pomaly beh aplikaci, zejmena online, PC neidentifikuje CDROM

Zpráva

lkc · #1 Příspěvek od **lkc** » 23 led 2012 19:29

Zdravim a prosim o kontrolu logu z notesu.
Obavam se, ze je to epidemie. Chova se stejen divne jako desktop, ktery jsem kontroloval minuly tyden (viz: http://forum.viry.cz/viewtopic.php?f=13&t=118920).
Predem diky.

Logfile of random's system information tool 1.09 (written by random/random)
Run by OLGA at 2012-01-23 19:14:56
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 48 GB (64%) free of 76 GB
Total RAM: 1014 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:15:41, on 23.1.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Readon Technology\Readon TV Movie Radio Player 7.4.0.0\internettv.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\OLGA\Local Settings\Temporary Internet Files\Content.IE5\D1JOGU6B\RSIT[1].exe
C:\Program Files\trend micro\OLGA.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" //mailurl:mailto:c.budejovice@skola.skrivanek.cz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by MSN & Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 7100632805
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7100624305
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} (DellSystem.Scanner) - http://xserv.dell.com/DellDriverScanner/DellSystem.CAB
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8897 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-113007714-725345543-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-113007714-725345543-1003UA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-113007714-725345543-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-113007714-725345543-1004UA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1715567821-113007714-725345543-1004.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1715567821-113007714-725345543-1006.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1715567821-113007714-725345543-1004.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1715567821-113007714-725345543-1006.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-03-05 381656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll [2011-12-13 1071456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-07-22 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-07-22 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll [2011-12-13 1071456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-01-13 3396624]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-03-16 1392640]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-03-30 138008]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-03-30 162584]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-03-30 138008]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]
"TkBellExe"=C:\Program Files\Real\RealPlayer\update\realsched.exe [2011-03-05 273544]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2011-07-22 149280]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
""= []
"SearchSettings"=C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2011-12-13 922976]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

C:\Documents and Settings\OLGA\Nabídka Start\Programy\Po spuštění
OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-03-30 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"
"C:\Documents and Settings\LUKAS\Dokumenty\Downloads\TomTomHOME2winlatest.exe"="C:\Documents and Settings\LUKAS\Dokumenty\Downloads\TomTomHOME2winlatest.exe:*:Enabled:TomTomHOME2winlatest"
"C:\Program Files\Readon Technology\Readon TV Movie Radio Player 7.4.0.0\internettv.exe"="C:\Program Files\Readon Technology\Readon TV Movie Radio Player 7.4.0.0\internettv.exe:*:Enabled:Readon TV Movie Radio Player"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\OLGA\Local Settings\Temporary Internet Files\Content.IE5\K64PK1NR\SweetImSetup[1].exe"="C:\Documents and Settings\OLGA\Local Settings\Temporary Internet Files\Content.IE5\K64PK1NR\SweetImSetup[1].exe:*:Enabled:SweetIM Installer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-01-23 19:15:04 ----D---- C:\Program Files\trend micro
2012-01-23 19:14:56 ----D---- C:\rsit
2012-01-21 10:24:50 ----D---- C:\Documents and Settings\OLGA\Data aplikací\Simfy
2012-01-21 10:24:43 ----D---- C:\Program Files\simfy
2012-01-21 10:24:37 ----D---- C:\Program Files\Common Files\Adobe AIR
2012-01-20 21:31:42 ----D---- C:\Documents and Settings\OLGA\Data aplikací\dvdcss
2012-01-14 19:40:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2646524$
2012-01-14 19:40:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2585542$
2012-01-14 19:40:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2631813$
2012-01-14 19:38:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2598479$
2012-01-14 19:37:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2603381$
2012-01-14 19:37:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2584146$
2012-01-04 13:33:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2639417$
2012-01-04 13:33:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2624667$
2012-01-04 13:30:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2633952$
2012-01-04 13:30:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2619339$
2012-01-04 13:30:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2618451$
2012-01-04 13:30:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2620712$
2012-01-04 13:30:09 ----A---- C:\WINDOWS\imsins.BAK
2012-01-04 13:29:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2633171$
2011-12-25 21:57:11 ----D---- C:\Documents and Settings\OLGA\Data aplikací\Search Settings
2011-12-25 21:57:03 ----D---- C:\Program Files\pdfforge Toolbar
2011-12-25 21:57:03 ----D---- C:\Program Files\Common Files\Spigot
2011-12-25 21:57:03 ----D---- C:\Program Files\Application Updater

======List of files/folders modified in the last 1 month======

2012-01-23 19:15:30 ----SD---- C:\WINDOWS\Tasks
2012-01-23 19:15:20 ----D---- C:\WINDOWS\Prefetch
2012-01-23 19:15:04 ----RD---- C:\Program Files
2012-01-23 18:54:02 ----D---- C:\WINDOWS\Temp
2012-01-23 11:13:13 ----D---- C:\Documents and Settings\OLGA\Data aplikací\vlc
2012-01-23 09:26:48 ----D---- C:\WINDOWS
2012-01-22 22:24:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-01-22 20:00:35 ----D---- C:\Documents and Settings\OLGA\Data aplikací\Skype
2012-01-22 07:07:28 ----D---- C:\WINDOWS\system32
2012-01-22 07:07:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-01-21 22:37:08 ----D---- C:\WINDOWS\system32\CatRoot2
2012-01-21 10:24:45 ----SHD---- C:\WINDOWS\Installer
2012-01-21 10:24:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2012-01-21 10:24:40 ----D---- C:\Program Files\Adobe
2012-01-21 10:24:37 ----D---- C:\Program Files\Common Files
2012-01-21 10:24:06 ----D---- C:\Documents and Settings\OLGA\Data aplikací\Adobe
2012-01-20 19:15:44 ----D---- C:\Documents and Settings\OLGA\Data aplikací\ICQ
2012-01-14 19:40:51 ----HD---- C:\WINDOWS\inf
2012-01-14 19:40:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-01-14 19:38:19 ----A---- C:\WINDOWS\system32\MRT.exe
2012-01-14 19:37:53 ----HD---- C:\WINDOWS\$hf_mig$
2012-01-08 15:37:56 ----D---- C:\WINDOWS\Minidump
2012-01-06 21:27:49 ----D---- C:\WINDOWS\Microsoft.NET
2012-01-06 21:27:48 ----RSD---- C:\WINDOWS\assembly
2012-01-05 22:57:04 ----D---- C:\WINDOWS\WinSxS
2012-01-04 13:32:58 ----D---- C:\Program Files\Internet Explorer
2012-01-04 13:32:40 ----D---- C:\WINDOWS\ie8updates
2012-01-04 13:30:56 ----D---- C:\WINDOWS\Debug

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-01-13 29392]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-01-13 23632]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-01-13 294608]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-01-13 47440]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-01-13 17744]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-01-13 100176]
R2 BASFND;BASFND; \??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-10-26 142720]
R3 BCM43XX;Ovladač bezdrátové karty Dell WLAN; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-03-16 604928]
R3 BthEnum;Služba Bluetooth Enumerator; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
R3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [2007-12-23 68696]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-03-30 5704672]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S2 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys []
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-22 201600]
S3 massfilter;ZTE Mass Storage Filter Driver; C:\WINDOWS\system32\drivers\massfilter.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 ZD1211BU(Atheros);Atheros ZD1211B IEEE 802.11 Wireless LAN Driver (USB)(Atheros); C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys []
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys []
S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys []
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2011-12-14 748440]
R2 ASFIPmon;Broadcom ASF IP Monitor; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [2005-10-18 61440]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-01-13 40384]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-07-22 153376]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-03-16 20480]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-30 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 23 led 2012 19:45

Také zdravím a poprosím o log ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

lkc · #3 Příspěvek od **lkc** » 23 led 2012 20:13

Děkuji, zde je log z Comba:

ComboFix 12-01-23.02 - OLGA 23.01.2012 20:01:58.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.627 [GMT 1:00]
Spuštěný z: c:\documents and settings\OLGA\Plocha\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-23 do 2012-01-23 )))))))))))))))))))))))))))))))
.
.
2012-01-23 18:15 . 2012-01-23 18:15 -------- d-----w- c:\program files\trend micro
2012-01-23 18:14 . 2012-01-23 18:15 -------- d-----w- C:\rsit
2012-01-21 09:24 . 2012-01-21 09:24 -------- d-----w- c:\documents and settings\OLGA\Data aplikací\Simfy
2012-01-21 09:24 . 2012-01-21 09:24 -------- d-----w- c:\program files\simfy
2012-01-21 09:24 . 2012-01-21 09:24 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-01-20 20:31 . 2012-01-20 20:31 -------- d-----w- c:\documents and settings\OLGA\Data aplikací\dvdcss
2011-12-25 20:57 . 2011-12-25 20:57 -------- d-----w- c:\documents and settings\OLGA\Data aplikací\Search Settings
2011-12-25 20:57 . 2011-12-25 20:57 -------- d-----w- c:\program files\Application Updater
2011-12-25 20:57 . 2011-12-25 20:57 -------- d-----w- c:\program files\pdfforge Toolbar
2011-12-25 20:57 . 2011-12-25 20:57 -------- d-----w- c:\program files\Common Files\Spigot
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-29 06:47 . 2011-06-21 19:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57 . 2007-10-29 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2007-10-29 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2007-10-29 12:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2007-10-29 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2007-10-29 12:00 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:13 . 2007-10-29 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2007-10-29 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2007-10-29 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2007-10-29 12:00 385024 ------w- c:\windows\system32\html.iec
2011-11-03 15:29 . 2007-10-29 12:00 386560 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:29 . 2007-10-29 12:00 1294848 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2007-10-29 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:32 . 2007-10-29 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2007-10-29 12:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 10:49 . 2004-08-17 15:45 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-03-05 273544]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2011-07-22 149280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-12-13 922976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\JCENDA\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
c:\documents and settings\LUKAS\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
c:\documents and settings\OLGA\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"c:\\Program Files\\Readon Technology\\Readon TV Movie Radio Player 7.4.0.0\\internettv.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7.2.2011 17:41 294608]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [14.12.2011 13:13 748440]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [18.10.2005 17:11 61440]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7.2.2011 17:41 17744]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 ZD1211BU(Atheros);Atheros ZD1211B IEEE 802.11 Wireless LAN Driver (USB)(Atheros);c:\windows\system32\DRIVERS\zd1211Bu.sys --> c:\windows\system32\DRIVERS\zd1211Bu.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-01-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1715567821-113007714-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25]
.
2012-01-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1715567821-113007714-725345543-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25]
.
2012-01-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1715567821-113007714-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25]
.
2012-01-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1715567821-113007714-725345543-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:c.budejovice@skola.skrivanek.cz
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 192.168.178.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-23 20:07
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(896)
c:\windows\System32\BCMLogon.dll
c:\windows\system32\igfxdev.dll
.
Celkový čas: 2012-01-23 20:09:07
ComboFix-quarantined-files.txt 2012-01-23 19:09
.
Před spuštěním: Volných bajtů: 50 770 268 160
Po spuštění: Volných bajtů: 51 161 292 800
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 09BD0B326F06F20FE60E73E1E787B1A0

#4 Příspěvek od **Rudy** » 23 led 2012 21:00

Ještě dosčistíme. Otevřte poznámkový blok a zkopírujte do něj:

Folder::
c:\program files\Common Files\Spigot
c:\program files\pdfforge Toolbar

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

lkc · #5 Příspěvek od **lkc** » 23 led 2012 21:31

Provedeno. Dekuji moc za pomoc.
Ted je tedy vse ok?

ComboFix 12-01-23.02 - OLGA 23.01.2012 21:21:08.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.540 [GMT 1:00]
Spuštěný z: c:\documents and settings\OLGA\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\OLGA\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\Spigot
c:\program files\Common Files\Spigot\Search Settings\baidu_ff.xml
c:\program files\Common Files\Spigot\Search Settings\baidu_ie.xml
c:\program files\Common Files\Spigot\Search Settings\config.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1031.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1033.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1034.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1036.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1040.ini
c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xml
c:\program files\Common Files\Spigot\Search Settings\yandex_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yandex_ie.xml
c:\program files\pdfforge Toolbar
c:\program files\pdfforge Toolbar\IE\4.9\config.ini
c:\program files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll
c:\program files\pdfforge Toolbar\Res\amazon.gif
c:\program files\pdfforge Toolbar\Res\dropinsavings.gif
c:\program files\pdfforge Toolbar\Res\dropinsavingsabt.gif
c:\program files\pdfforge Toolbar\Res\ebay.gif
c:\program files\pdfforge Toolbar\Res\facebook.gif
c:\program files\pdfforge Toolbar\Res\googleplus.gif
c:\program files\pdfforge Toolbar\Res\icon_settings.gif
c:\program files\pdfforge Toolbar\Res\Lang\res1031.ini
c:\program files\pdfforge Toolbar\Res\Lang\res1033.ini
c:\program files\pdfforge Toolbar\Res\Lang\res1034.ini
c:\program files\pdfforge Toolbar\Res\Lang\res1036.ini
c:\program files\pdfforge Toolbar\Res\Lang\res1040.ini
c:\program files\pdfforge Toolbar\Res\pdfc_branding.gif
c:\program files\pdfforge Toolbar\Res\pdfc_branding_hover.gif
c:\program files\pdfforge Toolbar\Res\pdfc_icon.gif
c:\program files\pdfforge Toolbar\Res\pdfc_portal_logo.gif
c:\program files\pdfforge Toolbar\Res\radio-close.gif
c:\program files\pdfforge Toolbar\Res\radio-minimize.gif
c:\program files\pdfforge Toolbar\Res\radiobeta.gif
c:\program files\pdfforge Toolbar\Res\search-button-hover.gif
c:\program files\pdfforge Toolbar\Res\search-button.gif
c:\program files\pdfforge Toolbar\Res\search-chevron-hover.gif
c:\program files\pdfforge Toolbar\Res\search-chevron.gif
c:\program files\pdfforge Toolbar\Res\search_amazon.gif
c:\program files\pdfforge Toolbar\Res\search_baidu.gif
c:\program files\pdfforge Toolbar\Res\search_ebay.gif
c:\program files\pdfforge Toolbar\Res\search_yahoo.gif
c:\program files\pdfforge Toolbar\Res\search_yandex.gif
c:\program files\pdfforge Toolbar\Res\twitter.gif
c:\program files\pdfforge Toolbar\Res\widgets.xml
c:\program files\pdfforge Toolbar\WidgiHelper.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-23 do 2012-01-23 )))))))))))))))))))))))))))))))
.
.
2012-01-23 18:15 . 2012-01-23 18:15 -------- d-----w- c:\program files\trend micro
2012-01-23 18:14 . 2012-01-23 18:15 -------- d-----w- C:\rsit
2012-01-21 09:24 . 2012-01-21 09:24 -------- d-----w- c:\documents and settings\OLGA\Data aplikací\Simfy
2012-01-21 09:24 . 2012-01-21 09:24 -------- d-----w- c:\program files\simfy
2012-01-21 09:24 . 2012-01-21 09:24 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-01-20 20:31 . 2012-01-20 20:31 -------- d-----w- c:\documents and settings\OLGA\Data aplikací\dvdcss
2011-12-25 20:57 . 2011-12-25 20:57 -------- d-----w- c:\documents and settings\OLGA\Data aplikací\Search Settings
2011-12-25 20:57 . 2011-12-25 20:57 -------- d-----w- c:\program files\Application Updater
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-29 06:47 . 2011-06-21 19:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57 . 2007-10-29 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2007-10-29 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2007-10-29 12:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2007-10-29 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2007-10-29 12:00 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:13 . 2007-10-29 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2007-10-29 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2007-10-29 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2007-10-29 12:00 385024 ------w- c:\windows\system32\html.iec
2011-11-03 15:29 . 2007-10-29 12:00 386560 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:29 . 2007-10-29 12:00 1294848 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2007-10-29 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:32 . 2007-10-29 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2007-10-29 12:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 10:49 . 2004-08-17 15:45 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-03-05 273544]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2011-07-22 149280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\JCENDA\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
c:\documents and settings\LUKAS\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
c:\documents and settings\OLGA\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"c:\\Program Files\\Readon Technology\\Readon TV Movie Radio Player 7.4.0.0\\internettv.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7.2.2011 17:41 294608]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [14.12.2011 13:13 748440]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [18.10.2005 17:11 61440]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7.2.2011 17:41 17744]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 ZD1211BU(Atheros);Atheros ZD1211B IEEE 802.11 Wireless LAN Driver (USB)(Atheros);c:\windows\system32\DRIVERS\zd1211Bu.sys --> c:\windows\system32\DRIVERS\zd1211Bu.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-01-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1715567821-113007714-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25]
.
2012-01-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1715567821-113007714-725345543-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25]
.
2012-01-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1715567821-113007714-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25]
.
2012-01-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1715567821-113007714-725345543-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:c.budejovice@skola.skrivanek.cz
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 192.168.178.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-23 21:25
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(896)
c:\windows\System32\BCMLogon.dll
c:\windows\system32\igfxdev.dll
.
Celkový čas: 2012-01-23 21:27:11
ComboFix-quarantined-files.txt 2012-01-23 20:27
ComboFix2.txt 2012-01-23 19:09
.
Před spuštěním: Volných bajtů: 51 185 291 264
Po spuštění: Volných bajtů: 51 168 645 120
.
- - End Of File - - 810F8A6D4FD3A53306B5FD628E760AE0

#6 Příspěvek od **Rudy** » 23 led 2012 21:37

Vše smazáno, log již vypadá čistý. Nastala nějaká zmněna?

lkc · #7 Příspěvek od **lkc** » 23 led 2012 22:39

Diky.
Ntb jsem zkusil restartovat, vypada to na rychlejsi start. CD takz naslo... Tak snad.
Jeste jednou dekuju.

#8 Příspěvek od **Rudy** » 23 led 2012 22:40

Rádo se stalo!

VIRY.CZ

pomaly beh aplikaci, zejmena online, PC neidentifikuje CDROM

pomaly beh aplikaci, zejmena online, PC neidentifikuje CDROM

Re: pomaly beh aplikaci, zejmena online, PC neidentifikuje C

Re: pomaly beh aplikaci, zejmena online, PC neidentifikuje C

Re: pomaly beh aplikaci, zejmena online, PC neidentifikuje C

Re: pomaly beh aplikaci, zejmena online, PC neidentifikuje C

Re: pomaly beh aplikaci, zejmena online, PC neidentifikuje C

Re: pomaly beh aplikaci, zejmena online, PC neidentifikuje C

Re: pomaly beh aplikaci, zejmena online, PC neidentifikuje C