Prosím o kontrolu logu

[jaro3]

Prosím tě čti , co píšu!!!

Psal jsem:
Můžeš sem pak vložit nový log z MbAM.
Taky jsem psal , jestli používáš tuto proxy:
uInternet Settings,ProxyServer = http=127.0.0.1:3128;https=127.0.0.1:3128;socks=127.0.0.1:9000


+
Toto otestuj na Virustotal
c:\documents and settings\SAYONARA\microsoft.dat
c:\windows\system32\drivers\tcpip.sys
c:\windows\system32\mspmsnsv.dll
c:\windows\system32\dllcache\mspmsnsv.dll

[Reklama]

[saionara]

Jak to proxy zjistim?

[jaro3]

Ve firewallu si nic nepovoloval??? proxy porty?
A čekám na ty soubory , které dáš na VirusTotal + ten nový log z MbAM..

[saionara]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4750

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

6.10.2010 17:51:26
mbam-log-2010-10-06 (17-51-26).txt

Typ skenu: Rychlý sken
Skenované objekty: 320532
Uplynulý čas: 15 minuta(y), 58 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[saionara]

Ve firewallu žádné proxy nemám

[jaro3]

OK: tak ty soubory na virustotal , dal si jen jeden..

[saionara]

http://www.virustotal.com/file-scan/rep ... 1286384251
http://www.virustotal.com/file-scan/rep ... 1286384308
http://www.virustotal.com/file-scan/rep ... 1286384411

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:3128;https=127.0.0.1:3128;socks=127.0.0.1:9000
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\drivers\26113002.sys
c:\windows\system32\drivers\26113001.sys
c:\windows\system32\drivers\2611300.sys
c:\windows\iun6002.exe
c:\windows\system32\perfc005.dat
c:\windows\system32\perfh005.dat
c:\windows\system32\d3d9caps.dat
c:\windows\ativpsrm.bin
c:\windows\system32\ezsidmv.dat
c:\windows\system32\perfc009.dat
c:\windows\system32\perfc009.dat
c:\windows\system32\perfh009.dat
c:\documents and settings\All Users.WINDOWS\Data aplikací\F7DB45091D.sys

DirLook::
c:\windows\system32\QuickTime

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:3128;https=127.0.0.1:3128;socks=127.0.0.1:9000
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;<local>

Firefox::
FF - ProfilePath - c:\documents and settings\SAYONARA\Data aplikací\Mozilla\Firefox\Profiles\v3bjg12c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

RegNull::
[HKEY_USERS\S-1-5-21-1454471165-329068152-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5DFB660B-35C4-1D56-F2C0-52FD2B72E06B}*]

RegLock::
[HKEY_USERS\S-1-5-21-1454471165-329068152-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5DFB660B-35C4-1D56-F2C0-52FD2B72E06B}*]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[saionara]

ComboFix 10-10-05.04 - SAYONARA 06.10.2010 20:02:06.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1535.943 [GMT 2:00]
Spuštěný z: c:\documents and settings\SAYONARA\Dokumenty\Stažené soubory\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\SAYONARA\Plocha\CFScript.txt

FILE ::
"c:\documents and settings\All Users.WINDOWS\Data aplikací\F7DB45091D.sys"
"c:\windows\ativpsrm.bin"
"c:\windows\iun6002.exe"
"c:\windows\system32\d3d9caps.dat"
"c:\windows\system32\drivers\2611300.sys"
"c:\windows\system32\drivers\26113001.sys"
"c:\windows\system32\drivers\26113002.sys"
"c:\windows\system32\ezsidmv.dat"
"c:\windows\system32\perfc005.dat"
"c:\windows\system32\perfc009.dat"
"c:\windows\system32\perfh005.dat"
"c:\windows\system32\perfh009.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\ativpsrm.bin
c:\windows\iun6002.exe
c:\windows\libem.INI
c:\windows\system32\d3d9caps.dat
c:\windows\system32\drivers\2611300.sys
c:\windows\system32\drivers\26113001.sys
c:\windows\system32\drivers\26113002.sys
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\ezsidmv.dat
c:\windows\system32\perfc005.dat
c:\windows\system32\perfh005.dat
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-06 do 2010-10-06 )))))))))))))))))))))))))))))))
.

2010-10-06 11:20 . 2010-10-06 11:20 -------- d-sh--w- c:\documents and settings\SAYONARA\IETldCache
2010-10-06 10:55 . 2010-10-06 10:55 -------- dc----w- c:\windows\system32\KB905474
2010-10-06 10:54 . 2010-10-06 10:54 -------- dc----w- c:\windows\ie8updates
2010-10-06 10:53 . 2010-05-06 10:35 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-10-06 10:53 . 2010-05-06 10:35 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-10-06 10:53 . 2010-05-06 10:35 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-10-06 10:53 . 2010-05-06 10:35 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-10-06 10:53 . 2010-05-06 10:35 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-10-06 10:53 . 2010-05-06 10:35 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-10-06 10:53 . 2010-05-06 10:35 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-10-06 10:51 . 2010-10-06 10:53 -------- dc-h--w- c:\windows\ie8
2010-10-06 10:51 . 2010-10-06 10:53 -------- dc----w- c:\windows\system32\cs-CZ
2010-10-06 10:13 . 2010-10-06 10:33 -------- dc----w- c:\windows\system32\CatRoot_bak
2010-10-06 10:02 . 2009-02-09 11:52 2059904 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-10-06 10:02 . 2009-02-09 11:52 2017792 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-10-06 10:02 . 2009-02-09 11:52 2182656 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-10-06 10:02 . 2009-02-09 11:52 2138112 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-10-06 10:01 . 2010-02-12 10:03 293376 -c----w- c:\windows\system32\browserchoice.exe
2010-10-06 09:42 . 2010-10-06 09:42 -------- dc----w- c:\windows\ServicePackFiles
2010-10-06 09:42 . 2010-10-06 10:55 -------- dc-h--w- c:\windows\$hf_mig$
2010-10-06 07:45 . 2010-10-06 07:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-05 18:04 . 2010-10-05 18:04 -------- d-----w- c:\documents and settings\SAYONARA\DoctorWeb
2010-10-05 15:47 . 2010-10-05 15:47 388096 ----a-r- c:\documents and settings\SAYONARA\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-05 15:47 . 2010-10-05 15:47 -------- d-----w- c:\program files\Trend Micro
2010-10-05 12:08 . 2010-10-05 12:08 -------- dc----w- c:\windows\system32\wbem\Repository
2010-10-05 08:12 . 2010-10-05 08:14 -------- d-----w- c:\program files\JDownloader
2010-10-03 11:42 . 2010-10-03 15:24 -------- d-----w- C:\ubuntu
2010-10-02 13:28 . 2010-10-02 13:28 -------- d-----w- c:\program files\Common Files\Java
2010-10-02 13:28 . 2010-10-02 13:28 503808 ----a-w- c:\documents and settings\SAYONARA\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6ee5393b-n\msvcp71.dll
2010-10-02 13:28 . 2010-10-02 13:28 499712 ----a-w- c:\documents and settings\SAYONARA\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6ee5393b-n\jmc.dll
2010-10-02 13:28 . 2010-10-02 13:28 348160 ----a-w- c:\documents and settings\SAYONARA\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6ee5393b-n\msvcr71.dll
2010-10-02 13:28 . 2010-10-02 13:28 61440 ----a-w- c:\documents and settings\SAYONARA\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-712dd355-n\decora-sse.dll
2010-10-02 13:28 . 2010-10-02 13:28 12800 ----a-w- c:\documents and settings\SAYONARA\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-712dd355-n\decora-d3d.dll
2010-10-02 13:27 . 2010-10-02 13:27 -------- d-----w- c:\program files\Java
2010-10-02 13:26 . 2010-10-02 13:26 79488 ----a-w- c:\documents and settings\SAYONARA\Data aplikací\Sun\Java\jre1.6.0_21\gtapi.dll
2010-10-02 13:26 . 2010-10-02 13:26 152576 ----a-w- c:\documents and settings\SAYONARA\Data aplikací\Sun\Java\jre1.6.0_21\lzma.dll
2010-10-01 14:55 . 2010-09-07 14:52 165584 -c--a-w- c:\windows\system32\drivers\aswSP.sys
2010-10-01 14:55 . 2010-09-07 14:47 17744 -c--a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-10-01 14:55 . 2010-09-07 14:47 23376 -c--a-w- c:\windows\system32\drivers\aswRdr.sys
2010-10-01 14:55 . 2010-09-07 14:52 46672 -c--a-w- c:\windows\system32\drivers\aswTdi.sys
2010-10-01 14:55 . 2010-09-07 14:47 100176 -c--a-w- c:\windows\system32\drivers\aswmon2.sys
2010-10-01 14:55 . 2010-09-07 14:47 94544 -c--a-w- c:\windows\system32\drivers\aswmon.sys
2010-10-01 14:55 . 2010-09-07 14:46 28880 -c--a-w- c:\windows\system32\drivers\aavmker4.sys
2010-10-01 14:54 . 2010-09-07 15:12 38848 -c--a-w- c:\windows\avastSS.scr
2010-10-01 14:54 . 2010-09-07 15:11 167592 -c--a-w- c:\windows\system32\aswBoot.exe
2010-10-01 14:54 . 2010-10-01 14:54 -------- d-----w- c:\program files\Alwil Software
2010-10-01 11:49 . 2010-10-01 11:49 128 ---ha-w- c:\documents and settings\SAYONARA\microsoft.dat
2010-10-01 11:49 . 2010-10-05 16:13 -------- d-----w- c:\program files\Backgammon Classic 7
2010-09-30 22:52 . 2010-09-30 22:52 -------- d-----w- c:\program files\Webteh
2010-09-30 21:09 . 2010-09-30 21:09 -------- d-----w- c:\program files\CoreCodec
2010-09-30 08:24 . 2010-09-30 08:24 -------- d-----w- c:\program files\Combined Community Codec Pack
2010-09-30 06:16 . 2010-09-30 06:16 -------- d-----w- c:\program files\Application Updater
2010-09-30 06:14 . 2010-09-30 06:14 -------- dc----w- c:\windows\system32\QuickTime
2010-09-28 00:11 . 2009-11-27 17:35 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2010-09-26 16:23 . 2010-04-20 14:45 607472 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Yahoo!\YUpdater\yupdater.exe
2010-09-25 21:37 . 2003-02-01 10:19 52224 -c--a-w- c:\windows\system32\mspmsnsv.dll
2010-09-25 21:37 . 2003-02-01 10:19 52224 -c--a-w- c:\windows\system32\dllcache\mspmsnsv.dll
2010-09-25 21:37 . 2002-11-27 01:03 27136 -c--a-w- c:\windows\system32\wmdmlog.dll
2010-09-25 21:37 . 2002-11-27 01:03 27136 -c--a-w- c:\windows\system32\dllcache\wmdmlog.dll
2010-09-25 21:37 . 2002-11-27 01:03 23552 -c--a-w- c:\windows\system32\wmdmps.dll
2010-09-25 21:37 . 2002-11-27 01:03 159232 -c--a-w- c:\windows\system32\dllcache\CEWMDM.dll
2010-09-25 21:37 . 2002-11-27 01:03 159232 -c--a-w- c:\windows\system32\CEWMDM.dll
2010-09-25 21:37 . 2003-02-01 10:18 245760 -c--a-w- c:\windows\system32\mswmdm.dll
2010-09-25 21:37 . 2003-02-01 10:18 245760 -c--a-w- c:\windows\system32\dllcache\mswmdm.dll
2010-09-25 21:37 . 2002-11-27 01:03 23552 -c--a-w- c:\windows\system32\dllcache\wmdmps.dll
2010-09-25 06:27 . 2010-09-27 07:17 88 --sh--r- c:\documents and settings\All Users.WINDOWS\Data aplikací\F7DB45091D.sys
2010-09-25 06:27 . 2010-09-27 07:17 2516 --sha-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\KGyGaAvL.sys
2010-09-25 06:27 . 2010-09-25 06:27 -------- d-----w- c:\documents and settings\SAYONARA\Corel
2010-09-25 02:16 . 2010-10-06 09:38 -------- d-----w- c:\program files\Yahoo!
2010-09-25 01:12 . 2010-09-25 01:12 -------- dc----w- c:\windows\Logs
2010-09-25 00:41 . 2010-09-25 00:41 -------- d-----w- c:\program files\VideoLAN
2010-09-24 06:59 . 2010-04-29 13:39 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-24 06:58 . 2010-04-29 13:39 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2010-09-19 08:37 . 2010-10-05 13:31 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 6
2010-09-19 08:23 . 2009-05-16 02:39 442368 -c--a-w- c:\windows\system32\ATIDEMGX.dll
2010-09-19 08:23 . 2009-05-16 00:35 45056 -c--a-w- c:\windows\system32\aticalrt.dll
2010-09-19 08:23 . 2009-05-16 01:38 49664 -c--a-w- c:\windows\system32\atimpc32.dll
2010-09-19 08:23 . 2009-05-16 01:38 49664 -c--a-w- c:\windows\system32\amdpcom32.dll
2010-09-19 08:23 . 2009-05-16 00:33 3158016 -c--a-w- c:\windows\system32\aticaldd.dll
2010-09-19 08:23 . 2009-05-05 18:33 118784 -c--a-w- c:\windows\system32\atibtmon.exe
2010-09-19 08:23 . 2009-05-16 01:31 139264 -c--a-w- c:\windows\system32\atiadlxx.dll
2010-09-19 08:23 . 2009-05-16 01:26 376832 -c--a-w- c:\windows\system32\atiok3x2.dll
2010-09-19 08:23 . 2009-05-16 00:34 45056 -c--a-w- c:\windows\system32\aticalcl.dll
2010-09-19 08:22 . 2009-03-25 12:29 130432 -c--a-w- c:\windows\system32\drivers\Rtnicxp.sys
2010-09-19 08:22 . 2009-03-03 18:18 73728 -c--a-w- c:\windows\system32\RtNicProp32.dll
2010-09-18 17:27 . 2009-12-30 10:20 27064 -c--a-w- c:\windows\system32\drivers\revoflt.sys
2010-09-18 17:27 . 2010-09-18 17:27 -------- d-----w- c:\program files\VS Revo Group
2010-09-18 06:09 . 1998-11-17 11:44 328704 -c--a-w- c:\windows\IsUn0407.exe
2010-09-17 21:38 . 2010-02-27 12:19 13976 -c--a-w- c:\windows\system32\drivers\videX32.sys
2010-09-17 19:49 . 2010-09-17 19:49 -------- dc-h--w- c:\windows\PIF
2010-09-16 18:34 . 2001-10-25 14:00 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2010-09-16 18:33 . 2004-08-17 13:49 32256 -c--a-w- c:\windows\system32\dllcache\gzip.dll
2010-09-16 18:32 . 2004-08-17 13:49 8192 -c--a-w- c:\windows\system32\dllcache\staxmem.dll
2010-09-16 18:27 . 2004-08-17 13:49 40448 -c--a-w- c:\windows\system32\wbem\snmpthrd.dll
2010-09-16 18:27 . 2004-08-17 13:49 40448 -c--a-w- c:\windows\system32\dllcache\snmpthrd.dll
2010-09-16 18:27 . 2004-08-17 13:49 259072 -c--a-w- c:\windows\system32\wbem\snmpcl.dll
2010-09-16 18:27 . 2004-08-17 13:49 259072 -c--a-w- c:\windows\system32\dllcache\snmpcl.dll
2010-09-16 18:26 . 2004-08-17 13:49 26624 -c--a-w- c:\windows\system32\irmon.dll
2010-09-16 18:26 . 2004-08-17 13:49 153088 -c--a-w- c:\windows\system32\irftp.exe
2010-09-16 18:26 . 2004-08-03 21:00 87424 -c--a-w- c:\windows\system32\drivers\irda.sys
2010-09-16 18:26 . 2004-08-17 13:49 8192 -c--a-w- c:\windows\system32\wshirda.dll
2010-09-16 18:16 . 2001-08-17 19:51 19584 -c--a-w- c:\windows\system32\drivers\rasirda.sys
2010-09-16 18:14 . 2001-10-25 14:00 13312 -c--a-w- c:\windows\system32\irclass.dll
2010-09-16 18:14 . 2001-10-25 14:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-09-16 18:14 . 2001-10-25 14:00 24661 -c--a-w- c:\windows\system32\spxcoins.dll
2010-09-16 18:14 . 2001-10-25 14:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-09-16 14:51 . 2010-09-16 14:51 -------- dc----w- c:\windows\system32\ivtMobCache
2010-09-13 00:21 . 2010-09-13 00:21 -------- d-----w- c:\program files\MSECache
2010-09-11 23:02 . 2010-09-11 23:01 36684048 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Nokia_PC_Suite_cze.exe
2010-09-11 23:01 . 2010-09-11 23:01 95232 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\pcswpcsi.exe
2010-09-11 23:01 . 2010-09-11 23:01 8192 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstCCD.exe
2010-09-11 23:01 . 2010-09-11 23:01 61440 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-09-11 23:01 . 2010-09-11 23:01 10240 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstPCS.exe
2010-09-10 09:26 . 2006-05-20 15:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-09-10 09:25 . 2010-09-18 16:06 -------- dc----w- c:\windows\system32\drivers\UMDF
2010-09-10 09:25 . 2010-09-10 09:25 -------- dc----w- c:\windows\system32\LogFiles
2010-09-10 09:25 . 2009-01-07 16:20 26144 -c--a-w- c:\windows\system32\spupdsvc.exe
2010-09-10 09:24 . 2010-09-10 09:24 12212040 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-09-10 09:24 . 2010-09-10 09:24 13930312 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-09-10 09:24 . 2010-09-10 09:24 77824 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-09-10 09:24 . 2010-09-10 09:24 50000 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\pcswpc.exe
2010-09-10 09:24 . 2010-09-10 09:24 38912 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-09-10 09:24 . 2010-09-10 09:24 38912 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-09-10 09:24 . 2010-09-10 09:23 102913480 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer.exe
2010-09-10 09:09 . 2006-08-29 14:56 32377 -c--a-w- c:\windows\system32\drivers\prodigy.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-05 00:05 . 2009-01-01 09:31 -------- d-----w- c:\program files\Google
2010-10-02 13:27 . 2010-08-06 04:04 423656 -c--a-w- c:\windows\system32\deployJava1.dll
2010-09-30 06:12 . 2008-12-31 00:57 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-09-18 16:06 . 2009-12-25 22:19 -------- d-----w- c:\program files\PC Connectivity Solution
2010-09-17 23:20 . 2010-03-14 01:21 -------- d-----w- c:\program files\Common Files\Apple
2010-09-16 18:28 . 2010-03-16 19:16 22976 -c--a-w- c:\windows\system32\emptyregdb.dat
2010-09-10 09:33 . 2010-09-10 09:33 0 -c-ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2010-09-10 09:33 . 2010-09-10 09:33 0 -c-ha-w- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf
2010-09-10 06:39 . 2009-01-31 14:51 -------- d-----w- c:\program files\DIFX
2010-09-05 04:08 . 2009-10-24 10:03 -------- d---a-w- c:\program files\Serials 2005
2010-09-04 19:50 . 2010-09-04 17:15 -------- d-----w- c:\program files\XP TCPIP Repair
2010-08-09 22:34 . 2010-07-24 23:33 -------- d-----w- c:\program files\ARCHPR
2010-08-08 00:19 . 2010-07-12 12:41 -------- d-----w- c:\program files\CommViewWiFi
2010-08-06 15:10 . 2010-08-06 15:10 99688 -c--a-w- c:\windows\system32\BtMmHook.dll
2010-08-06 15:10 . 2010-08-06 15:10 996720 -c--a-w- c:\windows\system32\BTNeighborhood.dll
2010-08-06 15:10 . 2010-08-06 15:10 91504 -c--a-w- c:\windows\system32\BtAudioHelper.dll
2010-08-06 15:10 . 2010-08-06 15:10 521568 -c--a-w- c:\windows\system32\wbtapi.dll
2010-07-24 19:16 . 2010-07-24 19:16 503808 ----a-w- c:\documents and settings\SAYONARA\Data aplikací\Sun\Java\Deployment\cache\6.0\46\f84c6ae-1fbd2d7a-n\msvcp71.dll
2010-07-24 19:16 . 2010-07-24 19:16 348160 ----a-w- c:\documents and settings\SAYONARA\Data aplikací\Sun\Java\Deployment\cache\6.0\46\f84c6ae-1fbd2d7a-n\msvcr71.dll
2010-07-24 19:16 . 2010-07-24 19:16 499712 ----a-w- c:\documents and settings\SAYONARA\Data aplikací\Sun\Java\Deployment\cache\6.0\46\f84c6ae-1fbd2d7a-n\jmc.dll
2010-04-16 01:32 . 2010-04-16 01:32 40 -c--a-w- c:\program files\Recent.INI
2010-04-16 01:32 . 2010-04-16 01:32 4550 -c--a-w- c:\program files\PSPad.INI
2010-04-16 01:32 . 2010-04-16 01:32 0 -c--a-w- c:\program files\PSPad_MU.INI
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\system32\QuickTime ----



------- Sigcheck -------

[-] 2008-04-14 03:21 . 6199B2AE3F9DB9CB6DB230471A1DC601 . 52224 . . [9.0.1.56] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\mspmsnsv.dll
[-] 2003-02-01 10:19 . 9E1381B2DE2A23F8E4C22E814D55F475 . 52224 . . [9.0.1.56] . . c:\windows\system32\mspmsnsv.dll
[-] 2003-02-01 10:19 . 9E1381B2DE2A23F8E4C22E814D55F475 . 52224 . . [9.0.1.56] . . c:\windows\system32\dllcache\mspmsnsv.dll
.
((((((((((((((((((((((((((((( SnapShot_2010-10-06_12.30.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-06 18:09 . 2010-10-06 18:09 16384 c:\windows\temp\Perflib_Perfdata_504.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-22 39408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
2010-03-01 12:00 9216928 ----a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART]
2010-03-01 12:00 9216928 ----a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 --sha-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-09-02 13:15 13351304 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=2 (0x2)
"ServiceLayer"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Filters\\ac3config.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Innovative Solutions\\DriverMax\\devices.exe"=
"c:\\Program Files\\Mozilla Firefox 4.0 Beta 6\\firefox.exe"=
"c:\\Program Files\\Mozilla Firefox 4.0 Beta 6\\plugin-container.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"500:UDP"= 500:UDP:*:Disabled:@xpsp2res.dll,-22017

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [21.1.2008 19:28 19592]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8.1.2010 0:51 380928]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1.10.2010 16:52 136176]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [24.9.2009 13:38 22528]
S3 FTLUND;Lundinova Filter Driver;c:\windows\system32\drivers\ftlund.sys [29.3.2010 10:38 6828]
S3 GTMMDMUSB;GT M 3G+ USB MDM;c:\windows\system32\drivers\gtmmdmusb.sys [17.3.2010 18:46 25472]
S3 GTMSERUSB;GT M 3G+ USB SER;c:\windows\system32\drivers\gtmserusb.sys [17.3.2010 18:45 21888]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [21.1.2008 19:28 25480]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [10.9.2010 11:09 32377]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [18.9.2010 19:27 27064]
.
Obsah adresáře 'Naplánované úlohy'

2010-10-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-10-01 14:50]

2010-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-01 14:51]

2010-10-06 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-10-06 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.yahoo.com
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: ????3??
IE: ????3??????
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download ALL with IDA
IE: Download with IDA
IE: ????3?? - c:\documents and settings\SAYONARA\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\SAYONARA\Data aplikací\FlashGetBHO\GetAllUrl.htm
FF - ProfilePath - c:\documents and settings\SAYONARA\Data aplikací\Mozilla\Firefox\Profiles\v3bjg12c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Google\Google Updater\2.4.1970.7372\npCIDetect14.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1454471165-329068152-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@="c:\\Documents and Settings\\SAYONARA\\Data aplikací\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022

[HKEY_USERS\S-1-5-21-1454471165-329068152-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@="c:\\Documents and Settings\\SAYONARA\\Data aplikací\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3

[HKEY_USERS\S-1-5-21-1454471165-329068152-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(540)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(644)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\snmp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-10-06 20:14:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-10-06 18:14
ComboFix2.txt 2010-10-06 12:35
ComboFix3.txt 2010-10-06 09:45
ComboFix4.txt 2010-02-16 02:19
ComboFix5.txt 2010-10-06 17:58

Před spuštěním: 7 510 360 064
Po spuštění: 7 514 341 376

- - End Of File - - 0A5EC33946449E99F6DC682E38447922

[saionara]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:17:38, on 6.10.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 6\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 3391 bytes

[jaro3]

Najdi a smaž tuto prázdnou složku:
c:\windows\system32\QuickTime


ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials

***********************************************************************************************************************************
Pokud Ti stále vyskakuje hláška :
Při startu operačního systemu se mi oběvírá okno ,,Adobe arm.exe spravna inicializace aplikace (0xc0000005) se nezdařila,,


Bude přeba přeinstalovat Adobe Reader a Acrobat Manager.
Nezapomeň hned poté programy aktualizovat.

Napiš , jak se chová PC.

[saionara]

Je to super,strašně moc vám děkuji.