Zkontrolování HiJackThis

mikeloak · Příspěvek od **mikeloak** » úte 30. pro 2008, 12:56

Zdrawim pánové, mám prosbu jestli by ste mi nemohli zkontrolovat log

Logfile of HijackThis v1.99.1
Scan saved at 12:09:05, on 30.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Razer\razerhid.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Owner\Plocha\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC79E1F5-EE19-478A-9337-8A3DE6CB5A58}: NameServer = 192.168.11.11
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

jansv · Příspěvek od **jansv** » úte 30. pro 2008, 14:00

Ahoj, mohl, ale prosím, odpusť si to wynikající wéčko.

Vlož ještě log z nové verze HijackThis:
Stáhni si HijackThis např. odtud - http://www.stahuj.centrum.cz/internet_a ... ijackthis/

Použití
1. Spusť program a stiskněte tlačítko "Do a system scan and save a log"
2. Celý obsah textového dokumentu, který po chvilce sám "vyskočí" sem vlož normálně do příspěvku a já Ti to zkontroluju, a poté uvidíme, co dále.

Ale předběžně to vypadá dobře.

mikeloak · Příspěvek od **mikeloak** » úte 30. pro 2008, 19:34

Díky kámo, tady to je
můžu se zeptat co se na tom log zjištuje?? abych si to pro příště mohl zkontrolovat sám a nemusel bych otravovat vás!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:32:36, on 30.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Razer\razerhid.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC79E1F5-EE19-478A-9337-8A3DE6CB5A58}: NameServer = 192.168.11.11
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\WINDOWS\system32\IoctlSvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7364 bytes

mikeloak · Příspěvek od **mikeloak** » úte 30. pro 2008, 21:03

Zkouknul sem pár článků a udělal test. Myslíš že bych ěml použít i ComboFix?
Děkuju za pomoc

Malwarebytes' Anti-Malware 1.31
Verze databáze: 1579
Windows 5.1.2600 Service Pack 3

30.12.2008 21:01:49
mbam-log-2008-12-30 (21-01-45).txt

Typ skenu: Rychlý sken
Objektu skenováno: 62309
Uplynulý cas: 4 minute(s), 29 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 1
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 2

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CLASSES_ROOT\extravideo (Trojan.DNSChanger) -> No action taken.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\WINDOWS\system32\msqpdxemrkbpfu.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\Temp\tempo-B85.tmp (Trojan.DNSChanger) -> No action taken.

jansv · Příspěvek od **jansv** » úte 30. pro 2008, 22:00

Aha, tak už mě tu stejně skoro nepotřebuješ

No ono kontrolování logů a čištění PC není věc, která se naučí za den. To chce trošku teorie a hodně praxe

Log z Malwarebytes' Anti-Malware nevypadá moc dobře, takže ano, vlož i log z ComboFixu.

Návod (citace):
Stáhněte a uložte na plochu ComboFix.
Spusťte pod účtem s Administrátorským oprávněním, před spuštěním vypněte všechny aplikace včetně Antiviru a Firewallu.
Celá akce trvá okolo 10 minut, někdy i déle.
Nelekněte se, když Váš stroj bude restartován.
Po restartu aplikace vytvoří log, uložený na C:/Combofix.txt (Při opakovaném použití jsou logy označeny Combofix2.txt atd.), JEHO OBSAH SEM VLOŽTE.

mikeloak · Příspěvek od **mikeloak** » úte 30. pro 2008, 22:18

ComboFix 08-12-29.02 - Owner 2008-12-30 22:07:26.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.3327.2680 [GMT 1:00]
Spuštěný z: c:\documents and settings\Owner\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Owner\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\Owner\Data aplikací\inst.exe
C:\resycled
c:\resycled\boot.com
c:\windows\system32\drivers\msqpdxserv.sys
c:\windows\system32\msqpdxemrkbpfu.dll
E:\Autorun.inf
E:\resycled
e:\resycled\boot.com
G:\autorun.inf
G:\resycled
g:\resycled\boot.com
H:\Autorun.inf
H:\resycled
h:\resycled\boot.com
I:\autorun.inf
I:\resycled
i:\resycled\boot.com
J:\autorun.inf
J:\resycled
j:\resycled\boot.com

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-11-28 do 2008-12-30 )))))))))))))))))))))))))))))))
.

2008-12-30 22:11 . 2008-12-30 22:11 <DIR> dr-hs---- C:\resycled
2008-12-30 20:56 . 2008-12-30 20:56 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-30 20:56 . 2008-12-30 20:56 <DIR> d-------- c:\documents and settings\Owner\Data aplikací\Malwarebytes
2008-12-30 20:56 . 2008-12-30 20:56 <DIR> d-------- c:\documents and settings\Owner\Data aplikací\Malwarebytes
2008-12-30 20:56 . 2008-12-30 20:56 <DIR> d-------- c:\documents and settings\Owner\Data aplikací\Malwarebytes
2008-12-30 20:56 . 2008-12-30 20:56 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2008-12-30 20:56 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-30 20:56 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-30 20:03 . 2008-12-30 20:03 <DIR> d-------- c:\windows\Sun
2008-12-30 20:02 . 2005-04-13 03:48 49,265 --a------ c:\windows\system32\jpicpl32.cpl
2008-12-30 20:01 . 2008-12-30 20:02 <DIR> d-------- c:\program files\Java
2008-12-30 20:01 . 2008-12-30 20:01 <DIR> d-------- c:\program files\Common Files\Java
2008-12-30 19:29 . 2008-12-30 19:29 <DIR> d-------- c:\program files\Trend Micro
2008-12-30 13:06 . 2008-12-30 13:07 <DIR> d-------- c:\documents and settings\Owner\Data aplikací\Ahead
2008-12-30 13:06 . 2008-12-30 13:07 <DIR> d-------- c:\documents and settings\Owner\Data aplikací\Ahead
2008-12-30 13:06 . 2008-12-30 13:07 <DIR> d-------- c:\documents and settings\Owner\Data aplikací\Ahead
2008-12-30 13:05 . 2008-12-30 13:08 <DIR> d-------- c:\program files\Common Files\Ahead
2008-12-30 12:41 . 2008-02-28 13:26 1,414,440 --a------ c:\windows\system32\ShellManager310E2D762.dll
2008-12-30 12:41 . 2008-02-28 13:01 774,144 --a------ c:\windows\system32\NEROINSTAEC43759.DB
2008-12-30 12:19 . 2008-12-30 12:20 250 --a------ c:\windows\gmer.ini
2008-12-28 22:46 . 2008-03-13 22:55 <DIR> d-------- c:\documents and settings\Administrator.U-27E855EA93E34\Plocha
2008-12-28 22:46 . 2008-03-13 22:55 <DIR> d--h----- c:\documents and settings\Administrator.U-27E855EA93E34\Okolní tiskárny
2008-12-28 22:46 . 2008-03-13 22:55 <DIR> d--h----- c:\documents and settings\Administrator.U-27E855EA93E34\Okolní síť
2008-12-28 22:46 . 2008-03-13 22:55 <DIR> d-------- c:\documents and settings\Administrator.U-27E855EA93E34\Oblíbené položky
2008-12-28 22:46 . 2008-03-13 22:01 <DIR> d--h----- c:\documents and settings\Administrator.U-27E855EA93E34\Šablony
2008-12-28 22:46 . 2008-03-13 22:55 <DIR> dr------- c:\documents and settings\Administrator.U-27E855EA93E34\Nabídka Start
2008-12-28 22:46 . 2008-03-13 22:55 <DIR> d-------- c:\documents and settings\Administrator.U-27E855EA93E34\Dokumenty
2008-12-28 22:46 . 2008-03-13 22:55 <DIR> dr-h----- c:\documents and settings\Administrator.U-27E855EA93E34\Data aplikací
2008-12-28 22:46 . 2008-12-28 22:46 <DIR> d-------- c:\documents and settings\Administrator.U-27E855EA93E34
2008-12-25 17:08 . 2008-12-25 17:08 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Data aplikací\vsosdk
2008-12-25 16:01 . 2008-12-25 16:01 <DIR> d-------- c:\program files\VSO
2008-12-25 16:01 . 2008-12-26 18:18 <DIR> d-------- c:\documents and settings\Owner\Data aplikací\Vso
2008-12-25 16:01 . 2008-12-26 18:18 <DIR> d-------- c:\documents and settings\Owner\Data aplikací\Vso
2008-12-25 16:01 . 2008-12-26 18:18 <DIR> d-------- c:\documents and settings\Owner\Data aplikací\Vso
2008-12-25 16:01 . 2006-05-20 16:16 1,184,984 --a------ c:\windows\system32\wvc1dmod.dll
2008-12-25 16:01 . 2006-05-11 19:21 626,688 --a------ c:\windows\system32\vp7vfw.dll
2008-12-25 16:01 . 2006-09-29 12:24 217,127 --a------ c:\windows\system32\drv43260.dll
2008-12-25 16:01 . 2006-09-29 12:25 208,935 --a------ c:\windows\system32\drv33260.dll
2008-12-25 16:01 . 2006-09-29 12:26 176,165 --a------ c:\windows\system32\drv23260.dll
2008-12-25 16:01 . 2002-12-10 02:20 102,439 --a------ c:\windows\system32\sipr3260.dll
2008-12-25 16:01 . 2007-03-18 20:37 65,602 --a------ c:\windows\system32\cook3260.dll
2008-12-25 16:01 . 2008-12-25 16:01 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2008-12-25 16:01 . 2008-12-25 16:01 47,360 --a------ c:\documents and settings\Owner\Data aplikací\pcouffin.sys
2008-12-25 16:01 . 2008-12-25 16:01 47,360 --a------ c:\documents and settings\Owner\Data aplikací\pcouffin.sys
2008-12-25 16:01 . 2008-12-25 16:01 47,360 --a------ c:\documents and settings\Owner\Data aplikací\pcouffin.sys
2008-12-22 16:00 . 2008-12-22 16:00 98,304 --a------ c:\windows\system32CmdLineExt.dll
2008-12-22 14:09 . 2008-09-24 19:41 839,680 --a------ c:\windows\system32\lameACM.acm
2008-12-22 14:09 . 2008-12-07 19:08 795,648 --a------ c:\windows\system32\xvidcore.dll
2008-12-22 14:09 . 2004-01-25 17:18 217,088 --a------ c:\windows\system32\yv12vfw.dll
2008-12-22 14:09 . 2008-12-07 19:08 130,048 --a------ c:\windows\system32\xvidvfw.dll
2008-12-22 14:09 . 2007-09-21 01:52 118,784 --a------ c:\windows\system32\ac3acm.acm
2008-12-22 14:09 . 2008-10-03 13:30 414 --a------ c:\windows\system32\lame_acm.xml
2008-12-22 14:09 . 2008-07-30 20:09 38 --a------ c:\windows\avisplitter.ini
2008-12-22 14:08 . 2008-12-22 14:09 <DIR> d-------- c:\program files\K-Lite Codec Pack
2008-12-22 14:08 . 2008-09-19 22:57 3,596,288 --a------ c:\windows\system32\qt-dx331.dll
2008-12-22 14:08 . 2008-10-28 23:35 684,032 --a------ c:\windows\system32\divx.dll
2008-12-22 14:08 . 2008-09-25 09:03 81,920 --a------ c:\windows\system32\dpl100.dll
2008-12-22 14:08 . 2008-12-08 12:53 57,344 --a------ c:\windows\system32\ff_vfw.dll
2008-12-22 14:08 . 2007-07-10 17:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2008-12-22 09:50 . 2008-12-22 09:50 <DIR> d-------- c:\program files\Lavasoft
2008-12-22 09:50 . 2008-12-22 09:50 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-09 20:07 . 2008-12-09 20:12 <DIR> d-------- c:\documents and settings\Owner\Data aplikací\Moyea
2008-12-09 20:07 . 2008-12-09 20:12 <DIR> d-------- c:\documents and settings\Owner\Data aplikací\Moyea
2008-12-09 20:07 . 2008-12-09 20:12 <DIR> d-------- c:\documents and settings\Owner\Data aplikací\Moyea
2008-12-09 14:08 . 2008-12-10 21:57 <DIR> d-------- c:\documents and settings\Owner\Data aplikací\ICQ
2008-12-09 14:08 . 2008-12-10 21:57 <DIR> d-------- c:\documents and settings\Owner\Data aplikací\ICQ
2008-12-09 14:08 . 2008-12-10 21:57 <DIR> d-------- c:\documents and settings\Owner\Data aplikací\ICQ
2008-12-09 14:07 . 2008-12-09 14:11 <DIR> d-------- c:\program files\ICQ6.5
2008-12-09 12:41 . 2008-12-09 12:41 <DIR> d-------- c:\documents and settings\Owner\Data aplikací\QIP
2008-12-09 12:41 . 2008-12-09 12:41 <DIR> d-------- c:\documents and settings\Owner\Data aplikací\QIP
2008-12-09 12:41 . 2008-12-09 12:41 <DIR> d-------- c:\documents and settings\Owner\Data aplikací\QIP
2008-12-02 20:06 . 2008-12-02 20:06 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-12-02 20:05 . 2008-12-02 20:05 <DIR> d-------- c:\windows\system32\LogFiles
2008-12-02 20:05 . 2008-12-03 18:08 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-12-02 20:05 . 2008-12-02 20:05 <DIR> d-------- C:\c7080289a23cd49078ed5effdb48073b
2008-12-02 20:05 . 2008-12-02 20:06 <DIR> d-------- C:\c58e4bc61277516aa1ca83cb064e
2008-11-30 20:08 . 2008-11-30 20:08 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Data aplikacĂ
2008-11-30 19:50 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll
2008-11-30 19:50 . 2008-11-30 19:50 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-11-30 19:50 . 2008-11-30 19:50 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2008-11-30 19:44 . 2008-09-15 08:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll
2008-11-30 19:44 . 2008-09-15 08:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2008-11-30 19:44 . 2008-09-15 08:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2008-11-30 19:44 . 2008-09-15 08:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys
2008-11-30 19:44 . 2008-09-15 08:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys
2008-11-30 19:44 . 2008-09-15 08:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys
2008-11-12 16:15 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 16:15 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-30 21:14 --------- d-----w c:\documents and settings\Owner\Data aplikací\skypePM
2008-12-30 21:14 --------- d-----w c:\documents and settings\Owner\Data aplikací\skypePM
2008-12-30 21:14 --------- d-----w c:\documents and settings\Owner\Data aplikací\skypePM
2008-12-30 21:14 --------- d-----w c:\documents and settings\Owner\Data aplikací\Skype
2008-12-30 21:14 --------- d-----w c:\documents and settings\Owner\Data aplikací\Skype
2008-12-30 21:14 --------- d-----w c:\documents and settings\Owner\Data aplikací\Skype
2008-12-30 12:21 --------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\Spybot - Search & Destroy
2008-12-30 12:05 --------- d-----w c:\program files\Nero
2008-12-30 12:05 --------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\Nero
2008-12-30 11:41 --------- d-----w c:\program files\Common Files\Nero
2008-12-28 22:07 --------- d-----w c:\documents and settings\Owner\Data aplikací\Spyware Terminator
2008-12-28 22:07 --------- d-----w c:\documents and settings\Owner\Data aplikací\Spyware Terminator
2008-12-28 22:07 --------- d-----w c:\documents and settings\Owner\Data aplikací\Spyware Terminator
2008-12-26 12:11 --------- d-----w c:\program files\Spyware Terminator
2008-12-26 11:51 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-25 23:37 --------- d-----w c:\program files\SpeedFan
2008-12-25 11:03 --------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\Spyware Terminator
2008-12-22 08:52 --------- d-----w c:\documents and settings\Owner\Data aplikací\DivX
2008-12-22 08:52 --------- d-----w c:\documents and settings\Owner\Data aplikací\DivX
2008-12-22 08:52 --------- d-----w c:\documents and settings\Owner\Data aplikací\DivX
2008-12-22 08:50 --------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\Lavasoft
2008-12-22 08:46 --------- d-----w c:\program files\GameShadow
2008-12-22 08:45 --------- d-----w c:\program files\DivX
2008-12-03 17:08 --------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\PC Suite
2008-11-30 19:07 --------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\Nokia
2008-11-30 18:44 --------- d-----w c:\program files\Nokia
2008-11-30 18:44 --------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\Installations
2008-11-30 18:43 --------- d-----w c:\program files\Common Files\Nokia
2008-11-09 14:08 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-09-20 12:55 2,560 ----a-w c:\windows\_MSRSTRT.EXE
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-05-30 21718312]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2008-11-30 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]
"razer"="c:\program files\Razer\razerhid.exe" [2005-05-17 147456]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-18 185896]
"AAWTray"="c:\program files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 88024]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"Web Translator"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\patchget.dat"=
"c:\\TRANSLAT\\WEBTRANS.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 xmasbus;xmasbus;c:\windows\system32\DRIVERS\xmasbus.sys [2008-03-24 140800]
R0 xmasscsi;xmasscsi;c:\windows\system32\Drivers\xmasscsi.sys [2008-03-24 5504]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-12 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-12 20560]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\atl01_xp.sys [2008-03-13 38656]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2006-03-02 69120]
S3 PAC207;PC Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2007-05-29 508160]
S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\Drivers\Razerlow.sys [2008-04-12 13225]
S3 RT2400;RT2400 Wireless Driver;c:\windows\system32\DRIVERS\RT2400.sys [2004-03-01 62848]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2daccfb2-3ee3-11dd-ab67-001e8c833226}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com j:
\Shell\Open\command - j:\resycled\boot.com j:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52a5b76f-9c46-11dd-ab84-00112f224238}]
\Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f85cc6d-f146-11dc-b10c-806d6172696f}]
\Shell\AutoRun\command - D:\SETUP.EXE
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {BC79E1F5-EE19-478A-9337-8A3DE6CB5A58} = 192.168.11.11
FF - ProfilePath - c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\5oh21e08.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 22:15:17
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\rundll32.exe
c:\program files\Razer\razerofa.exe
c:\program files\Java\jre1.5.0_03\bin\jucheck.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
.
**************************************************************************
.
Celkový čas: 2008-12-30 22:16:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-12-30 21:16:45

Před spuštěním: Volných bajtů: 37 860 970 496
Po spuštění: Volných bajtů: 38,525,317,120

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

288 --- E O F --- 2008-12-22 02:00:57

mikeloak · Příspěvek od **mikeloak** » úte 30. pro 2008, 22:19

Připojil sem k tomu všechny Flash disky. Tak mě napadlo jestli bys mě neodkázal na nějakou stránku s teorii, docela rád bych chtěl porozumět těmhle prográmkům. V týhle době to je užitečná věc.
A ještě jednou děkuju za pomoc

jansv · Příspěvek od **jansv** » úte 30. pro 2008, 22:47

S tebou je radost pracovat, sám si část uděláš, a to i tak, jak si představuji.

Jo, a není zač, já rád pomáhám, proto tu jsem.

OK, super. Takže pokaždý, když budeme něco dělat, nech všechny USB klíče zapojeny.
Jo, něco o teorii:

http://viry.cz/forum/viewtopic.php?f=24&t=2230 - je tu i analýza výsledného logu
http://viry.cz/forum/ - zde toho najdeš doopravdy dost
http://viry.cz - taky mrkni na hlavní stránku
http://pctuning.tyden.cz/index.php?opti ... &Itemid=94

atd. Ale vždy je vhodné si výsledky třeba z HijackThis ověřit pomocí googlu.

A k problému:

Citace:
Pokuď jste tak ještě neučinil, přesuňte ComboFix na Plochu.
Otevřete si Poznámkový Blok.
Do něj zkopírujte skript z následujícího okna (bez slova Kód)

Kód: Vybrat vše

KillAll::

File::
c:\windows\avisplitter.ini
c:\windows\_MSRSTRT.EXE

DirLook::
c:\windows\system32\drivers\UMDF
C:\c7080289a23cd49078ed5effdb48073b
C:\c58e4bc61277516aa1ca83cb064e
c:\documents and settings\All Users.WINDOWS\Data aplikacĂ

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2daccfb2-3ee3-11dd-ab67-001e8c833226}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f85cc6d-f146-11dc-b10c-806d6172696f}]

Uložte Vámi vytvořený textový soubor s názvem CFScript.txt na plochu (Dávejte pozor, aby jste tam neměli dvakrát .txt).
Po uložení uchopte Vámi vytvořený skript levým tlačítkem myši a přesuňte jej nad ikonu Combofixu, nad niž skript upusťte:

Obrázek

Po apllikaci by na Vás měl vybafnout další log, vložte jej prosím sem.

Poté proveď pomocí Malwarebytes' Anti-Malware kompletní sken disku C, nic nemaž a vlož sem log.

mikeloak · Příspěvek od **mikeloak** » úte 30. pro 2008, 23:01

ComboFix 08-12-29.02 - Owner 2008-12-30 22:53:07.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.3327.2650 [GMT 1:00]
Spuštěný z: c:\documents and settings\Owner\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Owner\Plocha\CFScript.txt.txt
* Vytvořen nový Bod Obnovení

FILE ::
c:\windows\_MSRSTRT.EXE
c:\windows\avisplitter.ini
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\resycled
c:\windows\_MSRSTRT.EXE
c:\windows\avisplitter.ini
E:\resycled
G:\resycled
H:\resycled
I:\resycled
J:\autorun.inf
J:\resycled

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-11-28 do 2008-12-30 )))))))))))))))))))))))))))))))
.

2008-12-30 20:56 . 2008-12-30 20:56 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-30 20:56 . 2008-12-30 20:56 <DIR> d-------- c:\documents and settings\Owner\Data aplikací\Malwarebytes
2008-12-30 20:56 . 2008-12-30 20:56 <DIR> d-------- c:\documents and settings\Owner\Data aplikací\Malwarebytes
2008-12-30 20:56 . 2008-12-30 20:56 <DIR> d-------- c:\documents and settings\Owner\Data aplikací\Malwarebytes
2008-12-30 20:56 . 2008-12-30 20:56 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2008-12-30 20:56 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-30 20:56 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-30 20:03 . 2008-12-30 20:03 <DIR> d-------- c:\windows\Sun
2008-12-30 20:02 . 2005-04-13 03:48 49,265 --a------ c:\windows\system32\jpicpl32.cpl
2008-12-30 20:01 . 2008-12-30 20:02 <DIR> d-------- c:\program files\Java
2008-12-30 20:01 . 2008-12-30 20:01 <DIR> d-------- c:\program files\Common Files\Java
2008-12-30 19:29 . 2008-12-30 19:29 <DIR> d-------- c:\program files\Trend Micro
2008-12-30 13:06 . 2008-12-30 13:07 <DIR> d-------- c:\documents and settings\Owner\Data aplikací\Ahead
2008-12-30 13:06 . 2008-12-30 13:07 <DIR> d-------- c:\documents and settings\Owner\Data aplikací\Ahead
2008-12-30 13:06 . 2008-12-30 13:07 <DIR> d-------- c:\documents and settings\Owner\Data aplikací\Ahead
2008-12-30 13:05 . 2008-12-30 13:08 <DIR> d-------- c:\program files\Common Files\Ahead
2008-12-30 12:41 . 2008-02-28 13:26 1,414,440 --a------ c:\windows\system32\ShellManager310E2D762.dll
2008-12-30 12:41 . 2008-02-28 13:01 774,144 --a------ c:\windows\system32\NEROINSTAEC43759.DB
2008-12-30 12:19 . 2008-12-30 12:20 250 --a------ c:\windows\gmer.ini
2008-12-28 22:46 . 2008-03-13 22:55 <DIR> d-------- c:\documents and settings\Administrator.U-27E855EA93E34\Plocha
2008-12-28 22:46 . 2008-03-13 22:55 <DIR> d--h----- c:\documents and settings\Administrator.U-27E855EA93E34\Okolní tiskárny
2008-12-28 22:46 . 2008-03-13 22:55 <DIR> d--h----- c:\documents and settings\Administrator.U-27E855EA93E34\Okolní síť
2008-12-28 22:46 . 2008-03-13 22:55 <DIR> d-------- c:\documents and settings\Administrator.U-27E855EA93E34\Oblíbené položky
2008-12-28 22:46 . 2008-03-13 22:01 <DIR> d--h----- c:\documents and settings\Administrator.U-27E855EA93E34\Šablony
2008-12-28 22:46 . 2008-03-13 22:55 <DIR> dr------- c:\documents and settings\Administrator.U-27E855EA93E34\Nabídka Start
2008-12-28 22:46 . 2008-03-13 22:55 <DIR> d-------- c:\documents and settings\Administrator.U-27E855EA93E34\Dokumenty
2008-12-28 22:46 . 2008-03-13 22:55 <DIR> dr-h----- c:\documents and settings\Administrator.U-27E855EA93E34\Data aplikací
2008-12-28 22:46 . 2008-12-28 22:46 <DIR> d-------- c:\documents and settings\Administrator.U-27E855EA93E34
2008-12-25 17:08 . 2008-12-25 17:08 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Data aplikací\vsosdk
2008-12-25 16:01 . 2008-12-25 16:01 <DIR> d-------- c:\program files\VSO
2008-12-25 16:01 . 2008-12-26 18:18 <DIR> d-------- c:\documents and settings\Owner\Data aplikací\Vso
2008-12-25 16:01 . 2008-12-26 18:18 <DIR> d-------- c:\documents and settings\Owner\Data aplikací\Vso
2008-12-25 16:01 . 2008-12-26 18:18 <DIR> d-------- c:\documents and settings\Owner\Data aplikací\Vso
2008-12-25 16:01 . 2006-05-20 16:16 1,184,984 --a------ c:\windows\system32\wvc1dmod.dll
2008-12-25 16:01 . 2006-05-11 19:21 626,688 --a------ c:\windows\system32\vp7vfw.dll
2008-12-25 16:01 . 2006-09-29 12:24 217,127 --a------ c:\windows\system32\drv43260.dll
2008-12-25 16:01 . 2006-09-29 12:25 208,935 --a------ c:\windows\system32\drv33260.dll
2008-12-25 16:01 . 2006-09-29 12:26 176,165 --a------ c:\windows\system32\drv23260.dll
2008-12-25 16:01 . 2002-12-10 02:20 102,439 --a------ c:\windows\system32\sipr3260.dll
2008-12-25 16:01 . 2007-03-18 20:37 65,602 --a------ c:\windows\system32\cook3260.dll
2008-12-25 16:01 . 2008-12-25 16:01 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2008-12-25 16:01 . 2008-12-25 16:01 47,360 --a------ c:\documents and settings\Owner\Data aplikací\pcouffin.sys
2008-12-25 16:01 . 2008-12-25 16:01 47,360 --a------ c:\documents and settings\Owner\Data aplikací\pcouffin.sys
2008-12-25 16:01 . 2008-12-25 16:01 47,360 --a------ c:\documents and settings\Owner\Data aplikací\pcouffin.sys
2008-12-22 16:00 . 2008-12-22 16:00 98,304 --a------ c:\windows\system32CmdLineExt.dll
2008-12-22 14:09 . 2008-09-24 19:41 839,680 --a------ c:\windows\system32\lameACM.acm
2008-12-22 14:09 . 2008-12-07 19:08 795,648 --a------ c:\windows\system32\xvidcore.dll
2008-12-22 14:09 . 2004-01-25 17:18 217,088 --a------ c:\windows\system32\yv12vfw.dll
2008-12-22 14:09 . 2008-12-07 19:08 130,048 --a------ c:\windows\system32\xvidvfw.dll
2008-12-22 14:09 . 2007-09-21 01:52 118,784 --a------ c:\windows\system32\ac3acm.acm
2008-12-22 14:09 . 2008-10-03 13:30 414 --a------ c:\windows\system32\lame_acm.xml
2008-12-22 14:08 . 2008-12-22 14:09 <DIR> d-------- c:\program files\K-Lite Codec Pack
2008-12-22 14:08 . 2008-09-19 22:57 3,596,288 --a------ c:\windows\system32\qt-dx331.dll
2008-12-22 14:08 . 2008-10-28 23:35 684,032 --a------ c:\windows\system32\divx.dll
2008-12-22 14:08 . 2008-09-25 09:03 81,920 --a------ c:\windows\system32\dpl100.dll
2008-12-22 14:08 . 2008-12-08 12:53 57,344 --a------ c:\windows\system32\ff_vfw.dll
2008-12-22 14:08 . 2007-07-10 17:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2008-12-22 09:50 . 2008-12-22 09:50 <DIR> d-------- c:\program files\Lavasoft
2008-12-22 09:50 . 2008-12-22 09:50 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-09 20:07 . 2008-12-09 20:12 <DIR> d-------- c:\documents and settings\Owner\Data aplikací\Moyea
2008-12-09 20:07 . 2008-12-09 20:12 <DIR> d-------- c:\documents and settings\Owner\Data aplikací\Moyea
2008-12-09 20:07 . 2008-12-09 20:12 <DIR> d-------- c:\documents and settings\Owner\Data aplikací\Moyea
2008-12-09 14:08 . 2008-12-10 21:57 <DIR> d-------- c:\documents and settings\Owner\Data aplikací\ICQ
2008-12-09 14:08 . 2008-12-10 21:57 <DIR> d-------- c:\documents and settings\Owner\Data aplikací\ICQ
2008-12-09 14:08 . 2008-12-10 21:57 <DIR> d-------- c:\documents and settings\Owner\Data aplikací\ICQ
2008-12-09 14:07 . 2008-12-09 14:11 <DIR> d-------- c:\program files\ICQ6.5
2008-12-09 12:41 . 2008-12-09 12:41 <DIR> d-------- c:\documents and settings\Owner\Data aplikací\QIP
2008-12-09 12:41 . 2008-12-09 12:41 <DIR> d-------- c:\documents and settings\Owner\Data aplikací\QIP
2008-12-09 12:41 . 2008-12-09 12:41 <DIR> d-------- c:\documents and settings\Owner\Data aplikací\QIP
2008-12-02 20:06 . 2008-12-02 20:06 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-12-02 20:05 . 2008-12-02 20:05 <DIR> d-------- c:\windows\system32\LogFiles
2008-12-02 20:05 . 2008-12-03 18:08 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-12-02 20:05 . 2008-12-02 20:05 <DIR> d-------- C:\c7080289a23cd49078ed5effdb48073b
2008-12-02 20:05 . 2008-12-02 20:06 <DIR> d-------- C:\c58e4bc61277516aa1ca83cb064e
2008-11-30 20:08 . 2008-11-30 20:08 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Data aplikacĂ
2008-11-30 19:50 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll
2008-11-30 19:50 . 2008-11-30 19:50 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-11-30 19:50 . 2008-11-30 19:50 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2008-11-30 19:44 . 2008-09-15 08:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll
2008-11-30 19:44 . 2008-09-15 08:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2008-11-30 19:44 . 2008-09-15 08:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2008-11-30 19:44 . 2008-09-15 08:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys
2008-11-30 19:44 . 2008-09-15 08:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys
2008-11-30 19:44 . 2008-09-15 08:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys
2008-11-12 16:15 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 16:15 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-30 21:57 --------- d-----w c:\documents and settings\Owner\Data aplikací\Skype
2008-12-30 21:57 --------- d-----w c:\documents and settings\Owner\Data aplikací\Skype
2008-12-30 21:57 --------- d-----w c:\documents and settings\Owner\Data aplikací\Skype
2008-12-30 21:14 --------- d-----w c:\documents and settings\Owner\Data aplikací\skypePM
2008-12-30 21:14 --------- d-----w c:\documents and settings\Owner\Data aplikací\skypePM
2008-12-30 21:14 --------- d-----w c:\documents and settings\Owner\Data aplikací\skypePM
2008-12-30 12:21 --------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\Spybot - Search & Destroy
2008-12-30 12:05 --------- d-----w c:\program files\Nero
2008-12-30 12:05 --------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\Nero
2008-12-30 11:41 --------- d-----w c:\program files\Common Files\Nero
2008-12-28 22:07 --------- d-----w c:\documents and settings\Owner\Data aplikací\Spyware Terminator
2008-12-28 22:07 --------- d-----w c:\documents and settings\Owner\Data aplikací\Spyware Terminator
2008-12-28 22:07 --------- d-----w c:\documents and settings\Owner\Data aplikací\Spyware Terminator
2008-12-26 12:11 --------- d-----w c:\program files\Spyware Terminator
2008-12-26 11:51 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-25 23:37 --------- d-----w c:\program files\SpeedFan
2008-12-25 11:03 --------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\Spyware Terminator
2008-12-22 08:52 --------- d-----w c:\documents and settings\Owner\Data aplikací\DivX
2008-12-22 08:52 --------- d-----w c:\documents and settings\Owner\Data aplikací\DivX
2008-12-22 08:52 --------- d-----w c:\documents and settings\Owner\Data aplikací\DivX
2008-12-22 08:50 --------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\Lavasoft
2008-12-22 08:46 --------- d-----w c:\program files\GameShadow
2008-12-22 08:45 --------- d-----w c:\program files\DivX
2008-12-03 17:08 --------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\PC Suite
2008-11-30 19:07 --------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\Nokia
2008-11-30 18:44 --------- d-----w c:\program files\Nokia
2008-11-30 18:44 --------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\Installations
2008-11-30 18:43 --------- d-----w c:\program files\Common Files\Nokia
2008-11-09 14:08 --------- d-----w c:\program files\Spybot - Search & Destroy
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\c58e4bc61277516aa1ca83cb064e ----

2006-05-16 18:11 716000 --a------ c:\c58e4bc61277516aa1ca83cb064e\update\update.exe

---- Directory of C:\c7080289a23cd49078ed5effdb48073b ----

2006-09-28 19:01 58368 --a------ c:\c7080289a23cd49078ed5effdb48073b\update\wudfcustom.dll
2006-09-16 01:05 742192 --a------ c:\c7080289a23cd49078ed5effdb48073b\update\update.exe
2006-09-16 01:05 379184 --a------ c:\c7080289a23cd49078ed5effdb48073b\update\updspapi.dll

---- Directory of c:\documents and settings\All Users.WINDOWS\Data aplikacĂ ----

2008-11-30 20:08 1753 --a------ c:\documents and settings\All Users.WINDOWS\Data aplikacĂ\Nokia\Nokia Service Layer\A\nsl_service_module_00001\tpls\www.dsut.online.nokia.com.oti.caresuite\tpl_M00001_RM-320_v00005.fpl
2008-11-30 20:08 16587 --a------ c:\documents and settings\All Users.WINDOWS\Data aplikacĂ\Nokia\Nokia Service Layer\A\nsl_service_module_00001\tpls\www.dsut.online.nokia.com.oti.caresuite\M00001_RM-320_v00005.zip

---- Directory of c:\windows\system32\drivers\UMDF ----

2008-12-03 18:08 0 --ah----- c:\windows\system32\drivers\UMDF\MsftWdf_user_01_05_00.Wdf
2008-12-03 18:08 0 --ah----- c:\windows\system32\drivers\UMDF\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2008-12-02 20:05 0 --ah----- c:\windows\system32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
2008-03-06 10:19 534016 --a------ c:\windows\system32\drivers\UMDF\PCCSWpdDriver.dll
2006-10-18 21:47 671232 --------- c:\windows\system32\drivers\UMDF\wpdmtpdr.dll

((((((((((((((((((((((((((((( snapshot@2008-12-30_22.16.21.64 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-30 21:55:37 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5ec.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-05-30 21718312]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2008-11-30 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]
"razer"="c:\program files\Razer\razerhid.exe" [2005-05-17 147456]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-18 185896]
"AAWTray"="c:\program files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 88024]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"Web Translator"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\patchget.dat"=
"c:\\TRANSLAT\\WEBTRANS.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 xmasbus;xmasbus;c:\windows\system32\DRIVERS\xmasbus.sys [2008-03-24 140800]
R0 xmasscsi;xmasscsi;c:\windows\system32\Drivers\xmasscsi.sys [2008-03-24 5504]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-12 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-12 20560]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\atl01_xp.sys [2008-03-13 38656]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2006-03-02 69120]
S3 PAC207;PC Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2007-05-29 508160]
S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\Drivers\Razerlow.sys [2008-04-12 13225]
S3 RT2400;RT2400 Wireless Driver;c:\windows\system32\DRIVERS\RT2400.sys [2004-03-01 62848]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52a5b76f-9c46-11dd-ab84-00112f224238}]
\Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {BC79E1F5-EE19-478A-9337-8A3DE6CB5A58} = 192.168.11.11
FF - ProfilePath - c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\5oh21e08.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 22:58:33
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Java\jre1.5.0_03\bin\jucheck.exe
c:\program files\Razer\razerofa.exe
c:\windows\system32\wscntfy.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
.
**************************************************************************
.
Celkový čas: 2008-12-30 22:59:57 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-12-30 21:59:55
ComboFix2.txt 2008-12-30 21:16:48

Před spuštěním: Volných bajtů: 38 547 353 600
Po spuštění: Volných bajtů: 38,517,223,424

284 --- E O F --- 2008-12-22 02:00:57

mikeloak · Příspěvek od **mikeloak** » úte 30. pro 2008, 23:30

Malwarebytes' Anti-Malware 1.31
Verze databáze: 1579
Windows 5.1.2600 Service Pack 3

30.12.2008 23:29:45
mbam-log-2008-12-30 (23-29-42).txt

Typ skenu: Úplný sken (C:\|)
Objektu skenováno: 114458
Uplynulý cas: 27 minute(s), 47 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 1
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 2

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CLASSES_ROOT\extravideo (Trojan.DNSChanger) -> No action taken.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\Qoobox\Quarantine\C\WINDOWS\system32\msqpdxemrkbpfu.dll.vir (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{996CEEF9-B7B7-4D92-81C9-3D34169CAFD9}\RP26\A0005060.dll (Trojan.TDSS) -> No action taken.

jansv · Příspěvek od **jansv** » úte 30. pro 2008, 23:45

OK.

Dej Start - Spustit - tam napiš combofix /u a potvrď.

Vypni obnovení systému, restartuj PC a zase jej zapni.

Dej ještě v Malwarebytes' Anti-Malware Rychlý sken, a co najde, smaž, poté sem vlož log.
Případně návod na smazání: http://www.viry.cz/forum/viewtopic.php? ... 26eb79635e

Poté vlož aktuální log z HijackThis.

mikeloak · Příspěvek od **mikeloak** » stř 31. pro 2008, 00:20

Malwarebytes' Anti-Malware 1.31
Verze databáze: 1579
Windows 5.1.2600 Service Pack 3

31.12.2008 0:20:24
mbam-log-2008-12-31 (00-20-24).txt

Typ skenu: Úplný sken (C:\|)
Objektu skenováno: 110227
Uplynulý cas: 25 minute(s), 11 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 1
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CLASSES_ROOT\extravideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

mikeloak · Příspěvek od **mikeloak** » stř 31. pro 2008, 00:22

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:22:46, on 31.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Razer\razerhid.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/ ... s-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC79E1F5-EE19-478A-9337-8A3DE6CB5A58}: NameServer = 192.168.11.11
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\WINDOWS\system32\IoctlSvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 8103 bytes

jansv · Příspěvek od **jansv** » stř 31. pro 2008, 00:30

Vše je OK. Jak se nyní chová PC? Nejsou s ním problémy, nezlobí, ... ? Jo jinak nezapoměň na ten Eset Smart Security, ten je lepší nežli Avast. Tak přeji hodně štěstí, měj se a kdykoliv se na toto forum můžeš obrátit. Jestli nejsou problémy, je to všechno.

mikeloak · Příspěvek od **mikeloak** » stř 31. pro 2008, 07:09

díky zatim to je dobrý, dobrá zkušenost

bet Esetu se to neobejde
měj se

jansv · Příspěvek od **jansv** » stř 31. pro 2008, 11:32

OK, to jsem rád.

Wonder Figi · Příspěvek od **Wonder Figi** » pát 2. led 2009, 19:19

Ahoj, potřeboval bych zkontrolovat Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:54:20, on 2.1.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\jalcds\jalcds.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Wonder\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe
D:\kvetule9\SetPoint\SetPoint.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.1.0.33\IPSBHO.DLL
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\Program Files\Mass Downloader\MDHELPER.DLL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [jaLCDs] C:\Program Files\jalcds\jalcds.exe wait
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Wonder\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: MBM 5.lnk = C:\Program Files\Motherboard Monitor 5\MBM5.exe
O4 - Startup: Výročí.lnk = C:\Program Files\Vyroci\vyroci.exe
O4 - Startup: StrongDC.lnk = C:\Program Files\Strong dc++\StrongDC.exe
O4 - Global Startup: jaLCDs.lnk = C:\Program Files\jalcds\jaLCDs.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\kvetule9\SetPoint\SetPoint.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Stáhnout &vše pomocí Mass Downloader - C:\Program Files\Mass Downloader\Add_All.htm
O8 - Extra context menu item: Stáhnout pomocí &Mass Downloader - C:\Program Files\Mass Downloader\Add_Url.htm
O8 - Extra context menu item: Stáhnout pomocí BitSpiritu - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
O9 - Extra 'Tools' menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\aaa\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\aaa\ICQ6.5\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3972835640
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O18 - Protocol: bw+0 - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {42B98B82-CA95-4F5A-95D5-81BB9C20A960} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - (no file)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 21124 bytes

Zamrzá mi PC a tak to zkouším takhle. Dík

jansv · Příspěvek od **jansv** » pát 2. led 2009, 19:25

Ahoj, rád, ale založ si prosím své Téma v sekci Viry, antiviry a bezpečnost. Když se takhle někam přilepší, nejen že to nikdo nenajde, ale i by v tom byl bordel. A já nebo kdokoliv jiný z fora Ti to zkontroluje.

Wonder Figi · Příspěvek od **Wonder Figi** » pát 2. led 2009, 19:26

Aha sorry, dík. Jdu na to.

jansv · Příspěvek od **jansv** » pát 2. led 2009, 19:27

Samozřejmě, v pohodě.

Zkontrolování HiJackThis

Zkontrolování HiJackThis

Re: Zkontrolování HiJackThis

Re: Zkontrolování HiJackThis

Re: Zkontrolování HiJackThis

Re: Zkontrolování HiJackThis

Re: Zkontrolování HiJackThis

Re: Zkontrolování HiJackThis

Re: Zkontrolování HiJackThis

Re: Zkontrolování HiJackThis

Re: Zkontrolování HiJackThis

Re: Zkontrolování HiJackThis

Re: Zkontrolování HiJackThis

Re: Zkontrolování HiJackThis

Re: Zkontrolování HiJackThis

Re: Zkontrolování HiJackThis

Re: Zkontrolování HiJackThis

Re: Zkontrolování HiJackThis

Re: Zkontrolování HiJackThis

Re: Zkontrolování HiJackThis

Re: Zkontrolování HiJackThis