minutova nepochopitelna smrt

Zpráva

pocky · #1 Příspěvek od **pocky** » 23 črc 2011 00:14

Zdravicko, pokazdem spusteninotebooku mivse nabehnejak maa po prihlaseni do profilunavstevnika nebo admina me to tam nechanecelou minutu pak se to resetne a automaticky me to hodi do nozovyho rezimu jenze tam me to taky nenecha dele jak minutu. a to jede stale celi den do kola.. mam takovy pocit ze tam mam trojskyho kone.. dela to on??? jak to mam vyresit, a narovinu v pc se vubec nevyznam.. diky za pomoc..

#2 Příspěvek od **motji** » 23 črc 2011 09:34

Hezké dopoledne

Obnova systému nebo poslední známá funkční konfigurace nejde?
Nestahl jste si něco z FB?

pocky · #3 Příspěvek od **pocky** » 23 črc 2011 13:40

problem je myslim vyresen hodim sem log at se na to nekdo jukne a poradi v cem to bylo nebo je..

Logfile of random's system information tool 1.09 (written by random/random)
Run by Honza at 2004-07-01 03:24:59
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (20%) free of 20 GB
Total RAM: 2038 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:26:39, on 1.7.2004
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\admtray.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\update.tray-9-0\svchost.exe
C:\WINDOWS\update.tray-14-0\svchost.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\systemup.exe
C:\WINDOWS\system32\nlssrv32.exe
C:\WINDOWS\l1rezerv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Honza\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\sysdriver32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\update.1\svchost.exe
C:\WINDOWS\update.2\svchost.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\WINDOWS\update.tray-9-0-lnk\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Honza\Plocha\RSIT.exe
C:\Program Files\trend micro\Honza.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dts.search-results.com/sidebar.h ... stemid=102
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.jzip.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId= ... R}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dts.search-results.com/sr?src=ie ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dts.search-results.com/sr?src=ie ... earchTerms}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: jZip Toolbar - {1e48c56f-08cd-43aa-a6ef-c1ec891551ab} - C:\PROGRA~1\WI83E4~1\Datamngr\ToolBar\jzipdtx.dll (file missing)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: (no name) - {47821E9E-E4C5-42CD-A736-52FAB01FF844} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: jZip Toolbar - {1e48c56f-08cd-43aa-a6ef-c1ec891551ab} - C:\PROGRA~1\WI83E4~1\Datamngr\ToolBar\jzipdtx.dll (file missing)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [nvch] rundll32.exe rchnewver.dll,go
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [wxpdrv] C:\WINDOWS\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\WINDOWS\update.tray-9-0\svchost.exe
O4 - HKLM\..\Run: [tray_ico1] C:\WINDOWS\update.tray-14-0\svchost.exe
O4 - HKLM\..\Run: [6223148.exe] "C:\DOCUME~1\Honza\LOCALS~1\Temp\6223148.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\WINDOWS\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\WINDOWS\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [4220959.exe] "C:\DOCUME~1\Honza\LOCALS~1\Temp\4220959.exe"
O4 - HKLM\..\Run: [1108289.exe] "C:\DOCUME~1\Honza\LOCALS~1\Temp\1108289.exe"
O4 - HKLM\..\Run: [2578334.exe] "C:\WINDOWS\TEMP\2578334.exe"
O4 - HKLM\..\Run: [7871682.exe] "C:\WINDOWS\TEMP\7871682.exe"
O4 - HKLM\..\Run: [systemup] "C:\WINDOWS\systemup.exe" stand
O4 - HKLM\..\Run: [l1rezerv.exe] "C:\WINDOWS\l1rezerv.exe"
O4 - HKLM\..\RunOnce: [removejZipdatamngr] cmd.exe /c RD /S /Q "C:\Program Files\Windows jZip Toolbar"
O4 - HKLM\..\RunOnce: [removejZiptoolbar] cmd.exe /c RD /S /Q "C:\Program Files\Windows jZip Toolbar\Datamngr\ToolBar"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Honza\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.5\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [iTV] C:\Program Files\iTV\iTV.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Download Video on This Page - res://C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll/211
O8 - Extra context menu item: Download Video This Links To - res://C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll/212
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Download Video - {11F19C45-9675-488A-A8E0-8E8234DC245D} - res://C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll/211 (file missing)
O9 - Extra 'Tools' menuitem: Download Video on This Page - {11F19C45-9675-488A-A8E0-8E8234DC245D} - res://C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll/211 (file missing)
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\nlssrv32.exe
O23 - Service: TrackMania Original Drivers Auto Removal (pr2ajcyb) (pr2ajcyb) - NADEO - C:\WINDOWS\system32\pr2ajcyb.exe
O23 - Service: srviecheck - Unknown owner - C:\WINDOWS\update.2\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\WINDOWS\sysdriver32.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: wxpdrivers - Unknown owner - C:\WINDOWS\update.1\svchost.exe

nevim jestli je to to spravne kdystak me navedte kde to mam hledat s timto pracuji poprve

#4 Příspěvek od **motji** » 23 črc 2011 19:48

Že jste klikl na odkaz na Facebooku?

Stahněte Rkill z jednoho z odkazů, pokud by ho vir blokoval, zkuste stahnout jiný

Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill COM:
http://download.bleepingcomputer.com/grinler/rkill.com

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif

-spusťte ho a nechejte pracovat. Sám se ukončí.

-

Ted nerestartujte počítač!

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix
- přejmenujte combofix na potvůrka.com

pocky · #5 Příspěvek od **pocky** » 24 črc 2011 10:28

tak tady je log z toho programku
ComboFix 11-07-23.04 - Honza 02.07.2004 10:56:38.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2038.1099 [GMT 2:00]
Spuštěný z: c:\documents and settings\Honza\Dokumenty\Sta×enÚ soubory\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe
c:\documents and settings\Honza\WINDOWS
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\system\WINSPOOL.DRV
c:\windows\system32\Cache
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\system32\drivers\npf.sys
c:\windows\system32\ieuinit.inf
c:\windows\system32\Packet.dll
c:\windows\system32\rchnewver.dll
c:\windows\system32\scrnrdr.exe
c:\windows\system32\VIRepair
c:\windows\system32\VIRepair\RESHAC~1.ini
c:\windows\system32\VIRepair\RESHAC~1.log
c:\windows\system32\VIRepair\vi.sif
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\unin0411.exe
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
E:\AUTORUN.INF
E:\install.exe
.
c:\windows\system32\msgsvc.dll . . . je infikován!!
.
Nakažená kopie c:\windows\explorer.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\system32\dllcache\explorer.exe
.
Nakažená kopie c:\windows\regedit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\system32\dllcache\regedit.exe
.
Nakažená kopie c:\windows\system32\mspaint.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\system32\dllcache\mspaint.exe
.
Nakažená kopie c:\windows\system32\notepad.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\system32\dllcache\notepad.exe
.
Nakažená kopie c:\windows\system32\ntkrnlpa.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\system32\dllcache\ntkrnlpa.exe
.
Nakažená kopie c:\windows\system32\ntoskrnl.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\system32\dllcache\ntoskrnl.exe
.
Nakažená kopie c:\windows\system32\spider.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\system32\dllcache\spider.exe
.
Nakažená kopie c:\windows\system32\taskmgr.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\system32\dllcache\taskmgr.exe
.
Nakažená kopie c:\windows\system32\wiaacmgr.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\system32\dllcache\wiaacmgr.exe
.
Nakažená kopie c:\windows\system32\Restore\rstrui.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\system32\dllcache\rstrui.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Legacy_SRVIECHECK
-------\Legacy_SRVSYSDRIVER32
-------\Legacy_WXPDRIVERS
-------\Service_NPF
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2004-06-02 do 2004-07-02 )))))))))))))))))))))))))))))))
.
.
2011-05-21 07:42 . 2011-05-21 07:42 -------- d-----w- C:\ATI
2011-05-16 12:06 . 2011-05-16 12:08 -------- d-----w- C:\de030d62d865c4ae19900e5dcef383
2011-05-13 11:38 . 2011-05-13 11:45 -------- d-----w- C:\VTPFiles
2011-05-03 15:17 . 2011-05-03 15:17 -------- d-----w- C:\temp
2011-05-03 14:50 . 2011-05-03 14:50 -------- d-----w- C:\Acer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 06:53 . 2001-10-25 14:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-06-15 16:18 . 2001-10-25 14:00 143422 ----a-w- c:\windows\system32\l3codecx.ax
2010-06-14 14:31 . 2011-05-03 10:36 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2009-11-27 16:09 . 2001-10-25 14:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-21 16:03 . 2008-04-14 06:51 471552 ----a-w- c:\windows\apppatch\aclayers.dll
2009-10-12 13:40 . 2008-04-14 06:51 79872 ----a-w- c:\windows\system32\raschap.dll
2009-02-06 10:39 . 2001-10-25 14:00 35328 ----a-w- c:\windows\system32\sc.exe
2008-04-14 06:52 . 2001-10-25 14:00 239616 ----a-w- c:\windows\system32\wstrenderer.ax
2008-04-14 06:52 . 2011-05-03 10:36 150528 ----a-w- c:\windows\pchealth\UploadLB\Binaries\UploadM.exe
2008-04-14 06:52 . 2001-10-25 14:00 72192 ----a-w- c:\windows\system32\systeminfo.exe
2008-04-14 06:52 . 2001-10-25 14:00 347136 ----a-w- c:\windows\system32\tourstart.exe
2008-04-14 06:52 . 2001-10-25 14:00 69120 ----a-w- c:\windows\system32\openfiles.exe
2008-04-14 06:52 . 2011-05-03 10:36 171008 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe
2008-04-14 06:52 . 2011-05-03 10:36 18432 ----a-w- c:\windows\pchealth\helpctr\binaries\HscUpd.exe
2008-04-14 06:52 . 2011-05-03 10:36 769024 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpCtr.exe
2008-04-14 06:52 . 2001-10-25 14:00 84992 ----a-w- c:\windows\system32\eventtriggers.exe
2008-04-14 06:52 . 2001-10-25 14:00 51712 ----a-w- c:\windows\system32\eventcreate.exe
2008-04-14 06:52 . 2001-10-25 14:00 64000 ----a-w- c:\windows\system32\driverquery.exe
2008-04-14 06:52 . 2008-04-14 06:52 601088 ----a-w- c:\windows\system32\autochk.exe
2008-04-14 06:52 . 2008-04-14 06:52 403456 ----a-w- c:\windows\system32\webcheck.dll
2008-04-14 06:52 . 2008-04-14 06:52 279040 ----a-w- c:\windows\help\tshoot.dll
2008-04-14 06:52 . 2001-10-25 14:00 712704 ----a-w- c:\windows\system32\windowscodecs.dll
2008-04-14 06:52 . 2001-10-25 14:00 346112 ----a-w- c:\windows\system32\windowscodecsext.dll
2008-04-14 06:52 . 2011-05-03 10:37 726590 ----a-w- c:\windows\srchasst\srchui.dll
2008-04-14 06:52 . 2011-05-03 10:37 58434 ----a-w- c:\windows\srchasst\srchctls.dll
2008-04-14 06:52 . 2008-04-14 06:52 33280 ----a-w- c:\windows\help\sstub.dll
2008-04-14 06:51 . 2008-04-14 06:51 34816 ----a-w- c:\windows\help\sniffpol.dll
2008-04-14 06:51 . 2011-05-03 10:36 38400 ----a-w- c:\windows\pchealth\helpctr\binaries\pchsvc.dll
2008-04-14 06:51 . 2011-05-03 10:36 102912 ----a-w- c:\windows\pchealth\helpctr\binaries\pchshell.dll
2008-04-14 06:51 . 2001-10-25 14:00 412160 ----a-w- c:\windows\system32\photometadatahandler.dll
2008-04-14 06:51 . 2011-05-03 10:37 3166208 ----a-w- c:\windows\srchasst\msgr3en.dll
2008-04-14 06:51 . 2011-05-03 10:36 378880 ----a-w- c:\windows\pchealth\helpctr\binaries\msinfo.dll
2008-04-14 06:51 . 2001-10-25 14:00 37376 ----a-w- c:\windows\system32\l2gpstore.dll
2008-04-14 06:51 . 2001-10-25 14:00 184320 ----a-w- c:\windows\system32\microsoft.managementconsole.dll
2008-04-14 06:51 . 2001-10-25 14:00 106496 ----a-w- c:\windows\system32\mmcfxcommon.dll
2008-04-14 06:51 . 2001-10-25 14:00 39936 ----a-w- c:\windows\system32\dot3gpclnt.dll
2008-04-14 06:51 . 2008-04-14 06:51 245248 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2008-04-14 06:51 . 2008-04-14 06:51 1852928 ----a-w- c:\windows\apppatch\AcGenral.dll
2008-04-14 06:51 . 2008-04-14 06:51 141312 ----a-w- c:\windows\apppatch\AcLua.dll
2008-04-14 06:51 . 2008-04-14 06:51 116224 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2008-04-14 06:51 . 2008-04-14 06:51 39424 ----a-w- c:\windows\apppatch\AcAdProc.dll
2008-04-14 05:58 . 2001-10-25 14:00 78848 ----a-w- c:\windows\system32\msshavmsg.dll
2007-04-02 16:19 . 2001-10-25 14:00 355112 ----a-w- c:\windows\system32\msjetoledb40.dll
2007-04-02 16:17 . 2007-04-02 16:17 518944 ----a-w- c:\windows\system32\msexch40.dll
2005-08-24 10:56 . 2011-05-03 15:01 40960 ----a-w- c:\windows\system32\ialmuCHT.dll
2005-08-24 10:56 . 2011-05-03 15:01 40960 ----a-w- c:\windows\system32\ialmuCHS.dll
2005-08-24 10:51 . 2011-05-03 15:01 81920 ----a-w- c:\windows\system32\igfxrcht.lrc
2005-08-24 10:51 . 2011-05-03 15:01 81920 ----a-w- c:\windows\system32\igfxrchs.lrc
2005-08-23 23:24 . 2011-05-03 14:50 10752 ----a-w- c:\windows\system32\MSNChatHook.dll
2005-04-15 17:58 . 2002-12-20 12:02 1071088 ----a-w- c:\windows\system32\mscomctl.ocx
2004-07-11 20:51 . 2001-10-25 14:00 199168 ----a-w- c:\windows\system32\ir32_32.dll
2011-07-08 07:29 . 2011-07-21 11:07 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-14 . E4A798DFDE7FE6E79F23548F0EF0F844 . 634648 . . [7.00.6000.17096] . . c:\windows\SoftwareDistribution\Download\220ee7a4702b5acde192c1e977145d42\SP3GDR\iexplore.exe
[7] 2011-02-14 . E3CC8CCF21BFDC954255BB17083FB9F0 . 634648 . . [7.00.6000.21298] . . c:\windows\SoftwareDistribution\Download\220ee7a4702b5acde192c1e977145d42\SP3QFE\iexplore.exe
[7] 2010-12-20 . 091D358EFC9D22901BD879EF37F0DAC4 . 634648 . . [7.00.6000.17095] . . c:\windows\SoftwareDistribution\Download\ccfc76cb81302cf2ad4b04bc37ddb0c2\SP3GDR\iexplore.exe
[7] 2010-12-20 . B74CBEBA34E3CAA2CCACC87FEE8A16C0 . 634648 . . [7.00.6000.21297] . . c:\windows\SoftwareDistribution\Download\ccfc76cb81302cf2ad4b04bc37ddb0c2\SP3QFE\iexplore.exe
[7] 2010-04-16 . C4BA5E36FB57F547117305BF1E0FE454 . 634656 . . [7.00.6000.17055] . . c:\windows\SoftwareDistribution\Download\d99e99d10cfba30ab13314ef40ddbe09\SP3GDR\iexplore.exe
[7] 2010-04-16 . B24A4E23A2FEDB6976EB04D334AD82B2 . 634648 . . [7.00.6000.21256] . . c:\windows\SoftwareDistribution\Download\d99e99d10cfba30ab13314ef40ddbe09\SP3QFE\iexplore.exe
[7] 2008-04-14 . 414AFE6E8CCDE984E16D5ED08624CEC6 . 93184 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2008-04-14 . 414AFE6E8CCDE984E16D5ED08624CEC6 . 93184 . . [6.00.2900.5512] . . c:\windows\system32\VITrans\IEXPLORE.EXE
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"iTV"="c:\program files\iTV\iTV.exe" [2004-07-25 633344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 102490]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 708698]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-10 212992]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 3084288]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-24 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-24 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-24 114688]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"PowerKey"="c:\program files\Launch Manager\PowerKey.exe" [2002-08-30 94208]
"LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-11-08 69632]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2005-07-25 241664]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-11-08 81920]
"ACU"="c:\program files\Atheros\ACU.exe" [2005-01-31 253952]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"DrvIcon"="c:\program files\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 77824]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
c:\documents and settings\Honza\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Typle.lnk - c:\program files\Typle2.0v\Typle.exe [2008-1-10 737280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Honza\\Plocha\\Age of Empires II - Conquedores - Full Game\\empires2.EXE"=
"e:\\TrackMania Original\\TrackManiaLauncher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\Resounding\\Roger Wilco\\roger.exe"=
"e:\\MotoGP2\\motogp2.exe"=
.
R0 pe3ajcyb;TrackMania Original Environment Driver (pe3ajcyb);c:\windows\system32\drivers\pe3ajcyb.sys [6.2.2007 19:53 65424]
R0 pf2ajcyb;TrackMania Original File System Driver (pf2ajcyb);c:\windows\system32\drivers\pf2ajcyb.sys [6.2.2007 19:53 82832]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2.6.2011 23:33 685816]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\symds.sys [1.7.2004 22:28 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\symefa.sys [1.7.2004 22:28 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110701.001\BHDrvx86.sys [1.7.2011 0:11 810616]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [15.5.2011 13:35 218688]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\ironx86.sys [1.7.2004 22:28 136312]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [1.7.2004 22:28 130008]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [21.2.2011 23:17 66560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1.7.2004 23:08 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110722.031\IDSXpx86.sys [22.7.2011 4:16 355256]
R3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [3.5.2011 17:05 2343]
S1 dozmbsht;dozmbsht;\??\c:\windows\system32\drivers\dozmbsht.sys --> c:\windows\system32\drivers\dozmbsht.sys [?]
S1 mailKmd;mailKmd; [x]
S1 MpKsl021bf506;MpKsl021bf506;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{46153119-C49C-46F4-AEFE-0E70921F6401}\MpKsl021bf506.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{46153119-C49C-46F4-AEFE-0E70921F6401}\MpKsl021bf506.sys [?]
S1 MpKsl04499c4c;MpKsl04499c4c;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{73061B39-E968-4101-9E18-D1AB7C409534}\MpKsl04499c4c.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{73061B39-E968-4101-9E18-D1AB7C409534}\MpKsl04499c4c.sys [?]
S1 MpKsl0e655d7e;MpKsl0e655d7e;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{492DF08C-D1BE-4380-B316-763E032C6675}\MpKsl0e655d7e.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{492DF08C-D1BE-4380-B316-763E032C6675}\MpKsl0e655d7e.sys [?]
S1 MpKsl10c0062a;MpKsl10c0062a;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{46153119-C49C-46F4-AEFE-0E70921F6401}\MpKsl10c0062a.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{46153119-C49C-46F4-AEFE-0E70921F6401}\MpKsl10c0062a.sys [?]
S1 MpKsl15d8e3cf;MpKsl15d8e3cf;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{73061B39-E968-4101-9E18-D1AB7C409534}\MpKsl15d8e3cf.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{73061B39-E968-4101-9E18-D1AB7C409534}\MpKsl15d8e3cf.sys [?]
S1 MpKsl6c6234f2;MpKsl6c6234f2;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{73061B39-E968-4101-9E18-D1AB7C409534}\MpKsl6c6234f2.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{73061B39-E968-4101-9E18-D1AB7C409534}\MpKsl6c6234f2.sys [?]
S1 MpKsl757517ec;MpKsl757517ec;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{46153119-C49C-46F4-AEFE-0E70921F6401}\MpKsl757517ec.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{46153119-C49C-46F4-AEFE-0E70921F6401}\MpKsl757517ec.sys [?]
S1 mvutsnqh;mvutsnqh;\??\c:\windows\system32\drivers\mvutsnqh.sys --> c:\windows\system32\drivers\mvutsnqh.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS --> c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31.5.2011 23:17 136176]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [12.7.2004 14:13 247608]
S2 pr2ajcyb;TrackMania Original Drivers Auto Removal (pr2ajcyb);c:\windows\system32\pr2ajcyb.exe svc --> c:\windows\system32\pr2ajcyb.exe svc [?]
S3 flash;flash;c:\windows\system32\drivers\flash.sys [3.5.2011 13:04 7040]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [1.7.2004 22:19 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [1.7.2004 22:20 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [1.7.2004 22:20 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [1.7.2004 22:20 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [1.7.2004 22:20 98568]
.
NETSVCS MUSÍ BÝT OPRAVENY - dosavadní položky jsou:
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Obsah adresáře 'Naplánované úlohy'
.
2004-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-31 21:17]
.
2011-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-31 21:17]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local
IE: &Sample Toolband Serach - c:\windows\system32\ToolBand.dll/MENUSEARCH.HTM
IE: Download Video on This Page - c:\program files\Tomato\YouTube Video Downloader\MDIEEx.dll/211
IE: Download Video This Links To - c:\program files\Tomato\YouTube Video Downloader\MDIEEx.dll/212
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Honza\Data aplikací\Mozilla\Firefox\Profiles\ek0sezrx.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://search.jzip.com/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=102&q=
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
HKLM-Run-eDataSecurity Loader - c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe
HKLM-Run-nvch - rchnewver.dll
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
SafeBoot-MsMpSvc
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2004-07-02 11:13
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1148)
c:\windows\system32\cscui.dll
.
- - - - - - - > 'explorer.exe'(2348)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\windows\system32\acs.exe
c:\acer\Empowering Technology\admServ.exe
c:\windows\system32\WLTRAY.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\windows\system32\inetsrv\inetinfo.exe
.
**************************************************************************
.
Celkový čas: 2004-07-02 11:17:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2004-07-02 09:16
.
Před spuštěním: 5 871 673 344
Po spuštění: 6 030 635 008
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=AlwaysOff /fastdetect
.
Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 2233E061AAA48758D9E9EEB9C9CBBBA5

#6 Příspěvek od **motji** » 24 črc 2011 18:46

Proxy používáte?
uInternet Settings,ProxyServer = 127.0.0.1:8080

pocky · #7 Příspěvek od **pocky** » 25 črc 2011 11:28

em nevim co to je?????

#8 Příspěvek od **motji** » 25 črc 2011 20:06

Proxy, používáte ji?

pocky · #9 Příspěvek od **pocky** » 25 črc 2011 21:19

ja ale nevim co to proxi je vubec netusim..

#10 Příspěvek od **motji** » 25 črc 2011 22:49

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše


DDS::
uInternet Settings,ProxyServer = 127.0.0.1:8080

Firefox::
FF - ProfilePath - c:\documents and settings\Honza\Data aplikací\Mozilla\Firefox\Profiles\ek0sezrx.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.jzip.com/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ff ... mid=102&q=
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8080

Driver::
mvutsnqh
mailKmd
dozmbsht

File::
c:\windows\system32\drivers\dozmbsht.sys
c:\windows\system32\drivers\mvutsnqh.sys

Restore::
c:\windows\system32\msgsvc.dll

Srpeek::
c:\windows\system32\msgsvc.dll

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

pocky · #11 Příspěvek od **pocky** » 26 črc 2011 11:46

tak tady je
ComboFix 11-07-26.02 - Honza 04.07.2004 11:49:08.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2038.1327 [GMT 2:00]
Spuštěný z: c:\documents and settings\Honza\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Honza\Plocha\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
FILE ::
"c:\windows\system32\drivers\dozmbsht.sys"
"c:\windows\system32\drivers\mvutsnqh.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Nakažená kopie c:\windows\system32\msgsvc.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ERDNT\cache\msgsvc.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_dozmbsht
-------\Service_mailKmd
-------\Service_mvutsnqh
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2004-06-04 do 2004-07-04 )))))))))))))))))))))))))))))))
.
.
2011-05-21 07:42 . 2011-05-21 07:42 -------- d-----w- C:\ATI
2011-05-16 12:06 . 2011-05-16 12:08 -------- d-----w- C:\de030d62d865c4ae19900e5dcef383
2011-05-03 14:50 . 2011-05-03 14:50 -------- d-----w- C:\Acer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 06:53 . 2001-10-25 14:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-06-15 16:18 . 2001-10-25 14:00 143422 ----a-w- c:\windows\system32\l3codecx.ax
2010-06-14 14:31 . 2011-05-03 10:36 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2009-11-27 16:09 . 2001-10-25 14:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-21 16:03 . 2008-04-14 06:51 471552 ----a-w- c:\windows\apppatch\aclayers.dll
2009-10-12 13:40 . 2008-04-14 06:51 79872 ----a-w- c:\windows\system32\raschap.dll
2009-02-06 10:39 . 2001-10-25 14:00 35328 ----a-w- c:\windows\system32\sc.exe
2008-04-14 06:52 . 2001-10-25 14:00 239616 ----a-w- c:\windows\system32\wstrenderer.ax
2008-04-14 06:52 . 2011-05-03 10:36 150528 ----a-w- c:\windows\pchealth\UploadLB\Binaries\UploadM.exe
2008-04-14 06:52 . 2001-10-25 14:00 72192 ----a-w- c:\windows\system32\systeminfo.exe
2008-04-14 06:52 . 2001-10-25 14:00 347136 ----a-w- c:\windows\system32\tourstart.exe
2008-04-14 06:52 . 2001-10-25 14:00 69120 ----a-w- c:\windows\system32\openfiles.exe
2008-04-14 06:52 . 2011-05-03 10:36 171008 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe
2008-04-14 06:52 . 2011-05-03 10:36 18432 ----a-w- c:\windows\pchealth\helpctr\binaries\HscUpd.exe
2008-04-14 06:52 . 2011-05-03 10:36 769024 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpCtr.exe
2008-04-14 06:52 . 2001-10-25 14:00 84992 ----a-w- c:\windows\system32\eventtriggers.exe
2008-04-14 06:52 . 2001-10-25 14:00 51712 ----a-w- c:\windows\system32\eventcreate.exe
2008-04-14 06:52 . 2001-10-25 14:00 64000 ----a-w- c:\windows\system32\driverquery.exe
2008-04-14 06:52 . 2008-04-14 06:52 601088 ----a-w- c:\windows\system32\autochk.exe
2008-04-14 06:52 . 2008-04-14 06:52 403456 ----a-w- c:\windows\system32\webcheck.dll
2008-04-14 06:52 . 2008-04-14 06:52 279040 ----a-w- c:\windows\help\tshoot.dll
2008-04-14 06:52 . 2001-10-25 14:00 712704 ----a-w- c:\windows\system32\windowscodecs.dll
2008-04-14 06:52 . 2001-10-25 14:00 346112 ----a-w- c:\windows\system32\windowscodecsext.dll
2008-04-14 06:52 . 2011-05-03 10:37 726590 ----a-w- c:\windows\srchasst\srchui.dll
2008-04-14 06:52 . 2011-05-03 10:37 58434 ----a-w- c:\windows\srchasst\srchctls.dll
2008-04-14 06:52 . 2008-04-14 06:52 33280 ----a-w- c:\windows\help\sstub.dll
2008-04-14 06:51 . 2008-04-14 06:51 34816 ----a-w- c:\windows\help\sniffpol.dll
2008-04-14 06:51 . 2011-05-03 10:36 38400 ----a-w- c:\windows\pchealth\helpctr\binaries\pchsvc.dll
2008-04-14 06:51 . 2011-05-03 10:36 102912 ----a-w- c:\windows\pchealth\helpctr\binaries\pchshell.dll
2008-04-14 06:51 . 2001-10-25 14:00 412160 ----a-w- c:\windows\system32\photometadatahandler.dll
2008-04-14 06:51 . 2011-05-03 10:37 3166208 ----a-w- c:\windows\srchasst\msgr3en.dll
2008-04-14 06:51 . 2011-05-03 10:36 378880 ----a-w- c:\windows\pchealth\helpctr\binaries\msinfo.dll
2008-04-14 06:51 . 2001-10-25 14:00 37376 ----a-w- c:\windows\system32\l2gpstore.dll
2008-04-14 06:51 . 2001-10-25 14:00 184320 ----a-w- c:\windows\system32\microsoft.managementconsole.dll
2008-04-14 06:51 . 2001-10-25 14:00 106496 ----a-w- c:\windows\system32\mmcfxcommon.dll
2008-04-14 06:51 . 2001-10-25 14:00 39936 ----a-w- c:\windows\system32\dot3gpclnt.dll
2008-04-14 06:51 . 2008-04-14 06:51 245248 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2008-04-14 06:51 . 2008-04-14 06:51 1852928 ----a-w- c:\windows\apppatch\AcGenral.dll
2008-04-14 06:51 . 2008-04-14 06:51 141312 ----a-w- c:\windows\apppatch\AcLua.dll
2008-04-14 06:51 . 2008-04-14 06:51 116224 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2008-04-14 06:51 . 2008-04-14 06:51 39424 ----a-w- c:\windows\apppatch\AcAdProc.dll
2008-04-14 05:58 . 2001-10-25 14:00 78848 ----a-w- c:\windows\system32\msshavmsg.dll
2007-04-02 16:19 . 2001-10-25 14:00 355112 ----a-w- c:\windows\system32\msjetoledb40.dll
2007-04-02 16:17 . 2007-04-02 16:17 518944 ----a-w- c:\windows\system32\msexch40.dll
2005-08-24 10:56 . 2011-05-03 15:01 40960 ----a-w- c:\windows\system32\ialmuCHT.dll
2005-08-24 10:56 . 2011-05-03 15:01 40960 ----a-w- c:\windows\system32\ialmuCHS.dll
2005-08-24 10:51 . 2011-05-03 15:01 81920 ----a-w- c:\windows\system32\igfxrcht.lrc
2005-08-24 10:51 . 2011-05-03 15:01 81920 ----a-w- c:\windows\system32\igfxrchs.lrc
2005-08-23 23:24 . 2011-05-03 14:50 10752 ----a-w- c:\windows\system32\MSNChatHook.dll
2005-04-15 17:58 . 2002-12-20 12:02 1071088 ----a-w- c:\windows\system32\mscomctl.ocx
2004-07-11 20:51 . 2001-10-25 14:00 199168 ----a-w- c:\windows\system32\ir32_32.dll
2011-07-08 07:29 . 2011-07-21 11:07 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-14 . E4A798DFDE7FE6E79F23548F0EF0F844 . 634648 . . [7.00.6000.17096] . . c:\windows\SoftwareDistribution\Download\220ee7a4702b5acde192c1e977145d42\SP3GDR\iexplore.exe
[7] 2011-02-14 . E3CC8CCF21BFDC954255BB17083FB9F0 . 634648 . . [7.00.6000.21298] . . c:\windows\SoftwareDistribution\Download\220ee7a4702b5acde192c1e977145d42\SP3QFE\iexplore.exe
[7] 2010-12-20 . 091D358EFC9D22901BD879EF37F0DAC4 . 634648 . . [7.00.6000.17095] . . c:\windows\SoftwareDistribution\Download\ccfc76cb81302cf2ad4b04bc37ddb0c2\SP3GDR\iexplore.exe
[7] 2010-12-20 . B74CBEBA34E3CAA2CCACC87FEE8A16C0 . 634648 . . [7.00.6000.21297] . . c:\windows\SoftwareDistribution\Download\ccfc76cb81302cf2ad4b04bc37ddb0c2\SP3QFE\iexplore.exe
[7] 2010-04-16 . C4BA5E36FB57F547117305BF1E0FE454 . 634656 . . [7.00.6000.17055] . . c:\windows\SoftwareDistribution\Download\d99e99d10cfba30ab13314ef40ddbe09\SP3GDR\iexplore.exe
[7] 2010-04-16 . B24A4E23A2FEDB6976EB04D334AD82B2 . 634648 . . [7.00.6000.21256] . . c:\windows\SoftwareDistribution\Download\d99e99d10cfba30ab13314ef40ddbe09\SP3QFE\iexplore.exe
[7] 2008-04-14 . 414AFE6E8CCDE984E16D5ED08624CEC6 . 93184 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2008-04-14 . 414AFE6E8CCDE984E16D5ED08624CEC6 . 93184 . . [6.00.2900.5512] . . c:\windows\system32\VITrans\IEXPLORE.EXE
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"DAEMON Tools Lite"="e:\daemon tools lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 102490]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 708698]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-10 212992]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 3084288]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-24 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-24 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-24 114688]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"PowerKey"="c:\program files\Launch Manager\PowerKey.exe" [2002-08-30 94208]
"LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-11-08 69632]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2005-07-25 241664]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-11-08 81920]
"ACU"="c:\program files\Atheros\ACU.exe" [2005-01-31 253952]
"DrvIcon"="c:\program files\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 77824]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\TrackMania Original\\TrackManiaLauncher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\Resounding\\Roger Wilco\\roger.exe"=
"e:\\MotoGP2\\motogp2.exe"=
.
R0 pe3ajcyb;TrackMania Original Environment Driver (pe3ajcyb);c:\windows\system32\drivers\pe3ajcyb.sys [6.2.2007 19:53 65424]
R0 pf2ajcyb;TrackMania Original File System Driver (pf2ajcyb);c:\windows\system32\drivers\pf2ajcyb.sys [6.2.2007 19:53 82832]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2.6.2011 23:33 685816]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\symds.sys [1.7.2004 22:28 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\symefa.sys [1.7.2004 22:28 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110723.001\BHDrvx86.sys [23.7.2011 2:27 815736]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [15.5.2011 13:35 218688]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\ironx86.sys [1.7.2004 22:28 136312]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [21.2.2011 23:17 66560]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110722.031\IDSXpx86.sys [22.7.2011 4:16 355256]
R3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [3.5.2011 17:05 2343]
S1 MpKsl021bf506;MpKsl021bf506;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{46153119-C49C-46F4-AEFE-0E70921F6401}\MpKsl021bf506.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{46153119-C49C-46F4-AEFE-0E70921F6401}\MpKsl021bf506.sys [?]
S1 MpKsl04499c4c;MpKsl04499c4c;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{73061B39-E968-4101-9E18-D1AB7C409534}\MpKsl04499c4c.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{73061B39-E968-4101-9E18-D1AB7C409534}\MpKsl04499c4c.sys [?]
S1 MpKsl0e655d7e;MpKsl0e655d7e;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{492DF08C-D1BE-4380-B316-763E032C6675}\MpKsl0e655d7e.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{492DF08C-D1BE-4380-B316-763E032C6675}\MpKsl0e655d7e.sys [?]
S1 MpKsl10c0062a;MpKsl10c0062a;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{46153119-C49C-46F4-AEFE-0E70921F6401}\MpKsl10c0062a.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{46153119-C49C-46F4-AEFE-0E70921F6401}\MpKsl10c0062a.sys [?]
S1 MpKsl15d8e3cf;MpKsl15d8e3cf;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{73061B39-E968-4101-9E18-D1AB7C409534}\MpKsl15d8e3cf.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{73061B39-E968-4101-9E18-D1AB7C409534}\MpKsl15d8e3cf.sys [?]
S1 MpKsl6c6234f2;MpKsl6c6234f2;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{73061B39-E968-4101-9E18-D1AB7C409534}\MpKsl6c6234f2.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{73061B39-E968-4101-9E18-D1AB7C409534}\MpKsl6c6234f2.sys [?]
S1 MpKsl757517ec;MpKsl757517ec;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{46153119-C49C-46F4-AEFE-0E70921F6401}\MpKsl757517ec.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{46153119-C49C-46F4-AEFE-0E70921F6401}\MpKsl757517ec.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS --> c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31.5.2011 23:17 136176]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe --> c:\program files\ICQ6Toolbar\ICQ Service.exe [?]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [1.7.2004 22:28 130008]
S2 pr2ajcyb;TrackMania Original Drivers Auto Removal (pr2ajcyb);c:\windows\system32\pr2ajcyb.exe svc --> c:\windows\system32\pr2ajcyb.exe svc [?]
S3 flash;flash;c:\windows\system32\drivers\flash.sys [3.5.2011 13:04 7040]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [1.7.2004 22:19 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [1.7.2004 22:20 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [1.7.2004 22:20 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [1.7.2004 22:20 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [1.7.2004 22:20 98568]
.
Obsah adresáře 'Naplánované úlohy'
.
2004-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-31 21:17]
.
2011-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-31 21:17]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = local
IE: &Sample Toolband Serach - c:\windows\system32\ToolBand.dll/MENUSEARCH.HTM
IE: Download Video on This Page - c:\program files\Tomato\YouTube Video Downloader\MDIEEx.dll/211
IE: Download Video This Links To - c:\program files\Tomato\YouTube Video Downloader\MDIEEx.dll/212
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.255.255.10 10.255.255.20
TCP: Interfaces\{C2AE2AA3-BF1B-441E-A1D0-F6746B2F0B04}: NameServer = 10.72.30.1,81.90.168.3
FF - ProfilePath - c:\documents and settings\Honza\Data aplikací\Mozilla\Firefox\Profiles\ek0sezrx.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2004-07-04 12:21
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1244)
c:\windows\system32\cscui.dll
.
- - - - - - - > 'explorer.exe'(3108)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\windows\system32\acs.exe
c:\acer\Empowering Technology\admServ.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\windows\system32\WLTRAY.exe
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Celkový čas: 2004-07-04 12:26:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2004-07-04 10:26
.
Před spuštěním: 1 811 812 352
Po spuštění: 8 466 477 056
.
Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 22E0DA121B5B3E97EFAF2058E56DE27D

#12 Příspěvek od **motji** » 26 črc 2011 12:26

Jak to vypadá s počítačem?

pocky · #13 Příspěvek od **pocky** » 26 črc 2011 23:46

je trosku spomalenej, em co vydrzi notebook kdys by bezel nonstop bez vypnuti nebo bez prepnuti do rezimu spanku???

#14 Příspěvek od **motji** » 27 črc 2011 08:14

Máte dva antiviry, proto může být spomalený. Jeden odinstalujte a pak poprosím o log ze Rsitu.
To nevím, ale myslím si že nic, pokud se nebude přehřívat.

#15 Příspěvek od **Pavuk29** » 27 črc 2011 08:19

Malicky vstup: Notebooku by nemal vadit ani nepretrzity chod.

VIRY.CZ

minutova nepochopitelna smrt

minutova nepochopitelna smrt

Re: minutova nepochopitelna smrt

Re: minutova nepochopitelna smrt

Re: minutova nepochopitelna smrt

Re: minutova nepochopitelna smrt

Re: minutova nepochopitelna smrt

Re: minutova nepochopitelna smrt

Re: minutova nepochopitelna smrt

Re: minutova nepochopitelna smrt

Re: minutova nepochopitelna smrt

Re: minutova nepochopitelna smrt

Re: minutova nepochopitelna smrt

Re: minutova nepochopitelna smrt

Re: minutova nepochopitelna smrt

Re: minutova nepochopitelna smrt