Re: Prosím o kontrolu logu. Díky!

[Žbeky]

Tento skript zkus v nouzovém režimu

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

Folder::
c:\documents and settings\Owner\Local Settings\Data aplikací\DealPlyLive
c:\documents and settings\All Users\Data aplikací\DealPlyLive
c:\documents and settings\Owner\Data aplikací\Dealply
c:\documents and settings\Owner\Data aplikací\SimilarSites
c:\documents and settings\Owner\Data aplikací\searchya
c:\documents and settings\Owner\Data aplikací\0O0R0F
c:\documents and settings\All Users\Data aplikací\Avira
c:\documents and settings\All Users\Data aplikací\AVAST Software
c:\program files\Google\Update

File::
c:\windows\system32\aswBoot.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

DDS::
uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&c ... .5.18000.3

Firefox::
FF - ProfilePath - c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\rid2zvyl.default\
FF - ExtSQL: 2013-06-26 19:35; pluswinks@PlusWinks; c:\documents and settings\Owner\Data aplikacÃÂ\Mozilla\Firefox\Profiles\rid2zvyl.default\extensions\pluswinks@PlusWinks.xpi
FF - ExtSQL: 2013-07-16 19:05; iayu01v7w@eiymmko.edu; c:\documents and settings\Owner\Data aplikacÃÂ\Mozilla\Firefox\Profiles\rid2zvyl.default\extensions\iayu01v7w@eiymmko.edu
FF - ExtSQL: 2013-07-16 19:05; ceuje5z9v@ttauu-.co.uk; c:\documents and settings\Owner\Data aplikacÃÂ\Mozilla\Firefox\Profiles\rid2zvyl.default\extensions\ceuje5z9v@ttauu-.co.uk
FF - ExtSQL: 2013-07-25 23:06; WebSiteRecommendation@weliketheweb.com; c:\documents and settings\Owner\Data aplikacÃÂ\Mozilla\Firefox\Profiles\rid2zvyl.default\extensions\WebSiteRecommendation@weliketheweb.com
FF - user.js: extensions.searchya.hmpg - true
FF - user.js: extensions.searchya.hmpgUrl - hxxp://www.searchya.com/?f=1&a=Searchoo ... 363791&ir=
FF - user.js: extensions.searchya.dfltSrch - true
FF - user.js: extensions.searchya.srchPrvdr - SearchYa!
FF - user.js: extensions.searchya.dnsErr - true
FF - user.js: extensions.searchya_i.newTab - false
FF - user.js: extensions.searchya.newTabUrl - hxxp://www.searchya.com/?f=2&a=Searchoo ... 363791&ir=
FF - user.js: extensions.searchya.tlbrSrchUrl - hxxp://www.searchya.com/?f=3&a=Searchoo ... 791&ir=&q=
FF - user.js: extensions.searchya.id - 001BFCDE4502CA67
FF - user.js: extensions.searchya.instlDay - 15911
FF - user.js: extensions.searchya.vrsn - 1.8.8.0
FF - user.js: extensions.searchya.vrsni - 1.8.8.0
FF - user.js: extensions.searchya_i.vrsnTs - 1.8.8.022:59
FF - user.js: extensions.searchya.prtnrId - searchya
FF - user.js: extensions.searchya.prdct - searchya
FF - user.js: extensions.searchya.aflt - SearchooD
FF - user.js: extensions.searchya_i.smplGrp - none
FF - user.js: extensions.searchya.tlbrId - base
FF - user.js: extensions.searchya.instlRef - 
FF - user.js: extensions.searchya.dfltLng - 
FF - user.js: extensions.searchya.appId - {1973277F-87B0-4EA3-9ED2-470A91D284CF}
FF - user.js: extensions.searchya.excTlbr - false
FF - user.js: extensions.searchya_i.hmpg - true
FF - user.js: extensions.searchya.cr - 503363791
FF - user.js: extensions.searchya.cd - 2XzuyEtN2Y1L1QzutDtDtC0B0F0C0D0EyEyDtDtB0C0AyCyBtN0D0Tzu0CyDyBtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu0O0R0F
FF - user.js: extensions.irspeeddial.aflt - SearchooD
FF - user.js: extensions.irspeeddial.instlRef - 
FF - user.js: extensions.irspeeddial.cr - 503363791
FF - user.js: extensions.irspeeddial.cd - 2XzuyEtN2Y1L1QzutDtDtC0B0F0C0D0EyEyDtDtB0C0AyCyBtN0D0Tzu0CyDyBtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu0O0R0F

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[Riky]

https://www.virustotal.com/cs/file/ea43 ... 374975116/

[Riky]

ComboFix 13-07-25.02 - Owner 28.07.2013 3:05.7.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.480 [GMT 2:00]
Spuštěný z: c:\documents and settings\Owner\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Owner\Plocha\CFScript.txt
.
FILE ::
"c:\windows\system32\aswBoot.exe"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Update
c:\program files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.21.145\GoogleUpdate.exe
c:\program files\Google\Update\1.3.21.145\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.21.145\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.21.145\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.21.145\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.21.145\goopdate.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_am.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_ar.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_bg.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_bn.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_ca.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_cs.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_da.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_de.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_el.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_en.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_es.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_et.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_fa.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_fi.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_fil.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_fr.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_gu.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_hi.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_hr.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_hu.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_id.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_is.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_it.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_iw.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_ja.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_kn.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_ko.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_lt.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_lv.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_ml.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_mr.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_ms.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_nl.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_no.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_pl.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_ro.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_ru.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_sk.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_sl.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_sr.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_sv.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_sw.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_ta.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_te.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_th.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_tr.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_uk.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_ur.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_vi.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.21.145\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.21.145\psmachine.dll
c:\program files\Google\Update\1.3.21.145\psuser.dll
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.145\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{45A6F98B-44A0-492A-BB99-48A7E3D9BB35}\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\26.0.1410.64\26.0.1410.64_26.0.1410.43_chrome_updater.exe
c:\program files\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-7.0.3.8542.exe
c:\program files\Google\Update\GoogleUpdate.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_gupdate
-------\Legacy_gupdate
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-06-28 do 2013-07-28 )))))))))))))))))))))))))))))))
.
.
2013-07-28 01:20 . 2013-07-28 01:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{CC71B1CB-A2E4-4CF7-8EDB-A0E290BA1604}
2013-07-27 12:06 . 2013-07-27 12:06 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-07-25 21:05 . 2013-07-25 21:05 -------- d-----w- c:\documents and settings\Owner\Local Settings\Data aplikací\DealPlyLive
2013-07-25 21:05 . 2013-07-25 21:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DealPlyLive
2013-07-25 21:05 . 2013-07-25 21:05 -------- d-----w- c:\documents and settings\Owner\Data aplikací\Dealply
2013-07-25 21:05 . 2013-07-25 21:05 -------- d-----w- c:\documents and settings\Owner\Data aplikací\SimilarSites
2013-07-25 21:04 . 2013-07-25 21:04 -------- d-----w- c:\documents and settings\Owner\Data aplikací\FoxTab
2013-07-25 20:59 . 2013-07-25 20:59 -------- d-----w- c:\documents and settings\Owner\Data aplikací\searchya
2013-07-25 20:59 . 2013-07-25 20:59 -------- d-----w- c:\documents and settings\Owner\Data aplikací\0O0R0F
2013-07-25 17:34 . 2013-07-25 17:34 -------- d-----w- c:\windows\ERUNT
2013-07-24 16:57 . 2013-07-24 16:58 -------- d-----w- c:\windows\system32\NtmsData
2013-07-24 16:49 . 2013-07-24 17:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Avira
2013-07-23 20:22 . 2013-05-09 08:58 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-07-23 20:17 . 2013-07-24 15:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2013-07-17 17:00 . 2013-07-17 17:05 -------- d-----w- c:\windows\system32\MRT
2013-07-16 18:27 . 2013-07-16 18:27 -------- d-----w- c:\windows\system32\wbem\Repository
2013-07-16 17:04 . 2013-07-16 18:25 -------- d-----w- c:\documents and settings\All Users\Data aplikací\syafyey savie
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-11 14:51 . 2012-04-04 17:22 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-11 14:51 . 2011-05-24 16:28 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-08 01:24 . 2006-03-02 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:53 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-07 21:53 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-07 18:25 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-06-05 09:08 . 2006-03-02 12:00 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 07:23 . 2006-03-02 12:00 563712 ----a-w- c:\windows\system32\qedit.dll
2013-05-08 09:58 . 2006-10-18 20:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-05-03 05:38 . 2006-03-02 12:00 2151936 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 05:38 . 2004-08-17 15:45 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2004-10-01 13:00 . 2007-08-10 22:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2006-10-14 69632]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"T-Mobile CManager"="c:\program files\T-Mobile\T-Mobile Internet Manager\Manager.exe" [2013-07-03 2076952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-06-08 53248]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2007-01-16 843776]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2006-11-02 1397760]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2013-06-20 80480]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2011-03-15 650080]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Owner\Nabídka Start\Programy\Po spuštění\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth.lnk - c:\program files\Belkin\Bluetooth Software\BTTray.exe [2006-6-7 553021]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Documents and Settings\\Owner\\Plocha\\utorrent_torrentreactor.net.exe"=
"c:\\Documents and Settings\\Owner\\Plocha\\Hry\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Documents and Settings\\Owner\\Plocha\\Hry\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Documents and Settings\\Owner\\Plocha\\Filmy\\PCPerformer-BitTorrent-b\\PCPerformerSetup_BT.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
.
R1 atm;NettGain 1200 ATM;c:\windows\system32\drivers\ATM.sys [29.7.2008 17:31 233684]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [27.7.2013 14:06 218688]
R1 TSM;TSM Driver - Layered Version;c:\windows\system32\drivers\TSM.sys [29.7.2008 17:31 36413]
R2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\drivers\ethpdrv.sys [24.9.2007 18:35 9728]
R2 GenPort;GenPort;c:\windows\system32\drivers\GENPORT.SYS [15.8.2007 21:49 4832]
R2 MapMem;MapMem;c:\windows\system32\drivers\MAPMEM.SYS [15.8.2007 21:49 6816]
R2 MbnExt;Mobile Broadband Extension Service;c:\windows\system32\svchost.exe -k MbnExt [2.3.2006 14:00 14336]
R2 NTRemap;NTRemap;c:\windows\system32\drivers\NTREMAP.SYS [15.8.2007 21:49 6336]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [15.3.2011 14:44 428384]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32\StkCSrv.exe [8.8.2007 11:07 24576]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [18.6.2013 17:15 90368]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [18.6.2013 17:15 73216]
R3 Pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [18.6.2008 17:21 47360]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\drivers\StkCMini.sys [8.8.2007 11:07 1245056]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [18.6.2013 17:15 102784]
S3 ipw_bus;IPWireless;c:\windows\system32\drivers\ipw_bus.sys [24.9.2007 18:35 58320]
S3 ipw_mdfl;Wireless Broadband Modem Filter;c:\windows\system32\drivers\ipw_mdfl.sys [24.9.2007 18:35 8272]
S3 ipw_mdm;Wireless Broadband Modem (WDM);c:\windows\system32\drivers\ipw_mdm.sys [24.9.2007 18:35 95440]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5.5.2011 18:41 38224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
MbnExt REG_MULTI_SZ MbnExt
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 15:14 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-07-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 14:51]
.
.
------- Doplňkový sken -------
.
uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=AEA1669001CC1AF300314298&src_id=12251&camp_id=2556&tb_version=2.5.18000.3
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\rid2zvyl.default\
FF - ExtSQL: 2013-06-26 19:35; pluswinks@PlusWinks; c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\rid2zvyl.default\extensions\pluswinks@PlusWinks.xpi
FF - ExtSQL: 2013-07-16 19:05; iayu01v7w@eiymmko.edu; c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\rid2zvyl.default\extensions\iayu01v7w@eiymmko.edu
FF - ExtSQL: 2013-07-16 19:05; ceuje5z9v@ttauu-.co.uk; c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\rid2zvyl.default\extensions\ceuje5z9v@ttauu-.co.uk
FF - ExtSQL: 2013-07-25 23:06; {5ebdca98-43b3-45bb-87e0-716029fb42ab}; c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\rid2zvyl.default\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}
FF - ExtSQL: 2013-07-25 23:06; WebSiteRecommendation@weliketheweb.com; c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\rid2zvyl.default\extensions\WebSiteRecommendation@weliketheweb.com
FF - ExtSQL: !HIDDEN! 2009-09-02 17:16; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: extensions.searchya.hmpg - true
FF - user.js: extensions.searchya.hmpgUrl - hxxp://www.searchya.com/?f=1&a=SearchooD&cd=2X ... 363791&ir=
FF - user.js: extensions.searchya.dfltSrch - true
FF - user.js: extensions.searchya.srchPrvdr - SearchYa!
FF - user.js: extensions.searchya.dnsErr - true
FF - user.js: extensions.searchya_i.newTab - false
FF - user.js: extensions.searchya.newTabUrl - hxxp://www.searchya.com/?f=2&a=SearchooD&cd=2X ... 363791&ir=
FF - user.js: extensions.searchya.tlbrSrchUrl - hxxp://www.searchya.com/?f=3&a=SearchooD&cd=2X ... 791&ir=&q=
FF - user.js: extensions.searchya.id - 001BFCDE4502CA67
FF - user.js: extensions.searchya.instlDay - 15911
FF - user.js: extensions.searchya.vrsn - 1.8.8.0
FF - user.js: extensions.searchya.vrsni - 1.8.8.0
FF - user.js: extensions.searchya_i.vrsnTs - 1.8.8.022:59
FF - user.js: extensions.searchya.prtnrId - searchya
FF - user.js: extensions.searchya.prdct - searchya
FF - user.js: extensions.searchya.aflt - SearchooD
FF - user.js: extensions.searchya_i.smplGrp - none
FF - user.js: extensions.searchya.tlbrId - base
FF - user.js: extensions.searchya.instlRef -
FF - user.js: extensions.searchya.dfltLng -
FF - user.js: extensions.searchya.appId - {1973277F-87B0-4EA3-9ED2-470A91D284CF}
FF - user.js: extensions.searchya.excTlbr - false
FF - user.js: extensions.searchya_i.hmpg - true
FF - user.js: extensions.searchya.cr - 503363791
FF - user.js: extensions.searchya.cd - 2XzuyEtN2Y1L1QzutDtDtC0B0F0C0D0EyEyDtDtB0C0AyCyBtN0D0Tzu0CyDyBtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu0O0R0F
FF - user.js: extensions.irspeeddial.aflt - SearchooD
FF - user.js: extensions.irspeeddial.instlRef -
FF - user.js: extensions.irspeeddial.cr - 503363791
FF - user.js: extensions.irspeeddial.cd - 2XzuyEtN2Y1L1QzutDtDtC0B0F0C0D0EyEyDtDtB0C0AyCyBtN0D0Tzu0CyDyBtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu0O0R0F
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-28 03:20
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(980)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
.
- - - - - - - > 'lsass.exe'(1036)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
.
- - - - - - - > 'explorer.exe'(2164)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Belkin\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\ACEngSvr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\ATK0100\ATKOSD.exe
.
**************************************************************************
.
Celkový čas: 2013-07-28 03:24:02 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-07-28 01:24
ComboFix2.txt 2013-07-27 12:09
.
Před spuštěním: Volných bajtů: 54 952 714 240
Po spuštění: Volných bajtů: 54 897 811 456
.
- - End Of File - - 95F9571A385A7C1FCD3EB988AFB12A08
413FC2A0C716421B3158746D63736515

[Riky]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:36:36, on 28.7.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ASUSTPE.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\T-Mobile\T-Mobile Internet Manager\Manager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.alot.com/web?q=&pr=auto&c ... .5.18000.3
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [T-Mobile CManager] "C:\Program Files\T-Mobile\T-Mobile Internet Manager\Manager.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0304E364-FEE3-41BF-AD2B-728DE103E197}: NameServer = 93.153.117.1 93.153.117.33
O17 - HKLM\System\CS4\Services\Tcpip\..\{0304E364-FEE3-41BF-AD2B-728DE103E197}: NameServer = 93.153.117.1 93.153.117.33
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe

--
End of file - 9180 bytes

[Riky]

http://r.virscan.org/report/117eb01304b ... 2101f.html

[Riky]

Pánové, díky moc, vidím, že s mým noťasem máte opravdu hodně práce....fakt jsem si nemyslel, že toho bude tolik.....
Během neděle sem dodám log ze CFSriptu od Žbekyho...

[jaro3]

Dodej ,a to , co jsem dával já taky. někdy se to holt protáhne , ještě pak uděláme OTL.

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.alot.com/web?q=&pr=auto&c ... .5.18000.3
R3 - URLSearchHook: (no name) - - (no file)

[Riky]

ComboFix 13-07-25.02 - Owner 28.07.2013 13:01:05.8.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.478 [GMT 2:00]
Spuštěný z: c:\documents and settings\Owner\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Owner\Plocha\CFScript.txt
.
FILE ::
"c:\windows\system32\aswBoot.exe"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-06-28 do 2013-07-28 )))))))))))))))))))))))))))))))
.
.
2013-07-28 11:17 . 2013-07-28 11:17 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{CC71B1CB-A2E4-4CF7-8EDB-A0E290BA1604}
2013-07-27 12:06 . 2013-07-27 12:06 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-07-25 21:05 . 2013-07-25 21:05 -------- d-----w- c:\documents and settings\Owner\Local Settings\Data aplikací\DealPlyLive
2013-07-25 21:05 . 2013-07-25 21:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DealPlyLive
2013-07-25 21:05 . 2013-07-25 21:05 -------- d-----w- c:\documents and settings\Owner\Data aplikací\Dealply
2013-07-25 21:05 . 2013-07-25 21:05 -------- d-----w- c:\documents and settings\Owner\Data aplikací\SimilarSites
2013-07-25 21:04 . 2013-07-25 21:04 -------- d-----w- c:\documents and settings\Owner\Data aplikací\FoxTab
2013-07-25 20:59 . 2013-07-25 20:59 -------- d-----w- c:\documents and settings\Owner\Data aplikací\searchya
2013-07-25 20:59 . 2013-07-25 20:59 -------- d-----w- c:\documents and settings\Owner\Data aplikací\0O0R0F
2013-07-25 17:34 . 2013-07-25 17:34 -------- d-----w- c:\windows\ERUNT
2013-07-24 16:57 . 2013-07-24 16:58 -------- d-----w- c:\windows\system32\NtmsData
2013-07-24 16:49 . 2013-07-24 17:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Avira
2013-07-23 20:22 . 2013-05-09 08:58 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-07-23 20:17 . 2013-07-24 15:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2013-07-17 17:00 . 2013-07-17 17:05 -------- d-----w- c:\windows\system32\MRT
2013-07-16 18:27 . 2013-07-16 18:27 -------- d-----w- c:\windows\system32\wbem\Repository
2013-07-16 17:04 . 2013-07-16 18:25 -------- d-----w- c:\documents and settings\All Users\Data aplikací\syafyey savie
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-11 14:51 . 2012-04-04 17:22 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-11 14:51 . 2011-05-24 16:28 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-08 01:24 . 2006-03-02 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:53 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-07 21:53 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-07 18:25 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-06-05 09:08 . 2006-03-02 12:00 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 07:23 . 2006-03-02 12:00 563712 ----a-w- c:\windows\system32\qedit.dll
2013-05-08 09:58 . 2006-10-18 20:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-05-03 05:38 . 2006-03-02 12:00 2151936 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 05:38 . 2004-08-17 15:45 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2004-10-01 13:00 . 2007-08-10 22:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2006-10-14 69632]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"T-Mobile CManager"="c:\program files\T-Mobile\T-Mobile Internet Manager\Manager.exe" [2013-07-03 2076952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-06-08 53248]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2007-01-16 843776]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2006-11-02 1397760]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2013-06-20 80480]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2011-03-15 650080]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Owner\Nabídka Start\Programy\Po spuštění\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth.lnk - c:\program files\Belkin\Bluetooth Software\BTTray.exe [2006-6-7 553021]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Documents and Settings\\Owner\\Plocha\\utorrent_torrentreactor.net.exe"=
"c:\\Documents and Settings\\Owner\\Plocha\\Hry\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Documents and Settings\\Owner\\Plocha\\Hry\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Documents and Settings\\Owner\\Plocha\\Filmy\\PCPerformer-BitTorrent-b\\PCPerformerSetup_BT.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
.
R1 atm;NettGain 1200 ATM;c:\windows\system32\drivers\ATM.sys [29.7.2008 17:31 233684]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [27.7.2013 14:06 218688]
R1 TSM;TSM Driver - Layered Version;c:\windows\system32\drivers\TSM.sys [29.7.2008 17:31 36413]
R2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\drivers\ethpdrv.sys [24.9.2007 18:35 9728]
R2 GenPort;GenPort;c:\windows\system32\drivers\GENPORT.SYS [15.8.2007 21:49 4832]
R2 MapMem;MapMem;c:\windows\system32\drivers\MAPMEM.SYS [15.8.2007 21:49 6816]
R2 MbnExt;Mobile Broadband Extension Service;c:\windows\system32\svchost.exe -k MbnExt [2.3.2006 14:00 14336]
R2 NTRemap;NTRemap;c:\windows\system32\drivers\NTREMAP.SYS [15.8.2007 21:49 6336]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [15.3.2011 14:44 428384]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32\StkCSrv.exe [8.8.2007 11:07 24576]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [18.6.2013 17:15 90368]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [18.6.2013 17:15 73216]
R3 Pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [18.6.2008 17:21 47360]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\drivers\StkCMini.sys [8.8.2007 11:07 1245056]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [18.6.2013 17:15 102784]
S3 ipw_bus;IPWireless;c:\windows\system32\drivers\ipw_bus.sys [24.9.2007 18:35 58320]
S3 ipw_mdfl;Wireless Broadband Modem Filter;c:\windows\system32\drivers\ipw_mdfl.sys [24.9.2007 18:35 8272]
S3 ipw_mdm;Wireless Broadband Modem (WDM);c:\windows\system32\drivers\ipw_mdm.sys [24.9.2007 18:35 95440]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5.5.2011 18:41 38224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
MbnExt REG_MULTI_SZ MbnExt
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 15:14 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 14:51]
.
.
------- Doplňkový sken -------
.
uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=AEA1669001CC1AF300314298&src_id=12251&camp_id=2556&tb_version=2.5.18000.3
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\rid2zvyl.default\
FF - ExtSQL: 2013-06-26 19:35; pluswinks@PlusWinks; c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\rid2zvyl.default\extensions\pluswinks@PlusWinks.xpi
FF - ExtSQL: 2013-07-16 19:05; iayu01v7w@eiymmko.edu; c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\rid2zvyl.default\extensions\iayu01v7w@eiymmko.edu
FF - ExtSQL: 2013-07-16 19:05; ceuje5z9v@ttauu-.co.uk; c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\rid2zvyl.default\extensions\ceuje5z9v@ttauu-.co.uk
FF - ExtSQL: 2013-07-25 23:06; {5ebdca98-43b3-45bb-87e0-716029fb42ab}; c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\rid2zvyl.default\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}
FF - ExtSQL: 2013-07-25 23:06; WebSiteRecommendation@weliketheweb.com; c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\rid2zvyl.default\extensions\WebSiteRecommendation@weliketheweb.com
FF - ExtSQL: !HIDDEN! 2009-09-02 17:16; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: extensions.searchya.hmpg - true
FF - user.js: extensions.searchya.hmpgUrl - hxxp://www.searchya.com/?f=1&a=SearchooD&cd=2X ... 363791&ir=
FF - user.js: extensions.searchya.dfltSrch - true
FF - user.js: extensions.searchya.srchPrvdr - SearchYa!
FF - user.js: extensions.searchya.dnsErr - true
FF - user.js: extensions.searchya_i.newTab - false
FF - user.js: extensions.searchya.newTabUrl - hxxp://www.searchya.com/?f=2&a=SearchooD&cd=2X ... 363791&ir=
FF - user.js: extensions.searchya.tlbrSrchUrl - hxxp://www.searchya.com/?f=3&a=SearchooD&cd=2X ... 791&ir=&q=
FF - user.js: extensions.searchya.id - 001BFCDE4502CA67
FF - user.js: extensions.searchya.instlDay - 15911
FF - user.js: extensions.searchya.vrsn - 1.8.8.0
FF - user.js: extensions.searchya.vrsni - 1.8.8.0
FF - user.js: extensions.searchya_i.vrsnTs - 1.8.8.022:59
FF - user.js: extensions.searchya.prtnrId - searchya
FF - user.js: extensions.searchya.prdct - searchya
FF - user.js: extensions.searchya.aflt - SearchooD
FF - user.js: extensions.searchya_i.smplGrp - none
FF - user.js: extensions.searchya.tlbrId - base
FF - user.js: extensions.searchya.instlRef -
FF - user.js: extensions.searchya.dfltLng -
FF - user.js: extensions.searchya.appId - {1973277F-87B0-4EA3-9ED2-470A91D284CF}
FF - user.js: extensions.searchya.excTlbr - false
FF - user.js: extensions.searchya_i.hmpg - true
FF - user.js: extensions.searchya.cr - 503363791
FF - user.js: extensions.searchya.cd - 2XzuyEtN2Y1L1QzutDtDtC0B0F0C0D0EyEyDtDtB0C0AyCyBtN0D0Tzu0CyDyBtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu0O0R0F
FF - user.js: extensions.irspeeddial.aflt - SearchooD
FF - user.js: extensions.irspeeddial.instlRef -
FF - user.js: extensions.irspeeddial.cr - 503363791
FF - user.js: extensions.irspeeddial.cd - 2XzuyEtN2Y1L1QzutDtDtC0B0F0C0D0EyEyDtDtB0C0AyCyBtN0D0Tzu0CyDyBtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu0O0R0F
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-28 13:17
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(980)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
.
- - - - - - - > 'lsass.exe'(1036)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
.
- - - - - - - > 'explorer.exe'(3688)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Belkin\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\ACEngSvr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\ATK0100\ATKOSD.exe
.
**************************************************************************
.
Celkový čas: 2013-07-28 13:20:31 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-07-28 11:20
ComboFix2.txt 2013-07-27 12:09
.
Před spuštěním: Volných bajtů: 54 909 743 104
Po spuštění: Volných bajtů: 54 887 985 152
.
- - End Of File - - 8D249713749639D364F4A1A6F19BBC1F
413FC2A0C716421B3158746D63736515

[Riky]

Tak snad jsem na nic nezapomněl, udělal jsem vše, dal jsem všechny logy a fixnul jsem ty dva řádky.

[Riky]

ještě předtím dotaz...jak psal včera v 18:16 Žbeky, psal, že to mám udělat v nouzovým režimu, teď mi docvaklo, že jsem to udělal omylem v plným režimu, je to na závadu? Mám to radši provést ještě jednou? Díky.

[memphisto]

V tom případě to udělej znovu a v nouzovém režimu a mou předchzí odpověď mažu

[Riky]

O.K. jdu na to...