Zavirované PC Vyřešeno

[MaxDamageCZ]

Ahoj, mám vážný problém ( dostal se mi do počítače nějaký malware a to je hrozné.

1) nemůžu spustit ani nainstalovat žádný antivirus, abych projel pc
2) chvílema vypadává internet. Mám štěstí, když se na něj dostanu
3)počítač je asi 10x pomalejší než normálně, nikdy nebyl nějak megarychlý, ale tohle je moc. Pls co mám dělat, když ani antivir nejede?
PS: Zkoušel jsem podle návodu combo fix, bohužel nepomohl (

[Reklama]

[MaxDamageCZ]

Pls co mám dělat? (

[Buzo]

nechci odkazovat někam pryč protože Pc-help mam rád ale z timdle chodim spíš na viry.cz je to rychlejší protože sou specialozovaný a do 5 minut obvykle příde odpoved..:-)

[MaxDamageCZ]

ok už jsem tam napsal, ale zatím neodpovídají, tak kdo něco ví, pište i sem

[peacoq]

V prve rade ti reknu toto: Combo Fix je tak specialozovany nastroj, ze ho v zadnem pripade nepouzivaj sam a bez doporuceni zkusenejsiho uzivatele (suzuji podle toho, ze s edotazujes na 'zpomalene otvirani systemu' a tedy nebudes szrovna nekdo, kdo vi co CF dela), CF neni jen test a nebo neposkytuje jen prehled procesu, ale umi poradne system rozhodit v pripade, ze se spatne pouzije. Zjednodusenne receno: CF nni test, ale opravny nastroj.
(K tomu se vztahuje i to, ze po pouziti se odstranuje z PC za pomoci specialniho prikazu a pripadne se manualne odstrani jeho soucasti, a jeste se PC do-cisti T-Cleanerem, coz svedci o narocnosti CFixu a o jeho specifickem pouziti a ucinku na system.)

1. Zajdi do sekce Bezpecnost - Hi Jack This, a tam se v uvodu sekce seznam s pouzitim test HJT, instaluj, zavri prohlizec a veskere jina okna (ukonci cinnost na PC) a jako admin spust HJT-test, a vysledny log si dej k posouzeni.

2. procisteni Ccleanerem je dobre delat ''stale'' smetak k vyzisteni docasnych zapisu a mensich zbytecnosti, a system cisteni registru neni od veci za predpokladu, ze instalujes a nebo odinstalovas program, tak smaze stae zapisy v registrech - klice, ale vzhledem k tomu, ze jeho spusteni zabere jen minutu, doporucuji ti Ccleaner - smetak + registry spustit vzdy na zaver pripojeni na interent.

Zcela nepochybne se v PC neco deje, soucasne s otazkou 'proc instalovavas avtivit (?), kdyz nejaky by jsi mel mit instalovany', a potom dalsi veci o ppomalem interentu, ..musis pravidelne cistit chache/cookies, coz je take jedna z pricin zbytecneho spomalovani a spise, nez spomalovani, je to koledovani si o problem vytvarenymi docasnymi zapisy, coz prave odtranuje Ccleaner, a ATF take.

Poznamka: ...myslim, ze nikdo k tobe nebude vstricnej, kdyz zakladas duplicitni temata na vicero forech z duvodu, ze se ti zda dlouha doba, nez a jeslti ti nkdo odpovi - pomuze.
mas 109 prispevku a mel by jsi vedet, ze tvuj problem se stal tobe a je otazkou dobre vule a take moznosti, az ti nekdo prijde poradit, ...a ze se zpravidla rady a nebo primo pomoci i dostane.

[MaxDamageCZ]

ok. ok. pardon za všechny chyby takže log z HJT vypadá takto:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:09:49, on 19.9.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
C:\Program Files\SMART Technologies Inc\SMART Board Software\WebServer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Marek\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marek\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marek\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marek\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marek\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marek\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marek\Plocha\RSIT.exe
C:\Program Files\trend micro\Marek.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies Inc\Notebook Software\NotebookPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [limdbsq] C:\WINDOWS\system32\limdbsq.exe \u
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Marek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\rvjow1qqvmfu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rvjow1qqvmfu.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2254899656
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1ca18e6298cdd6) (gupdate1ca18e6298cdd6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PEVSystemStart - Unknown owner - cmd.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Služba SMART Board (SMART Board Service) - SMART Technologies Inc. - C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
O23 - Service: SMART Web Server - Unknown owner - C:\Program Files\SMART Technologies Inc\SMART Board Software\WebServer.exe

--
End of file - 9145 bytes

[pitimir]

1) Start -> Spustit -> (napis) notepad "C:\ComboFix.txt"
Otvori sa textak, jeho obsah sem skopiruj.


2) Stiahni GMER, rozbal ho na plochu a spust. Program automaticky zacne scan, po jeho skonceni sem vloz vzniknuty log.

[MaxDamageCZ]

ComboFix 09-09-18.02 - Marek 19.09.2009 13:32.13.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.796 [GMT 2:00]
Spuštěný z: c:\documents and settings\Marek\Plocha\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\38bf5.msi
c:\windows\regedit.com
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-08-19 do 2009-09-19 )))))))))))))))))))))))))))))))
.

2009-09-19 11:22 . 2009-09-19 11:22 626688 ----a-w- c:\windows\system32\msvcr80.dll
2009-09-19 11:22 . 2009-09-19 11:22 548864 ----a-w- c:\windows\system32\msvcp80.dll
2009-09-19 11:22 . 2008-04-14 03:22 137216 ----a-w- c:\windows\system32\T.COM
2009-09-19 11:22 . 2008-04-14 03:22 147968 ----a-w- c:\windows\R.COM
2009-09-19 11:22 . 2009-09-19 11:22 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-09-19 11:11 . 2009-09-19 11:22 -------- d-----w- c:\windows\LastGood.Tmp
2009-09-19 09:39 . 2009-09-19 09:39 184320 --sha-r- c:\windows\system32\rvjow1qqvmfu.dll
2009-09-19 09:39 . 2009-09-19 09:39 28160 ----a-w- c:\windows\system32\limdbsq.exe
2009-09-19 09:39 . 2009-09-19 09:39 28160 ---h--w- c:\documents and settings\Marek\jsltwxu.exe
2009-09-19 09:39 . 2009-09-19 09:39 18432 ----a-w- c:\windows\system32\tdisp.sys
2009-09-19 09:33 . 2009-09-19 09:33 -------- d-----w- c:\program files\ESET
2009-09-18 17:23 . 2009-09-18 17:23 12 ----a-w- c:\documents and settings\Marek\USERDATA.DAT
2009-09-12 16:02 . 2009-09-12 16:02 -------- d-----w- c:\program files\ICQ6Toolbar
2009-09-12 15:56 . 2009-09-12 16:03 -------- d-----w- c:\program files\ICQ6.5
2009-09-10 15:29 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-01 16:41 . 2009-09-01 16:43 -------- d-----w- c:\program files\Common Files\Jasc Software Inc
2009-09-01 16:40 . 2009-09-01 16:41 -------- d-----w- c:\program files\Jasc Software Inc
2009-09-01 16:33 . 2009-09-01 16:33 -------- d-----w- c:\program files\Bonjour
2009-09-01 16:05 . 2009-09-01 16:05 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-09-01 14:34 . 2009-09-01 14:34 160285 ----a-w- c:\windows\Sqirlz Morph Uninstaller.exe
2009-09-01 14:34 . 2009-09-01 14:34 -------- d-----w- c:\program files\Sqirlz Morph

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-17 17:58 . 2004-08-18 12:00 92478 ----a-w- c:\windows\system32\perfc005.dat
2009-09-17 17:58 . 2004-08-18 12:00 460300 ----a-w- c:\windows\system32\perfh005.dat
2009-09-12 15:57 . 2008-05-29 15:58 -------- d-----w- c:\program files\ICQ6
2009-09-05 16:41 . 2006-07-04 06:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-02 09:26 . 2008-11-06 15:38 -------- d-----w- c:\program files\NextUp Talker
2009-09-01 16:54 . 2006-07-10 07:04 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-31 14:44 . 2008-02-03 17:51 -------- d-----w- c:\program files\Toribash-3.1
2009-08-31 13:59 . 2009-08-09 10:20 -------- d-----w- c:\program files\Passware
2009-08-31 13:54 . 2009-04-13 16:45 -------- d-----w- c:\program files\Free Power Word to Pdf Converter
2009-08-31 13:54 . 2009-04-13 16:34 -------- d-----w- c:\program files\Free PDF to Word Doc Converter
2009-08-31 13:41 . 2008-06-02 12:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-31 13:39 . 2006-08-25 09:21 -------- d-----w- c:\program files\Sony Ericsson
2009-08-31 13:39 . 2006-08-25 09:21 -------- d-----w- c:\program files\Common Files\Teleca Shared
2009-08-31 13:37 . 2008-11-05 19:11 -------- d-----w- c:\program files\Text to Speech Maker
2009-08-31 13:23 . 2009-06-30 11:44 -------- d-----w- c:\program files\MumboJumbo
2009-08-31 13:23 . 2009-02-24 13:08 -------- d-----w- c:\program files\Wanadoo Edition
2009-08-31 13:13 . 2009-08-03 15:13 -------- d-----w- c:\program files\Actual Drawing
2009-08-31 13:13 . 2009-05-06 16:55 -------- d-----w- c:\program files\Acoustica Mixcraft
2009-08-22 18:03 . 2007-05-07 10:42 -------- d-----w- c:\program files\Rockstar Games
2009-08-13 13:33 . 2006-09-09 18:51 -------- d-----w- c:\program files\Java
2009-08-09 11:54 . 2006-09-09 18:52 -------- d-----w- c:\program files\Google
2009-08-08 09:53 . 2009-08-08 09:51 -------- d-----w- c:\program files\Canon
2009-08-08 09:50 . 2009-08-08 09:50 -------- d-----w- c:\program files\Common Files\Canon
2009-08-05 09:01 . 2004-08-18 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 14:53 . 2009-07-28 08:44 -------- d-----w- c:\program files\Trend Micro
2009-08-01 16:54 . 2009-08-01 15:05 -------- d-----w- c:\program files\Crawler
2009-08-01 16:38 . 2008-08-02 17:50 -------- d-----w- c:\program files\Windows Desktop Search
2009-08-01 15:00 . 2009-07-30 11:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-28 17:50 . 2009-07-28 17:50 -------- d-----w- c:\program files\PetrLite
2009-07-28 15:52 . 2009-07-28 15:52 28672 ----a-w- c:\windows\system32\eEmpty.exe
2009-07-28 15:36 . 2009-07-28 15:36 -------- d-----w- c:\program files\CCleaner
2009-07-28 15:30 . 2009-07-28 15:30 118842 ------r- c:\windows\bwUnin-6.3.2.116-7681197L.exe
2009-07-28 15:25 . 2009-07-28 15:16 -------- d-----w- c:\program files\RegCleaner
2009-07-28 14:03 . 2009-07-28 14:03 -------- d-----w- c:\program files\McAfee UnInstaller 6.5 Demo English
2009-07-28 13:59 . 2009-07-28 13:58 -------- d-----w- c:\program files\Smarty Uninstaller Pro
2009-07-28 13:57 . 2009-07-28 13:57 -------- d-----w- c:\program files\VS Revo Group
2009-07-27 15:14 . 2009-07-27 15:13 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-07-27 15:10 . 2006-07-05 17:26 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-27 14:14 . 2009-07-27 14:14 -------- d-----w- c:\program files\XnView
2009-07-27 13:50 . 2009-07-27 13:50 -------- d-----w- c:\program files\HTML editor Yugie-shareware
2009-07-27 10:24 . 2009-07-27 10:24 -------- d-----w- c:\program files\BlueVoda Website Builder
2009-07-26 15:54 . 2006-09-18 08:29 -------- d-----w- c:\program files\Illusion Softworks
2009-07-25 03:23 . 2009-08-04 11:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:04 . 2004-08-18 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-18 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:59 . 2004-08-18 12:00 915456 ------w- c:\windows\system32\wininet.dll
2009-06-25 08:27 . 2004-08-18 12:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:27 . 2004-08-18 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:27 . 2004-08-18 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:27 . 2004-08-18 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:27 . 2004-08-18 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:27 . 2004-08-18 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-18 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2004-08-23 21:38 . 2004-08-23 21:38 3371 ----a-w- c:\program files\!!!readme.txt
2004-08-23 19:08 . 2004-08-23 19:08 83968 -c--a-w- c:\program files\NB_NB_2_12_37.xls
.

((((((((((((((((((((((((((((( SnapShot@2009-09-19_10.40.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-19 11:21 . 2009-05-14 13:49 55768 c:\windows\LastGood.Tmp\system32\DRIVERS\epfwtdi.sys
+ 2009-09-19 11:14 . 2009-05-14 13:49 33096 c:\windows\LastGood.Tmp\system32\DRIVERS\epfwndis.sys
+ 2009-09-19 11:21 . 2009-05-14 13:49 133000 c:\windows\LastGood.Tmp\system32\DRIVERS\epfw.sys
+ 2009-09-19 11:11 . 2009-05-14 13:47 107256 c:\windows\LastGood.Tmp\system32\DRIVERS\ehdrv.sys
+ 2009-09-19 11:22 . 2009-05-14 13:41 114472 c:\windows\LastGood.Tmp\system32\DRIVERS\eamon.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Google Update"="c:\documents and settings\Marek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-06-20 133104]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"limdbsq"="c:\windows\system32\limdbsq.exe" [2009-09-19 28160]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-9-1 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"c:\\Program Files\\Electronic Arts\\Need For Speed III\\nfs3.exe"=
"c:\\Program Files\\Sierra\\SWAT 4\\Content\\System\\Swat4.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Illusion Softworks\\Hidden & Dangerous 2\\hd2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Sierra\\CoolPool\\coolpool.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Codemasters\\Worms 4 Totalni narez\\Worms 4 Mayhem.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Documents and Settings\\Marek\\Local Settings\\Data aplikací\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\keyclone\\keyclone.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.1-to-3.0.2-enGB-Win-Update-downloader.exe"=
"c:\\Documents and Settings\\Marek\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Marek\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\limdbsq.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2869:TCP"= 2869:TCP:@xpsp2res.dll,-22008
"11001:TCP"= 11001:TCP:H&D2 port 11001
"11001:UDP"= 11001:UDP:H&D2 port 11001
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"12001:UDP"= 12001:UDP:SMART WebServer Handshake Multicast Port
"6112:TCP"= 6112:TCP:Blizzard Downloader

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
S1 tdisp.sys;tdisp.sys;c:\windows\system32\tdisp.sys [19.9.2009 11:39 18432]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14.5.2009 15:47 731840]
S2 gupdate1ca18e6298cdd6;Google Update Service (gupdate1ca18e6298cdd6);c:\program files\Google\Update\GoogleUpdate.exe [9.8.2009 13:39 133104]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [12.9.2009 18:02 222456]
S2 SMART Web Server;SMART Web Server;c:\program files\SMART Technologies Inc\SMART Board Software\WebServer.exe [19.4.2007 7:42 759312]
S3 axskbus;axskbus;c:\windows\system32\DRIVERS\axskbus.sys --> c:\windows\system32\DRIVERS\axskbus.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [20.2.2008 20:49 13352]
S3 M1000Srv;M5603C USB2.0 Camera Driver;c:\windows\system32\Drivers\M1000KNT.sys --> c:\windows\system32\Drivers\M1000KNT.sys [?]
S4 BackWeb Plug-in - 7681197;F-Secure Automatic Update;c:\progra~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE --> c:\progra~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [?]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - DCFS2K

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-06-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]

2009-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-09 11:38]

2009-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-09 11:38]

2009-09-19 c:\windows\Tasks\User_Feed_Synchronization-{CB8F93AA-F0A1-41BE-9268-229B640A54CD}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

2009-09-19 c:\windows\Tasks\User_Feed_Synchronization-{D8C6849B-BD9A-4B92-970F-E7635BC45510}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\rvjow1qqvmfu.dll
FF - ProfilePath - c:\documents and settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\j2ggv3xx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-19 13:43
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2009-09-19 13:46
ComboFix-quarantined-files.txt 2009-09-19 11:45
ComboFix2.txt 2009-09-19 10:47

Před spuštěním: Volných bajtů: 135 453 433 856
Po spuštění: Volných bajtů: 135 519 281 152

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
235 --- E O F --- 2009-09-10 19:27

[MaxDamageCZ]

Log z prvního GMER testu

GMER 1.0.15.15087 - http://www.gmer.net
Rootkit quick scan 2009-09-19 18:02:22
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Marek\LOCALS~1\Temp\uxrdypow.sys


---- System - GMER 1.0.15 ----

SSDT spgx.sys ZwEnumerateKey [0xF72A4CA4]
SSDT spgx.sys ZwEnumerateValueKey [0xF72A5032]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 871711F8

AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys

---- Threads - GMER 1.0.15 ----

Thread System [4:3656] 86207790

---- EOF - GMER 1.0.15 ----

[pitimir]

Mas to tam pekne zasvinene, ale kym si nedoinstalujes aspon zakladne zabezpecenie PC, taxa nikam nepohneme. AV necrackuj, ked nechces platit, pouzi free alternativu (Avast, Avira).

[MaxDamageCZ]

Dobře Dobře, ale ty av nejdou nainstalovat, ještě nějaké zkusím, ale ani nod trial verze ani avira free verze nesla

[MaxDamageCZ]

zkusil jsem avast, ten taky selhal , proběhne příprava na instalaci, cosi se extraktuje, ale k samotné instalaci nedojde. Prostě nic. Ani přesýpací hodiny, ani to v pc nechrastí, nic.