br4n0 píše:
control center - avg resident shield - properties - turn on avg resident shield. ComboFix je freeware.
Práve že take tam nemam. Ja mam tu freewerovu verziu AVG. Ale jednoducho som ukoncil v spravci uloch a zmizla mi ikonka aj spybot som tak spravil. Dufam ze dobre. tu je ten log:
ComboFix 08-03-25.3 - XXX 2008-03-26 9:05:18.1 - NTFSx86
Microsoft Windows XP Home Edition
Running from: C:\Documents and Settings\XXX\Plocha\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-02-26 to 2008-03-26 )))))))))))))))))))))))))))))))
.
2008-03-25 18:02 . 2008-03-25 18:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-22 14:27 . 2008-03-22 14:27 <DIR> d-------- C:\Documents and Settings\Simona\Data aplikací\Leadertech
2008-03-22 14:26 . 2008-03-22 14:26 <DIR> d-------- C:\Program Files\Common Files\PocketSoft
2008-03-22 14:26 . 2002-02-27 18:50 197,120 --a------ C:\WINDOWS\patchw32.dll
2008-03-22 14:16 . 2008-03-22 14:16 <DIR> d-------- C:\Program Files\Atari
2008-03-22 14:06 . 2008-03-22 14:06 <DIR> d-------- C:\Documents and Settings\Simona\Data aplikací\Atari
2008-03-22 13:00 . 2008-03-22 13:00 <DIR> d-------- C:\Program Files\Google
2008-03-21 22:52 . 2008-03-14 14:13 <DIR> d-a------ C:\Program Files\Miranda IM-LE
2008-03-21 22:18 . 2008-03-21 22:19 <DIR> d-a------ C:\Program Files\Miranda IM-DE
2008-03-21 12:44 . 2008-03-21 12:45 <DIR> d-------- C:\Program Files\QIP
2008-03-20 20:12 . 2008-03-20 20:12 390 --a------ C:\WINDOWS\ODBC.INI
2008-03-11 16:36 . 2008-03-11 16:36 <DIR> d---s---- C:\Documents and Settings\Simona\UserData
2008-03-06 12:59 . 2008-03-06 12:59 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-03-06 12:49 . 2008-03-06 12:49 <DIR> d-------- C:\Program Files\Webteh
2008-03-04 15:47 . 2008-03-04 15:47 <DIR> d-------- C:\Program Files\Phenix-Q8
2008-03-04 15:47 . 2008-03-04 15:47 <DIR> d-------- C:\Program Files\Common Files\PCCamera
2008-02-27 19:00 . 2008-02-27 19:00 <DIR> d-------- C:\Program Files\Didakta - Zemepis
2008-02-27 19:00 . 2003-03-10 10:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-02-27 19:00 . 2008-02-27 19:00 87 --a------ C:\WINDOWS\didakta.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-26 08:12 61,818,912 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-26 07:54 --------- d-----w C:\Documents and Settings\Simona\Data aplikací\AVG7
2008-03-25 19:58 714,692 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-25 15:43 --------- d-----w C:\Documents and Settings\Simona\Data aplikací\Skype
2008-03-25 15:33 --------- d-----w C:\Documents and Settings\Simona\Data aplikací\skypePM
2008-03-22 13:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-22 13:13 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-22 13:01 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2008-03-21 19:38 --------- d-----w C:\Documents and Settings\Simona\Data aplikací\OpenOffice.org2
2008-03-15 10:59 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-03-14 15:25 --------- d-----w C:\Documents and Settings\Michal-užívateľ\Data aplikací\AVG7
2008-03-09 08:38 --------- d-----w C:\Program Files\Java
2008-02-24 08:55 --------- d-----w C:\Program Files\Paragon Software
2008-02-23 13:21 --------- d-----w C:\Program Files\Common Files\Java
2008-02-19 19:45 --------- d-----w C:\Program Files\Microsoft Works
2008-02-19 14:52 --------- d-----w C:\Program Files\Microsoft Games
2008-02-19 13:58 --------- d-----w C:\Program Files\PowerISO
2008-02-10 18:01 1,468,416 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-04 10:43 --------- d-----w C:\Program Files\TEXTware
2008-02-04 09:05 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-02-04 08:59 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-30 09:21 --------- d-----w C:\Program Files\QIP Infium
2008-01-28 16:39 --------- d-----w C:\Program Files\7-Zip
2008-01-27 20:26 1,430,528 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-01-26 11:00 --------- d-----w C:\Program Files\hp deskjet 5550 series
2008-01-26 11:00 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-26 10:50 --------- d-----w C:\Program Files\Guitar Pro 4
2008-01-20 16:39 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-16 17:47 32 ----a-w C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
2008-01-16 15:03 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-01-16 15:03 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-01-16 12:56 502,272 ----a-w C:\WINDOWS\system32\winlogon.exe
2008-01-16 12:49 69,632 ----a-w C:\WINDOWS\system32\vuins32.dll
2008-01-16 12:49 337,320 ------w C:\WINDOWS\system32\difxapi.dll
.
------- Sigcheck -------
2008-01-16 13:56 502272 427e6ded3a2369d3432a683eb489ee14 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-01-20 17:06 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-01-20 17:06 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-01-20 17:06 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 13:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-17 15:58 1667584]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 15:48 528384]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 13:06 40048]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-18 14:40 579072]
"NvCplDaemon"="NvQTwk" []
"nwiz"="nwiz.exe" [2002-01-15 08:06 299008 C:\WINDOWS\system32\nwiz.exe]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 13:20 188416]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 08:05 217088]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 13:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-18 14:40 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2007-11-06 09:38]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2008-01-16 13:47]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-01-16 13:49]
R3 PAC7311;Phenix-Q8;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-10-18 11:48]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 13:00]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-03-26 09:12:11
Windows Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AudioDeck = C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-26 9:14:06
ComboFix-quarantined-files.txt 2008-03-26 08:13:56
A este 1 otazocka preco sa mi po teste nastavil ako vychodzi prehliadac Internet Explorer? sa mi na ploche spravila aj ikonka. Dakujem