Kontrola logu logu Combofixu

dukyke · Příspěvekod **dukyke** » 20 kvě 2009 19:30

Zdravim Ta Damned,
prosim Ta mohol by si mi pozrel log s ComboFixu?

Pri prihlaseni sa mi ukaze hlaska chyby pri userinit.exe a zostane prazdne pozadie, spustim to iba cez ctrl+alt+del a spustit exlorer.exe

Pozrel som do registrov a tam je C:\Windows\system32\userinit.exe,

Vopred dakujem

ComboFix 09-05-19.08 - dusan 20.05.2009 18:44.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2030.1617 [GMT 2:00]
Running from: c:\documents and settings\dusan\My Documents\Preberanie\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\Install.txt
c:\windows\system32\comsa32.sys
c:\windows\system32\FInstall.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFISICX
-------\Legacy_PERFMONS
-------\Legacy_PERFS
-------\Legacy_SOPIDKC
-------\Legacy_TDCTXTE
-------\Service_afisicx
-------\Service_perfmons
-------\Service_perfs
-------\Service_sopidkc
-------\Service_tdctxte

((((((((((((((((((((((((( Files Created from 2009-04-20 to 2009-05-20 )))))))))))))))))))))))))))))))
.

2009-05-20 13:25 . 2009-05-20 13:34 94643 -c--a-w c:\windows\system32\drivers\klick.dat
2009-05-20 13:25 . 2009-05-20 13:34 105395 -c--a-w c:\windows\system32\drivers\klin.dat
2009-05-20 13:24 . 2009-05-20 16:40 3763232 -csha-w c:\windows\system32\drivers\fidbox.dat
2009-05-20 13:24 . 2009-05-20 16:40 385056 -csha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-20 13:24 . 2009-05-20 16:42 -------- dc----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-05-20 13:24 . 2009-05-20 13:24 -------- dc----w c:\program files\Kaspersky Lab
2009-05-20 13:24 . 2009-05-20 13:24 -------- dc----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-19 18:29 . 2008-04-14 00:12 26112 -c--a-w c:\windows\system32\stu2.exe
2009-05-19 09:46 . 2009-05-20 08:25 -------- dc----w c:\program files\EasyPHP 3.0
2009-05-19 09:17 . 2009-03-04 14:03 2400256 -c--a-w c:\windows\system32\libmySQL.dll
2009-05-19 09:17 . 2009-04-09 06:25 4927564 -c--a-w c:\windows\system32\php5ts.dll
2009-05-19 08:59 . 2009-05-19 08:59 -------- dc----w c:\documents and settings\All Users\Application Data\MySQL
2009-05-19 08:27 . 2009-05-19 08:27 -------- dc----w C:\dev
2009-05-13 17:20 . 2009-05-13 17:20 -------- dc----w c:\program files\Hewlett-Packard
2009-05-13 17:20 . 2009-05-13 17:20 -------- dc----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-05-13 17:19 . 2004-05-11 08:53 626960 -c--a-r c:\windows\system32\hpvaut32.dll
2009-05-13 17:19 . 2004-05-11 08:53 487424 -c--a-r c:\windows\system32\hpvcp70.dll
2009-05-13 17:19 . 2004-05-11 08:53 44544 -c--a-r c:\windows\system32\MSXML4a.dll
2009-05-13 17:19 . 2004-05-11 08:53 344064 -c--a-r c:\windows\system32\hpvcr70.dll
2009-05-13 17:19 . 2009-05-13 17:19 -------- dc----w c:\program files\Common Files\Hewlett-Packard
2009-05-13 17:17 . 2004-06-21 20:02 16496 -c--a-r c:\windows\system32\drivers\HPZipr12.sys
2009-05-13 17:17 . 2004-06-21 20:02 51088 -c--a-r c:\windows\system32\drivers\hpzid412.sys
2009-05-13 17:17 . 2008-04-13 18:45 15104 -c--a-w c:\windows\system32\dllcache\usbscan.sys
2009-05-13 17:17 . 2008-04-13 18:45 15104 -c--a-w c:\windows\system32\drivers\usbscan.sys
2009-05-13 17:16 . 2004-03-18 14:38 61440 -c--a-w c:\windows\system32\HPZinw12.exe
2009-05-13 17:16 . 2004-03-18 14:55 65536 -c--a-w c:\windows\system32\HPZipm12.exe
2009-05-13 17:16 . 2004-03-18 14:39 57344 -c--a-w c:\windows\system32\HPZisn12.dll
2009-05-13 17:16 . 2004-03-18 14:39 94208 -c--a-w c:\windows\system32\HPZipt12.dll
2009-05-13 17:16 . 2004-03-18 14:56 204800 -c--a-w c:\windows\system32\HPZipr12.dll
2009-05-13 17:16 . 2004-03-18 14:53 278584 -c--a-w c:\windows\system32\HPZidr12.dll
2009-05-13 17:16 . 1998-10-29 14:45 306688 -c--a-w c:\windows\IsUninst.exe
2009-05-13 17:15 . 2009-05-13 17:20 -------- dc----w c:\program files\HP
2009-05-13 17:13 . 2009-05-13 17:30 104582 -c--a-w c:\windows\hpoins04.dat
2009-05-13 17:13 . 2004-06-21 20:02 17176 -c----w c:\windows\hpomdl04.dat
2009-05-01 12:02 . 2009-05-01 12:02 -------- dc----w c:\program files\XviD
2009-05-01 12:01 . 2009-05-01 12:01 -------- dc----w c:\program files\AviSynth 2.5
2009-05-01 12:01 . 2009-05-01 12:01 -------- dc----w c:\program files\Gabest
2009-05-01 12:01 . 2009-05-01 12:02 -------- dc----w c:\program files\AutoGK
2009-04-28 20:18 . 2009-04-28 20:18 -------- dc----w c:\documents and settings\dusan\Local Settings\Application Data\Sony Ericsson
2009-04-23 19:47 . 2004-05-20 15:50 1537536 -c--a-w c:\windows\system32\erdmpg-hi.dll
2009-04-23 19:47 . 2009-04-23 19:47 -------- dc----w c:\program files\Common Files\Doblon
2009-04-23 19:47 . 2009-04-23 19:47 -------- dc----w c:\program files\Doblon
2009-04-23 19:08 . 2009-04-23 19:08 -------- dc----w c:\windows\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-20 16:43 . 2009-04-08 08:37 -------- dc----w c:\program files\Mozilla Firefox 3.1 Beta 3
2009-05-20 16:40 . 2009-05-20 13:24 3444 -csha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-20 16:40 . 2009-05-20 13:24 31528 -csha-w c:\windows\system32\drivers\fidbox.idx
2009-05-20 14:13 . 2009-04-03 20:06 -------- dc----w c:\program files\Mozilla Thunderbird
2009-05-20 13:34 . 2008-01-29 15:29 33808 -c--a-w c:\windows\system32\drivers\klbg.sys
2009-05-19 18:29 . 2007-07-27 12:00 13312 -c-ha-w c:\windows\system32\userinit.exe
2009-05-06 11:27 . 2009-04-03 20:30 26160 -c--a-w c:\documents and settings\dusan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-28 20:17 . 2009-04-28 20:17 -------- dc----w c:\program files\Avanquest update
2009-04-28 20:17 . 2009-04-03 19:27 -------- dc-h--w c:\program files\InstallShield Installation Information
2009-04-28 20:17 . 2009-04-28 20:17 -------- dc----w c:\program files\Sony Ericsson
2009-04-18 07:20 . 2009-04-18 07:20 -------- dc----w c:\program files\Common Files\Nero
2009-04-18 07:20 . 2009-04-18 07:20 -------- dc----w c:\program files\Nero 9
2009-04-17 12:36 . 2009-04-09 09:01 -------- dc----w c:\program files\Google
2009-04-17 09:54 . 2009-04-17 09:54 -------- dc----w c:\program files\Verlag Dashofer
2009-04-10 16:29 . 2009-04-03 21:33 360192 -c--a-w c:\windows\system32\TuneUpDefragService.exe
2009-04-09 21:23 . 2009-04-09 21:24 410984 -c--a-w c:\windows\system32\deploytk.dll
2009-04-09 21:23 . 2009-04-08 19:56 -------- dc----w c:\program files\Java
2009-04-08 19:56 . 2009-04-08 19:56 -------- dc----w c:\program files\Common Files\Java
2009-04-08 19:39 . 2009-04-08 19:30 -------- dc----w c:\program files\Stylus Studio 2007 XML Enterprise Suite
2009-04-08 19:08 . 2009-04-08 18:53 -------- dc----w c:\program files\Stylus Studio 2007 XML Enterprise Suite Release 2
2009-04-08 08:40 . 2009-04-08 08:40 -------- dc----w c:\program files\Opera
2009-04-08 08:32 . 2009-04-05 21:23 -------- dc----w c:\program files\Your Uninstaller 2008
2009-04-06 22:03 . 2009-04-06 22:03 -------- dc----w c:\program files\Faktury Plus
2009-04-06 11:26 . 2009-04-06 11:26 -------- dc----w c:\program files\Microsoft Works
2009-04-06 11:26 . 2009-04-06 11:26 -------- dc----w c:\program files\Microsoft.NET
2009-04-06 10:47 . 2009-04-06 10:47 -------- dc----w c:\program files\Common Files\Control Panels
2009-04-06 10:47 . 2009-04-04 09:59 -------- dc----w c:\program files\Common Files\Adobe
2009-04-06 10:46 . 2009-04-06 10:46 -------- dc----w c:\program files\Bonjour
2009-04-05 23:21 . 2009-04-05 23:21 -------- dc----w c:\program files\PSPad editor
2009-04-05 21:36 . 2009-04-05 21:36 -------- dc----w c:\program files\DAEMON Tools
2009-04-05 21:34 . 2009-04-05 21:34 639224 -c--a-w c:\windows\system32\drivers\sptd.sys
2009-04-05 21:18 . 2009-04-05 21:18 -------- dc----w c:\program files\Windows Media Connect 2
2009-04-04 10:02 . 2009-04-04 10:02 -------- dc----w c:\program files\Common Files\Macrovision Shared
2009-04-03 22:44 . 2009-04-03 22:44 -------- dc----w c:\program files\R-Studio
2009-04-03 21:34 . 2009-04-03 21:32 -------- dc----w c:\program files\TuneUp Utilities 2009
2009-04-03 21:33 . 2009-04-03 21:33 603904 ----a-w c:\windows\system32\TUProgSt.exe
2009-04-03 21:31 . 2009-04-03 21:31 -------- dc----w c:\program files\AVG
2009-04-03 21:23 . 2009-04-03 21:23 64200 -c--a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-03 21:23 . 2009-04-03 21:23 -------- dc----w c:\program files\MSBuild
2009-04-03 21:23 . 2009-04-03 21:23 -------- dc----w c:\program files\Reference Assemblies
2009-04-03 21:02 . 2009-04-03 21:02 -------- dc----w c:\program files\ESTsoft
2009-04-03 20:58 . 2009-04-03 20:58 -------- dc----w c:\program files\Common Files\aliaswavefront shared
2009-04-03 20:58 . 2009-04-03 20:58 -------- dc----w c:\program files\Common Files\Alias Shared
2009-04-03 20:58 . 2009-04-03 20:57 -------- dc----w c:\program files\Microsoft DirectX SDK (April 2007)
2009-04-03 20:29 . 2009-04-03 20:29 -------- dc----w c:\program files\Ashampoo
2009-04-03 20:22 . 2009-04-03 19:28 -------- dc----w c:\program files\Intel Audio Studio
2009-04-03 20:20 . 2009-04-03 20:20 0 -c-ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-04-03 20:20 . 2009-04-03 20:20 0 -c-ha-w c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-04-03 20:19 . 2009-04-03 20:19 0 -c-ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-04-03 20:19 . 2009-04-03 20:19 -------- dc----w c:\program files\Common Files\Logitech
2009-04-03 20:19 . 2009-04-03 20:19 -------- dc----w c:\program files\Logitech
2009-04-03 20:05 . 2009-04-03 20:05 -------- dc----w c:\program files\K-Lite Codec Pack
2009-04-03 19:52 . 2009-04-03 19:52 56 -c-ha-w c:\windows\system32\ezsidmv.dat
2009-04-03 19:51 . 2009-04-03 19:51 -------- dc----w c:\program files\Common Files\Skype
2009-04-03 19:51 . 2009-04-03 19:51 -------- dc----r c:\program files\Skype
2009-04-03 19:44 . 2009-04-03 19:27 -------- dc----w c:\program files\Common Files\InstallShield
2009-04-03 19:43 . 2009-04-03 19:43 -------- dc----w c:\program files\VideoLAN
2009-04-03 19:37 . 2009-04-03 19:37 0 -c--a-w c:\windows\nsreg.dat
2009-04-03 19:32 . 2009-04-03 19:21 -------- dc----w c:\program files\Intel
2009-04-03 19:27 . 2009-04-03 19:27 -------- dc----w c:\program files\SigmaTel
2009-04-03 19:20 . 2009-04-03 19:20 -------- dc----w c:\program files\MSXML 4.0
2009-04-03 19:15 . 2009-04-03 19:15 -------- dc----w c:\program files\microsoft frontpage
2009-04-03 19:12 . 2009-04-03 19:12 21640 -c--a-w c:\windows\system32\emptyregdb.dat
2009-03-16 12:18 . 2009-04-03 20:59 69448 -c--a-w c:\windows\system32\XAPOFX1_3.dll
2009-03-16 12:18 . 2009-04-03 20:59 517448 -c--a-w c:\windows\system32\XAudio2_4.dll
2009-03-16 12:18 . 2009-04-03 20:59 235352 -c--a-w c:\windows\system32\xactengine3_4.dll
2009-03-16 12:18 . 2009-04-03 20:59 22360 -c--a-w c:\windows\system32\X3DAudio1_6.dll
2009-03-09 13:27 . 2009-04-03 20:59 453456 -c--a-w c:\windows\system32\d3dx10_41.dll
2009-03-09 13:27 . 2009-04-03 20:59 4178264 -c--a-w c:\windows\system32\D3DX9_41.dll
2009-03-09 13:27 . 2009-04-03 20:59 1846632 -c--a-w c:\windows\system32\D3DCompiler_41.dll
2009-03-06 14:22 . 2007-07-27 12:00 284160 -c--a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2007-07-27 12:00 826368 -c--a-w c:\windows\system32\wininet.dll
2009-03-02 18:10 . 2009-04-03 20:05 67584 -c--a-w c:\windows\system32\ff_vfw.dll
2009-02-20 18:09 . 2007-07-27 12:00 78336 -c--a-w c:\windows\system32\ieencode.dll
2008-07-31 20:18 . 2009-04-05 08:14 2206824 -c--a-w c:\program files\Common Files\tcmdr704.exe
.

------- Sigcheck -------

[7] 2007-07-27 12:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\$NtServicePackUninstall$\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2009-05-19 18:29 13312 3A1BCD7A5019E5BE6C316EED654DBBF4 c:\windows\system32\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-09 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2006-08-02 9134080]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-09 148888]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-05-20 201992]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-11 1519616]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2009-4-4 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-4-3 692224]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableProfileQuota"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe"
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Stylus Studio 2007 XML Enterprise Suite\\bin\\Struzzo.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\Slovak\\setup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox 3.1 Beta 3\\firefox.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29.1.2008 17:29 33808]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13.3.2008 18:02 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [25.3.2008 19:07 24592]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [27.7.2007 14:00 69120]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [3.4.2009 22:29 410976]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [28.4.2009 22:17 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [28.4.2009 22:17 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [28.4.2009 22:17 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [28.4.2009 22:17 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [28.4.2009 22:17 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [28.4.2009 22:17 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [28.4.2009 22:17 115752]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-05-20 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]

2009-05-20 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} -
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} -
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\documents and settings\dusan\Application Data\Mozilla\Firefox\Profiles\kpn3bmu2.default\
FF - plugin: c:\program files\Opera\program\plugins\NPJava11.dll
FF - plugin: c:\program files\Opera\program\plugins\NPJava12.dll
FF - plugin: c:\program files\Opera\program\plugins\NPJava13.dll
FF - plugin: c:\program files\Opera\program\plugins\NPJava14.dll
FF - plugin: c:\program files\Opera\program\plugins\NPJava32.dll
FF - plugin: c:\program files\Opera\program\plugins\NPJPI142_19.dll
FF - plugin: c:\program files\Opera\program\plugins\NPOJI610.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
.
------- File Associations -------
.
txtfile="c:\program files\PSPad editor\PSPad.exe" "%1"
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-20 18:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1148)
c:\windows\system32\klogon.dll

- - - - - - - > 'explorer.exe'(3716)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-20 18:46
ComboFix-quarantined-files.txt 2009-05-20 16:46

Pre-Run: 17 572 700 160 bytes free
Post-Run: 12 adresárov, 17 556 070 400 voľných bajtov

317 --- E O F --- 2009-05-20 14:00

/příště si prosím založ vlastní téma. odděleno.memphisto

Reklama

Damned · Příspěvekod **Damned** » 20 kvě 2009 21:11

Stáhni si ještě z mého podpisu HJT a dej sem z něho log. Pak budeme pokračovat.

dukyke · Příspěvekod **dukyke** » 20 kvě 2009 21:25

je to tu

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:21:21, on 20.5.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Mozilla Firefox 3.1 Beta 3\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: Štatistika ochrany webovej prevádzky - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - (no file)
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - (no file)
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - (no file)
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - (no file)
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) Active Management Technology LMS Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9565 bytes

Damned · Příspěvekod **Damned** » 20 kvě 2009 21:36

Spusť si HJT a fixni (zaškrtnout políčko před hodnotou a zmáčknout "Fix checked"):

O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - (no file)
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - (no file)
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - (no file)
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - (no file)
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - (no file)

Potom si stáhni Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

dukyke · Příspěvekod **dukyke** » 20 kvě 2009 21:48

Malwarebytes' Anti-Malware 1.36
Verzia databázy: 2159
Windows 5.1.2600 Service Pack 3

20.5.2009 21:43:40
mbam-log-2009-05-20 (21-43-34).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 76850
Uplynutý cas: 2 minute(s), 0 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 1
Infikovaných priecinkov: 0
Infikovaných súborov: 1

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
(Žiadne škodlivé položky)

Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)

Infikovaných registracných údajov položiek:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> No action taken.

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
C:\WINDOWS\system32\dncyool64.sys (Trojan.VB) -> No action taken.

Damned · Příspěvekod **Damned** » 20 kvě 2009 21:52

Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Ukonči všechna aktivní okna a spusť Combofix.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah[/b]

dukyke · Příspěvekod **dukyke** » 20 kvě 2009 22:10

Malwarebytes' Anti-Malware 1.36
Verzia databázy: 2159
Windows 5.1.2600 Service Pack 3

20.5.2009 22:01:42
mbam-log-2009-05-20 (22-01-42).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 76708
Uplynutý cas: 1 minute(s), 56 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 1
Infikovaných priecinkov: 0
Infikovaných súborov: 0

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
(Žiadne škodlivé položky)

Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)

Infikovaných registracných údajov položiek:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
(Žiadne škodlivé položky)

ComboFix 09-05-20.01 - dusan 20.05.2009 22:03.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2030.1615 [GMT 2:00]
Running from: c:\documents and settings\dusan\My Documents\Preberanie\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-04-20 to 2009-05-20 )))))))))))))))))))))))))))))))
.

2009-05-20 19:40 . 2009-05-20 19:40 -------- dc----w c:\documents and settings\dusan\Application Data\Malwarebytes
2009-05-20 19:40 . 2009-04-06 13:32 15504 -c--a-w c:\windows\system32\drivers\mbam.sys
2009-05-20 19:40 . 2009-04-06 13:32 38496 -c--a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-20 19:40 . 2009-05-20 19:40 -------- dc----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-20 19:40 . 2009-05-20 19:40 -------- dc----w c:\program files\Malwarebytes' Anti-Malware
2009-05-20 19:20 . 2009-05-20 19:20 -------- dc----w c:\program files\Trend Micro
2009-05-20 16:58 . 2009-05-20 16:58 -------- dc----w C:\!KillBox
2009-05-20 13:25 . 2009-05-20 13:34 94643 -c--a-w c:\windows\system32\drivers\klick.dat
2009-05-20 13:25 . 2009-05-20 13:34 105395 -c--a-w c:\windows\system32\drivers\klin.dat
2009-05-20 13:24 . 2009-05-20 19:55 3763232 -csha-w c:\windows\system32\drivers\fidbox.dat
2009-05-20 13:24 . 2009-05-20 19:55 385056 -csha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-20 13:24 . 2009-05-20 19:57 -------- dc----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-05-20 13:24 . 2009-05-20 13:24 -------- dc----w c:\program files\Kaspersky Lab
2009-05-20 13:24 . 2009-05-20 13:24 -------- dc----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-19 18:29 . 2008-04-14 00:12 26112 -c--a-w c:\windows\system32\stu2.exe
2009-05-19 09:46 . 2009-05-20 08:25 -------- dc----w c:\program files\EasyPHP 3.0
2009-05-19 09:17 . 2009-03-04 14:03 2400256 -c--a-w c:\windows\system32\libmySQL.dll
2009-05-19 09:17 . 2009-04-09 06:25 4927564 -c--a-w c:\windows\system32\php5ts.dll
2009-05-19 08:59 . 2009-05-19 08:59 -------- dc----w c:\documents and settings\All Users\Application Data\MySQL
2009-05-19 08:27 . 2009-05-19 08:27 -------- dc----w C:\dev
2009-05-13 17:20 . 2009-05-13 17:20 -------- dc----w c:\program files\Hewlett-Packard
2009-05-13 17:20 . 2009-05-13 17:20 -------- dc----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-05-13 17:19 . 2004-05-11 08:53 626960 -c--a-r c:\windows\system32\hpvaut32.dll
2009-05-13 17:19 . 2004-05-11 08:53 487424 -c--a-r c:\windows\system32\hpvcp70.dll
2009-05-13 17:19 . 2004-05-11 08:53 44544 -c--a-r c:\windows\system32\MSXML4a.dll
2009-05-13 17:19 . 2004-05-11 08:53 344064 -c--a-r c:\windows\system32\hpvcr70.dll
2009-05-13 17:19 . 2009-05-13 17:19 -------- dc----w c:\program files\Common Files\Hewlett-Packard
2009-05-13 17:17 . 2004-06-21 20:02 16496 -c--a-r c:\windows\system32\drivers\HPZipr12.sys
2009-05-13 17:17 . 2004-06-21 20:02 51088 -c--a-r c:\windows\system32\drivers\hpzid412.sys
2009-05-13 17:17 . 2008-04-13 18:45 15104 -c--a-w c:\windows\system32\dllcache\usbscan.sys
2009-05-13 17:17 . 2008-04-13 18:45 15104 -c--a-w c:\windows\system32\drivers\usbscan.sys
2009-05-13 17:16 . 2004-03-18 14:38 61440 -c--a-w c:\windows\system32\HPZinw12.exe
2009-05-13 17:16 . 2004-03-18 14:55 65536 -c--a-w c:\windows\system32\HPZipm12.exe
2009-05-13 17:16 . 2004-03-18 14:39 57344 -c--a-w c:\windows\system32\HPZisn12.dll
2009-05-13 17:16 . 2004-03-18 14:39 94208 -c--a-w c:\windows\system32\HPZipt12.dll
2009-05-13 17:16 . 2004-03-18 14:56 204800 -c--a-w c:\windows\system32\HPZipr12.dll
2009-05-13 17:16 . 2004-03-18 14:53 278584 -c--a-w c:\windows\system32\HPZidr12.dll
2009-05-13 17:16 . 1998-10-29 14:45 306688 -c--a-w c:\windows\IsUninst.exe
2009-05-13 17:15 . 2009-05-13 17:20 -------- dc----w c:\program files\HP
2009-05-13 17:13 . 2009-05-13 17:30 104582 -c--a-w c:\windows\hpoins04.dat
2009-05-13 17:13 . 2004-06-21 20:02 17176 -c----w c:\windows\hpomdl04.dat
2009-05-01 12:02 . 2009-05-01 12:02 -------- dc----w c:\program files\XviD
2009-05-01 12:01 . 2009-05-01 12:01 -------- dc----w c:\program files\AviSynth 2.5
2009-05-01 12:01 . 2009-05-01 12:01 -------- dc----w c:\program files\Gabest
2009-05-01 12:01 . 2009-05-01 12:02 -------- dc----w c:\program files\AutoGK
2009-04-28 20:18 . 2009-04-28 20:18 -------- dc----w c:\documents and settings\dusan\Local Settings\Application Data\Sony Ericsson
2009-04-23 19:47 . 2004-05-20 15:50 1537536 -c--a-w c:\windows\system32\erdmpg-hi.dll
2009-04-23 19:47 . 2009-04-23 19:47 -------- dc----w c:\program files\Common Files\Doblon
2009-04-23 19:47 . 2009-04-23 19:47 -------- dc----w c:\program files\Doblon
2009-04-23 19:08 . 2009-04-23 19:08 -------- dc----w c:\windows\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-20 19:58 . 2009-04-08 08:37 -------- dc----w c:\program files\Mozilla Firefox 3.1 Beta 3
2009-05-20 19:55 . 2009-05-20 13:24 3444 -csha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-20 19:55 . 2009-05-20 13:24 31528 -csha-w c:\windows\system32\drivers\fidbox.idx
2009-05-20 17:36 . 2009-04-03 20:06 -------- dc----w c:\program files\Mozilla Thunderbird
2009-05-20 13:34 . 2008-01-29 15:29 33808 -c--a-w c:\windows\system32\drivers\klbg.sys
2009-05-19 18:29 . 2007-07-27 12:00 13312 -c-ha-w c:\windows\system32\userinit.exe
2009-05-06 11:27 . 2009-04-03 20:30 26160 -c--a-w c:\documents and settings\dusan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-28 20:17 . 2009-04-28 20:17 -------- dc----w c:\program files\Avanquest update
2009-04-28 20:17 . 2009-04-03 19:27 -------- dc-h--w c:\program files\InstallShield Installation Information
2009-04-28 20:17 . 2009-04-28 20:17 -------- dc----w c:\program files\Sony Ericsson
2009-04-18 07:20 . 2009-04-18 07:20 -------- dc----w c:\program files\Common Files\Nero
2009-04-18 07:20 . 2009-04-18 07:20 -------- dc----w c:\program files\Nero 9
2009-04-17 12:36 . 2009-04-09 09:01 -------- dc----w c:\program files\Google
2009-04-17 09:54 . 2009-04-17 09:54 -------- dc----w c:\program files\Verlag Dashofer
2009-04-10 16:29 . 2009-04-03 21:33 360192 -c--a-w c:\windows\system32\TuneUpDefragService.exe
2009-04-09 21:23 . 2009-04-09 21:24 410984 -c--a-w c:\windows\system32\deploytk.dll
2009-04-09 21:23 . 2009-04-08 19:56 -------- dc----w c:\program files\Java
2009-04-08 19:56 . 2009-04-08 19:56 -------- dc----w c:\program files\Common Files\Java
2009-04-08 19:39 . 2009-04-08 19:30 -------- dc----w c:\program files\Stylus Studio 2007 XML Enterprise Suite
2009-04-08 19:08 . 2009-04-08 18:53 -------- dc----w c:\program files\Stylus Studio 2007 XML Enterprise Suite Release 2
2009-04-08 08:40 . 2009-04-08 08:40 -------- dc----w c:\program files\Opera
2009-04-08 08:32 . 2009-04-05 21:23 -------- dc----w c:\program files\Your Uninstaller 2008
2009-04-06 22:03 . 2009-04-06 22:03 -------- dc----w c:\program files\Faktury Plus
2009-04-06 11:26 . 2009-04-06 11:26 -------- dc----w c:\program files\Microsoft Works
2009-04-06 11:26 . 2009-04-06 11:26 -------- dc----w c:\program files\Microsoft.NET
2009-04-06 10:47 . 2009-04-06 10:47 -------- dc----w c:\program files\Common Files\Control Panels
2009-04-06 10:47 . 2009-04-04 09:59 -------- dc----w c:\program files\Common Files\Adobe
2009-04-06 10:46 . 2009-04-06 10:46 -------- dc----w c:\program files\Bonjour
2009-04-05 23:21 . 2009-04-05 23:21 -------- dc----w c:\program files\PSPad editor
2009-04-05 21:36 . 2009-04-05 21:36 -------- dc----w c:\program files\DAEMON Tools
2009-04-05 21:34 . 2009-04-05 21:34 639224 -c--a-w c:\windows\system32\drivers\sptd.sys
2009-04-05 21:18 . 2009-04-05 21:18 -------- dc----w c:\program files\Windows Media Connect 2
2009-04-04 10:02 . 2009-04-04 10:02 -------- dc----w c:\program files\Common Files\Macrovision Shared
2009-04-03 22:44 . 2009-04-03 22:44 -------- dc----w c:\program files\R-Studio
2009-04-03 21:34 . 2009-04-03 21:32 -------- dc----w c:\program files\TuneUp Utilities 2009
2009-04-03 21:33 . 2009-04-03 21:33 603904 ----a-w c:\windows\system32\TUProgSt.exe
2009-04-03 21:31 . 2009-04-03 21:31 -------- dc----w c:\program files\AVG
2009-04-03 21:23 . 2009-04-03 21:23 64200 -c--a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-03 21:23 . 2009-04-03 21:23 -------- dc----w c:\program files\MSBuild
2009-04-03 21:23 . 2009-04-03 21:23 -------- dc----w c:\program files\Reference Assemblies
2009-04-03 21:18 . 2009-04-03 19:14 166455 -c--a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-03 21:02 . 2009-04-03 21:02 -------- dc----w c:\program files\ESTsoft
2009-04-03 20:58 . 2009-04-03 20:58 -------- dc----w c:\program files\Common Files\aliaswavefront shared
2009-04-03 20:58 . 2009-04-03 20:58 -------- dc----w c:\program files\Common Files\Alias Shared
2009-04-03 20:58 . 2009-04-03 20:57 -------- dc----w c:\program files\Microsoft DirectX SDK (April 2007)
2009-04-03 20:29 . 2009-04-03 20:29 -------- dc----w c:\program files\Ashampoo
2009-04-03 20:22 . 2009-04-03 19:28 -------- dc----w c:\program files\Intel Audio Studio
2009-04-03 20:20 . 2009-04-03 20:20 0 -c-ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-04-03 20:20 . 2009-04-03 20:20 0 -c-ha-w c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-04-03 20:19 . 2009-04-03 20:19 0 -c-ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-04-03 20:19 . 2009-04-03 20:19 -------- dc----w c:\program files\Common Files\Logitech
2009-04-03 20:19 . 2009-04-03 20:19 -------- dc----w c:\program files\Logitech
2009-04-03 20:05 . 2009-04-03 20:05 -------- dc----w c:\program files\K-Lite Codec Pack
2009-04-03 19:52 . 2009-04-03 19:52 56 -c-ha-w c:\windows\system32\ezsidmv.dat
2009-04-03 19:51 . 2009-04-03 19:51 -------- dc----w c:\program files\Common Files\Skype
2009-04-03 19:51 . 2009-04-03 19:51 -------- dc----r c:\program files\Skype
2009-04-03 19:44 . 2009-04-03 19:27 -------- dc----w c:\program files\Common Files\InstallShield
2009-04-03 19:43 . 2009-04-03 19:43 -------- dc----w c:\program files\VideoLAN
2009-04-03 19:37 . 2009-04-03 19:37 0 -c--a-w c:\windows\nsreg.dat
2009-04-03 19:32 . 2009-04-03 19:21 -------- dc----w c:\program files\Intel
2009-04-03 19:27 . 2009-04-03 19:27 -------- dc----w c:\program files\SigmaTel
2009-04-03 19:20 . 2009-04-03 19:20 -------- dc----w c:\program files\MSXML 4.0
2009-04-03 19:15 . 2009-04-03 19:15 -------- dc----w c:\program files\microsoft frontpage
2009-04-03 19:14 . 2007-07-27 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-04-03 19:12 . 2009-04-03 19:12 21640 -c--a-w c:\windows\system32\emptyregdb.dat
2009-03-16 12:18 . 2009-04-03 20:59 69448 -c--a-w c:\windows\system32\XAPOFX1_3.dll
2009-03-16 12:18 . 2009-04-03 20:59 517448 -c--a-w c:\windows\system32\XAudio2_4.dll
2009-03-16 12:18 . 2009-04-03 20:59 235352 -c--a-w c:\windows\system32\xactengine3_4.dll
2009-03-16 12:18 . 2009-04-03 20:59 22360 -c--a-w c:\windows\system32\X3DAudio1_6.dll
2009-03-09 13:27 . 2009-04-03 20:59 453456 -c--a-w c:\windows\system32\d3dx10_41.dll
2009-03-09 13:27 . 2009-04-03 20:59 4178264 -c--a-w c:\windows\system32\D3DX9_41.dll
2009-03-09 13:27 . 2009-04-03 20:59 1846632 -c--a-w c:\windows\system32\D3DCompiler_41.dll
2009-03-06 14:22 . 2007-07-27 12:00 284160 -c--a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2007-07-27 12:00 826368 -c--a-w c:\windows\system32\wininet.dll
2009-03-02 18:10 . 2009-04-03 20:05 67584 -c--a-w c:\windows\system32\ff_vfw.dll
2009-02-20 18:09 . 2007-07-27 12:00 78336 -c--a-w c:\windows\system32\ieencode.dll
2008-07-31 20:18 . 2009-04-05 08:14 2206824 -c--a-w c:\program files\Common Files\tcmdr704.exe
.

------- Sigcheck -------

[7] 2007-07-27 12:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\$NtServicePackUninstall$\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2009-05-19 18:29 13312 3A1BCD7A5019E5BE6C316EED654DBBF4 c:\windows\system32\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-05-20_16.45.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-20 19:56 . 2009-05-20 19:56 16384 c:\windows\Temp\Perflib_Perfdata_360.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-09 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2006-08-02 9134080]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-09 148888]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-05-20 201992]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-11 1519616]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2009-4-4 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-4-3 692224]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableProfileQuota"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe"
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Stylus Studio 2007 XML Enterprise Suite\\bin\\Struzzo.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\Slovak\\setup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox 3.1 Beta 3\\firefox.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29.1.2008 17:29 33808]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13.3.2008 18:02 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [25.3.2008 19:07 24592]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [27.7.2007 14:00 69120]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [3.4.2009 22:29 410976]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [28.4.2009 22:17 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [28.4.2009 22:17 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [28.4.2009 22:17 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [28.4.2009 22:17 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [28.4.2009 22:17 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [28.4.2009 22:17 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [28.4.2009 22:17 115752]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-05-20 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]

2009-05-20 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} -
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\documents and settings\dusan\Application Data\Mozilla\Firefox\Profiles\kpn3bmu2.default\
FF - plugin: c:\program files\Opera\program\plugins\NPJava11.dll
FF - plugin: c:\program files\Opera\program\plugins\NPJava12.dll
FF - plugin: c:\program files\Opera\program\plugins\NPJava13.dll
FF - plugin: c:\program files\Opera\program\plugins\NPJava14.dll
FF - plugin: c:\program files\Opera\program\plugins\NPJava32.dll
FF - plugin: c:\program files\Opera\program\plugins\NPJPI142_19.dll
FF - plugin: c:\program files\Opera\program\plugins\NPOJI610.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
.
------- File Associations -------
.
txtfile="c:\program files\PSPad editor\PSPad.exe" "%1"
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-20 22:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1164)
c:\windows\system32\klogon.dll

- - - - - - - > 'explorer.exe'(3904)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-20 22:05
ComboFix-quarantined-files.txt 2009-05-20 20:05
ComboFix2.txt 2009-05-20 16:46

Pre-Run: 17 536 487 424 bytes free
Post-Run: 13 adresárov, 17 521 926 144 voľných bajtov

306 --- E O F --- 2009-05-20 14:00

Damned · Příspěvekod **Damned** » 20 kvě 2009 22:53

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\system32\stu2.exe

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Černý soubor:
c:\windows\system32\erdmpg-hi.dll zkontroluj na virustotalu

Kontrola logu logu Combofixu

Kontrola logu logu Combofixu

Re: Kontrola logu logu Combofixu

Re: Kontrola logu logu Combofixu

Re: Kontrola logu logu Combofixu

Re: Kontrola logu logu Combofixu

Re: Kontrola logu logu Combofixu

Re: Kontrola logu logu Combofixu

Re: Kontrola logu logu Combofixu

Kdo je online