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-18 19:56 . 2010-08-16 08:45 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-10-18 19:56 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-04 20:16 . 2009-02-07 22:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-04 20:16 . 2010-10-04 20:17 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-04 19:45 . 2010-10-04 19:45 223128 ----a-w- c:\windows\system32\drivers\dtscsi.sys
2010-10-04 19:41 . 2010-10-04 19:41 96384 ----a-w- c:\windows\system32\drivers\sptd2157.sys
2010-10-04 19:41 . 2010-10-04 19:41 642560 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-18 10:23 . 2010-09-18 10:23 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-09 13:34 . 2010-09-09 13:34 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:34 . 2010-09-09 13:34 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:34 . 2010-09-09 13:34 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:34 . 2010-09-09 13:34 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 15:57 . 2010-09-08 15:57 389120 ----a-w- c:\windows\system32\html.iec
2010-09-07 15:12 . 2010-10-04 20:11 38848 ------w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-10-04 20:11 167592 ------w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-10-04 20:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-10-04 20:12 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-10-04 20:12 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-10-04 20:11 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2010-10-04 20:11 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-10-04 20:12 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2010-10-04 20:11 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-01 11:52 . 2010-09-01 11:52 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2010-09-01 07:57 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2010-08-27 08:03 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:54 . 2010-08-27 05:54 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2010-08-27 01:43 5632 ------w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2010-08-26 13:39 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-17 13:17 . 2010-08-17 13:17 58880 ----a-w- c:\windows\system32\spoolsv.exe
2009-08-02 15:24 . 2009-08-02 15:24 36027776 -c--a-w- c:\program files\Avast.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorFX"="c:\program files\Stardock\CursorFX\CursorFX.exe" [2008-07-07 416768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"IDTSysTrayApp"="sttray.exe" [2008-09-11 446556]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-09-11 446556]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-12-03 729088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 1410344]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Nikon Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Nikon Monitor.lnk
backup=c:\windows\pss\Nikon Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2005-12-10 14:57 133016 ----a-w- c:\program files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Mobile Broadband]
2008-07-08 13:30 439600 ----a-w- c:\swsetup\HPQWWAN\HPMobileBroadband.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 13:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-12-11 08:56 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2003-04-02 02:20 12288 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [28.10.2010 10:10 32008]
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [7.2.2009 23:14 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [7.2.2009 23:14 15856]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.10.2010 20:41 642560]
R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [24.9.2008 22:09 103792]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4.10.2010 21:12 165584]
R1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [28.10.2010 10:10 76440]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [7.2.2009 23:14 25584]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [11.12.2008 22:46 125424]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4.10.2010 21:12 17744]
R2 BOTService;BOTService;c:\program files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [25.12.2008 18:28 203248]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [28.10.2010 10:10 6415608]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [9.11.2009 2:26 222968]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [7.2.2009 22:59 112128]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [28.10.2010 10:10 26096]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-11-07 c:\windows\Tasks\BackOnTrack Instant Restore Idle.job
- c:\program files\Roxio\BackOnTrack\Instant Restore\RstIdle.exe [2008-12-25 17:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_cz&c=91&bd=minipavilion&pf=cnnb
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Hledání panelu &AOL Toolbar - c:\documents and settings\All Users\Data aplikací\AOL\ieToolbar\resources\cs-CZ\local\search.html
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Handler: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} - c:\program files\CentrumczToolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Ája\Data aplikací\Mozilla\Firefox\Profiles\9rjsl0p8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.centrum.cz/index.php?toolbar=centrum-1.0.0&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-07 11:43
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3188)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-11-07 11:52:01
ComboFix-quarantined-files.txt 2010-11-07 10:51
Před spuštěním: Volných bajtů: 40 531 079 168
Po spuštění: Volných bajtů: 40 581 627 904
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 9264BBE01F4DBF52486D054761BEB422
log z combofixu po čištění které jsem neměl dělat přikládám
u pc jsem nebyl tak doufám že se mi dostane odpovědi, mužu popř. udělat nový log (programu) dle vaši rady
předem díky a ještě jednou se omlouvám, na tomhle foru my vždy někdo učelně poradil a proto jej vždy doporučuji
ComboFix 10-11-07.03 - Ája 07.11.2010 11:32:29.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1015.343 [GMT 1:00]
Spuštěný z: c:\documents and settings\Ája\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee Anti-Virus a Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-07 do 2010-11-07 )))))))))))))))))))))))))))))))
.
2010-11-06 14:47 . 2010-11-06 14:47 -------- d-----w- c:\program files\RegTweaker
2010-11-05 21:28 . 2010-11-05 21:28 1409 ----a-w- c:\windows\QTFont.for
2010-10-28 12:11 . 2008-04-13 22:10 15744 ----a-w- c:\windows\system32\drivers\serenum.sys
2010-10-28 09:54 . 2010-10-28 09:54 -------- d-----w- c:\documents and settings\Ája\Data aplikací\Malwarebytes
2010-10-28 09:53 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-28 09:53 . 2010-10-28 09:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-10-28 09:53 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-28 09:53 . 2010-10-28 09:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-28 09:10 . 2010-11-07 09:32 71880 ----a-w- c:\windows\system32\PxSecure.dll
2010-10-28 09:10 . 2010-10-28 09:10 70192 ----a-w- c:\windows\system32\PxSecure.dll-upgrade4576187.tmp
2010-10-28 09:10 . 2010-11-07 09:32 76440 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-10-28 09:10 . 2010-11-07 09:32 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-10-28 09:10 . 2010-11-07 09:32 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-10-28 09:10 . 2010-11-07 09:32 -------- d-----w- c:\program files\Prevx
2010-10-28 09:10 . 2010-11-07 10:07 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PrevxCSI
2010-10-18 19:58 . 2010-09-18 06:53 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-10-18 19:58 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-18 19:58 . 2010-09-18 06:53 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-10-18 19:58 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-18 19:58 . 2010-09-18 06:53 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-18 19:58 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-18 19:58 . 2010-08-23 16:12 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-10-18 19:58 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-18 19:56 . 2010-08-16 08:45 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-10-18 19:56 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-04 20:16 . 2009-02-07 22:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-04 20:16 . 2010-10-04 20:17 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-04 19:45 . 2010-10-04 19:45 223128 ----a-w- c:\windows\system32\drivers\dtscsi.sys
2010-10-04 19:41 . 2010-10-04 19:41 96384 ----a-w- c:\windows\system32\drivers\sptd2157.sys
2010-10-04 19:41 . 2010-10-04 19:41 642560 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-18 10:23 . 2010-09-18 10:23 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-09 13:34 . 2010-09-09 13:34 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:34 . 2010-09-09 13:34 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:34 . 2010-09-09 13:34 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:34 . 2010-09-09 13:34 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 15:57 . 2010-09-08 15:57 389120 ----a-w- c:\windows\system32\html.iec
2010-09-07 15:12 . 2010-10-04 20:11 38848 ------w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-10-04 20:11 167592 ------w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-10-04 20:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-10-04 20:12 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-10-04 20:12 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-10-04 20:11 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2010-10-04 20:11 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-10-04 20:12 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2010-10-04 20:11 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-01 11:52 . 2010-09-01 11:52 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2010-09-01 07:57 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2010-08-27 08:03 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:54 . 2010-08-27 05:54 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2010-08-27 01:43 5632 ------w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2010-08-26 13:39 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-17 13:17 . 2010-08-17 13:17 58880 ----a-w- c:\windows\system32\spoolsv.exe
2009-08-02 15:24 . 2009-08-02 15:24 36027776 -c--a-w- c:\program files\Avast.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorFX"="c:\program files\Stardock\CursorFX\CursorFX.exe" [2008-07-07 416768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"IDTSysTrayApp"="sttray.exe" [2008-09-11 446556]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-09-11 446556]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-12-03 729088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 1410344]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Nikon Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Nikon Monitor.lnk
backup=c:\windows\pss\Nikon Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2005-12-10 14:57 133016 ----a-w- c:\program files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Mobile Broadband]
2008-07-08 13:30 439600 ----a-w- c:\swsetup\HPQWWAN\HPMobileBroadband.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 13:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-12-11 08:56 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2003-04-02 02:20 12288 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [28.10.2010 10:10 32008]
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [7.2.2009 23:14 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [7.2.2009 23:14 15856]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.10.2010 20:41 642560]
R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [24.9.2008 22:09 103792]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4.10.2010 21:12 165584]
R1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [28.10.2010 10:10 76440]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [7.2.2009 23:14 25584]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [11.12.2008 22:46 125424]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4.10.2010 21:12 17744]
R2 BOTService;BOTService;c:\program files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [25.12.2008 18:28 203248]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [28.10.2010 10:10 6415608]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [9.11.2009 2:26 222968]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [7.2.2009 22:59 112128]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [28.10.2010 10:10 26096]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-11-07 c:\windows\Tasks\BackOnTrack Instant Restore Idle.job
- c:\program files\Roxio\BackOnTrack\Instant Restore\RstIdle.exe [2008-12-25 17:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_cz&c=91&bd=minipavilion&pf=cnnb
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Hledání panelu &AOL Toolbar - c:\documents and settings\All Users\Data aplikací\AOL\ieToolbar\resources\cs-CZ\local\search.html
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Handler: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} - c:\program files\CentrumczToolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Ája\Data aplikací\Mozilla\Firefox\Profiles\9rjsl0p8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.centrum.cz/index.php?toolbar=centrum-1.0.0&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-07 11:43
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3188)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-11-07 11:52:01
ComboFix-quarantined-files.txt 2010-11-07 10:51
Před spuštěním: Volných bajtů: 40 531 079 168
Po spuštění: Volných bajtů: 40 581 627 904
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 9264BBE01F4DBF52486D054761BEB422
Re: prosim o kontrolu
Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)
- c:\windows\system32\drivers\syscow32x.sys
c:\windows\system32\drivers\pxrts.sys
c:\windows\system32\drivers\pxkbf.sys - Kliknete na Prochazet
- Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
- Kliknete na Send File
- Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
- Vysledek analyzy sem vlozte (jako odkaz)
Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"=- [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000000 Folder:: c:\program files\ICQ6Toolbar Driver:: ICQ Service DDS:: mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s Firefox:: FF - ProfilePath - c:\documents and settings\Ája\Data aplikací\Mozilla\Firefox\Profiles\9rjsl0p8.default\ FF - prefs.js: keyword.URL - hxxp://search.centrum.cz/index.php?tool ... m-1.0.0&q=- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?