Malwarebytes Anti-Malware v 1.29

pistabaci · Příspěvekod **pistabaci** » 20 říj 2008 21:30

Keď ho spustim najde mi 13 svinstiev....ale nevymaze ani jednu...vraj po reštarte a ani po reštarte to nezlikviduje. V nudzovom rezime nenajde nič !!! Má niekto podobný problém ? Čo robiť ? Vďaka za rady. :-(

Reklama

Příspěvekod **jaro3** » 21 říj 2008 07:56

Vlož sem ten log znovu a nic nemaž!

pistabaci · Příspěvekod **pistabaci** » 21 říj 2008 10:27

Malwarebytes' Anti-Malware 1.29
Verze databáze: 1298
Windows 5.1.2600 Service Pack 3

2008-10-21 01:02:07
mbam-log-2008-10-21 (01-02-07).txt

Typ skenu: Rychlý sken
Objektu skenováno: 53263
Uplynulý cas: 6 minute(s), 54 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 13

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\WINDOWS\system32\winupd.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\winsys.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\skybot.exe (Backdoor.Bot) -> Delete on reboot.
C:\csrss.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\0.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\msa64chk.dll (Trojan.Perfiler) -> Delete on reboot.
C:\WINDOWS\system32\filekiller.dll (Rogue.Multiple) -> Delete on reboot.
C:\WINDOWS\system32\draw32.dll (Rootkit.Haxdor) -> Delete on reboot.
C:\WINDOWS\system32\cm.dll (Rootkit.Haxdor) -> Delete on reboot.
C:\WINDOWS\system32\vdnt32.sys (Rootkit.Haxdor) -> Delete on reboot.
C:\WINDOWS\system32\memlow.sys (Rootkit.Haxdor) -> Delete on reboot.
C:\WINDOWS\system32\hm.sys (Rootkit.Haxdor) -> Delete on reboot.
C:\WINDOWS\system32\wd.sys (Rootkit.Haxdor) -> Delete on reboot.

Příspěvekod **jaro3** » 21 říj 2008 10:53

Pc nerestartuj.
Pokud máš 32bit. verzi win, postupuj takto:
Nedal jsi log z HJT, vypni rez. ochranu u antiviru, pokud máš Spybot:
vypni rez. ochranu u SpyBota: postupuj podle fredika zde:
viewtopic.php?f=70&t=31077
Pokud máš SpywareTerminátor , vypni u něj rez. štít.
Stáhni si ComboFix (by sUBs)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

pistabaci · Příspěvekod **pistabaci** » 21 říj 2008 15:14

ComboFix 08-10-19.04 - pistabaci 2008-10-21 14:58:12.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.165 [GMT 2:00]
Running from: C:\Documents and Settings\pistabaci\Plocha\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\kuaiso toolsbar\
C:\Program Files\SelectRebates\
C:\WINDOWS\mc\
C:\WINDOWS\wincomp\
C:\WINDOWS\winmgts\
C:\WINDOWS\wintrim\
.
---- Previous Run -------
.
C:\Documents and Settings\pistabaci\Dokumenty\My Documents.url
C:\Documents and Settings\pistabaci\msvcm80.dll
C:\Documents and Settings\pistabaci\msvcp80.dll
C:\Documents and Settings\pistabaci\msvcr80.dll
C:\Documents and Settings\pistabaci\pthreadVC2.dll
C:\Program Files\180search assistant\
C:\Program Files\180searchassistant\
C:\Program Files\2search\
C:\Program Files\Accoona\
C:\Program Files\AVSystemCare\
C:\Program Files\bravesentry\
C:\Program Files\ClientMan\
C:\Program Files\CSBB\
C:\Program Files\DriveCleaner Free\
C:\Program Files\e2g\
C:\Program Files\HbTools\
C:\Program Files\Hotbar\
C:\Program Files\IEToolbar\
C:\Program Files\install provider\
C:\Program Files\instant access\
C:\Program Files\Instant Buzz\
C:\Program Files\ipwindows\
C:\Program Files\kuaiso toolsbar\
C:\Program Files\media-codec\
C:\Program Files\mmediacodec\
C:\Program Files\MyWebSearch\
C:\Program Files\newdotnet\
C:\Program Files\p4p\
C:\Program Files\PerfectCleaner\
C:\Program Files\PestTrap\
C:\Program Files\purityscan\
C:\Program Files\regifast\
C:\Program Files\seekmo\
C:\Program Files\SelectRebates\
C:\Program Files\SideFind\
C:\Program Files\spamblockerutility\
C:\Program Files\spysheriff\
C:\Program Files\Spytech Software\
C:\Program Files\starware\
C:\Program Files\stc\
C:\Program Files\SurfAccuracy\
C:\Program Files\surfsidekick 3\
C:\Program Files\toolbar888\
C:\Program Files\web buying\
C:\Program Files\webhancer\
C:\Program Files\WhenUSearch\
C:\Program Files\zango\
C:\WINDOWS\ativpsrm.bin
C:\WINDOWS\mc\
C:\windows\mslagent\
C:\windows\msvrc20.dll
C:\WINDOWS\QTFont.for
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\KGyGaAvL.sys
C:\windows\system32\taskmgr.com
C:\windows\wincomp\
C:\windows\winmgts\
C:\windows\wintrim\
C:\WINDOWS\zeta.exe
C:\WINDOWS\zeta.exe\Readme.txt
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2008-09-21 to 2008-10-21 )))))))))))))))))))))))))))))))
.

2019-11-26 14:11 . 2008-01-10 21:38 12 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-10-21 08:16 . 2008-09-16 02:11 683,520 --a------ C:\WINDOWS\system32\divx.dll
2008-10-17 11:04 . 2008-10-17 11:04 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-10-17 08:05 . 2008-10-21 02:47 <DIR> d-------- C:\Program Files\Desktop Maestro
2008-10-17 07:09 . 2008-10-17 08:03 <DIR> d-------- C:\Documents and Settings\pistabaci\Data aplikací\Desktop Maestro
2008-10-16 16:33 . 2008-10-19 13:03 8,192 --a------ C:\s-1-5-21-1993962763-1454471165-839522115-1008.rrr
2008-10-16 14:57 . 2008-10-16 15:31 7,730,856 --a------ C:\WINDOWS\Google_Earth_CZXD.exe
2008-10-16 07:58 . 2008-10-16 07:58 <DIR> d-------- C:\Program Files\PC Security Test 2007
2008-10-16 07:43 . 2008-10-19 13:52 <DIR> d-------- C:\Documents and Settings\pistabaci\Data aplikací\IconChanger
2008-10-16 07:42 . 2008-10-16 07:42 <DIR> d-------- C:\Program Files\IconChanger
2008-10-14 07:10 . 2008-10-14 07:10 <DIR> d-------- C:\SpeedTest
2008-10-13 21:55 . 2008-10-13 21:55 <DIR> d-------- C:\Documents and Settings\pistabaci\Data aplikací\vlc
2008-10-08 14:49 . 2008-10-08 14:49 <DIR> d-------- C:\Program Files\Uninstall Tool
2008-10-07 17:46 . 2008-10-07 17:46 <DIR> d-------- C:\Documents and Settings\LocalService\Data aplikací\Acronis
2008-10-07 17:46 . 2008-10-07 17:46 <DIR> d-------- C:\Documents and Settings\LocalService\Data aplikací\Acronis
2008-10-07 17:46 . 2008-10-07 17:46 <DIR> d-------- C:\Documents and Settings\LocalService\Data aplikací\Acronis
2008-10-07 17:40 . 2008-10-07 17:40 368,480 --a------ C:\WINDOWS\system32\drivers\tdrpman.sys
2008-10-07 00:28 . 2008-10-07 00:28 <DIR> d-------- C:\Documents and Settings\pistabaci\Data aplikací\FlashFXP
2008-10-06 23:13 . 2008-10-06 23:35 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\PC Drivers HeadQuarters
2008-10-06 21:43 . 2008-10-16 21:07 <DIR> d-------- C:\Downloads
2008-10-06 20:50 . 2008-02-16 01:53 97,152 --a------ C:\WINDOWS\system32\drivers\Rtnicxp.sys
2008-10-06 20:43 . 2008-08-05 21:14 90,112 --a------ C:\WINDOWS\system32\ATIBRTMON.EXE
2008-10-06 20:43 . 2008-10-21 15:03 44,964 --a------ C:\WINDOWS\system32\ativvaxx.cap
2008-10-06 20:41 . 2006-10-09 12:58 203,648 --a------ C:\WINDOWS\system32\drivers\vinyl97.sys
2008-10-06 20:34 . 2008-04-14 07:55 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2008-10-06 20:34 . 2008-04-14 07:55 5,504 --a--c--- C:\WINDOWS\system32\dllcache\intelide.sys
2008-10-06 19:01 . 2008-10-06 19:01 16 --a------ C:\WINDOWS\system32\ptlx55.dat.{5728B11F-B697-47AA-9C1B-8ECB545B5193}
2008-10-06 19:01 . 2008-10-06 19:01 0 --a------ C:\WINDOWS\WVS_InstDBLogFile.csv
2008-10-06 11:25 . 2008-10-06 11:25 <DIR> d-------- C:\Documents and Settings\pistabaci\Data aplikací\Zoner
2008-10-06 07:45 . 2008-10-06 07:47 <DIR> d-------- C:\Program Files\DriverMax
2008-10-06 06:52 . 2008-10-06 06:56 <DIR> d-------- C:\Program Files\ICQ6
2008-10-05 07:15 . 2008-10-08 14:41 <DIR> d-------- C:\Program Files\Morgan
2008-10-05 07:15 . 2002-11-18 17:02 40,960 --a------ C:\WINDOWS\system32\MMAVILNG.exe
2008-10-05 06:25 . 2008-10-05 06:25 <DIR> d-------- C:\Documents and Settings\pistabaci\Data aplikací\DivX
2008-10-04 09:50 . 2008-10-04 09:50 <DIR> d-------- C:\Documents and Settings\pistabaci\Data aplikací\ATI
2008-10-03 16:50 . 2008-10-03 16:50 <DIR> d-------- C:\Program Files\DreamBoxEdit
2008-10-03 15:27 . 2008-10-06 07:08 <DIR> d-------- C:\Program Files\ICQ6Toolbar
2008-10-03 15:27 . 2008-10-03 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ICQ
2008-10-03 07:40 . 2008-10-21 02:47 <DIR> d-a------ C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-10-03 07:33 . 2008-10-03 07:33 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\FlashFXP
2008-10-02 05:39 . 2008-10-02 06:21 <DIR> d-------- C:\Documents and Settings\pistabaci\Data aplikací\Nero
2008-10-02 05:18 . 2008-10-02 05:18 4,757 --a------ C:\WINDOWS\Irremote.ini
2008-10-02 05:13 . 2008-10-02 05:13 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-10-02 04:53 . 2008-10-02 05:16 <DIR> d-------- C:\Program Files\Nero
2008-10-02 04:52 . 2008-10-02 05:04 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Nero
2008-10-01 21:59 . 2008-10-01 21:59 <DIR> d-------- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2008-10-01 08:46 . 2008-10-01 09:14 <DIR> d-------- C:\Program Files\KODAK
2008-10-01 08:46 . 2008-10-01 09:12 <DIR> d-------- C:\Program Files\Common Files\Kodak
2008-10-01 06:59 . 2008-10-01 06:59 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-09-30 20:26 . 2006-04-05 08:09 66,560 --a------ C:\WINDOWS\MOTA113.exe
2008-09-29 02:58 . 2008-10-18 09:19 <DIR> d-------- C:\Program Files\Crawler
2008-09-27 22:05 . 2008-09-27 22:05 249,592 --a------ C:\WINDOWS\system32\cssdll32.dll
2008-09-27 22:03 . 2008-09-27 22:05 <DIR> d-------- C:\Program Files\COMODO
2008-09-27 22:03 . 2008-10-03 08:40 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\comodo
2008-09-27 22:03 . 2008-09-27 22:03 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-09-27 22:03 . 2008-09-27 22:03 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-09-27 22:03 . 2008-09-27 22:03 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-09-27 20:20 . 2008-09-27 20:38 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-09-27 20:20 . 2008-09-27 20:20 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-09-27 20:20 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-09-21 22:00 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-09-21 21:56 . 2008-09-21 21:56 <DIR> d-------- C:\Program Files\Microsoft Works
2008-09-21 21:54 . 2008-09-21 21:54 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-09-21 21:51 . 2008-10-08 08:43 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-09-21 21:50 . 2008-09-21 21:55 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-09-21 21:50 . 2008-10-19 12:24 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2008-09-21 21:48 . 2008-09-21 21:48 <DIR> dr-h----- C:\MSOCache
2008-09-21 17:26 . 2008-09-21 17:27 <DIR> d-------- C:\XStandard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 12:04 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-10-21 12:02 --------- d-----w C:\Documents and Settings\pistabaci\Data aplikací\Free Download Manager
2008-10-21 06:17 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-10-21 06:13 --------- d-----w C:\Program Files\DivX
2008-10-21 06:03 --------- d-----w C:\Program Files\KeePass Password Safe
2008-10-21 00:12 --------- d-----w C:\Program Files\FlashFXP
2008-10-20 19:11 --------- d-----w C:\Documents and Settings\pistabaci\Data aplikací\Skype
2008-10-20 16:16 --------- d-----w C:\Documents and Settings\pistabaci\Data aplikací\wsInspector
2008-10-20 14:17 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-10-20 14:05 --------- d-----w C:\Documents and Settings\pistabaci\Data aplikací\skypePM
2008-10-19 11:10 --------- d-----w C:\Program Files\Microsoft Bootvis
2008-10-19 09:39 --------- d-----w C:\Documents and Settings\pistabaci\Data aplikací\XnView
2008-10-19 09:39 --------- d-----w C:\Documents and Settings\pistabaci\Data aplikací\uTorrent
2008-10-19 09:00 --------- d-----w C:\Documents and Settings\pistabaci\Data aplikací\Spyware Terminator
2008-10-19 09:00 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-10-17 09:05 --------- d-----w C:\Program Files\Sun
2008-10-17 09:04 --------- d-----w C:\Program Files\Java
2008-10-16 18:25 38,496 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-16 18:25 15,504 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-10-16 17:51 --------- d-----w C:\Program Files\XnView
2008-10-16 13:45 --------- d-----w C:\Program Files\Google
2008-10-13 03:53 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2008-10-08 13:02 --------- d-----w C:\Program Files\Common Files\Acronis
2008-10-08 13:02 --------- d-----w C:\Program Files\Acronis
2008-10-08 11:16 --------- d-----w C:\Program Files\Opera
2008-10-07 15:42 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Acronis
2008-10-07 15:41 441,760 ----a-w C:\WINDOWS\system32\drivers\timntr.sys
2008-10-07 15:41 44,384 ----a-w C:\WINDOWS\system32\drivers\tifsfilt.sys
2008-10-07 15:40 132,224 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
2008-10-07 13:18 --------- d-----w C:\Program Files\uTorrent
2008-10-06 21:55 --------- d-----w C:\Program Files\ApexDC++
2008-10-06 21:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-06 21:22 --------- d-----w C:\Program Files\Revo Uninstaller
2008-10-05 09:59 --------- d-----w C:\Program Files\GoQ - NetRadio
2008-10-05 05:15 --------- d-----w C:\Program Files\abcAVI
2008-10-04 17:41 --------- d-----w C:\Program Files\Wise Registry Cleaner
2008-10-03 04:57 --------- d-----w C:\Program Files\Privacy Guardian
2008-10-02 18:44 --------- d-----w C:\Program Files\Spyware Terminator
2008-10-02 03:37 --------- d-----w C:\Program Files\Common Files\Nero
2008-10-01 20:00 --------- d-----w C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-10-01 18:36 --------- d-----w C:\Program Files\Windows Live
2008-10-01 13:38 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\WinZip
2008-10-01 11:53 --------- d-----w C:\Program Files\ATI Technologies
2008-10-01 04:47 --------- d-----w C:\Program Files\WhatsRunning
2008-10-01 04:46 --------- dc-h--w C:\Documents and Settings\All Users\Data aplikací\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2008-10-01 04:46 --------- d-----w C:\Documents and Settings\pistabaci\Data aplikací\Uniblue
2008-09-29 13:04 --------- d-----w C:\Program Files\Uniblue
2008-09-28 19:27 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-27 20:03 --------- d-----w C:\Documents and Settings\pistabaci\Data aplikací\Comodo
2008-09-27 19:25 --------- d-----w C:\Program Files\Yahoo!
2008-09-27 18:38 --------- d-----w C:\Documents and Settings\pistabaci\Data aplikací\TuneUp Software
2008-09-27 18:19 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-21 19:56 --------- d-----w C:\Program Files\MSBuild
2008-09-21 12:27 --------- d-----w C:\Program Files\IsoBuster
2008-09-21 06:13 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Kodak
2008-09-21 05:07 --------- d-----w C:\Program Files\Brother's Keeper 6
2008-09-20 13:28 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\NortonInstaller
2008-09-20 11:56 --------- d-----w C:\Program Files\QuickTime
2008-09-19 15:51 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-19 11:44 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-09-07 10:09 --------- d-----w C:\Program Files\ESET
2008-09-07 08:52 0 ----a-w C:\WINDOWS\system32\drivers\eagg.sys
2008-09-06 09:10 0 ----a-w C:\WINDOWS\system32\drivers\bhkk.sys
2008-09-06 05:49 --------- d-----w C:\Documents and Settings\pistabaci\Data aplikací\KC Softwares
2008-09-06 05:48 --------- d-----w C:\Program Files\Free Download Manager
2008-09-06 05:46 --------- d-----w C:\Program Files\KC Softwares
2008-09-06 04:50 --------- d-----w C:\Program Files\Avira
2008-09-06 04:50 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Avira
2008-08-29 01:10 502,368 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-08-21 02:52 3,299,840 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-07-26 03:40 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2008-01-21 08:34 131,584 -c--a-w C:\Documents and Settings\pistabaci\ClamAVServer.dll
2007-12-05 07:46 320,000 -c--a-w C:\Documents and Settings\pistabaci\Sp_clamsrv.exe
2007-08-27 13:13 5,848 -c--a-w C:\Documents and Settings\pistabaci\xClamAVServerSources.zip
2007-08-21 20:01 638,976 -c--a-w C:\Documents and Settings\pistabaci\libclamav.dll
2007-03-20 04:34 132,242 -c--a-w C:\Documents and Settings\All Users\Data aplikací\firstlsp.reg.dat
2006-12-27 16:37 81,920 -c--a-w C:\Documents and Settings\pistabaci\Data aplikací\ezpinst.exe
2006-12-27 16:37 47,360 -c--a-w C:\Documents and Settings\pistabaci\Data aplikací\pcouffin.sys
2006-10-25 04:17 417,792 -c--a-w C:\Documents and Settings\pistabaci\clamav.dll
2005-01-28 14:15 73,728 -csha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
2008-04-14 06:52 60,416 --sha-w C:\WINDOWS\ServicePackFiles\i386\msimn.exe
2008-07-05 17:14 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008070520080706\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-09-07 1783808]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-09-27 1655552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)
"NoViewOnDrive"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SharedAccess"=2 (0x2)
"O&O Defrag"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=C:\Program Files\NetLimiter 2 Pro\nlsvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MGrab\\MGrab.exe"=
"C:\\Documents and Settings\\pistabaci\\Plocha\\DCC-Sony\\DCC.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Opera\\opera.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Documents and Settings\\pistabaci\\Plocha\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"9999:TCP"= 9999:TCP:Strong DC++
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\WINDOWS\system32\DRIVERS\tdrpman.sys [2008-10-07 368480]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-09-27 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-09-27 24208]
R1 nltdi;nltdi;C:\windows\system32\drivers\nltdi.sys [2007-04-23 82200]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\windows\system32\drivers\sp_rsdrv2.sys [2008-06-23 141312]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-06-12 68865]
R2 GDTdiInterceptor;GDTdiInterceptor;C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [2007-02-20 27059]
R2 ICQ Service;ICQ Service;C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-17 152984]
R2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-10-16 172688]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 TryAndDecideService;Acronis Try And Decide Service;C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2008-04-09 492896]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\system32\drivers\mbam.sys [2008-10-16 15504]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2008-04-14 69120]
S0 lpllmz;lpllmz;C:\WINDOWS\system32\drivers\rtecwym.sys [ ]
S3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-03-24 22528]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-03-24 22528]
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2008-01-16 65024]
S3 PLFF;USB Flash Disk Driver;C:\WINDOWS\system32\Drivers\PLFF.sys [2003-10-06 7424]
S3 tap0901_2gm;VPN Anonymizer Adapter;C:\WINDOWS\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 30720]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-27 355584]
S3 TVICHW32;TVICHW32;C:\windows\system32\DRIVERS\TVICHW32.SYS [2007-01-18 23600]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2008-10-21 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]

2008-10-21 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]

2008-10-20 C:\WINDOWS\Tasks\Malwarebytes' Scheduled Update for pistabaci.job
- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2008-10-16 20:25]

2008-10-06 C:\WINDOWS\Tasks\NeroLiveEpgUpdate-PISTABAC-LB6DUZ_pistabaci.job
- C:\Program Files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18 13:51]

2008-10-21 C:\WINDOWS\Tasks\Úklid 1 kliknutím.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]
.
- - - - ORPHANS REMOVED - - - -

Notify-WgaLogon - (no file)

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.sk/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKLM-Main,Window Title = Microsoft Internet Explorer
R1 -: HKCU-Internet Settings,ProxyOverride = localhost
R1 -: HKCU-Internet Settings,ProxyServer = socks=
O8 -: Crawler Search - tbr:iemenu
O9 -: {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WEBIE.DLL
O9 -: {CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 -: {CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 -: {CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-21 15:04:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\ComboFix\CreateD00
C:\ComboFix\CreateD00.bat

scan completed successfully
hidden files: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\searchindexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2008-10-21 15:10:36 - machine was rebooted [pistabaci]
ComboFix-quarantined-files.txt 2008-10-21 13:10:09

Pre-Run: 3,314,036,736
Post-Run: 3,255,406,592

407

pistabaci · Příspěvekod **pistabaci** » 21 říj 2008 16:16

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:13:27 PM, on 10/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\windows\system32\oodag.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WEBIE.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: InlineSearchHandleHotKeys Class - {B6FFE2AE-4D12-451F-B457-FE6125FFB1CF} - C:\Program Files\IEForge\Inline Search\InlineSearch.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\windows\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9934 bytes

Příspěvekod **jaro3** » 21 říj 2008 17:35

Otestuj toto na virustotal:
C:\s-1-5-21-1993962763-1454471165-839522115-1008.rrr
C:\WINDOWS\system32\MMAVILNG.exe
C:\WINDOWS\system32\drivers\eagg.sys
C:\WINDOWS\system32\drivers\bhkk.sys
C:\Program Files\RngInterstitial.dll

http://www.virustotal.com/
návod:
viewtopic.php?f=70&t=5121
..................................................................................................................................
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu +výsledky z virustotal

pistabaci · Příspěvekod **pistabaci** » 21 říj 2008 18:39

Virustoral OK okrem drivers "0 bytes size received / Se ha recibido un archivo vacio"

ComboFix 08-10-19.04 - pistabaci 2008-10-21 18:11:10.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.172 [GMT 2:00]
Running from: C:\Documents and Settings\pistabaci\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\pistabaci\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\kuaiso toolsbar\
C:\Program Files\SelectRebates\
C:\WINDOWS\mc\
C:\WINDOWS\wincomp\
C:\WINDOWS\winmgts\
C:\WINDOWS\wintrim\

.
((((((((((((((((((((((((( Files Created from 2008-09-21 to 2008-10-21 )))))))))))))))))))))))))))))))
.

2019-11-26 14:11 . 2008-01-10 21:38 12 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-10-21 08:16 . 2008-09-16 02:11 683,520 --a------ C:\WINDOWS\system32\divx.dll
2008-10-17 11:04 . 2008-10-17 11:04 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-10-17 08:05 . 2008-10-21 02:47 <DIR> d-------- C:\Program Files\Desktop Maestro
2008-10-17 07:09 . 2008-10-17 08:03 <DIR> d-------- C:\Documents and Settings\pistabaci\Data aplikací\Desktop Maestro
2008-10-16 16:33 . 2008-10-19 13:03 8,192 --a------ C:\s-1-5-21-1993962763-1454471165-839522115-1008.rrr
2008-10-16 14:57 . 2008-10-16 15:31 7,730,856 --a------ C:\WINDOWS\Google_Earth_CZXD.exe
2008-10-16 07:58 . 2008-10-16 07:58 <DIR> d-------- C:\Program Files\PC Security Test 2007
2008-10-16 07:43 . 2008-10-19 13:52 <DIR> d-------- C:\Documents and Settings\pistabaci\Data aplikací\IconChanger
2008-10-16 07:42 . 2008-10-16 07:42 <DIR> d-------- C:\Program Files\IconChanger
2008-10-14 07:10 . 2008-10-14 07:10 <DIR> d-------- C:\SpeedTest
2008-10-13 21:55 . 2008-10-13 21:55 <DIR> d-------- C:\Documents and Settings\pistabaci\Data aplikací\vlc
2008-10-08 14:49 . 2008-10-08 14:49 <DIR> d-------- C:\Program Files\Uninstall Tool
2008-10-07 17:46 . 2008-10-07 17:46 <DIR> d-------- C:\Documents and Settings\LocalService\Data aplikací\Acronis
2008-10-07 17:46 . 2008-10-07 17:46 <DIR> d-------- C:\Documents and Settings\LocalService\Data aplikací\Acronis
2008-10-07 17:46 . 2008-10-07 17:46 <DIR> d-------- C:\Documents and Settings\LocalService\Data aplikací\Acronis
2008-10-07 17:40 . 2008-10-07 17:40 368,480 --a------ C:\WINDOWS\system32\drivers\tdrpman.sys
2008-10-07 00:28 . 2008-10-07 00:28 <DIR> d-------- C:\Documents and Settings\pistabaci\Data aplikací\FlashFXP
2008-10-06 23:13 . 2008-10-06 23:35 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\PC Drivers HeadQuarters
2008-10-06 21:43 . 2008-10-16 21:07 <DIR> d-------- C:\Downloads
2008-10-06 20:50 . 2008-02-16 01:53 97,152 --a------ C:\WINDOWS\system32\drivers\Rtnicxp.sys
2008-10-06 20:43 . 2008-08-05 21:14 90,112 --a------ C:\WINDOWS\system32\ATIBRTMON.EXE
2008-10-06 20:43 . 2008-10-21 18:16 44,964 --a------ C:\WINDOWS\system32\ativvaxx.cap
2008-10-06 20:41 . 2006-10-09 12:58 203,648 --a------ C:\WINDOWS\system32\drivers\vinyl97.sys
2008-10-06 20:34 . 2008-04-14 07:55 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2008-10-06 20:34 . 2008-04-14 07:55 5,504 --a--c--- C:\WINDOWS\system32\dllcache\intelide.sys
2008-10-06 19:01 . 2008-10-06 19:01 16 --a------ C:\WINDOWS\system32\ptlx55.dat.{5728B11F-B697-47AA-9C1B-8ECB545B5193}
2008-10-06 19:01 . 2008-10-06 19:01 0 --a------ C:\WINDOWS\WVS_InstDBLogFile.csv
2008-10-06 11:25 . 2008-10-06 11:25 <DIR> d-------- C:\Documents and Settings\pistabaci\Data aplikací\Zoner
2008-10-06 07:45 . 2008-10-06 07:47 <DIR> d-------- C:\Program Files\DriverMax
2008-10-06 06:52 . 2008-10-06 06:56 <DIR> d-------- C:\Program Files\ICQ6
2008-10-05 07:15 . 2008-10-08 14:41 <DIR> d-------- C:\Program Files\Morgan
2008-10-05 07:15 . 2002-11-18 17:02 40,960 --a------ C:\WINDOWS\system32\MMAVILNG.exe
2008-10-05 06:25 . 2008-10-05 06:25 <DIR> d-------- C:\Documents and Settings\pistabaci\Data aplikací\DivX
2008-10-04 09:50 . 2008-10-04 09:50 <DIR> d-------- C:\Documents and Settings\pistabaci\Data aplikací\ATI
2008-10-03 16:50 . 2008-10-03 16:50 <DIR> d-------- C:\Program Files\DreamBoxEdit
2008-10-03 15:27 . 2008-10-06 07:08 <DIR> d-------- C:\Program Files\ICQ6Toolbar
2008-10-03 15:27 . 2008-10-03 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ICQ
2008-10-03 07:40 . 2008-10-21 02:47 <DIR> d-a------ C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-10-03 07:33 . 2008-10-03 07:33 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\FlashFXP
2008-10-02 05:39 . 2008-10-02 06:21 <DIR> d-------- C:\Documents and Settings\pistabaci\Data aplikací\Nero
2008-10-02 05:18 . 2008-10-02 05:18 4,757 --a------ C:\WINDOWS\Irremote.ini
2008-10-02 05:13 . 2008-10-02 05:13 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-10-02 04:53 . 2008-10-02 05:16 <DIR> d-------- C:\Program Files\Nero
2008-10-02 04:52 . 2008-10-02 05:04 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Nero
2008-10-01 21:59 . 2008-10-01 21:59 <DIR> d-------- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2008-10-01 08:46 . 2008-10-01 09:14 <DIR> d-------- C:\Program Files\KODAK
2008-10-01 08:46 . 2008-10-01 09:12 <DIR> d-------- C:\Program Files\Common Files\Kodak
2008-10-01 06:59 . 2008-10-01 06:59 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-09-30 20:26 . 2006-04-05 08:09 66,560 --a------ C:\WINDOWS\MOTA113.exe
2008-09-29 02:58 . 2008-10-21 17:55 <DIR> d-------- C:\Program Files\Crawler
2008-09-27 22:05 . 2008-09-27 22:05 249,592 --a------ C:\WINDOWS\system32\cssdll32.dll
2008-09-27 22:03 . 2008-09-27 22:05 <DIR> d-------- C:\Program Files\COMODO
2008-09-27 22:03 . 2008-10-03 08:40 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\comodo
2008-09-27 22:03 . 2008-09-27 22:03 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-09-27 22:03 . 2008-09-27 22:03 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-09-27 22:03 . 2008-09-27 22:03 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-09-27 20:20 . 2008-09-27 20:38 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-09-27 20:20 . 2008-09-27 20:20 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-09-27 20:20 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-09-21 22:00 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-09-21 21:56 . 2008-09-21 21:56 <DIR> d-------- C:\Program Files\Microsoft Works
2008-09-21 21:54 . 2008-09-21 21:54 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-09-21 21:51 . 2008-10-08 08:43 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-09-21 21:50 . 2008-09-21 21:55 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-09-21 21:50 . 2008-10-19 12:24 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2008-09-21 21:48 . 2008-09-21 21:48 <DIR> dr-h----- C:\MSOCache
2008-09-21 17:26 . 2008-09-21 17:27 <DIR> d-------- C:\XStandard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((( snapshot@2008-10-21_15.09.28.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-21 16:16:56 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_6e4.dat
+ 2008-10-21 16:17:27 16,384 ----atw C:\WINDOWS\TEMP\usgthrsvc\Perflib_Perfdata_9b8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-09-07 1783808]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-09-27 1655552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)
"NoViewOnDrive"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SharedAccess"=2 (0x2)
"O&O Defrag"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=C:\Program Files\NetLimiter 2 Pro\nlsvc.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MGrab\\MGrab.exe"=
"C:\\Documents and Settings\\pistabaci\\Plocha\\DCC-Sony\\DCC.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Opera\\opera.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Documents and Settings\\pistabaci\\Plocha\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"9999:TCP"= 9999:TCP:Strong DC++
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\WINDOWS\system32\DRIVERS\tdrpman.sys [2008-10-07 368480]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-09-27 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-09-27 24208]
R1 nltdi;nltdi;C:\windows\system32\drivers\nltdi.sys [2007-04-23 82200]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\windows\system32\drivers\sp_rsdrv2.sys [2008-06-23 141312]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-06-12 68865]
R2 GDTdiInterceptor;GDTdiInterceptor;C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [2007-02-20 27059]
R2 ICQ Service;ICQ Service;C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-17 152984]
R2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-10-16 172688]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 TryAndDecideService;Acronis Try And Decide Service;C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2008-04-09 492896]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\system32\drivers\mbam.sys [2008-10-16 15504]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2008-04-14 69120]
S0 lpllmz;lpllmz;C:\WINDOWS\system32\drivers\rtecwym.sys [ ]
S3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-03-24 22528]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-03-24 22528]
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2008-01-16 65024]
S3 PLFF;USB Flash Disk Driver;C:\WINDOWS\system32\Drivers\PLFF.sys [2003-10-06 7424]
S3 tap0901_2gm;VPN Anonymizer Adapter;C:\WINDOWS\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 30720]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-27 355584]
S3 TVICHW32;TVICHW32;C:\windows\system32\DRIVERS\TVICHW32.SYS [2007-01-18 23600]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

NETSVCS REQUIRES REPAIRS - current entries shown

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.
Contents of the 'Scheduled Tasks' folder

2008-10-21 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]

2008-10-21 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]

2008-10-20 C:\WINDOWS\Tasks\Malwarebytes' Scheduled Update for pistabaci.job
- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2008-10-16 20:25]

2008-10-06 C:\WINDOWS\Tasks\NeroLiveEpgUpdate-PISTABAC-LB6DUZ_pistabaci.job
- C:\Program Files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18 13:51]

2008-10-21 C:\WINDOWS\Tasks\Úklid 1 kliknutím.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-21 18:17:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\ComboFix\CreateD00 31 bytes

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\searchindexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2008-10-21 18:26:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-21 16:26:04
ComboFix2.txt 2008-10-21 13:10:38

Pre-Run: 3,194,142,720
Post-Run: 3,175,636,992

229

Příspěvekod **jaro3** » 21 říj 2008 19:22

Ještě jeden script CF:

Kód: Vybrat vše

File::
C:\WINDOWS\system32\drivers\eagg.sys
C:\WINDOWS\system32\drivers\bhkk.sys
C:\WINDOWS\system32\drivers\rtecwym.sys

Pak znovu log z CF a HJT.

pistabaci · Příspěvekod **pistabaci** » 21 říj 2008 20:14

ComboFix 08-10-19.04 - pistabaci 2008-10-21 19:59:16.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.144 [GMT 2:00]
Running from: C:\Documents and Settings\pistabaci\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\pistabaci\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\drivers\bhkk.sys
C:\WINDOWS\system32\drivers\eagg.sys
C:\WINDOWS\system32\drivers\rtecwym.sys
.
/wow section - STAGE 32
Přístup byl odepřen.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\kuaiso toolsbar\
C:\Program Files\SelectRebates\
C:\WINDOWS\mc\
C:\WINDOWS\system32\drivers\bhkk.sys
C:\WINDOWS\system32\drivers\eagg.sys
C:\WINDOWS\wincomp\
C:\WINDOWS\winmgts\
C:\WINDOWS\wintrim\

.
((((((((((((((((((((((((( Files Created from 2008-09-21 to 2008-10-21 )))))))))))))))))))))))))))))))
.

2019-11-26 14:11 . 2008-01-10 21:38 12 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-10-21 08:16 . 2008-09-16 02:11 683,520 --a------ C:\WINDOWS\system32\divx.dll
2008-10-17 11:04 . 2008-10-17 11:04 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-10-17 08:05 . 2008-10-21 02:47 <DIR> d-------- C:\Program Files\Desktop Maestro
2008-10-17 07:09 . 2008-10-17 08:03 <DIR> d-------- C:\Documents and Settings\pistabaci\Data aplikací\Desktop Maestro
2008-10-16 16:33 . 2008-10-19 13:03 8,192 --a------ C:\s-1-5-21-1993962763-1454471165-839522115-1008.rrr
2008-10-16 14:57 . 2008-10-16 15:31 7,730,856 --a------ C:\WINDOWS\Google_Earth_CZXD.exe
2008-10-16 07:58 . 2008-10-16 07:58 <DIR> d-------- C:\Program Files\PC Security Test 2007
2008-10-16 07:43 . 2008-10-19 13:52 <DIR> d-------- C:\Documents and Settings\pistabaci\Data aplikací\IconChanger
2008-10-16 07:42 . 2008-10-16 07:42 <DIR> d-------- C:\Program Files\IconChanger
2008-10-14 07:10 . 2008-10-14 07:10 <DIR> d-------- C:\SpeedTest
2008-10-13 21:55 . 2008-10-13 21:55 <DIR> d-------- C:\Documents and Settings\pistabaci\Data aplikací\vlc
2008-10-08 14:49 . 2008-10-08 14:49 <DIR> d-------- C:\Program Files\Uninstall Tool
2008-10-07 17:46 . 2008-10-07 17:46 <DIR> d-------- C:\Documents and Settings\LocalService\Data aplikací\Acronis
2008-10-07 17:46 . 2008-10-07 17:46 <DIR> d-------- C:\Documents and Settings\LocalService\Data aplikací\Acronis
2008-10-07 17:46 . 2008-10-07 17:46 <DIR> d-------- C:\Documents and Settings\LocalService\Data aplikací\Acronis
2008-10-07 17:40 . 2008-10-07 17:40 368,480 --a------ C:\WINDOWS\system32\drivers\tdrpman.sys
2008-10-07 00:28 . 2008-10-07 00:28 <DIR> d-------- C:\Documents and Settings\pistabaci\Data aplikací\FlashFXP
2008-10-06 23:13 . 2008-10-06 23:35 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\PC Drivers HeadQuarters
2008-10-06 21:43 . 2008-10-16 21:07 <DIR> d-------- C:\Downloads
2008-10-06 20:50 . 2008-02-16 01:53 97,152 --a------ C:\WINDOWS\system32\drivers\Rtnicxp.sys
2008-10-06 20:43 . 2008-08-05 21:14 90,112 --a------ C:\WINDOWS\system32\ATIBRTMON.EXE
2008-10-06 20:43 . 2008-10-21 20:04 44,964 --a------ C:\WINDOWS\system32\ativvaxx.cap
2008-10-06 20:41 . 2006-10-09 12:58 203,648 --a------ C:\WINDOWS\system32\drivers\vinyl97.sys
2008-10-06 20:34 . 2008-04-14 07:55 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2008-10-06 20:34 . 2008-04-14 07:55 5,504 --a--c--- C:\WINDOWS\system32\dllcache\intelide.sys
2008-10-06 19:01 . 2008-10-06 19:01 16 --a------ C:\WINDOWS\system32\ptlx55.dat.{5728B11F-B697-47AA-9C1B-8ECB545B5193}
2008-10-06 19:01 . 2008-10-06 19:01 0 --a------ C:\WINDOWS\WVS_InstDBLogFile.csv
2008-10-06 11:25 . 2008-10-06 11:25 <DIR> d-------- C:\Documents and Settings\pistabaci\Data aplikací\Zoner
2008-10-06 07:45 . 2008-10-06 07:47 <DIR> d-------- C:\Program Files\DriverMax
2008-10-06 06:52 . 2008-10-06 06:56 <DIR> d-------- C:\Program Files\ICQ6
2008-10-05 07:15 . 2008-10-08 14:41 <DIR> d-------- C:\Program Files\Morgan
2008-10-05 07:15 . 2002-11-18 17:02 40,960 --a------ C:\WINDOWS\system32\MMAVILNG.exe
2008-10-05 06:25 . 2008-10-05 06:25 <DIR> d-------- C:\Documents and Settings\pistabaci\Data aplikací\DivX
2008-10-04 09:50 . 2008-10-04 09:50 <DIR> d-------- C:\Documents and Settings\pistabaci\Data aplikací\ATI
2008-10-03 16:50 . 2008-10-03 16:50 <DIR> d-------- C:\Program Files\DreamBoxEdit
2008-10-03 15:27 . 2008-10-06 07:08 <DIR> d-------- C:\Program Files\ICQ6Toolbar
2008-10-03 15:27 . 2008-10-03 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ICQ
2008-10-03 07:40 . 2008-10-21 02:47 <DIR> d-a------ C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-10-03 07:33 . 2008-10-03 07:33 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\FlashFXP
2008-10-02 05:39 . 2008-10-02 06:21 <DIR> d-------- C:\Documents and Settings\pistabaci\Data aplikací\Nero
2008-10-02 05:18 . 2008-10-02 05:18 4,757 --a------ C:\WINDOWS\Irremote.ini
2008-10-02 05:13 . 2008-10-02 05:13 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-10-02 04:53 . 2008-10-02 05:16 <DIR> d-------- C:\Program Files\Nero
2008-10-02 04:52 . 2008-10-02 05:04 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Nero
2008-10-01 21:59 . 2008-10-01 21:59 <DIR> d-------- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2008-10-01 08:46 . 2008-10-01 09:14 <DIR> d-------- C:\Program Files\KODAK
2008-10-01 08:46 . 2008-10-01 09:12 <DIR> d-------- C:\Program Files\Common Files\Kodak
2008-10-01 06:59 . 2008-10-01 06:59 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-09-30 20:26 . 2006-04-05 08:09 66,560 --a------ C:\WINDOWS\MOTA113.exe
2008-09-29 02:58 . 2008-10-21 17:55 <DIR> d-------- C:\Program Files\Crawler
2008-09-27 22:05 . 2008-09-27 22:05 249,592 --a------ C:\WINDOWS\system32\cssdll32.dll
2008-09-27 22:03 . 2008-09-27 22:05 <DIR> d-------- C:\Program Files\COMODO
2008-09-27 22:03 . 2008-10-03 08:40 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\comodo
2008-09-27 22:03 . 2008-09-27 22:03 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-09-27 22:03 . 2008-09-27 22:03 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-09-27 22:03 . 2008-09-27 22:03 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-09-27 20:20 . 2008-09-27 20:38 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-09-27 20:20 . 2008-09-27 20:20 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-09-27 20:20 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-09-21 22:00 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-09-21 21:56 . 2008-09-21 21:56 <DIR> d-------- C:\Program Files\Microsoft Works
2008-09-21 21:54 . 2008-09-21 21:54 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-09-21 21:51 . 2008-10-08 08:43 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-09-21 21:50 . 2008-09-21 21:55 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-09-21 21:50 . 2008-10-19 12:24 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2008-09-21 21:48 . 2008-09-21 21:48 <DIR> dr-h----- C:\MSOCache
2008-09-21 17:26 . 2008-09-21 17:27 <DIR> d-------- C:\XStandard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 16:55 --------- d-----w C:\Documents and Settings\pistabaci\Data aplikací\Skype
2008-10-21 16:50 --------- d-----w C:\Program Files\Opera
2008-10-21 16:47 --------- d-----w C:\Documents and Settings\pistabaci\Data aplikací\Free Download Manager
2008-10-21 15:20 --------- d-----w C:\Documents and Settings\pistabaci\Data aplikací\uTorrent
2008-10-21 14:15 --------- d-----w C:\Documents and Settings\pistabaci\Data aplikací\skypePM
2008-10-21 13:06 --------- d-----w C:\Documents and Settings\pistabaci\Data aplikací\Spyware Terminator
2008-10-21 13:06 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-10-21 12:04 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-10-21 06:17 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-10-21 06:13 --------- d-----w C:\Program Files\DivX
2008-10-21 06:03 --------- d-----w C:\Program Files\KeePass Password Safe
2008-10-21 00:12 --------- d-----w C:\Program Files\FlashFXP
2008-10-20 16:16 --------- d-----w C:\Documents and Settings\pistabaci\Data aplikací\wsInspector
2008-10-20 14:17 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-10-19 11:10 --------- d-----w C:\Program Files\Microsoft Bootvis
2008-10-19 09:39 --------- d-----w C:\Documents and Settings\pistabaci\Data aplikací\XnView
2008-10-17 09:05 --------- d-----w C:\Program Files\Sun
2008-10-17 09:04 --------- d-----w C:\Program Files\Java
2008-10-16 18:25 38,496 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-16 18:25 15,504 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-10-16 17:51 --------- d-----w C:\Program Files\XnView
2008-10-16 13:45 --------- d-----w C:\Program Files\Google
2008-10-13 03:53 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2008-10-08 13:02 --------- d-----w C:\Program Files\Common Files\Acronis
2008-10-08 13:02 --------- d-----w C:\Program Files\Acronis
2008-10-07 15:42 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Acronis
2008-10-07 15:41 441,760 ----a-w C:\WINDOWS\system32\drivers\timntr.sys
2008-10-07 15:41 44,384 ----a-w C:\WINDOWS\system32\drivers\tifsfilt.sys
2008-10-07 15:40 132,224 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
2008-10-07 13:18 --------- d-----w C:\Program Files\uTorrent
2008-10-06 21:55 --------- d-----w C:\Program Files\ApexDC++
2008-10-06 21:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-06 21:22 --------- d-----w C:\Program Files\Revo Uninstaller
2008-10-05 09:59 --------- d-----w C:\Program Files\GoQ - NetRadio
2008-10-05 05:15 --------- d-----w C:\Program Files\abcAVI
2008-10-04 17:41 --------- d-----w C:\Program Files\Wise Registry Cleaner
2008-10-03 04:57 --------- d-----w C:\Program Files\Privacy Guardian
2008-10-02 18:44 --------- d-----w C:\Program Files\Spyware Terminator
2008-10-02 03:37 --------- d-----w C:\Program Files\Common Files\Nero
2008-10-01 20:00 --------- d-----w C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-10-01 18:36 --------- d-----w C:\Program Files\Windows Live
2008-10-01 13:38 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\WinZip
2008-10-01 11:53 --------- d-----w C:\Program Files\ATI Technologies
2008-10-01 04:47 --------- d-----w C:\Program Files\WhatsRunning
2008-10-01 04:46 --------- dc-h--w C:\Documents and Settings\All Users\Data aplikací\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2008-10-01 04:46 --------- d-----w C:\Documents and Settings\pistabaci\Data aplikací\Uniblue
2008-09-29 13:04 --------- d-----w C:\Program Files\Uniblue
2008-09-28 19:27 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-27 20:03 --------- d-----w C:\Documents and Settings\pistabaci\Data aplikací\Comodo
2008-09-27 19:25 --------- d-----w C:\Program Files\Yahoo!
2008-09-27 18:38 --------- d-----w C:\Documents and Settings\pistabaci\Data aplikací\TuneUp Software
2008-09-27 18:19 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-21 19:56 --------- d-----w C:\Program Files\MSBuild
2008-09-21 12:27 --------- d-----w C:\Program Files\IsoBuster
2008-09-21 06:13 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Kodak
2008-09-21 05:07 --------- d-----w C:\Program Files\Brother's Keeper 6
2008-09-20 13:28 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\NortonInstaller
2008-09-20 11:56 --------- d-----w C:\Program Files\QuickTime
2008-09-19 15:51 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-19 11:44 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-09-16 00:14 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-09-16 00:12 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-09-07 10:09 --------- d-----w C:\Program Files\ESET
2008-09-06 05:49 --------- d-----w C:\Documents and Settings\pistabaci\Data aplikací\KC Softwares
2008-09-06 05:48 --------- d-----w C:\Program Files\Free Download Manager
2008-09-06 05:46 --------- d-----w C:\Program Files\KC Softwares
2008-09-06 04:50 --------- d-----w C:\Program Files\Avira
2008-09-06 04:50 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Avira
2008-08-29 01:11 270,336 ----a-w C:\WINDOWS\system32\imon.dll
2008-08-29 01:10 502,368 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-08-21 02:52 3,299,840 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-08-21 00:19 425,984 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-08-21 00:18 314,880 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-08-21 00:08 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-08-21 00:08 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-08-21 00:07 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-08-21 00:07 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-08-21 00:07 143,360 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-08-21 00:05 573,440 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-08-21 00:04 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-08-21 00:01 10,084,352 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-08-20 23:55 4,094,560 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-08-20 23:50 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-08-20 23:38 2,377,856 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-08-20 23:23 48,640 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-08-20 23:19 380,928 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-08-20 23:18 37,376 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-08-20 23:18 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-08-20 23:17 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-08-20 23:11 561,152 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-08-15 04:10 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-08-05 22:00 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-08-05 22:00 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-08-05 21:59 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-08-05 21:59 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-08-05 21:59 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-08-05 21:59 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-08-05 21:59 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-08-05 21:59 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-08-05 21:59 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2005-01-28 14:15 73,728 -csha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
2008-04-14 06:52 60,416 --sha-w C:\WINDOWS\ServicePackFiles\i386\msimn.exe
2008-07-05 17:14 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008070520080706\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-10-21_15.09.28.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-21 18:04:53 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_244.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-09-07 1783808]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-09-27 1655552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)
"NoViewOnDrive"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SharedAccess"=2 (0x2)
"O&O Defrag"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=C:\Program Files\NetLimiter 2 Pro\nlsvc.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MGrab\\MGrab.exe"=
"C:\\Documents and Settings\\pistabaci\\Plocha\\DCC-Sony\\DCC.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Opera\\opera.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Documents and Settings\\pistabaci\\Plocha\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"9999:TCP"= 9999:TCP:Strong DC++
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\WINDOWS\system32\DRIVERS\tdrpman.sys [2008-10-07 368480]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-09-27 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-09-27 24208]
R1 nltdi;nltdi;C:\windows\system32\drivers\nltdi.sys [2007-04-23 82200]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\windows\system32\drivers\sp_rsdrv2.sys [2008-06-23 141312]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-06-12 68865]
R2 GDTdiInterceptor;GDTdiInterceptor;C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [2007-02-20 27059]
R2 ICQ Service;ICQ Service;C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-17 152984]
R2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-10-16 172688]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 TryAndDecideService;Acronis Try And Decide Service;C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2008-04-09 492896]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\system32\drivers\mbam.sys [2008-10-16 15504]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2008-04-14 69120]
S0 lpllmz;lpllmz;C:\WINDOWS\system32\drivers\rtecwym.sys [ ]
S3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-03-24 22528]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-03-24 22528]
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2008-01-16 65024]
S3 PLFF;USB Flash Disk Driver;C:\WINDOWS\system32\Drivers\PLFF.sys [2003-10-06 7424]
S3 tap0901_2gm;VPN Anonymizer Adapter;C:\WINDOWS\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 30720]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-27 355584]
S3 TVICHW32;TVICHW32;C:\windows\system32\DRIVERS\TVICHW32.SYS [2007-01-18 23600]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2008-10-21 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]

2008-10-21 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]

2008-10-20 C:\WINDOWS\Tasks\Malwarebytes' Scheduled Update for pistabaci.job
- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2008-10-16 20:25]

2008-10-06 C:\WINDOWS\Tasks\NeroLiveEpgUpdate-PISTABAC-LB6DUZ_pistabaci.job
- C:\Program Files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18 13:51]

2008-10-21 C:\WINDOWS\Tasks\Úklid 1 kliknutím.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-21 20:05:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\searchindexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2008-10-21 20:10:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-21 18:09:42
ComboFix2.txt 2008-10-21 16:26:09
ComboFix3.txt 2008-10-21 13:10:38

Pre-Run: 3,045,883,904
Post-Run: 3,020,816,384

341

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:12:03 PM, on 10/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\windows\system32\oodag.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WEBIE.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: InlineSearchHandleHotKeys Class - {B6FFE2AE-4D12-451F-B457-FE6125FFB1CF} - C:\Program Files\IEForge\Inline Search\InlineSearch.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\windows\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9893 bytes

Příspěvekod **jaro3** » 21 říj 2008 20:24

Logy O.K.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
viewtopic.php?t=5130
a použij i T-Cleaner
http://www.sweb.cz/Marinus/T-Cleaner.exe
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Aktualizuj javu:
Java SE Runtime Environment 6u10
https://cds.sun.com/is-bin/INTERSHOP.en ... _Developer

Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u10-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.

pistabaci · Příspěvekod **pistabaci** » 21 říj 2008 21:03

Vďaka za snahu a čas problém zostal nevyriešený, škoda ale aj tak vďaka.
:-(

Malwarebytes Anti-Malware v 1.29 Vyřešeno

Malwarebytes Anti-Malware v 1.29

Re: Malwarebytes Anti-Malware v 1.29

Re: Malwarebytes Anti-Malware v 1.29

Re: Malwarebytes Anti-Malware v 1.29

Re: Malwarebytes Anti-Malware v 1.29

Re: Malwarebytes Anti-Malware v 1.29

Re: Malwarebytes Anti-Malware v 1.29

Re: Malwarebytes Anti-Malware v 1.29

Re: Malwarebytes Anti-Malware v 1.29

Re: Malwarebytes Anti-Malware v 1.29

Re: Malwarebytes Anti-Malware v 1.29

Re: Malwarebytes Anti-Malware v 1.29

Kdo je online