Problém se zapnutím PC Vyřešeno

[novoty]

AVG se mi nepodařilo odstranit, pry nedostatecna kombaktibilita, asi je to tim ze mam SP1, au instnu SP3 tak to zkusim znovu...

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4183

Windows 5.1.2600 Service Pack 1
Internet Explorer 6.0.2800.1106

1.1.2004 19:18:30
mbam-log-2004-01-01 (19-18-30).txt

Typ skenu: Rychlý sken
Skenované objekty: 153761
Uplynulý čas: 18 minuta(y), 26 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 13
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\WINDOWS\system32\_id.dat (Malware.Trace) -> No action taken.

[Reklama]

[jaro3]

AVG můžeme odmazat potom..

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit nový log z MbAM.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

[novoty]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4183

Windows 5.1.2600 Service Pack 1
Internet Explorer 6.0.2800.1106

2.1.2004 18:21:50
mbam-log-2004-01-02 (18-21-50).txt

Typ skenu: Rychlý sken
Skenované objekty: 153618
Uplynulý čas: 16 minuta(y), 44 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 13
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\WINDOWS\system32\_id.dat (Malware.Trace) -> Quarantined and deleted successfully.

[novoty]

ComboFix 10-06-09.02 - David 02.01.2004 18:41:10.1.1 - x86
Spuštěný z: c:\documents and settings\David\Dokumenty\Downloads\ComboFix.exe
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\David\Data aplikací\inst.exe
c:\documents and settings\David\Data aplikací\pcouffin.sys
C:\Images
c:\images\housemarque.txt
c:\windows\system\cmicnfg.cpl
c:\windows\system\wininet.dll

c:\windows\system32\qmgr.dll . . . je infikován!!

.
((((((((((((((((((((((((( Soubory vytvořené od 2003-12-02 do 2004-01-02 )))))))))))))))))))))))))))))))
.

2009-10-30 05:24 . 2009-10-30 05:24 -------- d-----w- C:\found.000
2009-07-23 15:24 . 2010-06-08 11:43 -------- d-----w- c:\program files\Miranda IM
2009-07-23 07:14 . 2009-07-23 07:14 -------- d-----w- c:\program files\Conduit
2009-07-23 07:14 . 2004-01-01 16:49 -------- d-----w- c:\program files\BS_Player
2009-07-21 12:35 . 2009-07-27 20:50 -------- d-----w- c:\program files\TrojanHunter 5.0
2009-07-21 11:43 . 2009-07-21 11:43 2 --shatr- c:\windows\winstart.bat
2009-07-21 11:41 . 2009-07-21 12:31 -------- d-----w- c:\program files\UnHackMe
2009-07-21 11:35 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-07-21 11:35 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-07-21 11:35 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-07-21 11:35 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2009-07-21 11:35 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-07-21 11:28 . 2010-06-08 11:43 -------- d-----w- c:\program files\Trojancheck 6
2009-07-20 12:56 . 2009-07-24 10:29 -------- d-----w- C:\$AVG8.VAULT$
2009-07-20 12:42 . 2009-07-20 12:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-20 12:42 . 2009-07-20 12:42 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-20 12:42 . 2009-07-20 12:42 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-20 12:42 . 2009-07-20 12:42 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-20 12:42 . 2009-07-20 12:42 -------- d-----w- c:\windows\system32\drivers\Avg
2009-07-20 08:27 . 2009-01-22 00:40 163840 ----a-w- c:\windows\system32\SecureNet.dll
2009-07-07 23:55 . 2009-07-07 23:55 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-07-06 07:24 . 2009-07-06 07:44 14 ----a-w- c:\windows\popcinfot.dat
2009-06-23 11:22 . 2008-07-10 11:56 107864 ----a-w- c:\windows\system32\tsccvid.dll
2009-06-23 11:22 . 2009-06-23 11:22 -------- d-----w- c:\windows\system32\QuickTime
2009-06-21 18:09 . 2000-06-22 12:09 56320 ----a-r- c:\windows\system32\Iyvu9_32.dll
2009-06-18 10:28 . 2009-06-18 10:47 -------- d-----w- c:\program files\AVS4YOU
2009-06-18 10:27 . 2009-06-18 10:47 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-06-18 10:27 . 2009-01-28 18:49 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-05-14 19:51 . 2009-05-14 19:51 -------- d-----w- c:\program files\MSBuild
2009-05-14 19:51 . 2009-05-14 19:54 -------- d-----w- c:\windows\system32\XPSViewer
2009-05-14 19:51 . 2009-05-14 19:51 -------- d-----w- c:\program files\Reference Assemblies
2009-05-14 19:50 . 2007-03-22 18:24 28160 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-05-14 19:50 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-05-13 11:59 . 2009-05-13 11:58 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-10 19:37 . 2008-09-17 13:14 27672 ----a-r- c:\windows\system32\drivers\Entech.sys
2009-05-10 19:36 . 2009-05-10 19:36 -------- d-----w- c:\windows\system32\Futuremark
2009-05-10 19:36 . 2009-05-10 19:36 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2009-05-01 08:01 . 2009-05-01 08:01 -------- d-s---w- c:\documents and settings\Marcela a Anetka\UserData
2009-04-26 09:59 . 2009-04-26 10:00 -------- d-----w- c:\program files\Microsoft LifeCam
2009-04-20 19:07 . 2006-09-29 11:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-04-20 19:07 . 2007-03-18 19:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-04-20 19:07 . 2006-09-29 11:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-04-20 19:07 . 2006-09-29 11:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-04-20 19:07 . 2006-05-11 18:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2009-04-20 19:06 . 2004-05-04 10:53 1645320 ----a-w- c:\windows\gdiplus.dll
2009-04-20 18:48 . 2009-04-20 19:07 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-04-19 20:55 . 2009-04-20 19:06 -------- d-----w- c:\program files\vso
2009-04-19 06:29 . 2003-01-26 10:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2009-04-18 20:32 . 1994-12-05 23:00 12800 ----a-w- c:\windows\system\WING32.DLL
2009-04-18 20:32 . 1995-01-29 23:00 92208 ----a-w- c:\windows\system\WING.DLL
2009-04-18 17:55 . 2009-04-18 18:00 -------- d-----w- c:\windows\system32\HPAppData
2009-04-10 09:03 . 2009-04-10 09:03 -------- d-----r- C:\AHCache
2009-04-06 16:14 . 2009-04-09 16:07 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-03-28 13:29 . 2010-06-08 11:43 -------- d-----w- C:\RegCleaner
2009-03-23 15:52 . 2009-03-23 15:52 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-03-01 22:30 . 2010-06-08 11:43 -------- d-----w- c:\program files\Common Files\LightScribe
2009-03-01 22:17 . 2009-03-01 22:20 -------- d-----w- c:\program files\Common Files\Nero
2009-03-01 22:17 . 2009-03-01 22:17 -------- d-----w- c:\program files\Nero
2009-02-28 08:12 . 2009-02-28 08:12 -------- d-----w- c:\program files\Common Files\Skype
2009-02-28 08:12 . 2009-02-28 08:12 -------- d-----r- c:\program files\Skype
2009-02-06 12:24 . 2009-02-06 12:24 93336 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-02-06 12:23 . 2009-02-06 12:23 106208 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-02-06 12:19 . 2009-02-06 12:19 113448 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-02-05 11:03 . 2009-02-05 11:03 -------- d-----w- c:\documents and settings\David\.gegl-0.0
2009-01-27 18:07 . 2007-04-09 12:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2009-01-27 18:07 . 2007-04-09 12:23 28040 ----a-w- c:\windows\system32\mdimon.dll
2009-01-27 17:52 . 2009-01-27 18:02 -------- d-----w- c:\windows\SHELLNEW
2009-01-27 17:52 . 2009-01-27 17:52 -------- d-----w- c:\program files\Microsoft.NET
2009-01-12 19:37 . 2009-01-12 19:37 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-01-12 19:37 . 2009-01-12 19:37 -------- d-----w- c:\program files\Common Files\HP
2009-01-12 19:36 . 2007-10-30 09:25 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-01-12 19:36 . 2007-10-30 09:25 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-01-12 19:36 . 2007-11-08 14:52 271704 ----a-r- c:\windows\system32\hpzids01.dll
2009-01-12 19:36 . 2007-10-20 17:25 117760 ----a-w- c:\windows\system32\hpzll5mu.dll
2009-01-12 19:36 . 2007-10-20 17:21 278016 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5mu.dll
2009-01-12 19:35 . 2007-10-30 09:25 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-01-12 19:35 . 2007-10-30 09:25 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2009-01-12 19:35 . 2007-10-30 09:25 309760 ----a-r- c:\windows\system32\difxapi.dll
2009-01-12 19:35 . 2007-10-30 09:11 729088 ----a-r- c:\windows\system32\hpowiax7.dll
2009-01-12 19:35 . 2007-10-30 09:11 303104 ----a-r- c:\windows\system32\hpovst15.dll
2009-01-12 19:35 . 2007-10-30 09:11 581632 ----a-r- c:\windows\system32\hpotscl6.dll
2009-01-12 19:33 . 2009-01-12 19:38 -------- d-----w- c:\program files\HP
2009-01-12 19:32 . 2002-08-29 00:50 24960 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-01-12 19:30 . 2009-01-12 19:42 175686 ----a-w- c:\windows\hpoins27.dat
2009-01-12 19:30 . 2008-01-18 15:56 932 ------w- c:\windows\hpomdl27.dat
2009-01-10 10:25 . 2009-01-10 10:25 -------- d-----w- c:\windows\Logs
2008-12-24 13:02 . 2004-07-02 15:28 84992 ----a-w- c:\windows\system32\ATL70.DLL
2008-12-24 12:54 . 2005-02-09 10:59 14165 ----a-w- c:\windows\system32\drivers\Pclepci.sys
2008-12-21 10:13 . 2008-12-21 10:13 14 ----a-w- c:\windows\system32\System32.sys
2008-12-21 09:19 . 2006-10-26 06:01 157352 ------w- c:\windows\system32\pxwma.dll
2008-11-06 09:39 . 2009-05-14 19:54 -------- d-----w- c:\windows\system32\cs-cz
2008-11-06 09:39 . 2008-11-06 09:39 -------- d-----w- c:\windows\l2schemas
2008-11-06 09:39 . 2008-11-06 09:39 -------- d-----w- c:\windows\system32\cs
2008-11-06 09:39 . 2008-11-06 09:39 -------- d-----w- c:\windows\system32\bits
2008-11-06 09:35 . 2008-11-06 09:40 -------- d-----w- c:\windows\ServicePackFiles
2008-11-06 09:24 . 2008-11-06 09:24 -------- d-----w- c:\windows\EHome
2008-10-23 15:07 . 2008-10-23 15:07 -------- d-----w- c:\program files\Common Files\Adobe AIR
2008-10-02 23:46 . 2008-10-02 23:46 81920 ----a-w- c:\windows\system32\frapsvid.dll
2008-09-30 15:43 . 2008-09-30 15:43 1286152 ----a-w- c:\windows\system32\msxml4.dll
2008-09-28 08:38 . 2008-09-28 08:38 -------- d-----w- C:\Nokia
2008-09-18 17:53 . 2004-08-03 20:41 126686 -c----w- c:\windows\system32\drivers\mtlmnt5.sys
2008-09-18 17:53 . 2004-08-03 20:41 1309184 -c----w- c:\windows\system32\drivers\mtlstrm.sys
2008-09-18 17:53 . 2004-08-03 20:29 452736 -c----w- c:\windows\system32\drivers\mtxparhm.sys
2008-09-18 17:53 . 2004-08-03 20:41 11868 -c----w- c:\windows\system32\drivers\mdmxsdk.sys
2008-09-18 17:53 . 2004-08-03 20:41 1041536 -c----w- c:\windows\system32\drivers\hsfdpsp2.sys
2008-09-18 17:53 . 2004-08-03 20:41 685056 -c----w- c:\windows\system32\drivers\hsfcxts2.sys
2008-09-18 17:53 . 2004-08-03 20:41 220032 -c----w- c:\windows\system32\drivers\hsfbs2s2.sys
2008-09-06 11:36 . 2008-09-06 12:12 720896 ----a-w- c:\windows\IUN6002.EXE
2008-09-02 18:57 . 2008-09-02 19:00 882 -c--a-w- c:\windows\system32\ealregsnapshot1.reg
2008-08-19 13:33 . 2008-08-19 13:33 0 ---h--r- C:\logwmemory.bin
2008-08-16 15:32 . 2008-08-19 10:50 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2008-08-14 06:31 . 2001-10-24 10:25 5632 -c--a-w- c:\windows\system32\ptpusb.dll
2008-08-14 06:31 . 2004-08-17 13:49 159232 ----a-w- c:\windows\system32\ptpusd.dll
2008-08-14 06:31 . 2002-08-29 00:48 14208 ----a-w- c:\windows\system32\drivers\usbscan.sys
2008-08-11 13:15 . 2006-11-29 11:06 3426072 -c--a-w- c:\windows\system32\d3dx9_32.dll
2008-08-11 13:13 . 2008-08-11 13:13 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2008-08-11 12:53 . 2008-10-16 13:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2008-08-11 12:53 . 2008-10-16 13:06 208744 ----a-w- c:\windows\system32\muweb.dll
2008-08-11 12:19 . 2002-09-20 17:04 50176 ----a-w- c:\windows\system32\vfwwdm32.dll
2008-08-11 12:18 . 2007-04-10 21:46 1966312 ----a-w- c:\windows\system32\drivers\VX1000.sys
2008-08-11 12:18 . 2007-04-10 21:46 111976 -c--a-w- c:\windows\VX1000.dll
2008-08-11 12:18 . 2007-04-10 21:46 709992 ----a-w- c:\windows\vVX1000.exe
2008-08-11 12:18 . 2007-04-10 21:46 476520 ----a-w- c:\windows\vVX1000.dll
2008-08-11 12:18 . 2007-04-10 21:46 185704 -c--a-w- c:\windows\system32\cVX1000.dll
2008-08-11 12:18 . 2007-04-10 21:46 202088 ----a-w- c:\windows\system32\LCCoin14.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-08 11:43 . 2009-07-21 11:28 -------- d-----w- c:\program files\Trojancheck 6
2010-04-29 14:39 . 2004-01-01 16:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2004-01-01 16:53 19288 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-20 08:37 . 2009-07-20 08:37 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-07-01 14:10 . 2005-04-19 10:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-19 19:04 . 2004-08-18 12:00 83846 ----a-w- c:\windows\system32\perfc005.dat
2009-06-19 19:04 . 2004-08-18 12:00 441268 ----a-w- c:\windows\system32\perfh005.dat
2009-04-29 04:35 . 2004-08-18 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-02-05 21:11 . 2005-04-19 11:04 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-02-05 21:08 . 2005-04-19 11:04 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-02-05 21:08 . 2005-04-19 11:04 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-02-05 21:06 . 2005-04-19 11:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-02-05 21:06 . 2005-04-19 11:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-02-05 21:05 . 2005-04-19 11:04 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-02-05 21:04 . 2005-04-19 11:04 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2008-12-24 13:14 . 2005-04-19 10:54 -------- d-----w- c:\program files\Common Files\InstallShield
2008-11-06 09:46 . 2005-04-19 10:45 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2008-11-06 09:46 . 2005-04-19 10:45 2684 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2008-10-16 13:13 . 2005-04-19 10:44 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2008-10-16 13:12 . 2005-04-19 10:44 323608 ----a-w- c:\windows\system32\wucltui.dll
2008-10-16 13:12 . 2005-04-19 11:11 561688 ----a-w- c:\windows\system32\wuapi.dll
2008-10-16 13:09 . 2005-04-19 10:44 51224 ----a-w- c:\windows\system32\wuauclt.exe
2008-10-16 13:08 . 2005-04-19 11:11 34328 ----a-w- c:\windows\system32\wups.dll
2008-09-10 01:16 . 2008-04-14 03:21 1307648 -c----w- c:\windows\system32\msxml6.dll
2008-06-24 16:12 . 2006-10-18 19:47 295936 ------w- c:\windows\system32\wmpeffects.dll
2008-04-14 06:52 . 2004-08-18 12:00 11264 ----a-w- c:\windows\system32\SPNPINST.EXE
2008-04-14 03:21 . 2008-04-14 03:21 3901 -c----w- c:\windows\system32\drivers\siint5.dll
2008-04-14 03:18 . 2004-08-18 12:00 7680 -c--a-w- c:\windows\system32\kbdsmsno.dll
2008-04-14 03:18 . 2004-08-18 12:00 7680 -c--a-w- c:\windows\system32\kbdsmsfi.dll
2008-04-14 03:18 . 2004-08-18 12:00 7168 -c--a-w- c:\windows\system32\kbdukx.dll
2008-04-14 03:18 . 2004-08-18 12:00 7168 -c--a-w- c:\windows\system32\kbdfi1.dll
2008-04-14 03:18 . 2004-08-18 12:00 7168 ----a-w- c:\windows\system32\kbdno1.dll
2008-04-14 03:18 . 2004-08-18 12:00 6656 -c--a-w- c:\windows\system32\kbdinmal.dll
2008-04-14 03:18 . 2004-08-18 12:00 6144 -c--a-w- c:\windows\system32\kbdmlt48.dll
2008-04-14 03:18 . 2004-08-18 12:00 6144 -c--a-w- c:\windows\system32\kbdmlt47.dll
2008-04-14 03:18 . 2004-08-18 12:00 6144 -c--a-w- c:\windows\system32\kbdinben.dll
2008-04-14 03:18 . 2004-08-18 12:00 6144 -c--a-w- c:\windows\system32\kbdinbe1.dll
2008-04-14 03:18 . 2004-08-18 12:00 5632 -c--a-w- c:\windows\system32\kbdmaori.dll
2008-04-14 02:25 . 2004-08-18 12:00 40192 ----a-w- c:\windows\system32\drivers\intelppm.sys
2008-04-13 18:53 . 2004-08-18 12:00 264832 ----a-w- c:\windows\system32\drivers\http.sys
2008-04-13 18:53 . 2004-08-18 12:00 36608 ----a-w- c:\windows\system32\drivers\ip6fw.sys
2008-04-13 18:40 . 2004-08-18 12:00 11904 -c--a-w- c:\windows\system32\drivers\sffdisk.sys
2008-04-13 18:40 . 2004-08-18 12:00 11008 -c--a-w- c:\windows\system32\drivers\sffp_sd.sys
2008-04-13 18:40 . 2004-08-18 12:00 463360 ----a-w- c:\windows\system32\xpob2res.dll
2008-04-13 18:36 . 2004-08-03 23:07 15488 ----a-w- c:\windows\system32\drivers\mssmbios.sys
2008-04-13 18:36 . 2004-08-18 12:00 79232 -c--a-w- c:\windows\system32\drivers\sdbus.sys
2008-04-13 18:36 . 2004-08-18 12:00 2927616 ----a-w- c:\windows\system32\xpsp2res.dll
2008-04-13 18:32 . 2005-04-19 10:44 129792 ----a-w- c:\windows\system32\drivers\fltmgr.sys
2007-03-07 23:51 . 2008-08-29 09:53 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2007-03-07 23:51 . 2008-08-29 09:53 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2007-03-07 23:51 . 2008-08-29 09:53 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2007-03-07 23:51 . 2008-08-29 09:53 129784 ------w- c:\windows\system32\pxafs.dll
2007-01-05 18:57 . 2007-01-05 18:57 99840 -c--a-w- c:\windows\system32\SET1AD.tmp
2007-01-05 18:55 . 2004-08-18 12:00 238592 ----a-w- c:\windows\system32\wmerror.dll
2006-12-28 19:01 . 2006-12-28 19:01 19569 -c--a-w- c:\windows\002839_.tmp
2006-10-18 19:58 . 2004-08-10 20:05 8704 ----a-w- c:\windows\system32\UWDF.EXE
2006-10-18 19:58 . 2004-08-10 20:05 8704 ----a-w- c:\windows\system32\WDFMGR.EXE
2006-10-18 18:00 . 2004-08-10 20:05 38528 ----a-w- c:\windows\system32\drivers\wpdusb.sys
2006-09-28 14:05 . 2008-08-11 12:10 237848 -c--a-w- c:\windows\system32\xactengine2_4.dll
2006-09-28 14:05 . 2008-08-11 12:10 2414360 -c--a-w- c:\windows\system32\d3dx9_31.dll
2006-09-28 14:04 . 2008-08-11 12:10 68888 -c--a-w- c:\windows\system32\xinput1_3.dll
2006-09-28 14:03 . 2008-08-11 12:10 15128 -c--a-w- c:\windows\system32\x3daudio1_1.dll
2006-07-28 07:30 . 2008-08-11 12:10 236824 -c--a-w- c:\windows\system32\xactengine2_3.dll
2006-07-28 07:30 . 2008-08-11 12:10 62744 -c--a-w- c:\windows\system32\xinput1_2.dll
2006-02-23 14:08 . 2006-02-23 14:08 -------- d-----w- c:\windows\Fonts\Fonts
2005-05-26 13:34 . 2008-08-11 12:10 2297552 -c--a-w- c:\windows\system32\d3dx9_26.dll
2005-05-26 02:16 . 2005-04-19 10:44 194328 -c--a-w- c:\windows\system32\wuaueng1.dll
2005-05-26 02:16 . 2005-04-19 10:44 173336 -c--a-w- c:\windows\system32\wuauclt1.exe
2005-05-02 06:30 . 2005-05-02 06:30 -------- d-----w- c:\program files\Hewlett-Packard
2005-04-26 11:15 . 2005-04-19 10:46 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2005-04-19 11:25 . 2005-04-19 11:25 -------- d-----w- c:\program files\MadOnion.com
2005-04-19 11:04 . 2005-04-19 11:04 -------- d-----w- c:\program files\Alwil Software
2005-04-19 11:00 . 2005-04-19 11:00 -------- d-----w- c:\program files\C-Media 3D Audio
2005-04-19 10:59 . 2005-04-19 10:54 3 -c--a-w- c:\windows\system32\BSETUP.TMP
2005-04-19 10:55 . 2005-04-19 10:55 -------- d-----w- c:\program files\Intel
2005-04-19 10:46 . 2005-04-19 10:46 -------- d-----w- c:\program files\microsoft frontpage
2005-04-19 10:46 . 2005-04-19 10:46 0 --sha-r- C:\Copy of MSDOS.SYS
2005-04-19 10:46 . 2005-04-19 10:46 0 --sha-r- C:\Copy of IO.SYS
2005-04-19 10:44 . 2005-04-19 10:44 21812 -c--a-w- c:\windows\system32\emptyregdb.dat
2005-03-21 22:26 . 2008-12-24 13:00 1047552 ----a-w- c:\windows\system32\MFC71u.DLL
2005-02-23 12:11 . 2005-02-23 12:11 6640 -c--a-r- c:\windows\system32\drivers\z800wh95.sys
2005-02-11 09:24 . 2005-03-11 14:17 79488 ----a-r- c:\windows\system32\drivers\k750obex.sys
2005-02-11 09:24 . 2005-03-11 14:17 6144 -c--a-r- c:\windows\system32\drivers\k750cmnt.sys
2005-02-11 09:22 . 2005-03-11 14:17 81728 ----a-r- c:\windows\system32\drivers\k750mgmt.sys
2005-02-11 09:21 . 2005-03-11 14:17 89872 ----a-r- c:\windows\system32\drivers\k750mdm.sys
2005-02-11 09:21 . 2005-03-11 14:17 6576 ----a-r- c:\windows\system32\drivers\k750mdfl.sys
2005-02-11 09:19 . 2005-03-11 14:17 55216 ----a-r- c:\windows\system32\drivers\k750bus.sys
2005-02-11 09:19 . 2005-03-11 14:17 5744 -c--a-r- c:\windows\system32\drivers\k750whnt.sys
2005-01-17 13:48 . 2006-02-22 14:26 23000 ----a-w- c:\windows\system32\drivers\btcusb.sys
2005-01-13 14:20 . 2006-02-22 14:26 12500 ----a-w- c:\windows\system32\drivers\vbtenum.sys
2004-12-16 15:32 . 2006-02-22 14:26 13304 ----a-w- c:\windows\system32\drivers\BTNetFilter.sys
2004-11-25 16:41 . 2004-11-25 16:41 46080 ----a-w- c:\windows\system32\drivers\sfdrv01.sys
2004-11-05 10:39 . 2006-02-22 14:26 82148 ----a-w- c:\windows\system32\drivers\VcommMgr.sys
2004-10-19 12:40 . 2006-02-22 14:26 28207 ----a-w- c:\windows\system32\drivers\BTHidMgr.sys
2004-10-19 12:37 . 2006-02-22 14:26 61312 ----a-w- c:\windows\system32\drivers\VComm.sys
2004-10-19 10:39 . 2006-02-22 14:26 20096 ----a-w- c:\windows\system32\drivers\blueletaudio.sys
2004-09-22 17:08 . 2006-02-22 14:26 12504 ----a-w- c:\windows\system32\drivers\VHIDMini.sys
2004-09-21 17:18 . 2006-02-22 14:26 7680 -c--a-w- c:\windows\system32\btinstall.dll
2004-09-21 17:18 . 2006-02-22 14:26 148830 -c--a-w- c:\windows\system32\drivers\bcbthub.sys
2004-09-21 17:18 . 2006-02-22 14:26 116021 -c--a-w- c:\windows\system32\drivers\fw203x.sys
.

------- Sigcheck -------

[-] 2008-04-14 . 11206F36D3087F3C5C08608E73DF24EB . 13824 . . [5.1.2600.5512] . . c:\windows\system32\WSCNTFY.EXE

[-] 2008-04-14 . EAA4BB9EDB3FB10CF8979FE65E63658F . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2003-04-16 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-20 12:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *sprestrt

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Hidden & Dangerous 2\\ServerLauncher.exe"=
"d:\\Hidden & Dangerous 2\\HD2DS.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"d:\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"d:\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"d:\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"d:\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"d:\\Xfire\\Xfire.exe"=
"d:\\Hidden & Dangerous 2\\hd2.exe"=
"c:\\Documents and Settings\\David\\Plocha\\TeamViewer.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-03-23 717296]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2prt.sys [2004-08-25 9984]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
S1 aswSP;avast! Self Protection; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-07-20 335752]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-07-20 108552]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2009-02-06 93336]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-07-20 298776]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ
hpdevmgmt REG_MULTI_SZ hpqcxs08

NETSVCS MUSÍ BÝT OPRAVENY - dosavadní položky jsou:
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
ShellHWDetection

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 13:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - d:\micros~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\David\Data aplikací\Mozilla\Firefox\Profiles\inyvt65j.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - component: c:\documents and settings\David\Data aplikací\Mozilla\Firefox\Profiles\inyvt65j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFAlert.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: d:\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
d:\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl
HKU-Default-Run-do_not_delete - c:\windows\system32\do_not_delete.exe
AddRemove-ACDSee 32 - c:\progra~1\ACDSee32\UNWISE.EXE
AddRemove-HP LaserJet 1200 Uninstaller - c:\program files\Hewlett-Packard\LaserJet All-in-one\Uninstall\1200\setup.exe
AddRemove-ViewpointMediaPlayer - c:\program files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe
AddRemove-Windows Media Format Runtime - c:\program files\Windows Media Player\wmsetsdk.exe
AddRemove-Windows Media Player - c:\program files\Windows Media Player\Setup_wm.exe
AddRemove-WinRAR archiver - c:\program files\WinRAR\uninstall.exe
AddRemove-{BEE64C14-BEF1-4610-8A68-A16EAA47B882} - c:\program files\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe
AddRemove-{D77D43B5-ED55-426b-B67B-E21F804F6102} - d:\hp\Digital Imaging\{D77D43B5-ED55-426b-B67B-E21F804F6102}\setup\hpzscr01.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2004-01-02 18:53
Windows 5.1.2600 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(512)
c:\windows\System32\ODBC32.dll
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

- - - - - - - > 'lsass.exe'(568)
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\System32\dssenh.dll

- - - - - - - > 'explorer.exe'(3876)
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\System32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\System32\wpabaln.exe
.
**************************************************************************
.
Celkový čas: 2004-01-02 19:00:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2004-01-02 18:00

Před spuštěním: 2 889 334 784
Po spuštění: 3 006 406 656

winxpsp1_cs_hom_bf.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect 1

- - End Of File - - DF724E2DD9C4FB3A2582B211909CEF39

[jaro3]

Nejprve zkus odinstalovat:
TrojanHunter 5.0
c:\program files\UnHackMe
AW Caesar 7
Trojancheck 6


Pak zkus odinstalovat zbytky po ESET NOD32, AVG a AVASTU tímto:

NOD32:
http://www.nod32.nl/download/tool/nod32removal.exe

AVG:
http://www.avg.com/cz-cs/stahnout-nastroje
http://www.avg.com/filedir/util/avg_arm ... emover.exe

Avast:
Jak odinstalovat avast! za použití nástroje aswClear:
Stáhněte aswClear.exe
http://files.avast.com/files/eng/aswclear.exe

na vaší pracovní plochu
Spusťte jej
Pokud jste instalovali avast! do jiného než výchozího adresáře, nalistujte jej. (Poznámka: Buďte opatrní! Obsah adresáře, který vyberete, bude smazán!!!
Stiskněte SMAZAT
Restartujte počítač
/////////////////////////////////////////////////////////////////////////////////////////////

Start-spustit-napiš: notepad ,do něho vlož tento celý text:

Kód: Vybrat vše

dir \qmgr.dll  /a h /s > File.txt

uložit na plochu s názvem: find.bat (typ souboru- všechny soubory)
Najdi ho na ploše, poklepej na něj a počkej až se okno zavře a objeví se soubor.txt
Vlož sem potom celý text z tohoto souboru.

*********************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\winstart.bat
c:\windows\system32\ztvcabinet.dll
c:\windows\system32\ztvunrar36.dll
c:\windows\system32\ztvunace26.dll
c:\windows\system32\unrar3.dll
c:\windows\system32\unacev2.dll
c:\windows\popcinfot.dat
c:\windows\system32\System32.sys
c:\windows\IUN6002.EXE
c:\windows\system32\SET1AD.tmp
c:\windows\002839_.tmp
c:\windows\system32\BSETUP.TMP

Folder::
C:\found.000
c:\program files\TrojanHunter 5.0
c:\program files\UnHackMe
c:\program files\Trojancheck 6

Firefox::
FF - ProfilePath - c:\documents and settings\David\Data aplikací\Mozilla\Firefox\Profiles\inyvt65j.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\WSCNTFY.EXE
c:\windows\system32\xmlprov.dll
c:\windows\system32\drivers\ip6fw.sys
c:\windows\system32\qmgr.dll
Pokud už byl soubor testován-klikni na otestovat znovu.
Až skončí test všech antivirů, vlož sem pak odkazy na stránky s výsledky.

************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs"=-
"netsvcs"=hex(7):36,00,74,00,6f,00,34,00,00,00,41,00,70,00,70,00,4d,00,67,00,\
  6d,00,74,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,42,\
  00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,43,00,72,00,79,00,70,00,74,00,\
  53,00,76,00,63,00,00,00,44,00,4d,00,53,00,65,00,72,00,76,00,65,00,72,00,00,\
  00,44,00,48,00,43,00,50,00,00,00,45,00,52,00,53,00,76,00,63,00,00,00,45,00,\
  76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,61,\
  00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,\
  69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,\
  00,69,00,74,00,79,00,00,00,48,00,69,00,64,00,53,00,65,00,72,00,76,00,00,00,\
  49,00,61,00,73,00,00,00,49,00,70,00,72,00,69,00,70,00,00,00,49,00,72,00,6d,\
  00,6f,00,6e,00,00,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,53,00,65,00,72,00,\
  76,00,65,00,72,00,00,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,\
  00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,4d,00,65,00,73,00,\
  73,00,65,00,6e,00,67,00,65,00,72,00,00,00,4e,00,65,00,74,00,6d,00,61,00,6e,\
  00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,\
  00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,\
  00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,\
  74,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,\
  00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,\
  63,00,65,00,73,00,73,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,\
  00,00,00,53,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,53,00,45,00,\
  4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,\
  00,73,00,73,00,00,00,53,00,52,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,\
  00,00,54,00,61,00,70,00,69,00,73,00,72,00,76,00,00,00,54,00,68,00,65,00,6d,\
  00,65,00,73,00,00,00,54,00,72,00,6b,00,57,00,6b,00,73,00,00,00,57,00,33,00,\
  32,00,54,00,69,00,6d,00,65,00,00,00,57,00,5a,00,43,00,53,00,56,00,43,00,00,\
  00,57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,\
  00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,74,00,00,00,54,00,65,00,72,00,6d,\
  00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,77,00,75,00,61,00,75,00,\
  73,00,65,00,72,00,76,00,00,00,42,00,49,00,54,00,53,00,00,00,53,00,68,00,65,\
  00,6c,00,6c,00,48,00,57,00,44,00,65,00,74,00,65,00,63,00,74,00,69,00,6f,00,\
  6e,00,00,00,68,00,65,00,6c,00,70,00,73,00,76,00,63,00,00,00,78,00,6d,00,6c,\
  00,70,00,72,00,6f,00,76,00,00,00,77,00,73,00,63,00,73,00,76,00,63,00,00,00,\
  57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,00,00,00,00,00

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: FIX.REG
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Poklikej na soubor fix.reg na ploše.

[novoty]

Pardon, nastal problem, instnul jsem SP3, vse probehlo jak ma, po instalaci to mne chtelo restart, po restartu uz me to nechce pustit na plochu, vyzaduje to aktivaci windows. Dal jsem normalne po internetu, jenze pruvodce aktivaci nedetekuje moje internetove pripojeni. Respektive hodi chybu pri pripojeni. Co mam delat ? Zkousel jsem i nejak najet do nouzaku ale to nejde. Chce to aktivovat ale ja nevim jak. A aktivaci telefonem opravdu delat nechci...

[Žbeky]

Pokud se to nespojí/nedetekuje internetové připojení tak ti nic jiného než telefon nezbyde

[novoty]

A kdyz tam zavolam, bude to tam ne me mluvit alespon cesky ?

[Žbeky]

Určitě

[novoty]

Ok, ale zavolam tam az behem zitrka, ted se mi opravdu nechce.... /ach ta diaktrika, to IRC me uplne odrovnalo /

[jaro3]

Já jsem Ti neradil abys zrovna teď doinstalovával SP3 , když to nemáme odvirovaný. kromě toho SP3 se radí doinstalovat spíš na čistou novou instalaci.
Řiď se jen tím , co Ti radím.
Můžeš dát bod obnovy , aby ses vrátil před tu instalaci?

[novoty]

Omlouvám se, instalátor si sice bod obnovy vytvořil, ale já nemůžu najet do nouzáku, chce to po mně aktivovat windows. Jedině jestli by to nešlo třeba nějak z příkazového řádku, což asi nejde... :(