prosím o kontrolu logu

icespeed · Příspěvekod **icespeed** » 08 pro 2008 22:11

Dobry večer již par dnu mam jistý problem stale při spuštění jakekoliv internetové stranky se mí oběvuje antivirus 2009 a nutí mě ho nainstalovat. ComboFix 08-12-07.01 - Icedemon3 2008-12-08 21:45:50.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1189 [GMT 1:00]
Spuštěný z: c:\documents and settings\Icedemon3\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
* Resident AV is active

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\npf.sys
c:\windows\system32\drklhoah.ini
c:\windows\system32\haohlkrd.dll
c:\windows\system32\khfDwtsQ.dll
c:\windows\system32\klogon.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\ntdll64.exe
c:\windows\system32\packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\QstwDfhk.ini
c:\windows\system32\QstwDfhk.ini2
c:\windows\system32\wpcap.dll
c:\windows\system32\wylpesnm.ini

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF

((((((((((((((((((((((((( Soubory vytvořené od 2008-11-08 do 2008-12-08 )))))))))))))))))))))))))))))))
.

2008-12-07 12:48 . 2008-12-07 12:48 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-12-07 12:33 . 2008-12-07 12:33 <DIR> d-------- c:\windows\ERUNT
2008-12-07 12:24 . 2008-12-07 12:56 <DIR> d-------- C:\SDFix
2008-12-07 11:18 . 2008-12-07 11:21 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-07 11:18 . 2008-12-07 11:18 <DIR> d-------- c:\documents and settings\Icedemon3\Data aplikací\Malwarebytes
2008-12-07 01:44 . 2008-12-07 01:44 95 --a------ c:\windows\wininit.ini
2008-12-07 00:54 . 2008-12-07 00:54 <DIR> d--h----- c:\windows\system32\GroupPolicy
2008-12-07 00:53 . 2008-12-07 01:24 <DIR> d-------- c:\windows\system32\NtmsData
2008-12-07 00:34 . 2008-12-07 00:34 3 --a------ c:\windows\sbacknt.bin
2008-12-07 00:33 . 2008-12-07 00:42 <DIR> d-------- c:\documents and settings\Icedemon3\Data aplikací\vghd
2008-12-07 00:33 . 2008-12-07 00:33 152,904 --a------ c:\windows\system32\vghd.scr
2008-12-07 00:33 . 2008-12-07 00:33 4,785 --a------ c:\windows\system32\warning.gif
2008-12-07 00:33 . 2008-12-07 00:33 1,349 --a------ c:\windows\system32\ahtn.htm
2008-12-07 00:33 . 2008-12-07 00:33 1 --a------ c:\windows\system32\test.ttt
2008-12-06 22:48 . 2008-12-06 22:49 <DIR> d-------- c:\program files\CrossLoop
2008-12-06 19:02 . 2008-12-06 19:02 <DIR> d-------- c:\program files\Maxotek
2008-12-06 18:55 . 2008-12-06 18:55 <DIR> d-------- c:\program files\Live_TV
2008-12-06 18:55 . 2008-12-06 18:55 <DIR> d-------- c:\program files\DownloadToolz
2008-12-06 18:00 . 2008-12-06 18:00 <DIR> d-------- c:\program files\Software Informer
2008-12-06 18:00 . 2008-12-07 10:09 <DIR> d-------- c:\documents and settings\Icedemon3\Data aplikací\Software Informer
2008-12-05 20:36 . 2008-12-05 20:36 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Kaspersky Lab Setup Files
2008-12-05 19:34 . 2008-12-05 19:34 <DIR> d-------- c:\program files\recfree
2008-12-05 19:34 . 2008-12-05 19:34 <DIR> d-------- c:\program files\Conduit
2008-12-05 19:33 . 2008-12-05 20:35 <DIR> d-------- c:\program files\EasySearch
2008-12-03 22:55 . 2008-12-03 23:05 <DIR> d-------- c:\documents and settings\Icedemon3\Data aplikací\vlc
2008-12-03 21:48 . 2008-12-04 12:43 <DIR> d-------- c:\documents and settings\Icedemon3\Data aplikací\dvdcss
2008-12-03 21:41 . 2008-12-03 21:41 <DIR> d-------- c:\program files\VideoLAN
2008-12-03 16:17 . 2001-10-24 11:54 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2008-12-03 16:17 . 2001-10-24 11:54 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2008-12-02 22:39 . 2008-12-02 22:39 <DIR> d-------- c:\program files\LuckyTender
2008-12-02 11:27 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-02 11:27 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-12-02 11:27 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-02 06:43 . 2008-12-02 06:43 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-11-30 19:42 . 2008-11-30 19:45 <DIR> d-------- C:\CZ_LOC
2008-11-30 18:59 . 2008-11-30 19:45 <DIR> d-------- c:\program files\Microsoft ActiveSync
2008-11-30 18:58 . 2008-11-30 18:58 <DIR> d-------- c:\program files\IMPlus 1.20 MSSP
2008-11-28 06:41 . 2008-11-28 06:46 <DIR> d-------- c:\program files\Mv2Player
2008-11-26 14:56 . 2008-11-26 14:56 <DIR> d-------- c:\windows\MVUNINST
2008-11-26 14:56 . 2008-11-26 14:58 <DIR> d-------- c:\program files\SureThing
2008-11-26 14:28 . 2008-11-26 14:28 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-11-26 14:27 . 2008-11-26 14:28 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-11-25 21:49 . 2008-11-25 21:49 <DIR> d-------- c:\documents and settings\Icedemon3\Data aplikacĂ
2008-11-24 06:54 . 2008-11-24 06:54 <DIR> d-------- c:\windows\system32\cs
2008-11-24 06:54 . 2008-11-24 06:54 <DIR> d-------- c:\windows\system32\bits
2008-11-24 06:54 . 2008-11-24 06:54 <DIR> d-------- c:\windows\l2schemas
2008-11-24 06:53 . 2008-11-24 06:53 <DIR> d-------- c:\windows\ServicePackFiles
2008-11-24 06:39 . 2008-04-14 04:21 1,888,992 --a------ c:\windows\system32\ati3duag.dll
2008-11-24 01:47 . 2008-11-24 01:47 <DIR> d-------- c:\program files\Tuning Car Studio
2008-11-23 19:16 . 2008-11-29 19:10 3,932,214 --a------ c:\windows\InvaderDark1280.bmp
2008-11-23 19:15 . 2008-11-23 19:15 <DIR> d-------- c:\program files\Common Files\Stardock
2008-11-23 19:15 . 2008-11-23 19:16 <DIR> d-------- c:\program files\AlienGUIse
2008-11-23 19:15 . 2003-02-26 22:27 36,864 --a------ c:\windows\system32\wbsys.dll
2008-11-23 19:15 . 2008-11-23 19:15 56 --a------ c:\windows\wb.ini
2008-11-23 19:13 . 2008-11-23 19:13 <DIR> d-------- c:\program files\Common Files\Vbox
2008-11-23 19:05 . 2008-11-23 19:05 <DIR> d-------- c:\documents and settings\Icedemon3\Data aplikací\River Past G5
2008-11-23 19:05 . 2008-11-23 19:07 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\River Past G5
2008-11-22 21:28 . 2004-08-03 22:31 20,992 --a------ c:\windows\system32\drivers\RTL8139.sys
2008-11-22 21:28 . 2004-08-03 22:31 20,992 --a--c--- c:\windows\system32\dllcache\rtl8139.sys
2008-11-19 23:46 . 2008-11-19 23:46 <DIR> d-------- C:\ProgramData
2008-11-19 23:46 . 2008-11-21 18:45 8,906 --a------ c:\windows\system32\ealregsnapshot1.reg
2008-11-19 23:45 . 2008-11-19 23:45 <DIR> d-------- c:\documents and settings\Icedemon3\Data aplikací\Leadertech
2008-11-19 19:48 . 2008-11-19 20:00 <DIR> d-------- C:\Downloads
2008-11-18 21:07 . 2008-11-18 21:07 <DIR> d-------- c:\windows\V39
2008-11-18 21:07 . 2008-11-18 21:07 <DIR> d-------- c:\program files\DV 5900
2008-11-18 21:07 . 2003-09-05 13:47 514,859 --a------ c:\windows\system32\drivers\Ca536av.sys
2008-11-18 21:07 . 2001-05-11 13:18 420,240 --a------ c:\windows\system32\mpg4c32.dll
2008-11-18 21:07 . 2001-05-16 17:54 309,616 --a------ c:\windows\system32\wmv8dmod.dll
2008-11-18 21:07 . 2001-03-26 04:41 245,760 --a------ c:\windows\system32\mp4sds32.ax
2008-11-18 21:07 . 2002-01-19 15:33 131,072 --a------ c:\windows\system32\SP5X_32.DLL
2008-11-18 21:07 . 2002-01-19 15:33 131,072 --a------ c:\windows\system\SP5X_32.DLL
2008-11-18 21:07 . 2003-11-12 13:46 17,408 --a------ c:\windows\system32\dext536.ax
2008-11-18 21:07 . 2003-05-14 17:28 11,048 --a------ c:\windows\system32\drivers\Bulk536.sys
2008-11-18 21:07 . 2004-11-16 08:43 2,133 --a------ c:\windows\Ca536a.ini
2008-11-18 21:07 . 2003-09-08 11:04 337 --a------ c:\windows\system32\dext536.ini
2008-11-18 20:23 . 2008-11-18 20:23 <DIR> d-------- c:\documents and settings\Icedemon3\Data aplikací\teamspeak2
2008-11-18 20:23 . 2008-11-18 20:23 34,064 --a------ c:\windows\system32\lhacm.acm
2008-11-16 20:59 . 2008-04-13 19:54 22,016 --a------ c:\windows\system32\drivers\msircomm.sys
2008-11-15 13:28 . 2008-04-14 04:22 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-15 13:14 . 2008-11-15 13:14 <DIR> d-------- c:\documents and settings\Icedemon3\Data aplikací\AdobeUM
2008-11-15 02:37 . 2008-11-15 02:39 9 --a------ c:\windows\nfsc_patch.ini
2008-11-14 19:47 . 2008-11-14 19:51 <DIR> d-------- c:\windows\NFSU dir
2008-11-14 19:47 . 2008-11-14 19:47 <DIR> d--hs---- c:\windows\ftpcache
2008-11-14 19:47 . 2008-11-14 19:51 471,040 --a------ c:\windows\NFSU.scr
2008-11-14 19:47 . 2008-11-14 19:51 12,288 --a------ c:\windows\impborl.dll
2008-11-14 19:24 . 2008-11-19 23:46 <DIR> d-------- c:\program files\Electronic Arts
2008-11-13 16:50 . 2008-11-13 16:50 8,192 --ahs---- c:\windows\Thumbs.db
2008-11-13 15:08 . 2008-11-13 15:08 <DIR> d-------- C:\PERepairData
2008-11-13 15:08 . 2008-11-13 15:08 <DIR> d-------- c:\documents and settings\Icedemon3\Data aplikací\Spybot - Search & Destroy
2008-11-12 23:45 . 2008-11-12 23:45 <DIR> d-------- c:\windows\Sun
2008-11-12 23:44 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll
2008-11-12 23:44 . 2008-11-10 03:39 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-12 23:43 . 2008-12-03 17:16 <DIR> d-------- c:\program files\Java
2008-11-12 10:38 . 2008-11-12 10:38 <DIR> d-------- c:\program files\PCNetSoftware
2008-11-12 08:27 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 18:44 . 2008-11-27 01:12 <DIR> d-------- c:\documents and settings\Icedemon3\Data aplikací\Hamachi
2008-11-11 18:43 . 2008-11-27 01:11 17,480 --a------ c:\windows\system32\drivers\hamachi.sys
2008-11-11 18:40 . 2008-11-11 18:40 <DIR> d-------- c:\program files\WinPcap
2008-11-11 13:53 . 2008-11-11 18:09 <DIR> d-------- c:\program files\DiRT
2008-11-11 12:46 . 2008-11-14 15:54 <DIR> d-------- c:\program files\Euro Truck Simulator
2008-11-11 11:40 . 2008-11-11 11:40 <DIR> d-------- c:\program files\NCH Swift Sound
2008-11-11 11:40 . 2008-11-11 11:40 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\NCH Swift Sound
2008-11-11 11:32 . 2008-11-27 19:44 <DIR> d-------- c:\program files\NCH Software
2008-11-11 11:32 . 2008-11-27 19:44 <DIR> d-------- c:\documents and settings\Icedemon3\Data aplikací\NCH Software
2008-11-11 11:32 . 2008-11-27 19:44 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\NCH Software
2008-11-10 23:24 . 2008-11-10 23:36 <DIR> d-------- c:\program files\Uloz.to Uploader
2008-11-10 21:56 . 2008-12-04 16:32 2,516 --ahs---- c:\windows\system32\KGyGaAvL.sys
2008-11-10 21:56 . 2008-12-04 16:32 88 -rahs---- c:\windows\system32\A11B4BA080.sys
2008-11-10 21:55 . 2008-11-10 21:56 <DIR> d-------- c:\documents and settings\Icedemon3\Data aplikací\Corel
2008-11-10 21:54 . 2008-11-10 21:54 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Corel
2008-11-10 21:43 . 2008-12-07 00:29 <DIR> d-------- c:\program files\Corel
2008-11-10 14:55 . 2008-11-15 10:34 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\NFS Underground
2008-11-10 14:54 . 2008-11-10 14:54 <DIR> d-------- c:\program files\Common Files\DirectX
2008-11-10 14:44 . 2008-11-10 14:44 <DIR> d-------- c:\program files\Common Files\EasyInfo
2008-11-10 06:44 . 2008-11-10 06:44 <DIR> d-------- c:\program files\uTorrent
2008-11-10 06:44 . 2008-11-15 02:51 <DIR> d-------- c:\documents and settings\Icedemon3\Data aplikací\uTorrent
2008-11-09 23:38 . 2008-10-03 18:26 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-11-09 23:38 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-11-09 23:38 . 2007-03-08 06:09 1,024,000 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-09 23:38 . 2008-08-26 09:26 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-11-09 23:38 . 2008-08-26 09:26 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-11-09 23:38 . 2008-08-26 09:26 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-11-09 23:38 . 2008-08-26 09:26 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-11-09 23:38 . 2008-08-26 09:26 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-09 23:38 . 2008-08-25 09:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-08 21:02 128,262,432 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-08 21:01 1,276,704 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-12-08 21:00 125,888 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-12-08 21:00 1,728,860 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-08 20:48 --------- d-----w c:\documents and settings\Icedemon3\Data aplikací\Skype
2008-12-08 20:08 --------- d-----w c:\documents and settings\All Users\Data aplikací\Kaspersky Lab
2008-12-08 19:29 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-08 19:28 183,112 ----a-w c:\windows\system32\PnkBstrB.exe
2008-12-08 17:34 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-12-08 15:08 --------- d-----w c:\documents and settings\Icedemon3\Data aplikací\skypePM
2008-12-07 09:18 --------- d-----w c:\program files\eMule
2008-12-05 20:17 15,600 ----a-w c:\windows\gdrv.sys
2008-12-01 05:36 --------- d-----w c:\program files\Common Files\Adobe
2008-11-30 18:44 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-27 18:44 --------- d-----w c:\program files\NCH Software
2008-11-27 18:44 --------- d-----w c:\documents and settings\Icedemon3\Data aplikací\NCH Software
2008-11-27 18:44 --------- d-----w c:\documents and settings\All Users\Data aplikací\NCH Software
2008-11-21 14:30 --------- d-----w c:\program files\ICQ6Toolbar
2008-11-21 14:30 --------- d-----w c:\program files\Codec Pack - All In 1
2008-11-21 14:30 --------- d-----w c:\program files\Acoustica CD Label Maker
2008-11-20 18:14 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2008-11-20 04:59 --------- d-----w c:\program files\Star Downloader
2008-11-19 22:46 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-19 22:40 --------- d-----w c:\program files\EA GAMES
2008-11-13 14:08 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-11 10:40 --------- d-----w c:\program files\NCH Swift Sound
2008-11-11 10:40 --------- d-----w c:\documents and settings\All Users\Data aplikací\NCH Swift Sound
2008-11-08 20:13 --------- d-----w c:\program files\Lexmark X1100 Series
2008-11-07 17:21 --------- d-----w c:\program files\Common Files\Droppix
2008-11-07 13:04 --------- d-----w c:\documents and settings\Icedemon3\Data aplikací\Acoustica
2008-11-06 19:43 --------- d-----w c:\program files\ICQ6
2008-11-06 19:43 --------- d-----w c:\documents and settings\Icedemon3\Data aplikací\ICQ
2008-11-06 19:33 --------- d-----w c:\documents and settings\Icedemon3\Data aplikací\ICQLite
2008-11-06 19:26 --------- d-----w c:\documents and settings\All Users\Data aplikací\ICQ
2008-11-01 00:45 675,328 ----a-w c:\windows\is-LI83C.exe
2008-11-01 00:45 --------- d-----w c:\program files\CyberIPod.com
2008-10-31 18:09 --------- d-----w c:\documents and settings\Icedemon3\Data aplikací\Ashampoo
2008-10-30 18:22 --------- d-----w c:\program files\SMPlayer
2008-10-29 21:53 --------- d-----w c:\program files\Yahoo!
2008-10-29 21:53 --------- d-----w c:\program files\CCleaner
2008-10-29 21:43 --------- d-----w c:\program files\VS Revo Group
2008-10-29 19:03 737,280 ----a-w c:\windows\iun6002.exe
2008-10-28 23:06 --------- d-----w c:\documents and settings\All Users\Data aplikací\Blizzard
2008-10-28 18:42 --------- d-----w c:\program files\ABBYY FineReader 6.0
2008-10-28 18:42 --------- d-----w c:\program files\ABBYY FineReader 5.0 Sprint
2008-10-28 18:42 --------- d-----w c:\documents and settings\All Users\Data aplikací\BVRP Software
2008-10-28 17:45 --------- d-----w c:\program files\Skype
2008-10-28 17:45 --------- d-----w c:\program files\Google
2008-10-28 17:45 --------- d-----w c:\program files\Common Files\Skype
2008-10-28 17:45 --------- d-----w c:\documents and settings\All Users\Data aplikací\Skype
2008-10-28 16:38 96,976 ----a-w c:\windows\system32\drivers\klin.dat
2008-10-28 16:38 87,855 ----a-w c:\windows\system32\drivers\klick.dat
2008-10-28 15:23 --------- d-----w c:\program files\Kaspersky Lab
2008-10-28 15:21 --------- d-----w c:\program files\Gigabyte
2008-10-28 15:20 --------- d-----w c:\documents and settings\All Users\Data aplikací\InstallShield
2008-10-28 15:11 315,392 ----a-w c:\windows\HideWin.exe
2008-10-28 15:11 --------- d-----w c:\program files\Realtek
2008-10-28 15:11 --------- d-----w c:\program files\DIFX
2008-10-28 15:10 --------- d-----w c:\documents and settings\Icedemon3\Data aplikací\InstallShield
2008-10-28 14:52 --------- d-----w c:\program files\microsoft frontpage
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:27 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:16 1,307,648 ----a-w c:\windows\system32\msxml6.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15c93148-34fe-47e6-88e5-37607a3002f3}]
2008-09-15 06:47 1784856 --a------ c:\program files\recfree\tbrecf.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{15C93148-34FE-47E6-88E5-37607A3002F3}"= "c:\program files\recfree\tbrecf.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{15c93148-34fe-47e6-88e5-37607a3002f3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-10-22 2363392]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-27 1211176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-20 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-20 81920]
"EasyTuneV"="c:\program files\Gigabyte\ET5\ETcall.exe" [2007-08-14 20480]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"ElbyCheckElbyCDFL"="c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2001-12-06 45056]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"nwiz"="nwiz.exe" [2007-04-20 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wb]
2001-12-20 23:34 24576 c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2VoipServer.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Gigabyte\\ET5\\update.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\bf2_w32ded.exe"=
"c:\\Program Files\\EA GAMES\\Need for Speed Underground 2\\speed2.exe"=
"c:\\Program Files\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Application
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync RAPI Manager
"c:\\Program Files\\DiRT\\DiRT.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed Carbon\\NFSC.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=
"c:\\Program Files\\CrossLoop\\CrossLoopConnect.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Disabled:ActiveSync Service

R0 d346bus;d346bus;c:\windows\system32\DRIVERS\d346bus.sys [2008-11-09 156800]
R0 d346prt;d346prt;c:\windows\system32\Drivers\d346prt.sys [2008-11-09 5248]
R0 xmasbus;xmasbus;c:\windows\system32\DRIVERS\xmasbus.sys [2008-11-08 140800]
R0 xmasscsi;xmasscsi;c:\windows\system32\Drivers\xmasscsi.sys [2008-11-08 5504]
R3 MarkFun_NT;MarkFun_NT;\??\c:\program files\Gigabyte\ET5\markfun.w32 [2008-10-28 17912]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2006-03-02 69120]
S2 Ca536av;DV 5900(Video);c:\windows\system32\Drivers\Ca536av.sys [2008-11-18 514859]
S3 USBCamera;DV 5900(Still);c:\windows\system32\Drivers\Bulk536.sys [2008-11-18 11048]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\Autorun.exe

*Newly Created Service* - MARKFUN_NT

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{1078B4EB-45AA-4D5E-B590-65D6F05F81D3} - c:\windows\system32\khfDwtsQ.dll
HKCU-Run-fsm - (no file)
Notify-wvunlcsq - wvUnLCsq.dll

.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {79C3F263-2805-4BE6-91BA-D73F6E85F22B} = 172.27.12.254
FireFox -: Profile - c:\documents and settings\Icedemon3\Data aplikací\Mozilla\Firefox\Profiles\fl3zd13f.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.atlas.cz/?from=icqhp
FF -: plugin - c:\program files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 22:01:27
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MarkFun_NT]
"ImagePath"="\??\c:\program files\Gigabyte\ET5\markfun.w32"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(868)
c:\program files\AlienGUIse\fastload.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\rundll32.exe
c:\program files\Lexmark X1100 Series\lxbkbmon.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Gigabyte\ET5\GUI.exe
c:\progra~1\MICROS~2\rapimgr.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Celkový čas: 2008-12-08 22:04:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-12-08 21:04:02

Před spuštěním: Volných bajtů: 99 887 669 248
Po spuštění: Volných bajtů: 99,849,969,664

374 --- E O F --- 2008-11-27 05:49:23

Reklama

Příspěvekod **jaro3** » 09 pro 2008 11:47

Odinstaluj:
c:\program files\LuckyTender

Toto znáš: C:\CZ_LOC ?

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\sbacknt.bin
c:\windows\system32\vghd.scr
c:\windows\system32\warning.gif
c:\windows\system32\ahtn.htm
c:\windows\system32\test.ttt
c:\windows\iun6002.exe
c:\windows\system32\drivers\klin.dat
c:\windows\system32\drivers\klick.dat

Folder::
c:\documents and settings\Icedemon3\Data aplikací\vghd
C:\SDFix
c:\program files\LuckyTender

DirLook::
c:\program files\eMule

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\windows\is-LI83C.exe
c:\windows\system32\A11B4BA080.sys
c:\program files\recfree\tbrecf.dll
Vlož sem pak výsledky.

prosím o kontrolu logu

prosím o kontrolu logu

Re: prosím o kontrolu logu

Kdo je online