Prosím o kontrolu logu

thegamer · Příspěvekod **thegamer** » 07 říj 2009 17:37

Takže tu mám zase problém při nalogování do woken .. Modrá obrazovka s tím abych odeslal sms .. Dělal sem Malwarebyte´s Anti - Malware nic.. Combofix nic.. Trojan Remover nic.. a přitom To "Ubohý prošení o poslání sms." Se tam furt drží..
PC mám teď spuštěný přes Nouzový režim to už "nevyskakuje" modrá obrazovka s prosbou o sms ale jak se lognu do woken normálně tak na mě hned vybafne..

Tady sou linky na Logy z programů..

Kód: Vybrat vše

http://uloz.to/2755232/hijackthis.log

Kód: Vybrat vše

http://uloz.to/2755283/combofix.txt

Kód: Vybrat vše

http://uloz.to/2755332/mbam-log-2009-10-07-17-36-01-.txt

Díky za každou pomoc.. :smile:

Doufám že na to někdo příde.. :idea:

Reklama

pitimir · Příspěvekod **pitimir** » 07 říj 2009 17:43

Nazdar.

1) Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:

Kód: Vybrat vše

KillAll::
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"graphic"=-

Folder::
c:\windows\graphic

DDS::
uStart Page = hxxp://www.centrum.cz/skinit/icq/

FireFox::
FF - ProfilePath - d:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\uxtjudpz.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search

Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.

Obrázek

Program script spracuje a spravi novy log.

Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.

2) Otestuj subor(y) na VIRUSTOTALe:

Kód: Vybrat vše

d:\windows\system32\sfcfiles.dll

Ak vypise, ze subor uz bol testovany, daj ho otestovat znovu. Vysledok posli ako LINK.

thegamer · Příspěvekod **thegamer** » 07 říj 2009 17:57

Tady je log z combofixu ted du na virus total..

ComboFix 09-10-06.04 - Admin 07.10.2009 17:47.4.2 - NTFSx86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2947 [GMT 2:00]
Spuštěný z: d:\documents and settings\Admin\Plocha\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\Admin\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 091006-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\graphic
c:\windows\graphic\driver.exe
c:\windows\graphic\startdvr.dll
c:\windows\graphic\starttim.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-07 do 2009-10-07 )))))))))))))))))))))))))))))))
.

2009-10-07 14:52 . 2006-06-19 11:01 69632 ----a-w- d:\windows\system32\ztvcabinet.dll
2009-10-07 14:52 . 2006-05-25 13:52 162304 ----a-w- d:\windows\system32\ztvunrar36.dll
2009-10-07 14:52 . 2005-08-25 23:50 77312 ----a-w- d:\windows\system32\ztvunace26.dll
2009-10-07 14:52 . 2003-02-02 18:06 153088 ----a-w- d:\windows\system32\UNRAR3.dll
2009-10-07 14:52 . 2002-03-05 23:00 75264 ----a-w- d:\windows\system32\unacev2.dll
2009-10-07 14:52 . 2009-10-07 14:52 -------- d-----w- d:\program files\Trojan Remover
2009-10-07 14:34 . 2008-12-11 06:38 159600 ----a-w- d:\windows\system32\drivers\pctgntdi.sys
2009-10-07 14:34 . 2009-08-24 12:05 206256 ----a-w- d:\windows\system32\drivers\PCTCore.sys
2009-10-07 14:34 . 2009-08-19 09:01 86888 ----a-w- d:\windows\system32\drivers\PCTAppEvent.sys
2009-10-07 14:34 . 2009-10-07 14:35 -------- d-----w- d:\program files\Common Files\PC Tools
2009-10-07 14:34 . 2008-12-10 09:36 64392 ----a-w- d:\windows\system32\drivers\pctplsg.sys
2009-10-07 14:34 . 2009-10-07 14:35 -------- d-----w- d:\program files\Spyware Doctor
2009-10-07 14:01 . 2009-10-07 15:38 664 ----a-w- d:\windows\system32\d3d9caps.dat
2009-10-03 08:02 . 2009-10-03 08:03 -------- d-----w- d:\program files\TO2SSM
2009-10-03 07:55 . 2009-10-03 08:02 -------- d-----w- d:\program files\Common Files\Motive
2009-10-02 20:21 . 2009-10-02 20:21 -------- d-----w- d:\program files\Intelore
2009-10-02 13:48 . 2009-10-02 13:48 -------- d-----w- d:\windows\1C4551A64743409391E41477CD655043.TMP
2009-09-30 13:53 . 2009-03-19 14:32 23400 ----a-w- d:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-30 13:53 . 2008-04-17 10:12 107368 ----a-w- d:\windows\system32\GEARAspi.dll
2009-09-30 13:52 . 2009-09-30 13:52 -------- d-----w- d:\program files\iPod
2009-09-30 13:52 . 2009-09-30 13:52 -------- d-----w- d:\program files\Bonjour
2009-09-30 13:52 . 2009-09-30 13:52 -------- d-----w- d:\program files\QuickTime
2009-09-30 13:52 . 2009-09-30 13:52 -------- d-----w- d:\program files\Apple Software Update
2009-09-30 13:51 . 2009-06-05 09:42 39424 ----a-w- d:\windows\system32\drivers\usbaapl.sys
2009-09-30 13:51 . 2009-06-05 09:42 2060288 ----a-w- d:\windows\system32\usbaaplrc.dll
2009-09-30 13:51 . 2009-09-30 13:52 -------- d-----w- d:\program files\Common Files\Apple
2009-09-29 18:22 . 2006-10-26 17:56 32592 ----a-w- d:\windows\system32\msonpmon.dll
2009-09-29 18:21 . 2009-09-29 18:21 -------- d-----w- d:\program files\Microsoft Works
2009-09-29 18:21 . 2009-09-29 18:21 -------- d-----w- d:\program files\Microsoft.NET
2009-09-29 18:17 . 2009-09-29 18:17 -------- d-----w- d:\windows\SHELLNEW
2009-09-29 18:16 . 2009-09-29 18:16 -------- d-----r- D:\MSOCache
2009-09-29 13:34 . 2009-09-29 18:12 -------- d-----w- d:\program files\NetRadio 2.01
2009-09-28 15:27 . 2001-08-18 04:36 8704 -c--a-w- d:\windows\system32\dllcache\kbdjpn.dll
2009-09-28 15:27 . 2001-08-18 04:36 8704 ----a-w- d:\windows\system32\kbdjpn.dll
2009-09-28 15:27 . 2001-08-18 04:36 8192 -c--a-w- d:\windows\system32\dllcache\kbdkor.dll
2009-09-28 15:27 . 2001-08-18 04:36 8192 ----a-w- d:\windows\system32\kbdkor.dll
2009-09-28 15:27 . 2001-08-17 20:55 6144 -c--a-w- d:\windows\system32\dllcache\kbd101c.dll
2009-09-28 15:27 . 2001-08-17 20:55 6144 -c--a-w- d:\windows\system32\dllcache\kbd101b.dll
2009-09-28 15:27 . 2001-08-17 20:55 6144 ----a-w- d:\windows\system32\kbd101c.dll
2009-09-28 15:27 . 2001-08-17 20:55 6144 ----a-w- d:\windows\system32\kbd101b.dll
2009-09-28 15:27 . 2001-08-17 20:55 5632 -c--a-w- d:\windows\system32\dllcache\kbd103.dll
2009-09-28 15:27 . 2001-08-17 20:55 5632 ----a-w- d:\windows\system32\kbd103.dll
2009-09-28 15:27 . 2008-04-14 06:48 6144 -c--a-w- d:\windows\system32\dllcache\kbd106.dll
2009-09-28 15:27 . 2008-04-14 06:48 6144 ----a-w- d:\windows\system32\kbd106.dll
2009-09-28 15:26 . 2009-09-28 15:34 -------- d-----w- D:\Lineage2
2009-09-27 13:59 . 2009-09-27 14:05 -------- d-----w- D:\Lineage II
2009-09-27 11:56 . 2009-09-27 11:57 -------- d-----w- d:\program files\X-ray Anti-Cheat
2009-09-27 11:55 . 2009-09-27 11:57 -------- d-----w- d:\program files\XAC
2009-09-27 11:24 . 2009-09-27 11:24 25280 ----a-w- d:\windows\system32\drivers\hamachi.sys
2009-09-26 16:10 . 2009-09-26 16:10 -------- d-----w- d:\program files\BrainWave Generator
2009-09-26 16:10 . 1997-11-19 13:49 303616 ----a-w- d:\windows\IsUninst.exe
2009-09-26 07:43 . 2009-09-26 07:43 -------- d-----w- d:\windows\system32\xlive
2009-09-26 07:43 . 2009-09-26 07:44 -------- d-----w- d:\program files\Microsoft Games for Windows - LIVE
2009-09-26 07:43 . 2009-09-26 07:43 -------- d-----w- d:\windows\6833245EDD86479A882A8360D62C8194.TMP
2009-09-25 19:40 . 2009-09-25 19:40 -------- d-----w- d:\documents and settings\Admin\Games
2009-09-24 11:35 . 2009-09-24 11:35 -------- d-----w- d:\program files\Lineage II
2009-09-22 16:41 . 2009-09-10 12:54 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2009-09-22 16:41 . 2009-10-07 15:30 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2009-09-22 16:41 . 2009-09-10 12:53 19160 ----a-w- d:\windows\system32\drivers\mbam.sys
2009-09-21 17:31 . 2009-09-21 17:31 -------- d-----w- d:\program files\McAfee Security Scan
2009-09-20 16:29 . 2009-03-09 13:27 453456 ----a-w- d:\windows\system32\d3dx10_41.dll
2009-09-20 16:29 . 2009-03-09 13:27 1846632 ----a-w- d:\windows\system32\D3DCompiler_41.dll
2009-09-20 16:29 . 2009-03-09 13:27 4178264 ----a-w- d:\windows\system32\D3DX9_41.dll
2009-09-20 16:29 . 2009-03-16 12:18 69448 ----a-w- d:\windows\system32\XAPOFX1_3.dll
2009-09-20 16:29 . 2009-03-16 12:18 517448 ----a-w- d:\windows\system32\XAudio2_4.dll
2009-09-20 16:29 . 2009-03-16 12:18 235352 ----a-w- d:\windows\system32\xactengine3_4.dll
2009-09-20 16:29 . 2009-03-16 12:18 22360 ----a-w- d:\windows\system32\X3DAudio1_6.dll
2009-09-20 16:25 . 2009-09-20 16:25 -------- d-----w- d:\windows\system32\AGEIA
2009-09-20 16:25 . 2009-09-20 16:25 -------- d-----w- d:\program files\AGEIA Technologies
2009-09-20 13:59 . 2009-09-21 16:39 2287104 ----a-w- d:\windows\system32\TUKernel.exe
2009-09-20 13:48 . 2008-02-27 11:15 28416 ----a-w- d:\windows\system32\uxtuneup.dll
2009-09-20 13:48 . 2009-09-20 13:48 307968 ----a-w- d:\windows\system32\TuneUpDefragService.exe
2009-09-20 13:02 . 2009-09-24 08:30 -------- d-----w- d:\program files\Findbasic
2009-09-20 13:02 . 2009-09-20 13:05 -------- d-----w- d:\program files\FileSubmit
2009-09-20 13:02 . 2009-09-20 13:04 -------- d-----w- d:\windows\Icons
2009-09-20 12:48 . 2009-09-20 12:48 -------- d-----w- d:\program files\TGTSoft
2009-09-20 12:41 . 2009-10-07 15:51 -------- d-----w- d:\documents and settings\Admin\.rainlendar2
2009-09-20 12:41 . 2009-09-20 12:41 -------- d-----w- d:\program files\Rainlendar2
2009-09-19 15:00 . 2009-09-19 15:02 -------- d-----w- d:\program files\CD Art Display
2009-09-19 15:00 . 2003-01-27 12:27 94208 ----a-w- d:\windows\system32\wmpuice.dll
2009-09-19 14:59 . 2009-09-19 14:59 -------- d-----w- d:\windows\Downloaded Installations
2009-09-18 20:35 . 2009-09-18 20:35 -------- d-----w- d:\program files\VideoLAN
2009-09-17 19:28 . 2005-09-01 09:03 5888 ------w- d:\windows\system32\drivers\imagedrv.sys
2009-09-17 19:28 . 2005-09-01 09:03 127488 ------w- d:\windows\system32\drivers\imagesrv.sys
2009-09-17 19:28 . 2004-07-26 14:16 476320 ------w- d:\windows\system32\ImagXpr7.dll
2009-09-17 19:28 . 2004-07-26 14:16 471040 ------w- d:\windows\system32\ImagXRA7.dll
2009-09-17 19:28 . 2004-07-26 14:16 262144 ------w- d:\windows\system32\ImagXR7.dll
2009-09-17 19:28 . 2004-07-26 14:16 1568768 ------w- d:\windows\system32\ImagX7.dll
2009-09-17 19:28 . 2004-07-09 06:43 364544 ------w- d:\windows\system32\TwnLib4.dll
2009-09-17 19:28 . 2000-06-26 08:45 106496 ----a-w- d:\windows\system32\TwnLib20.dll
2009-09-17 19:28 . 2009-09-17 19:28 -------- d-----w- d:\program files\Ahead
2009-09-17 19:28 . 2009-09-17 19:28 -------- d-----w- d:\program files\Common Files\Ahead
2009-09-17 19:28 . 2001-07-09 08:50 155648 ----a-w- d:\windows\system32\NeroCheck.exe
2009-09-17 19:25 . 2009-09-17 19:25 -------- d-----w- d:\program files\Yahoo!
2009-09-17 19:18 . 2009-09-17 19:19 35792800 ----a-w- D:\nero6614.exe
2009-09-17 15:43 . 2008-04-13 22:15 15104 -c--a-w- d:\windows\system32\dllcache\usbscan.sys
2009-09-17 15:43 . 2008-04-13 22:15 15104 ----a-w- d:\windows\system32\drivers\usbscan.sys
2009-09-16 19:12 . 2009-09-16 19:12 -------- d-----w- d:\documents and settings\Admin\dwhelper
2009-09-13 10:58 . 2009-08-16 15:08 178176 ----a-w- d:\windows\system32\unrar.dll
2009-09-13 10:58 . 2009-05-29 21:37 205824 ----a-w- d:\windows\system32\xvidvfw.dll
2009-09-13 10:58 . 2009-05-29 21:31 881664 ----a-w- d:\windows\system32\xvidcore.dll
2009-09-13 10:58 . 2004-01-24 22:00 70656 ----a-w- d:\windows\system32\yv12vfw.dll
2009-09-13 10:58 . 2009-06-02 16:11 85504 ----a-w- d:\windows\system32\ff_vfw.dll
2009-09-13 10:58 . 2009-09-13 10:58 -------- d-----w- d:\program files\K-Lite Codec Pack
2009-09-12 12:47 . 2005-05-10 16:54 258352 ----a-w- d:\windows\system32\unicows.dll
2009-09-11 14:21 . 2009-09-11 14:21 56 ---ha-w- d:\windows\system32\ezsidmv.dat
2009-09-09 16:57 . 2009-09-09 16:57 -------- d-----w- d:\program files\Common Files\Borland Shared
2009-09-09 16:57 . 1999-01-20 03:01 210032 ----a-w- d:\windows\system32\DBCLIENT.DLL
2009-09-09 16:57 . 2009-09-09 19:05 -------- d-----w- d:\program files\Teacher
2009-09-08 13:30 . 2009-09-08 13:30 -------- d-----w- d:\program files\Common Files\Skype
2009-09-08 13:30 . 2009-09-08 13:31 -------- d-----r- d:\program files\Skype
2009-09-07 16:48 . 2007-05-17 15:30 318976 ----a-w- d:\windows\system32\avisynth.dll
2009-09-07 16:48 . 2004-02-22 08:11 719872 ----a-w- d:\windows\system32\devil.dll
2009-09-07 16:48 . 2004-01-24 22:00 70656 ----a-w- d:\windows\system32\i420vfw.dll
2009-09-07 16:47 . 2009-09-07 16:47 -------- d-----w- d:\program files\AviSynth 2.5
2009-09-07 16:47 . 2008-03-16 12:30 216064 --sh--r- d:\windows\system32\nbDX.dll
2009-09-07 16:47 . 2007-02-21 10:47 31232 --sh--r- d:\windows\system32\msfDX.dll
2009-09-07 16:47 . 2006-05-03 09:06 163328 --sh--r- d:\windows\system32\flvDX.dll
2009-09-07 16:47 . 2009-09-07 16:47 -------- d-----w- d:\program files\eRightSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-07 14:03 . 2009-08-25 12:02 -------- d-----w- d:\program files\Common Files\Wise Installation Wizard
2009-10-02 13:48 . 2009-08-18 15:05 281760 ----a-w- d:\windows\system32\drivers\atksgt.sys
2009-10-02 13:48 . 2009-08-18 15:05 25888 ----a-w- d:\windows\system32\drivers\lirsgt.sys
2009-10-02 13:42 . 2009-08-14 09:01 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-10-01 16:10 . 2009-08-15 09:19 138808 ----a-w- d:\windows\system32\drivers\PnkBstrK.sys
2009-10-01 16:10 . 2009-08-15 09:18 190144 ----a-w- d:\windows\system32\PnkBstrB.exe
2009-09-29 18:02 . 2009-08-21 16:10 -------- d-----w- d:\program files\GoQ - NetRadio
2009-09-24 12:29 . 2009-08-14 09:01 -------- d-----w- d:\program files\Common Files\InstallShield
2009-09-20 08:55 . 2009-08-14 21:33 -------- d-----w- d:\program files\BitComet
2009-09-06 07:54 . 2009-09-05 18:22 -------- d-----w- d:\program files\DAEMON Tools Lite
2009-09-05 16:27 . 2009-08-27 14:45 37 ----a-w- d:\documents and settings\Admin\jagex_runescape_preferences.dat
2009-09-05 16:14 . 2009-09-05 16:13 45 ----a-w- d:\documents and settings\Admin\jagex_runescape_preferences2.dat
2009-09-05 13:57 . 2009-08-15 10:16 -------- d-----w- d:\program files\Common Files\Adobe
2009-09-05 10:48 . 2009-09-05 10:02 -------- d-----w- d:\program files\Scorpions WinCheater
2009-09-01 14:45 . 2009-09-01 14:44 -------- d-----w- d:\program files\Magic Bullet Editors 2.0 Vegas
2009-09-01 14:02 . 2009-09-01 13:57 -------- d-----w- d:\program files\NewBlue
2009-09-01 13:57 . 2009-09-01 13:57 -------- d-----w- d:\program files\Common Files\eSellerate
2009-09-01 13:57 . 2009-09-01 13:57 -------- d-----w- d:\program files\Sonic Foundry
2009-09-01 13:56 . 2009-09-01 13:56 -------- d-----w- d:\program files\Panopticum Lens Pro 3.5 For Vegas
2009-09-01 13:12 . 2009-09-01 13:12 -------- d-----w- d:\program files\Pixelan
2009-08-30 14:54 . 2009-08-30 14:47 -------- d-----w- d:\program files\Mumble
2009-08-27 16:14 . 2009-08-27 16:09 -------- d-----w- d:\program files\Winferno
2009-08-27 16:11 . 2009-08-27 16:10 -------- d-----w- d:\program files\RS2Bot
2009-08-27 16:09 . 2009-08-27 16:09 -------- d-----w- d:\program files\Free Offers from Freeze.com
2009-08-27 16:09 . 2009-08-27 16:09 -------- d-----w- d:\program files\Common Files\Winferno
2009-08-27 14:43 . 2009-08-27 14:43 411368 ----a-w- d:\windows\system32\deploytk.dll
2009-08-27 14:43 . 2009-08-27 14:43 -------- d-----w- d:\program files\Java
2009-08-25 12:02 . 2009-08-25 12:02 -------- d-----w- d:\program files\Ventrilo
2009-08-23 09:04 . 2009-08-23 09:04 794408 ----a-w- d:\windows\system32\pbsvc.exe
2009-08-23 09:04 . 2009-08-15 09:18 75064 ----a-w- d:\windows\system32\PnkBstrA.exe
2009-08-23 08:35 . 2009-08-23 08:35 -------- d-----w- d:\program files\hp photosmart
2009-08-21 16:09 . 2009-08-21 16:08 -------- d-----w- d:\program files\NetRadio 1.01
2009-08-20 07:39 . 2009-08-20 07:39 -------- d-----w- d:\program files\Electronic Arts
2009-08-19 13:47 . 2009-08-19 13:47 -------- d-----w- d:\program files\GamePark
2009-08-17 16:10 . 2009-08-14 10:11 1279456 ----a-w- d:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-08-14 10:11 93392 ----a-w- d:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-08-14 10:11 94160 ----a-w- d:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-08-25 08:06 114768 ----a-w- d:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-08-25 08:06 20560 ----a-w- d:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-08-14 10:11 51376 ----a-w- d:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-08-14 10:11 23152 ----a-w- d:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-08-14 10:11 26944 ----a-w- d:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-08-14 10:11 97480 ----a-w- d:\windows\system32\AvastSS.scr
2009-08-17 15:49 . 2009-08-17 15:37 29566 ----a-w- d:\windows\scunin.dat
2009-08-17 15:49 . 2009-08-17 15:37 967 ----a-w- d:\windows\ScUnin.pif
2009-08-17 15:49 . 2009-08-17 15:37 94208 ----a-w- d:\windows\ScUnin.exe
2009-08-16 08:25 . 2009-08-16 08:25 -------- d-----w- d:\program files\iZ3D Driver
2009-08-16 01:24 . 2001-10-25 12:00 77872 ----a-w- d:\windows\system32\perfc005.dat
2009-08-16 01:24 . 2001-10-25 12:00 428750 ----a-w- d:\windows\system32\perfh005.dat
2009-08-16 01:08 . 2009-08-16 01:08 -------- d-----w- d:\program files\MSBuild
2009-08-16 01:08 . 2009-08-16 01:08 -------- d-----w- d:\program files\Reference Assemblies
2009-08-15 16:34 . 2009-08-15 16:34 107888 ----a-w- d:\windows\system32\CmdLineExt.dll
2009-08-15 16:18 . 2009-08-15 16:18 -------- d-----w- d:\program files\Ubisoft
2009-08-15 16:16 . 2009-08-15 16:16 -------- d-----w- d:\program files\Alcohol Soft
2009-08-15 16:12 . 2009-08-15 16:12 721904 ----a-w- d:\windows\system32\drivers\sptd.sys
2009-08-15 10:35 . 2009-08-15 10:18 -------- d-----w- d:\program files\Counter-Strike Source
2009-08-15 10:23 . 2009-08-15 10:23 -------- d-----w- d:\program files\Adobe Media Player
2009-08-15 10:20 . 2009-08-15 10:20 -------- d-----w- d:\program files\Common Files\Adobe AIR
2009-08-15 10:18 . 2009-08-15 10:18 -------- d-----w- d:\program files\Common Files\Macrovision Shared
2009-08-14 21:38 . 2009-08-14 21:38 -------- d-----w- d:\program files\Bitcomet Ultra Accelerator
2009-08-14 19:46 . 2009-08-14 19:46 -------- d-----w- d:\program files\Fantasy Moon 3D Screensaver
2009-08-14 19:44 . 2009-08-14 19:44 -------- d-----w- d:\program files\Lagoon 3D Screensaver
2009-08-14 19:40 . 2009-08-14 19:40 -------- d-----w- d:\program files\Coral Clock 3D Screensaver
2009-08-14 19:35 . 2009-08-14 19:28 -------- d-----w- d:\program files\3Planesoft Screensaver Manager
2009-08-14 19:35 . 2009-08-14 19:35 -------- d-----w- d:\program files\Earth 3D Screensaver
2009-08-14 19:31 . 2009-08-14 19:31 -------- d-----w- d:\program files\Voyage of Columbus 3D Screensaver
2009-08-14 19:28 . 2009-08-14 19:28 -------- d-----w- d:\program files\Fireplace 3D Screensaver
2009-08-14 11:46 . 2009-08-14 11:45 -------- d-----w- d:\program files\ICQ6.5
2009-08-14 10:52 . 2009-08-14 10:52 -------- d-----w- d:\program files\Common Files\INCA Shared
2009-08-14 10:15 . 2009-08-14 10:15 0 ----a-w- d:\windows\nsreg.dat
2009-08-14 10:11 . 2009-08-14 10:11 -------- d-----w- d:\program files\Alwil Software
2009-08-14 09:16 . 2009-08-14 09:16 -------- d-----w- d:\program files\Innovative Solutions
2009-08-14 09:14 . 2009-08-14 09:14 0 ----a-w- d:\windows\ativpsrm.bin
2009-08-14 09:12 . 2009-08-14 09:04 -------- d-----w- d:\program files\ATI Technologies
2009-08-14 09:01 . 2009-08-14 09:01 -------- d-----w- d:\program files\Realtek
2009-08-14 09:01 . 2009-08-14 09:01 315392 ----a-w- d:\windows\HideWin.exe
2009-08-14 08:59 . 2009-08-14 08:59 -------- d-----w- d:\program files\Intel
2009-08-14 08:49 . 2009-08-14 08:49 -------- d-----w- d:\program files\microsoft frontpage
2009-08-14 08:46 . 2009-08-14 08:46 -------- d-----w- d:\program files\Windows Media Connect 2
2009-08-14 04:58 . 2009-10-07 14:34 7396 ----a-w- d:\windows\system32\drivers\pctcore.cat
2009-08-05 09:01 . 2008-04-14 06:51 205312 ----a-w- d:\windows\system32\mswebdvd.dll
2009-07-29 04:36 . 2008-04-14 06:52 119808 ----a-w- d:\windows\system32\t2embed.dll
2009-07-29 04:36 . 2008-04-14 06:51 81920 ----a-w- d:\windows\system32\fontsub.dll
2009-07-20 07:34 . 2009-07-20 07:34 70936 ----a-w- d:\windows\system32\PhysXLoader.dll
2009-07-17 19:04 . 2008-04-14 06:51 58880 ----a-w- d:\windows\system32\atl.dll
2009-07-14 15:17 . 2009-07-14 15:17 15308440 ----a-w- d:\windows\system32\xlive.dll
2009-07-14 15:17 . 2009-07-14 15:17 13642888 ----a-w- d:\windows\system32\xlivefnt.dll
2009-07-13 21:43 . 2008-08-08 15:42 286208 ----a-w- d:\windows\system32\wmpdxm.dll
2006-05-03 09:06 . 2009-09-07 16:47 163328 --sh--r- d:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-09-07 16:47 31232 --sh--r- d:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-09-07 16:47 216064 --sh--r- d:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[-] 2008-08-08 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . d:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-10-07_13.44.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-07 15:51 . 2009-10-07 15:51 16384 d:\windows\temp\Perflib_Perfdata_700.dat
+ 2009-10-07 15:51 . 2009-10-07 15:51 16384 d:\windows\temp\Perflib_Perfdata_668.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\programs\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Rainlendar2"="d:\program files\Rainlendar2\Rainlendar2.exe" [2008-08-24 4067328]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="d:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HPHmon03"="d:\windows\system32\hphmon03.exe" [2006-01-13 311296]
"Malwarebytes Anti-Malware (reboot)"="d:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\programs\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"TO2SSM_McciTrayApp"="d:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"TrojanScanner"="d:\program files\Trojan Remover\Trjscan.exe" [2009-09-15 1069960]
"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.exe [2007-10-12 16384512]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

d:\documents and settings\Admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
NetRadio - aktualizace stanic.lnk - d:\program files\NetRadio 2.01\AWLstartup.exe [2003-8-22 61440]

d:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
McAfee Security Scan.lnk - d:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="d:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="d:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"STYLEXP"=d:\program files\TGTSoft\StyleXP\StyleXP.exe -Hide

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\Program Files\\BitComet\\BitComet.exe"=
"d:\\WINDOWS\\system32\\PnkBstrA.exe"=
"d:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Games\\HLSW\\hlsw.exe"=
"d:\\Games\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Games\\Ubisoft\\Prince of Persia\\Prince of Persia.exe"=
"c:\\Games\\Ubisoft\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"c:\\Games\\Ubisoft\\Techland\\Call of Juarez - Bound in Blood\\CoJBiBGame_x86.exe"=
"c:\\Games\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"=
"c:\\Games\\Counter-Strike 1.6\\hl.exe"=
"c:\\Games\\Electronic Arts\\Dead Space\\Dead Space.exe"=
"c:\\Games\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\Documents and Settings\\Admin\\Games\\Tom Clancy's H.A.W.X\\HAWX.exe"=
"d:\\Documents and Settings\\Admin\\Games\\Tom Clancy's H.A.W.X\\HAWX_dx10.exe"=
"c:\\Games\\Eidos\\Batman Arkham Asylum\\Binaries\\ShippingPC-BmGame.exe"=
"c:\\Games\\TmUnitedForever\\TmForever.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Programs\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Games\\Saints Row 2\\SR2_pc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10281:TCP"= 10281:TCP:BitComet 10281 TCP
"10281:UDP"= 10281:UDP:BitComet 10281 UDP

R0 PCTCore;PCTools KDS;d:\windows\system32\drivers\PCTCore.sys [7.10.2009 16:34 206256]
R1 aswSP;avast! Self Protection;d:\windows\system32\drivers\aswSP.sys [25.8.2009 10:06 114768]
R1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;d:\program files\iZ3D Driver\Win32\S3DInjectionDriver.sys [16.8.2009 10:25 23672]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [25.8.2009 10:06 20560]
R2 Findbasic Service;Findbasic Service;d:\documents and settings\All Users\Data aplikací\Findbasic\findbasic125.exe [23.9.2009 17:02 54776]
R2 S3D Service (Win32);S3D Service (Win32);d:\program files\iZ3D Driver\Win32\S3DCService.exe [16.8.2009 10:25 233472]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;d:\windows\system32\drivers\AtiHdmi.sys [14.8.2009 11:04 89600]
R3 Dot4Usb HPH09;Dot4Usb HPH09;d:\windows\system32\drivers\hphius09.sys [23.8.2009 10:34 18864]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;d:\windows\system32\drivers\whfltr2k.sys [14.8.2009 11:36 6784]
S3 sdAuxService;PC Tools Auxiliary Service;d:\program files\Spyware Doctor\pctsAuxs.exe [7.10.2009 16:34 348824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2009-10-07 d:\windows\Tasks\1-Click Maintenance.job
- c:\programs\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 12:24]

2009-10-07 d:\windows\Tasks\PCConfidential.job
- d:\program files\Winferno\PC Confidential\PCConfidential.exe [2009-08-27 12:10]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - d:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - d:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - d:\program files\BitComet\BitComet.exe/AddAllLink.htm
FF - ProfilePath - d:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\uxtjudpz.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - plugin: c:\programs\iTunes\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-07 17:51
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-299502267-1390067357-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:1b,f8,de,d9,81,23,a5,89,b1,84,18,74,3a,24,76,1a,76,44,7a,f7,eb,
a3,96,56,75,cd,23,d9,4d,6e,33,93,8e,4c,2d,a6,2f,11,aa,22,33,b6,97,27,72,0a,\
"rkeysecu"=hex:6d,7f,65,cf,ea,80,3a,07,60,08,29,e9,eb,10,54,e3
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(876)
d:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1232)
c:\programs\RocketDock\RocketDock.dll
d:\program files\Findbasic\findbasic.dll
d:\progra~1\WINDOW~2\wmpband.dll
d:\windows\system32\wpdshserviceobj.dll
d:\windows\system32\portabledevicetypes.dll
d:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\windows\system32\ati2evxx.exe
d:\program files\TGTSoft\StyleXP\StyleXPService.exe
d:\program files\Alwil Software\Avast4\aswUpdSv.exe
d:\program files\Alwil Software\Avast4\ashServ.exe
d:\windows\system32\ati2evxx.exe
d:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\Common Files\Motive\McciCMService.exe
d:\windows\system32\PnkBstrA.exe
d:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
d:\program files\Alwil Software\Avast4\ashMaiSv.exe
d:\program files\Alwil Software\Avast4\ashWebSv.exe
d:\program files\Findbasic\findbasic.exe
d:\program files\iPod\bin\iPodService.exe
d:\windows\system32\hphipm09.exe
.
**************************************************************************
.
Celkový čas: 2009-10-07 17:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-10-07 15:54
ComboFix2.txt 2009-10-07 13:45
ComboFix3.txt 2009-09-22 20:39

Před spuštěním: 2 282 725 376
Po spuštění: 2 258 702 336

394 --- E O F --- 2009-09-09 19:47

thegamer · Příspěvekod **thegamer** » 07 říj 2009 18:00

Tak tady je ten VIRUSTOTAL .. http://www.virustotal.com/cs/analisis/7ab31194c162ee4411168a3016f99540735decd6267848a0401a4633ef28acd6-1254852424

Vyděračská obrazovka už se neukazuje díky za pomoc.. Seš dobrej :bigups:

Prosím o kontrolu logu Vyřešeno

Prosím o kontrolu logu Vyřešeno

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Kdo je online