Záhadné problémy - prosím o kontrolu logu

CrazyManer · Příspěvekod **CrazyManer** » 11 bře 2010 20:47

Zdravim, řešim svůj problém (viewtopic.php?f=46&t=51027&start=0) , poradily mi tam v diskuzi ať zkusim hodit log z hijackthis sem, předem díky za kontrolu

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:42:50, on 11.3.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\JetAudio\jetAudio.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\Program Files\Common Files\AltrixSoft\HDDInfoService\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 3701 bytes

Reklama

Damned · Příspěvekod **Damned** » 11 bře 2010 21:07

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

CrazyManer · Příspěvekod **CrazyManer** » 11 bře 2010 23:47

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3510
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

11.3.2010 23:45:15
mbam-log-2010-03-11 (23-45-11).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 115271
Uplynulý čas: 10 minute(s), 35 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 4
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

ale řekl bych že se tam nic neukázalo ... ovšem pracoval jsem s verzi z 7.ledna 2010 , jelikoz stranky momentalne nemaj v provozu a pri aktualizaci mi to vyhodi error 723

Damned · Příspěvekod **Damned** » 12 bře 2010 00:13

Takže spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Konec

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

CrazyManer · Příspěvekod **CrazyManer** » 12 bře 2010 10:26

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3510
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

12.3.2010 10:24:39
mbam-log-2010-03-12 (10-24-39).txt

Typ kontroly: Kompletní kontrola (C:\|)
Zkontrolované objekty: 327454
Uplynulý čas: 10 hour(s), 2 minute(s), 15 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové položky registru: 4
Infikované adresáře: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DC1E4629-CB2E-4AC9-A533-D3795B8DB715}_is1 (Rogue.LarkAntiSpyware) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Program Files\KORG\KORG Legacy DIGITAL\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Program Files\VstPlugins\Hypersonic\Hypersonic Content\Uninstall Information\HYPERSONIC\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Documents and Settings\MADscientist\Plocha\GTa\GTA\GTA\GTA\trainer.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Damned · Příspěvekod **Damned** » 12 bře 2010 10:36

Fajn, ještě ten ComboFix. Budu tu až odpoledne.

CrazyManer · Příspěvekod **CrazyManer** » 12 bře 2010 11:13

předem ti chci poděkovat za tvojí pomoc, vážně moc díky, a tu je ten log combofixu, psalo to že je zapnutej rezidentní štít programu Dr.Web AV, ale ve správci úloh nebyl, na liště taky ne, odinstalovat normálně nešel tak jsem ho před spuštěním kontroly smazal přez Revo Uninstaller

ComboFix 10-03-11.04 - MADscientist 12.03.2010 10:50:04.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1024.623 [GMT 1:00]
Spuštěný z: c:\documents and settings\MADscientist\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Doctor Web Anti-Virus *On-access scanning enabled* (Updated) {3454C8F1-ECBC-4180-A6F4-04632FBA762B}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2857596223-3695631008-3191229179-1000
c:\documents and settings\MADscientist\Data aplikací\Adobe\crc.dat
c:\documents and settings\MADscientist\Dokumenty\cc_20100217_115043.reg
c:\program files\temp
c:\program files\temp\log.txt.001
c:\program files\temp\log.txt.002
c:\program files\temp\log.txt.004
c:\program files\temp\log.txt.005
c:\program files\temp\log.txt.007
c:\program files\temp\log.txt.010
c:\program files\temp\log.txt.011
c:\program files\temp\log.txt.017
c:\program files\temp\log.txt.018
c:\windows\regedit.com
c:\windows\system32\drivers\dpalrbvw.sys
c:\windows\system32\msssc.dll
c:\windows\system32\taskmgr.com
c:\windows\system32\vyixcb.dll
F:\autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TJUNEIN
-------\Service_tjunein
-------\Service_ljxwnmbu

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-12 do 2010-03-12 )))))))))))))))))))))))))))))))
.

2010-03-12 09:38 . 2010-03-12 09:38 -------- d-----w- c:\program files\VS Revo Group
2010-03-11 23:05 . 2010-03-09 11:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-11 23:05 . 2010-03-09 11:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-11 23:05 . 2010-03-09 11:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-11 23:05 . 2010-03-09 11:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-11 23:04 . 2010-03-09 11:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-11 23:04 . 2010-03-09 11:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-11 23:04 . 2010-03-09 11:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-11 23:04 . 2010-03-09 11:24 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-11 23:04 . 2010-03-09 11:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-11 23:04 . 2010-03-11 23:04 -------- d-----w- c:\program files\Alwil Software
2010-03-11 23:01 . 2010-03-11 23:01 -------- d-----w- c:\program files\Lark Anti-Spyware
2010-03-11 22:25 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-11 22:25 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-10 22:32 . 2010-03-10 22:35 -------- d-----w- c:\program files\Ares
2010-03-09 00:33 . 2010-03-09 00:33 -------- d-----w- c:\program files\Common Files\OFX
2010-03-09 00:32 . 2010-03-09 00:32 -------- d-----w- c:\program files\RisingSunResearch
2010-03-09 00:32 . 2010-03-09 00:32 -------- d-----w- c:\program files\Contour Shuttle
2010-03-09 00:32 . 2010-03-09 00:33 -------- d-----w- C:\Digital Vision
2010-03-09 00:32 . 2010-03-09 00:32 -------- d-----w- c:\program files\Digital Vision
2010-03-09 00:32 . 2010-03-09 00:32 -------- d-----w- c:\program files\The Foundry
2010-03-08 21:33 . 2010-03-08 21:33 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-03-07 18:07 . 2010-03-07 18:07 -------- d---a-w- c:\windows\VDLL.DLL
2010-03-07 18:07 . 2010-03-07 18:07 -------- d---a-w- c:\windows\system32\runouce.exe
2010-03-07 18:07 . 2010-03-07 18:07 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-03-07 18:07 . 2010-03-07 18:07 -------- d---a-w- c:\windows\logo_1.exe
2010-03-07 18:05 . 2010-03-07 18:05 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-03-07 18:05 . 2010-03-07 18:05 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-03-07 18:05 . 2010-03-07 18:05 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-03-07 18:05 . 2004-08-17 13:49 425472 ----a-w- c:\windows\R.COM
2010-03-07 18:05 . 2004-08-17 13:49 179712 ----a-w- c:\windows\system32\T.COM
2010-03-07 18:05 . 2010-03-07 18:05 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-03-05 01:38 . 2010-03-05 01:38 -------- d-----w- c:\program files\DVDVIDEOSOFT
2010-03-04 23:51 . 2010-03-04 23:51 -------- d-----w- c:\program files\zum
2010-02-27 22:01 . 2010-02-27 22:33 -------- d-----w- c:\program files\TmNationsForever
2010-02-25 23:36 . 2010-02-25 23:36 -------- d-----w- c:\program files\Furnish Pro
2010-02-24 02:01 . 2010-02-24 02:01 -------- d-----w- c:\program files\Navigator9
2010-02-23 00:15 . 2010-02-23 00:15 -------- d-----w- c:\program files\Hard Drive Inspector
2010-02-23 00:14 . 2010-02-23 00:14 -------- d-----w- c:\program files\Common Files\AltrixSoft
2010-02-23 00:05 . 2010-02-23 00:05 -------- d-----w- c:\program files\Pointstone
2010-02-23 00:05 . 2010-02-23 00:05 -------- d-----w- c:\program files\Common Files\Pointstone
2010-02-22 23:25 . 2010-02-22 23:58 -------- d-----w- c:\documents and settings\MADscientist\DoctorWeb
2010-02-18 12:14 . 2010-02-18 12:14 -------- d-----w- c:\program files\Common Files\Skype
2010-02-18 12:14 . 2010-02-18 12:14 -------- d-----r- c:\program files\Skype
2010-02-16 22:15 . 2010-02-16 22:15 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-02-15 20:09 . 2010-02-15 20:09 -------- d-----w- c:\program files\Antares Audio Technologies
2010-02-10 20:45 . 2010-02-10 20:45 -------- d-----w- c:\program files\EA GAMES
2010-02-10 20:42 . 2010-02-10 20:42 -------- d-----w- C:\NVIDIA
2010-02-10 19:48 . 2010-02-10 19:55 -------- d-----w- c:\program files\Half-Life 2 Deathmatch

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-11 22:28 . 2009-12-19 19:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-03 19:39 . 2008-08-14 00:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-26 19:43 . 2008-08-14 00:56 -------- d-----w- c:\program files\VstPlugins
2010-02-24 01:42 . 2008-08-17 00:24 -------- d-----w- c:\program files\DivX
2010-02-24 01:42 . 2010-02-24 01:41 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-02-23 00:11 . 2010-01-28 00:02 -------- d-----w- c:\program files\San Andreas Mod Installer
2010-02-23 00:10 . 2010-02-06 03:36 -------- d-----w- c:\program files\BitComet
2010-02-23 00:10 . 2008-08-17 22:20 -------- d-----w- c:\program files\GoldWave
2010-02-11 01:23 . 2010-02-06 04:21 -------- d-----w- c:\program files\Vuze
2010-02-07 01:04 . 2010-02-07 01:04 472576 ----a-w- c:\windows\Nvidia Omega Drivers v2.169.21 Uninstall.exe
2010-02-07 01:04 . 2010-02-07 01:04 -------- d-----w- c:\program files\Nvidia Omega Drivers
2010-02-07 00:39 . 2010-02-07 00:38 -------- d-----w- c:\program files\Driver Sweeper
2010-02-07 00:26 . 2010-02-02 00:55 -------- d-----w- c:\program files\Sony Ericsson
2010-02-07 00:16 . 2010-01-07 23:36 -------- d-----w- c:\program files\LogMeIn
2010-02-07 00:16 . 2010-01-20 20:16 -------- d-----w- c:\program files\Frets on Fire
2010-02-07 00:16 . 2010-01-20 02:15 -------- d-----w- c:\program files\EnhanceMyXP
2010-02-07 00:08 . 2008-09-08 16:17 -------- d-----w- c:\program files\NCH Software
2010-02-07 00:01 . 2009-10-31 11:26 -------- d-----w- c:\program files\Common Files\Apple
2010-02-06 23:48 . 2008-08-14 02:08 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-06 23:46 . 2009-10-08 12:53 -------- d-----w- c:\program files\AbiWord
2010-02-06 22:15 . 2010-02-06 22:15 -------- d-----w- c:\program files\Codemasters
2010-02-06 21:52 . 2009-07-25 21:54 -------- d-----w- c:\program files\Counter-Strike Source
2010-02-06 18:49 . 2010-01-21 15:45 -------- d-----w- c:\program files\TrackMania Nations ESWC
2010-02-04 01:48 . 2010-02-04 01:48 -------- d-----w- c:\program files\XYLIO
2010-02-02 01:06 . 2010-02-02 01:06 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2010-02-02 01:06 . 2010-02-02 01:06 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-02-02 00:55 . 2010-02-02 00:56 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-02-02 00:55 . 2010-02-02 00:56 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2010-02-02 00:55 . 2010-02-02 00:56 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-01-28 13:23 . 2008-12-07 01:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-28 13:21 . 2010-01-28 13:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-26 21:45 . 2010-01-26 21:45 -------- d-----w- c:\program files\EASEUS
2010-01-23 19:33 . 2009-06-21 09:38 16092 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-23 19:33 . 2010-01-23 19:32 -------- d-----w- c:\program files\iTunes
2010-01-23 19:32 . 2010-01-23 19:32 -------- d-----w- c:\program files\iPod
2010-01-20 04:03 . 2010-01-20 03:57 -------- d-----w- c:\program files\TallStick
2010-01-20 02:34 . 2010-01-20 02:19 -------- d-----w- c:\program files\REAPER
2010-01-15 23:51 . 2010-01-15 23:51 -------- d-----w- c:\program files\Microsoft Bootvis
2010-01-14 21:06 . 2008-08-14 00:54 -------- d-----w- c:\program files\Image-Line
2009-12-17 14:02 . 2010-01-29 00:09 123280 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2009-12-17 14:02 . 2010-01-29 00:09 41616 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2009-12-17 14:02 . 2009-12-17 14:02 99152 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2009-02-23 00:48 . 2009-02-23 00:47 80 --sha-r- c:\windows\system32\7D3AD28ED0.dll
2006-05-03 09:06 . 2008-11-16 21:28 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2008-11-16 21:28 31232 --sha-r- c:\windows\system32\msfDX.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-12-18 307200]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-28 149280]
"nwiz"="nwiz.exe" [2007-12-05 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-28 18:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^MADscientist^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
path=c:\documents and settings\MADscientist\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^MADscientist^Nabídka Start^Programy^Po spuštění^ImpulseNow.lnk]
path=c:\documents and settings\MADscientist\Nabídka Start\Programy\Po spuštění\ImpulseNow.lnk
backup=c:\windows\pss\ImpulseNow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2004-08-17 13:49 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2009\MemOptimizer.exe" autostart

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Smapp"=c:\program files\Analog Devices\SoundMAX\SMTray.exe
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"OWCWebCamDV"=c:\windows\system\wcdvtray.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiSpyWareDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4100:UDP"= 4100:UDP:uPNP Router Control Port
"22922:TCP"= 22922:TCP:BitComet 22922 TCP
"22922:UDP"= 22922:UDP:BitComet 22922 UDP
"2259:TCP"= 2259:TCP:kcougjqs

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12.3.2010 0:05 162640]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [16.11.2009 2:56 19064]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.3.2010 0:05 19024]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [17.9.2008 14:38 33792]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [18.11.2009 15:06 27632]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S2 WebCamDV;WebCamDV DV to Webcam Converter;c:\windows\system32\drivers\WebCamDV.sys [17.9.2004 10:38 212608]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\MADSCI~1\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\MADSCI~1\LOCALS~1\Temp\ALSysIO.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2.2.2010 1:56 13224]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys --> c:\windows\system32\DRIVERS\ManyCam.sys [?]
S3 mobiolavs;Mobiola Web Camera Video Source;c:\windows\system32\drivers\mobiolavs.sys [2.2.2010 2:57 16512]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2.2.2010 2:35 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2.2.2010 2:35 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2.2.2010 2:35 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2.2.2010 2:35 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2.2.2010 2:35 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2.2.2010 2:35 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2.2.2010 2:35 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [18.11.2009 15:06 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [18.11.2009 15:06 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [18.11.2009 15:06 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [18.11.2009 15:06 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [18.11.2009 15:06 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [18.11.2009 15:06 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [18.11.2009 15:06 109864]
S3 TFilter;TFilter;\??\c:\progra~1\AVANQU~1\SYSTEM~1\TFilter.sys --> c:\progra~1\AVANQU~1\SYSTEM~1\TFilter.sys [?]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [17.12.2009 15:02 99152]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S3 WCDV_Aud;WevCamDV WDM Virtual Audio Device;c:\windows\system32\drivers\wcdvaud.sys [17.9.2004 10:38 12672]
.
.
------- Doplňkový sken -------
.
FF - ProfilePath - c:\documents and settings\MADscientist\Data aplikací\Mozilla\Firefox\Profiles\ckwe3209.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npDXStudioPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npfd.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npSton3D.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: browser.urlbar.hideGoButton - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-BroadCam - c:\program files\NCH Software\BroadCam\broadcam.exe
MSConfigStartUp-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
MSConfigStartUp-PSUNMain - c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
AddRemove-KORG Legacy Collection - DIGITAL EDITION v1.0.0 - c:\progra~1\KORG\KORGLE~1\UNWISE.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-12 10:59
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1004336348-2000478354-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9614B7E8-8B7E-02FD-E658-3EF219134876}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iandpiahcbncpmnjij"=hex:6a,61,6a,63,6d,65,68,6f,67,67,6e,62,68,6b,62,6c,69,65,
6a,64,00,01
"haddjbflnmmjikeg"=hex:6a,61,6a,63,6d,65,68,6f,67,67,6e,62,68,6b,62,6c,69,65,
6a,64,00,01

[HKEY_USERS\S-1-5-21-1004336348-2000478354-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:b9,73,cf,e0,04,cf,56,bf,fe,59,6a,a4,b9,4c,5d,01,20,15,75,52,a5,
f2,89,2b,68,27,45,d7,b1,1a,4e,d0,0b,f3,f6,51,26,f6,a8,13,20,a4,b5,46,55,5b,\
"rkeysecu"=hex:32,d1,b3,bb,c9,a1,bf,60,c0,4c,52,30,f0,14,2f,35
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(3312)
c:\program files\RocketDock\RocketDock.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wscntfy.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Celkový čas: 2010-03-12 11:10:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-12 10:10

Před spuštěním: Volných bajtů: 11 246 714 880
Po spuštění: Volných bajtů: 11 409 121 280

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT /BOOTLOGO /TUTAG=5YYBP1
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (TuneUp Backup)" /NOEXECUTE=OPTIN /FASTDETECT /NOGUIBOOT /BOOTLOGO /TUTAG=5YYBP1-BAK
C:\wubildr.mbr = "Ubuntu"

- - End Of File - - D5EB0DEDD5E368E8482D054FAE848488

Damned · Příspěvekod **Damned** » 12 bře 2010 11:54

Combofix v hlavičce ukazuje, že máš dva antiviry. Avast a Dr Weba. Byl Dr. Web řádně odinstalován?

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\system32\eEmpty.exe
c:\windows\system32\mlfcache.dat
c:\windows\system32\7D3AD28ED0.dll
c:\windows\pss\ImpulseNow.lnkStartup
c:\documents and settings\MADscientist\Nabídka Start\Programy\Po spuštění\ImpulseNow.lnk
c:\program files\LogMeIn\x86\RaInfo.sys
c:\progra~1\AVANQU~1\SYSTEM~1\TFilter.sys

Folder::
c:\windows\VDLL.DLL
c:\windows\system32\runouce.exe
c:\windows\RUNDL132.EXE
c:\windows\logo_1.exe
c:\documents and settings\MADscientist\DoctorWeb
c:\windows\system32\GroupPolicy

Driver::
ALSysIO;ALSysIO
ALSysIO
RaInfo
TFilter;TFilter
TFilter
LMIInfo;LogMeIn Kernel Information Provider
LMIInfo

Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^MADscientist^Nabídka Start^Programy^Po spuštění^ImpulseNow.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiSpyWareDisableNotify"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu a popiš chování PC.

CrazyManer · Příspěvekod **CrazyManer** » 12 bře 2010 13:28

chování počítače popíšu asi až na konci dne protože problémy se mi projevujou až po několika hodinách práce s počítačem, dr.web nešel odinstalovat přiloženym uninstallatorem, tak jsem pouzil revo uninstaller kterej ho smazal z regeditu i kazdej jeho soubor, ve spravci uloh neni, v hijackthisu ho taky nevidim ... ale combofix mi hlasi furt ze je zapnutej, tak to nejak nechapu ...

log zde :

ComboFix 10-03-11.04 - MADscientist 12.03.2010 13:03:14.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1024.628 [GMT 1:00]
Spuštěný z: c:\documents and settings\MADscientist\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\MADscientist\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Doctor Web Anti-Virus *On-access scanning enabled* (Updated) {3454C8F1-ECBC-4180-A6F4-04632FBA762B}

FILE ::
"c:\documents and settings\MADscientist\Nabídka Start\Programy\Po spuštění\ImpulseNow.lnk"
"c:\progra~1\AVANQU~1\SYSTEM~1\TFilter.sys"
"c:\program files\LogMeIn\x86\RaInfo.sys"
"c:\windows\pss\ImpulseNow.lnkStartup"
"c:\windows\system32\7D3AD28ED0.dll"
"c:\windows\system32\eEmpty.exe"
"c:\windows\system32\mlfcache.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\MADscientist\DoctorWeb
c:\documents and settings\MADscientist\DoctorWeb\drweb32w.log
c:\documents and settings\MADscientist\DoctorWeb\drwebupw.log
c:\windows\logo_1.exe
c:\windows\pss\ImpulseNow.lnkStartup
c:\windows\RUNDL132.EXE
c:\windows\system32\7D3AD28ED0.dll
c:\windows\system32\eEmpty.exe
c:\windows\system32\mlfcache.dat
c:\windows\system32\runouce.exe
c:\windows\VDLL.DLL

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ALSYSIO
-------\Legacy_LMIINFO
-------\Legacy_TFILTER
-------\Service_ALSysIO
-------\Service_LMIInfo
-------\Service_TFilter

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-12 do 2010-03-12 )))))))))))))))))))))))))))))))
.

2010-03-12 09:38 . 2010-03-12 09:38 -------- d-----w- c:\program files\VS Revo Group
2010-03-11 23:05 . 2010-03-09 11:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-11 23:05 . 2010-03-09 11:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-11 23:05 . 2010-03-09 11:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-11 23:05 . 2010-03-09 11:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-11 23:04 . 2010-03-09 11:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-11 23:04 . 2010-03-09 11:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-11 23:04 . 2010-03-09 11:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-11 23:04 . 2010-03-09 11:24 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-11 23:04 . 2010-03-09 11:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-11 23:04 . 2010-03-11 23:04 -------- d-----w- c:\program files\Alwil Software
2010-03-11 23:01 . 2010-03-11 23:01 -------- d-----w- c:\program files\Lark Anti-Spyware
2010-03-11 22:25 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-11 22:25 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-10 22:32 . 2010-03-10 22:35 -------- d-----w- c:\program files\Ares
2010-03-09 00:33 . 2010-03-09 00:33 -------- d-----w- c:\program files\Common Files\OFX
2010-03-09 00:32 . 2010-03-09 00:32 -------- d-----w- c:\program files\RisingSunResearch
2010-03-09 00:32 . 2010-03-09 00:32 -------- d-----w- c:\program files\Contour Shuttle
2010-03-09 00:32 . 2010-03-09 00:33 -------- d-----w- C:\Digital Vision
2010-03-09 00:32 . 2010-03-09 00:32 -------- d-----w- c:\program files\Digital Vision
2010-03-09 00:32 . 2010-03-09 00:32 -------- d-----w- c:\program files\The Foundry
2010-03-08 21:33 . 2010-03-08 21:33 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-03-07 18:05 . 2010-03-07 18:05 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-03-07 18:05 . 2010-03-07 18:05 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-03-07 18:05 . 2004-08-17 13:49 425472 ----a-w- c:\windows\R.COM
2010-03-07 18:05 . 2004-08-17 13:49 179712 ----a-w- c:\windows\system32\T.COM
2010-03-07 18:05 . 2010-03-07 18:05 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-03-05 01:38 . 2010-03-05 01:38 -------- d-----w- c:\program files\DVDVIDEOSOFT
2010-03-04 23:51 . 2010-03-04 23:51 -------- d-----w- c:\program files\zum
2010-02-27 22:01 . 2010-02-27 22:33 -------- d-----w- c:\program files\TmNationsForever
2010-02-25 23:36 . 2010-02-25 23:36 -------- d-----w- c:\program files\Furnish Pro
2010-02-24 02:01 . 2010-02-24 02:01 -------- d-----w- c:\program files\Navigator9
2010-02-23 00:15 . 2010-02-23 00:15 -------- d-----w- c:\program files\Hard Drive Inspector
2010-02-23 00:14 . 2010-02-23 00:14 -------- d-----w- c:\program files\Common Files\AltrixSoft
2010-02-23 00:05 . 2010-02-23 00:05 -------- d-----w- c:\program files\Pointstone
2010-02-23 00:05 . 2010-02-23 00:05 -------- d-----w- c:\program files\Common Files\Pointstone
2010-02-18 12:14 . 2010-02-18 12:14 -------- d-----w- c:\program files\Common Files\Skype
2010-02-18 12:14 . 2010-02-18 12:14 -------- d-----r- c:\program files\Skype
2010-02-16 22:15 . 2010-02-16 22:15 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-02-15 20:09 . 2010-02-15 20:09 -------- d-----w- c:\program files\Antares Audio Technologies
2010-02-10 20:45 . 2010-02-10 20:45 -------- d-----w- c:\program files\EA GAMES
2010-02-10 20:42 . 2010-02-10 20:42 -------- d-----w- C:\NVIDIA
2010-02-10 19:48 . 2010-02-10 19:55 -------- d-----w- c:\program files\Half-Life 2 Deathmatch

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-11 22:28 . 2009-12-19 19:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-03 19:39 . 2008-08-14 00:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-26 19:43 . 2008-08-14 00:56 -------- d-----w- c:\program files\VstPlugins
2010-02-24 01:42 . 2008-08-17 00:24 -------- d-----w- c:\program files\DivX
2010-02-24 01:42 . 2010-02-24 01:41 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-02-23 00:11 . 2010-01-28 00:02 -------- d-----w- c:\program files\San Andreas Mod Installer
2010-02-23 00:10 . 2010-02-06 03:36 -------- d-----w- c:\program files\BitComet
2010-02-23 00:10 . 2008-08-17 22:20 -------- d-----w- c:\program files\GoldWave
2010-02-11 01:23 . 2010-02-06 04:21 -------- d-----w- c:\program files\Vuze
2010-02-07 01:04 . 2010-02-07 01:04 472576 ----a-w- c:\windows\Nvidia Omega Drivers v2.169.21 Uninstall.exe
2010-02-07 01:04 . 2010-02-07 01:04 -------- d-----w- c:\program files\Nvidia Omega Drivers
2010-02-07 00:39 . 2010-02-07 00:38 -------- d-----w- c:\program files\Driver Sweeper
2010-02-07 00:26 . 2010-02-02 00:55 -------- d-----w- c:\program files\Sony Ericsson
2010-02-07 00:16 . 2010-01-07 23:36 -------- d-----w- c:\program files\LogMeIn
2010-02-07 00:16 . 2010-01-20 20:16 -------- d-----w- c:\program files\Frets on Fire
2010-02-07 00:16 . 2010-01-20 02:15 -------- d-----w- c:\program files\EnhanceMyXP
2010-02-07 00:08 . 2008-09-08 16:17 -------- d-----w- c:\program files\NCH Software
2010-02-07 00:01 . 2009-10-31 11:26 -------- d-----w- c:\program files\Common Files\Apple
2010-02-06 23:48 . 2008-08-14 02:08 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-06 23:46 . 2009-10-08 12:53 -------- d-----w- c:\program files\AbiWord
2010-02-06 22:15 . 2010-02-06 22:15 -------- d-----w- c:\program files\Codemasters
2010-02-06 21:52 . 2009-07-25 21:54 -------- d-----w- c:\program files\Counter-Strike Source
2010-02-06 18:49 . 2010-01-21 15:45 -------- d-----w- c:\program files\TrackMania Nations ESWC
2010-02-04 01:48 . 2010-02-04 01:48 -------- d-----w- c:\program files\XYLIO
2010-02-02 01:06 . 2010-02-02 01:06 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2010-02-02 01:06 . 2010-02-02 01:06 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-02-02 00:55 . 2010-02-02 00:56 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-02-02 00:55 . 2010-02-02 00:56 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2010-02-02 00:55 . 2010-02-02 00:56 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-01-28 13:23 . 2008-12-07 01:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-28 13:21 . 2010-01-28 13:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-26 21:45 . 2010-01-26 21:45 -------- d-----w- c:\program files\EASEUS
2010-01-23 19:33 . 2010-01-23 19:32 -------- d-----w- c:\program files\iTunes
2010-01-23 19:32 . 2010-01-23 19:32 -------- d-----w- c:\program files\iPod
2010-01-20 04:03 . 2010-01-20 03:57 -------- d-----w- c:\program files\TallStick
2010-01-20 02:34 . 2010-01-20 02:19 -------- d-----w- c:\program files\REAPER
2010-01-15 23:51 . 2010-01-15 23:51 -------- d-----w- c:\program files\Microsoft Bootvis
2010-01-14 21:06 . 2008-08-14 00:54 -------- d-----w- c:\program files\Image-Line
2009-12-17 14:02 . 2010-01-29 00:09 123280 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2009-12-17 14:02 . 2010-01-29 00:09 41616 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2009-12-17 14:02 . 2009-12-17 14:02 99152 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2006-05-03 09:06 . 2008-11-16 21:28 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2008-11-16 21:28 31232 --sha-r- c:\windows\system32\msfDX.dll
.

------- Sigcheck -------

[-] 2004-08-17 . D5D29D130497E6A74E3FCD54778FA01B . 1183232 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-17 . 24F4C2149D4CDAF7C809AD512795DD92 . 974848 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-03-12_09.58.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-12 12:15 . 2010-03-12 12:15 16384 c:\windows\Temp\Perflib_Perfdata_5fc.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-12-18 307200]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-28 149280]
"nwiz"="nwiz.exe" [2007-12-05 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-28 18:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^MADscientist^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
path=c:\documents and settings\MADscientist\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2004-08-17 13:49 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2009\MemOptimizer.exe" autostart

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Smapp"=c:\program files\Analog Devices\SoundMAX\SMTray.exe
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"OWCWebCamDV"=c:\windows\system\wcdvtray.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4100:UDP"= 4100:UDP:uPNP Router Control Port
"22922:TCP"= 22922:TCP:BitComet 22922 TCP
"22922:UDP"= 22922:UDP:BitComet 22922 UDP
"2259:TCP"= 2259:TCP:kcougjqs

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12.3.2010 0:05 162640]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [16.11.2009 2:56 19064]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.3.2010 0:05 19024]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [17.9.2008 14:38 33792]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [18.11.2009 15:06 27632]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S2 WebCamDV;WebCamDV DV to Webcam Converter;c:\windows\system32\drivers\WebCamDV.sys [17.9.2004 10:38 212608]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2.2.2010 1:56 13224]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys --> c:\windows\system32\DRIVERS\ManyCam.sys [?]
S3 mobiolavs;Mobiola Web Camera Video Source;c:\windows\system32\drivers\mobiolavs.sys [2.2.2010 2:57 16512]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2.2.2010 2:35 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2.2.2010 2:35 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2.2.2010 2:35 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2.2.2010 2:35 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2.2.2010 2:35 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2.2.2010 2:35 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2.2.2010 2:35 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [18.11.2009 15:06 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [18.11.2009 15:06 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [18.11.2009 15:06 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [18.11.2009 15:06 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [18.11.2009 15:06 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [18.11.2009 15:06 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [18.11.2009 15:06 109864]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [17.12.2009 15:02 99152]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S3 WCDV_Aud;WevCamDV WDM Virtual Audio Device;c:\windows\system32\drivers\wcdvaud.sys [17.9.2004 10:38 12672]
.
.
------- Doplňkový sken -------
.
FF - ProfilePath - c:\documents and settings\MADscientist\Data aplikací\Mozilla\Firefox\Profiles\ckwe3209.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npDXStudioPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npfd.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npSton3D.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: browser.urlbar.hideGoButton - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-KORG Legacy Collection - DIGITAL EDITION v1.0.0 - c:\progra~1\KORG\KORGLE~1\UNWISE.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-12 13:16
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1004336348-2000478354-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9614B7E8-8B7E-02FD-E658-3EF219134876}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iandpiahcbncpmnjij"=hex:6a,61,6a,63,6d,65,68,6f,67,67,6e,62,68,6b,62,6c,69,65,
6a,64,00,01
"haddjbflnmmjikeg"=hex:6a,61,6a,63,6d,65,68,6f,67,67,6e,62,68,6b,62,6c,69,65,
6a,64,00,01

[HKEY_USERS\S-1-5-21-1004336348-2000478354-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:b9,73,cf,e0,04,cf,56,bf,fe,59,6a,a4,b9,4c,5d,01,20,15,75,52,a5,
f2,89,2b,68,27,45,d7,b1,1a,4e,d0,0b,f3,f6,51,26,f6,a8,13,20,a4,b5,46,55,5b,\
"rkeysecu"=hex:32,d1,b3,bb,c9,a1,bf,60,c0,4c,52,30,f0,14,2f,35
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(2236)
c:\program files\RocketDock\RocketDock.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wscntfy.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Celkový čas: 2010-03-12 13:22:33 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-12 12:22
ComboFix2.txt 2010-03-12 10:10

Před spuštěním: Volných bajtů: 11 727 978 496
Po spuštění: Volných bajtů: 11 695 595 520

- - End Of File - - 9C261A36D6374BED81552B4689CA71FA

Damned · Příspěvekod **Damned** » 12 bře 2010 13:56

Stáhni si SystemLook nebo: SystemLook na Plochu.
Spusť ho a do políčka vlož tento text:

Kód: Vybrat vše

:dir
c:\windows\system32\GroupPolicy

:regfind
Doctor

A zmáčkni "Look". Po kontrole se ti na Ploše objeví SystemLook.txt. Zkopíruj ho sem.

CrazyManer · Příspěvekod **CrazyManer** » 12 bře 2010 14:24

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 14:22 on 12/03/2010 by MADscientist (Administrator - Elevation successful)

========== dir ==========

c:\windows\system32\GroupPolicy - Parameters: "(none)"

---Files---
gpt.ini --a--- 38 bytes [22:15 16/02/2010] [00:16 19/02/2010]

---Folders---
Adm d----- [22:15 16/02/2010]
Machine d----- [22:15 16/02/2010]
User d----- [22:15 16/02/2010]

========== regfind ==========

Searching for "Doctor"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bugdoctor.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\systemdoctor.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\datingdoctorsite.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\doctorwaldron.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errordoctor.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\systemdoctor.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\datingdoctorsite.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\doctorwaldron.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\errordoctor.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\systemdoctor.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bugdoctor.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\systemdoctor.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\datingdoctorsite.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\doctorwaldron.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errordoctor.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\systemdoctor.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\datingdoctorsite.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\doctorwaldron.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\errordoctor.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\systemdoctor.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\TuneUp\Utilities\8.0\DiskDoctor]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Dr.Web Engine]
"EventMessageFile"="C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Dr.Web Engine]
"EventMessageFile"="C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Dr.Web Engine]
"EventMessageFile"="C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Dr.Web Engine]
"EventMessageFile"="C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Dr.Web Engine]
"EventMessageFile"="C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Dr.Web Engine]
"EventMessageFile"="C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bugdoctor.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\systemdoctor.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\datingdoctorsite.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\doctorwaldron.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errordoctor.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\systemdoctor.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\datingdoctorsite.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\doctorwaldron.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\errordoctor.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\systemdoctor.com]
[HKEY_USERS\S-1-5-21-1004336348-2000478354-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bugdoctor.com]
[HKEY_USERS\S-1-5-21-1004336348-2000478354-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\systemdoctor.com]
[HKEY_USERS\S-1-5-21-1004336348-2000478354-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\datingdoctorsite.com]
[HKEY_USERS\S-1-5-21-1004336348-2000478354-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\doctorwaldron.com]
[HKEY_USERS\S-1-5-21-1004336348-2000478354-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errordoctor.com]
[HKEY_USERS\S-1-5-21-1004336348-2000478354-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\systemdoctor.com]
[HKEY_USERS\S-1-5-21-1004336348-2000478354-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\datingdoctorsite.com]
[HKEY_USERS\S-1-5-21-1004336348-2000478354-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\doctorwaldron.com]
[HKEY_USERS\S-1-5-21-1004336348-2000478354-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\errordoctor.com]
[HKEY_USERS\S-1-5-21-1004336348-2000478354-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\systemdoctor.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bugdoctor.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\systemdoctor.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\datingdoctorsite.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\doctorwaldron.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errordoctor.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\systemdoctor.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\datingdoctorsite.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\doctorwaldron.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\errordoctor.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\systemdoctor.com]

-=End Of File=-

Damned · Příspěvekod **Damned** » 12 bře 2010 15:37

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Dr.Web Engine]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Dr.Web Engine]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Dr.Web Engine]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Dr.Web Engine]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Dr.Web Engine]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Dr.Web Engine]

Ulož si ho jako na Plochu jako fix.reg a jako typ všechny soubory , najdi tento soubor na Ploše a poklepáním ho spusť. Budeš dotázán na přidání hodnoty do registru. Schval.
*****************************************************************************************************************************************
//EDIT:
Restartuj a spusť F-Secure Online Scanner

Tento skener je možno použít jen v prohlížeči Internet Explorer! Postupuj podle instrukcí na stránce F-Secure pro správnou instalaci.
Akceptuj licenci.
Po instalaci ActiveX, klikni na Full System Scan. Když je stahování skončeno, automaticky začne sken.
Vyčkej konce skenu, po jeho dobu neprováděj jiné operace ani neklikej myší. Když skončí sken, klikni na tlačítko Automatic clearing (recommended).
Poté klikni na tlačítko Show Report a zkopíruj a vlož sem .

Záhadné problémy - prosím o kontrolu logu Vyřešeno

Záhadné problémy - prosím o kontrolu logu Vyřešeno

Re: Záhadné problémy - prosím o kontrolu logu

Re: Záhadné problémy - prosím o kontrolu logu

Re: Záhadné problémy - prosím o kontrolu logu

Re: Záhadné problémy - prosím o kontrolu logu

Re: Záhadné problémy - prosím o kontrolu logu

Re: Záhadné problémy - prosím o kontrolu logu

Re: Záhadné problémy - prosím o kontrolu logu

Re: Záhadné problémy - prosím o kontrolu logu

Re: Záhadné problémy - prosím o kontrolu logu

Re: Záhadné problémy - prosím o kontrolu logu

Re: Záhadné problémy - prosím o kontrolu logu

Kdo je online