Poprosím o kontrolu logu +

Příspěvekod **Žbeky** » 08 dub 2011 15:55

Možná kodeky, zkus to přehrát ve VLC.

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Je to nová verze, měla by být bez toho bugu

Reklama

Clutch · Příspěvekod **Clutch** » 08 dub 2011 16:49

ComboFix 11-04-07.08 - Miso 08.04.2011 16:24:12.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2445 [GMT 2:00]
Running from: c:\documents and settings\Miso\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Toolbar4
c:\documents and settings\Miso\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-03-08 to 2011-04-08 )))))))))))))))))))))))))))))))
.
.
2011-04-08 13:26 . 2011-04-08 13:26 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2011-04-08 08:20 . 2011-01-07 13:56 40800 ----a-w- c:\windows\system32\drivers\point32.sys
2011-04-08 08:19 . 2008-11-07 16:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-04-08 08:19 . 2011-01-07 13:56 44416 ----a-w- c:\windows\system32\drivers\dc3d.sys
2011-04-08 08:19 . 2011-01-07 13:56 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2011-04-08 08:19 . 2011-04-08 13:27 -------- d-----w- c:\program files\Microsoft IntelliPoint
2011-04-08 08:12 . 2011-04-08 08:12 -------- d-----w- c:\program files\Intel
2011-04-08 08:12 . 2011-02-28 06:09 53248 ----a-w- c:\windows\system32\CSVer.dll
2011-04-08 08:11 . 2011-04-08 08:11 -------- d-----w- C:\Intel
2011-04-07 22:28 . 2011-04-07 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2011-04-07 22:24 . 2003-06-12 21:25 7062 ----a-w- c:\windows\system32\audiopid.vxd
2011-04-07 22:23 . 2011-04-07 22:23 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2011-04-07 22:19 . 2003-11-10 16:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-04-07 22:19 . 2003-11-10 16:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-04-07 22:19 . 2003-11-10 16:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-04-07 22:19 . 2003-11-10 16:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-04-07 22:19 . 2003-11-10 16:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-04-07 22:18 . 2011-04-07 22:18 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-04-07 22:18 . 2011-04-07 22:18 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-04-07 22:04 . 2011-04-08 08:02 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-04-07 22:04 . 2011-01-26 14:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-04-07 22:04 . 2010-06-17 12:30 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-04-07 22:04 . 2010-06-17 12:30 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-04-07 22:04 . 2011-04-07 22:04 -------- d-----w- c:\program files\Avira
2011-04-07 17:04 . 2011-04-07 17:04 388096 ----a-r- c:\documents and settings\Miso\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-07 17:04 . 2011-04-07 17:04 -------- d-----w- c:\program files\Trend Micro
2011-04-07 13:20 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-07 13:19 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-07 13:19 . 2011-04-07 13:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-01 17:12 . 2011-04-01 17:12 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-04-01 17:12 . 2011-04-01 17:12 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-04-01 17:12 . 2011-04-01 17:12 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-04-01 17:12 . 2011-04-01 17:12 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-04-01 17:12 . 2011-04-01 17:12 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-04-01 17:12 . 2011-04-01 17:12 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-30 18:26 . 2011-03-31 17:14 -------- d-----w- c:\windows\system32\oodag
2011-03-30 16:52 . 2011-03-30 16:52 -------- d-----w- c:\documents and settings\Miso\Local Settings\Application Data\O&O
2011-03-30 16:51 . 2011-03-30 16:51 -------- d-----w- c:\program files\OO Software
2011-03-30 16:51 . 2011-03-30 16:51 -------- d-----w- c:\documents and settings\Miso\Local Settings\Application Data\Downloaded Installations
2011-03-28 21:34 . 2001-04-06 11:57 238080 ----a-w- c:\windows\system32\OOD2000.exe
2011-03-28 21:34 . 2001-04-05 15:40 598016 ----a-w- c:\windows\system32\OOD2KCRS.dll
2011-03-28 21:34 . 2001-04-05 15:21 29272 ----a-w- c:\windows\system32\OOD2KBS.exe
2011-03-28 21:34 . 2000-11-01 12:12 16384 ----a-w- c:\windows\system32\ood2kmsg.dll
2011-03-28 21:33 . 2011-03-29 21:27 -------- d-----w- c:\program files\OOD2KFRE
2011-03-28 21:33 . 2000-11-09 17:31 24576 ----a-w- c:\windows\system32\OODCSPRO.dll
2011-03-27 13:41 . 2011-03-27 13:41 -------- d-----w- c:\program files\Playlist Creator 3.6.2
2011-03-23 04:47 . 2011-03-23 04:47 -------- d-----w- c:\documents and settings\Peter\Application Data\Apple Computer
2011-03-23 04:47 . 2011-03-23 04:47 -------- d-----w- c:\documents and settings\Peter\Local Settings\Application Data\FLVService
2011-03-11 12:29 . 2011-03-11 12:29 -------- d-----w- c:\program files\Common Files\Java
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-07 22:23 . 2009-04-23 19:44 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2011-02-17 14:07 . 2011-02-17 14:07 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-09 13:53 . 2003-03-31 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2003-03-31 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 20:40 . 2010-07-04 13:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 18:19 . 2009-07-26 14:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2009-04-22 20:26 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-04-22 20:26 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-25 09:41 . 2011-01-25 09:41 1627976 ----a-w- c:\windows\system32\ooscrsav.scr
2011-01-25 09:40 . 2011-01-25 09:40 275784 ----a-w- c:\windows\system32\oodbs.exe
2011-01-25 09:39 . 2011-01-25 09:39 535880 ----a-w- c:\windows\system32\oodssrs.dll
2011-01-25 09:38 . 2011-01-25 09:38 9544 ----a-w- c:\windows\system32\oodbsrs.dll
2011-01-21 14:44 . 2003-03-31 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-04-01 17:12 . 2011-04-01 17:12 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-17 45056]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2007-11-16 91432]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 72736]
"InstantBurn"="c:\progra~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe" [2007-06-04 599600]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-01-25 2781000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-26 281768]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Freecorder FLV Service]
2010-06-26 18:09 167936 ----a-w- c:\program files\Freecorder\FLVSrvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-12-21 10:53 1483264 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"f:\\Tomas\\cs 1.6\\Counter-Strike\\hl.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"f:\\Tomas\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Samsung\\SAMSUNG PC Share Manager\\WiselinkPro.exe"=
"c:\\Program Files\\Samsung\\SAMSUNG PC Share Manager\\http_ss_win_pro.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"\\\\Server\\Datovy sklad\\Tomas\\Hry\\WoW z xp\\Launcher.patch.exe"=
"\\\\Server\\Datovy sklad\\Tomas\\Hry\\WoW z xp\\Temp\\wow-4.0.0.1807-to-4.0.0.1987-enUS-tools-downloader.exe"=
"\\\\Server\\Datovy sklad\\Tomas\\Hry\\WoW z xp\\Blizzard Downloader.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\REALTEK\\11n USB Wireless LAN Utility\\RtWLan.exe"=
"c:\\Program Files\\Counter-Strike\\hl.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Miso\\iTunes\\iTunes.exe"=
"\\\\Server\\Datovy sklad\\Tomas\\Hry\\WoW z xp\\Launcher.exe"=
"c:\\games\\WoW z xp\\Launcher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
.
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [8.4.2011 0:04 339624]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8.4.2011 0:04 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [8.4.2011 0:04 421032]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7.4.2011 15:20 363344]
R2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [25.1.2011 11:41 2398536]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [18.3.2010 20:50 16168]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [18.3.2010 20:39 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [18.3.2010 20:39 555096]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [18.3.2010 20:39 566360]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [8.4.2011 10:19 44416]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7.4.2011 15:19 20952]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24.8.2010 19:23 136176]
S2 WiselinkPro;SAMSUNG WiselinkPro Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [8.1.2009 10:38 4136960]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [18.3.2010 20:39 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [8.4.2011 0:24 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [18.3.2010 20:39 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [18.3.2010 20:39 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [18.3.2010 20:39 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [18.3.2010 20:39 566360]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-13 c:\windows\Tasks\AdobeAAMUpdater-1.0-DOMA-Tomas.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-05-18 01:44]
.
2011-03-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
.
2011-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-24 17:23]
.
2011-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-24 17:23]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} - hxxp://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
FF - ProfilePath - c:\documents and settings\Miso\Application Data\Mozilla\Firefox\Profiles\sfyyygqg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.realraptalk.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.7&q=
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-TaskTray - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-08 16:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="5DC0F6AA57D025F79D556C7DD740044801738AE3072C66FEF0EE0BF2C9888F5D75DC401B42933BDB3FD92F2EB546C21BD3224EC66B9462ACB8FB4A69AD7A8324B66DD90B55E39CFE3048A7D65ED4235782FEC74E98F1816774CFBBB0DD48AF5F3EBB0C425D76C98A964F704AFA9743425CBCFEF9AF84A3B1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5CA9C6AECB7A5D1407A9C6AECB7A5D1407671DE6689F724DD85E12482ACEAF4915451760D69569946096E70DB29ADAF30D73D240525C446BC3CC51B67B9EAC7BC70DF23ECCE0706D8DE3958C40EBA7341C126BA671E9CEDC44CD5555BD13CB07A2398AAFAFE83F7B78DC132C3DFA214249BF8CC950C7B456570BC7C7A8A64764E0B9AC6A83BD4217B8D873D11A1009752B602FE16F19AC53AF0FA73369F2E94E7063FAA44115FA5C9A189DE53E1BB66C093920263F240411B2C945C39F3994C2736E6D9A57C67F2C1D39CFD502AC9387DE75FED5AA549713798C47275E5BBB86C077CE8CA4D077A973C39711B57B1FECDEA3C2B10938DB9D521027102EE3E79F637EBDBC00D3A13C86A0DA0D1BE06A856CB4B100AB03D7BCBDEFB1B48C7DB4D999E82CF332144E126F1C4FC1E5DA9B7D2001E90A548CA73D71AC0B5067F751C3557DE2FCF7FBE39A80E702AC420B6EC5C5425C9D3A4D78B257A6A6A2A4480431BE6A7A2802965A0ABA9A514E4DB7AF16DF16CD0D89E58F710DA74FEB1B84A4B9AE3E6248F495C0D6D72D73AA194A42642100D52DDF99C394E3DA23F496691FB6B36F5E366BCEB640C17C6DC92C529B70F36562D7D04D80FAE04F14075757F3481254844D7139F0C3194B9C3A807F48B9F291B36AE38EC445BD77E5F1125236D13E2BBE6C87F33B2630BC310C04A8E3856F335FC6930B24DA69AC35876E018FFAE393CCF6243E7171905B2ED297C822DDED5BCD524E14C4E584A9ED9E08AF3CADE190C2D6AEFD04EEF2946AA8137B498F2701BAF7F823E253638C5292EF508C1AC90D04F406BA7931493B14A9C005332B07FEB824E852CDD5115A77402974643362544E43F8A2EA0A368129F5DB494F07AE132BC8E8DFE8E3CA78C80BABD33BAFA596AF34CE86859490047D3298D39D3BF2E04BDB392FAB3802B582DB644C9F8AC3E70ABEBEDA89AA65BDB9089CD1B5255B6C26D58C479FCF5C3E389A325CAF831EC194DF77B8CDEB731258A3039542E5A4239B360A52E5EDB2A64D36EAA8A01ECB7FDA97985DBBBE2DC52BB4D7148163C050627CCC20311792667D22D4F7BA2017E23B67B7A94E4A3B80D3719DE7C546522901B0E1A24917BE58D4D5ACB759967D8E68585DA1997AF9D14B91CACEF3FAB2C2555A50F2097C2BBD374A22766E4FB20C6877086E410078"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(784)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
- - - - - - - > 'explorer.exe'(704)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-04-08 16:48:03
ComboFix-quarantined-files.txt 2011-04-08 14:47
.
Pre-Run: 83 909 206 016 bytes free
Post-Run: 83 863 638 016 bytes free
.
- - End Of File - - 31ED224EE67FFB392F27AEA2B55F0839

zdá sa, že ten bug už fixli našťastie

Příspěvekod **Žbeky** » 08 dub 2011 17:01

To už je hezčí

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

File::
c:\windows\system32\DRIVERS\Lbd.sys
c:\windows\Tasks\AdobeAAMUpdater-1.0-DOMA-Tomas.job
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Driver::
Lbd

Firefox::
FF - ProfilePath - c:\documents and settings\Miso\Application Data\Mozilla\Firefox\Profiles\sfyyygqg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.realraptalk.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.7&q=

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Clutch · Příspěvekod **Clutch** » 08 dub 2011 17:50

ComboFix 11-04-07.08 - Miso 08.04.2011 17:20:46.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2451 [GMT 2:00]
Running from: c:\documents and settings\Miso\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Miso\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.
FILE ::
"c:\windows\system32\DRIVERS\Lbd.sys"
"c:\windows\Tasks\AdobeAAMUpdater-1.0-DOMA-Tomas.job"
"c:\windows\Tasks\AppleSoftwareUpdate.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_LBD
-------\Service_Lbd
.
.
((((((((((((((((((((((((( Files Created from 2011-03-08 to 2011-04-08 )))))))))))))))))))))))))))))))
.
.
2011-04-08 13:26 . 2011-04-08 13:26 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2011-04-08 08:20 . 2011-01-07 13:56 40800 ----a-w- c:\windows\system32\drivers\point32.sys
2011-04-08 08:19 . 2008-11-07 16:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-04-08 08:19 . 2011-01-07 13:56 44416 ----a-w- c:\windows\system32\drivers\dc3d.sys
2011-04-08 08:19 . 2011-01-07 13:56 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2011-04-08 08:19 . 2011-04-08 13:27 -------- d-----w- c:\program files\Microsoft IntelliPoint
2011-04-08 08:12 . 2011-04-08 08:12 -------- d-----w- c:\program files\Intel
2011-04-08 08:12 . 2011-02-28 06:09 53248 ----a-w- c:\windows\system32\CSVer.dll
2011-04-08 08:11 . 2011-04-08 08:11 -------- d-----w- C:\Intel
2011-04-07 22:28 . 2011-04-07 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2011-04-07 22:24 . 2003-06-12 21:25 7062 ----a-w- c:\windows\system32\audiopid.vxd
2011-04-07 22:23 . 2011-04-07 22:23 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2011-04-07 22:19 . 2003-11-10 16:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-04-07 22:19 . 2003-11-10 16:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-04-07 22:19 . 2003-11-10 16:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-04-07 22:19 . 2003-11-10 16:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-04-07 22:19 . 2003-11-10 16:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-04-07 22:18 . 2011-04-07 22:18 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-04-07 22:18 . 2011-04-07 22:18 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-04-07 22:04 . 2011-04-08 08:02 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-04-07 22:04 . 2011-01-26 14:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-04-07 22:04 . 2010-06-17 12:30 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-04-07 22:04 . 2010-06-17 12:30 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-04-07 22:04 . 2011-04-07 22:04 -------- d-----w- c:\program files\Avira
2011-04-07 17:04 . 2011-04-07 17:04 388096 ----a-r- c:\documents and settings\Miso\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-07 17:04 . 2011-04-07 17:04 -------- d-----w- c:\program files\Trend Micro
2011-04-07 13:20 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-07 13:19 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-07 13:19 . 2011-04-07 13:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-01 17:12 . 2011-04-01 17:12 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-04-01 17:12 . 2011-04-01 17:12 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-04-01 17:12 . 2011-04-01 17:12 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-04-01 17:12 . 2011-04-01 17:12 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-04-01 17:12 . 2011-04-01 17:12 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-04-01 17:12 . 2011-04-01 17:12 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-30 18:26 . 2011-03-31 17:14 -------- d-----w- c:\windows\system32\oodag
2011-03-30 16:52 . 2011-03-30 16:52 -------- d-----w- c:\documents and settings\Miso\Local Settings\Application Data\O&O
2011-03-30 16:51 . 2011-03-30 16:51 -------- d-----w- c:\program files\OO Software
2011-03-30 16:51 . 2011-03-30 16:51 -------- d-----w- c:\documents and settings\Miso\Local Settings\Application Data\Downloaded Installations
2011-03-28 21:34 . 2001-04-06 11:57 238080 ----a-w- c:\windows\system32\OOD2000.exe
2011-03-28 21:34 . 2001-04-05 15:40 598016 ----a-w- c:\windows\system32\OOD2KCRS.dll
2011-03-28 21:34 . 2001-04-05 15:21 29272 ----a-w- c:\windows\system32\OOD2KBS.exe
2011-03-28 21:34 . 2000-11-01 12:12 16384 ----a-w- c:\windows\system32\ood2kmsg.dll
2011-03-28 21:33 . 2011-03-29 21:27 -------- d-----w- c:\program files\OOD2KFRE
2011-03-28 21:33 . 2000-11-09 17:31 24576 ----a-w- c:\windows\system32\OODCSPRO.dll
2011-03-27 13:41 . 2011-03-27 13:41 -------- d-----w- c:\program files\Playlist Creator 3.6.2
2011-03-23 04:47 . 2011-03-23 04:47 -------- d-----w- c:\documents and settings\Peter\Application Data\Apple Computer
2011-03-23 04:47 . 2011-03-23 04:47 -------- d-----w- c:\documents and settings\Peter\Local Settings\Application Data\FLVService
2011-03-11 12:29 . 2011-03-11 12:29 -------- d-----w- c:\program files\Common Files\Java
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-07 22:23 . 2009-04-23 19:44 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2011-02-17 14:07 . 2011-02-17 14:07 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-09 13:53 . 2003-03-31 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2003-03-31 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 20:40 . 2010-07-04 13:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 18:19 . 2009-07-26 14:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2009-04-22 20:26 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-04-22 20:26 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-25 09:41 . 2011-01-25 09:41 1627976 ----a-w- c:\windows\system32\ooscrsav.scr
2011-01-25 09:40 . 2011-01-25 09:40 275784 ----a-w- c:\windows\system32\oodbs.exe
2011-01-25 09:39 . 2011-01-25 09:39 535880 ----a-w- c:\windows\system32\oodssrs.dll
2011-01-25 09:38 . 2011-01-25 09:38 9544 ----a-w- c:\windows\system32\oodbsrs.dll
2011-01-21 14:44 . 2003-03-31 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-04-01 17:12 . 2011-04-01 17:12 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-17 45056]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2007-11-16 91432]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 72736]
"InstantBurn"="c:\progra~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe" [2007-06-04 599600]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-01-25 2781000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-26 281768]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Freecorder FLV Service]
2010-06-26 18:09 167936 ----a-w- c:\program files\Freecorder\FLVSrvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-12-21 10:53 1483264 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"f:\\Tomas\\cs 1.6\\Counter-Strike\\hl.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"f:\\Tomas\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Samsung\\SAMSUNG PC Share Manager\\WiselinkPro.exe"=
"c:\\Program Files\\Samsung\\SAMSUNG PC Share Manager\\http_ss_win_pro.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"\\\\Server\\Datovy sklad\\Tomas\\Hry\\WoW z xp\\Launcher.patch.exe"=
"\\\\Server\\Datovy sklad\\Tomas\\Hry\\WoW z xp\\Temp\\wow-4.0.0.1807-to-4.0.0.1987-enUS-tools-downloader.exe"=
"\\\\Server\\Datovy sklad\\Tomas\\Hry\\WoW z xp\\Blizzard Downloader.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\REALTEK\\11n USB Wireless LAN Utility\\RtWLan.exe"=
"c:\\Program Files\\Counter-Strike\\hl.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Miso\\iTunes\\iTunes.exe"=
"\\\\Server\\Datovy sklad\\Tomas\\Hry\\WoW z xp\\Launcher.exe"=
"c:\\games\\WoW z xp\\Launcher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
.
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [8.4.2011 0:04 339624]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8.4.2011 0:04 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [8.4.2011 0:04 421032]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7.4.2011 15:20 363344]
R2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [25.1.2011 11:41 2398536]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [18.3.2010 20:50 16168]
R2 WiselinkPro;SAMSUNG WiselinkPro Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [8.1.2009 10:38 4136960]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [18.3.2010 20:39 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [18.3.2010 20:39 555096]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [18.3.2010 20:39 566360]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [8.4.2011 10:19 44416]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7.4.2011 15:19 20952]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24.8.2010 19:23 136176]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [18.3.2010 20:39 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [8.4.2011 0:24 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [18.3.2010 20:39 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [18.3.2010 20:39 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [18.3.2010 20:39 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [18.3.2010 20:39 566360]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-13 c:\windows\Tasks\AdobeAAMUpdater-1.0-DOMA-Tomas.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-05-18 01:44]
.
2011-03-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
.
2011-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-24 17:23]
.
2011-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-24 17:23]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} - hxxp://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
FF - ProfilePath - c:\documents and settings\Miso\Application Data\Mozilla\Firefox\Profiles\sfyyygqg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.realraptalk.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.7&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-08 17:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="5DC0F6AA57D025F79D556C7DD740044801738AE3072C66FEF0EE0BF2C9888F5D75DC401B42933BDB3FD92F2EB546C21BD3224EC66B9462ACB8FB4A69AD7A8324B66DD90B55E39CFE3048A7D65ED4235782FEC74E98F1816774CFBBB0DD48AF5F3EBB0C425D76C98A964F704AFA9743425CBCFEF9AF84A3B1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5CA9C6AECB7A5D1407A9C6AECB7A5D1407671DE6689F724DD85E12482ACEAF4915451760D69569946096E70DB29ADAF30D73D240525C446BC3CC51B67B9EAC7BC70DF23ECCE0706D8DE3958C40EBA7341C126BA671E9CEDC44CD5555BD13CB07A2398AAFAFE83F7B78DC132C3DFA214249BF8CC950C7B456570BC7C7A8A64764E0B9AC6A83BD4217B8D873D11A1009752B602FE16F19AC53AF0FA73369F2E94E7063FAA44115FA5C9A189DE53E1BB66C093920263F240411B2C945C39F3994C2736E6D9A57C67F2C1D39CFD502AC9387DE75FED5AA549713798C47275E5BBB86C077CE8CA4D077A973C39711B57B1FECDEA3C2B10938DB9D521027102EE3E79F637EBDBC00D3A13C86A0DA0D1BE06A856CB4B100AB03D7BCBDEFB1B48C7DB4D999E82CF332144E126F1C4FC1E5DA9B7D2001E90A548CA73D71AC0B5067F751C3557DE2FCF7FBE39A80E702AC420B6EC5C5425C9D3A4D78B257A6A6A2A4480431BE6A7A2802965A0ABA9A514E4DB7AF16DF16CD0D89E58F710DA74FEB1B84A4B9AE3E6248F495C0D6D72D73AA194A42642100D52DDF99C394E3DA23F496691FB6B36F5E366BCEB640C17C6DC92C529B70F36562D7D04D80FAE04F14075757F3481254844D7139F0C3194B9C3A807F48B9F291B36AE38EC445BD77E5F1125236D13E2BBE6C87F33B2630BC310C04A8E3856F335FC6930B24DA69AC35876E018FFAE393CCF6243E7171905B2ED297C822DDED5BCD524E14C4E584A9ED9E08AF3CADE190C2D6AEFD04EEF2946AA8137B498F2701BAF7F823E253638C5292EF508C1AC90D04F406BA7931493B14A9C005332B07FEB824E852CDD5115A77402974643362544E43F8A2EA0A368129F5DB494F07AE132BC8E8DFE8E3CA78C80BABD33BAFA596AF34CE86859490047D3298D39D3BF2E04BDB392FAB3802B582DB644C9F8AC3E70ABEBEDA89AA65BDB9089CD1B5255B6C26D58C479FCF5C3E389A325CAF831EC194DF77B8CDEB731258A3039542E5A4239B360A52E5EDB2A64D36EAA8A01ECB7FDA97985DBBBE2DC52BB4D7148163C050627CCC20311792667D22D4F7BA2017E23B67B7A94E4A3B80D3719DE7C546522901B0E1A24917BE58D4D5ACB759967D8E68585DA1997AF9D14B91CACEF3FAB2C2555A50F2097C2BBD374A22766E4FB20C6877086E410078"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(784)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
- - - - - - - > 'explorer.exe'(564)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ctagent.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_slk.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\CTHELPER.EXE
c:\program files\Avira\AntiVir Desktop\checkt.exe
.
**************************************************************************
.
Completion time: 2011-04-08 17:48:41 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-08 15:48
ComboFix2.txt 2011-04-08 14:48
.
Pre-Run: 83 872 530 432 bytes free
Post-Run: 83 794 907 136 bytes free
.
- - End Of File - - 63906E7BB74BB12F0C0EFC58A77E4408

po dokončení sa PC reštartol a až potom vygeneroval log, snáď je to normálne.

Příspěvekod **Žbeky** » 08 dub 2011 18:48

Jo, to je normální.

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials

+ Nový log z HJT

Jak se chová PC?

Clutch · Příspěvekod **Clutch** » 08 dub 2011 19:08

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:05:32, on 8.4.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
C:\Program Files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InstantBurn] C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} (CCTVUpdateInstall) - http://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: O&O Defrag Agent (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SAMSUNG WiselinkPro Service (WiselinkPro) - Unknown owner - C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe

--
End of file - 7350 bytes

tu je ten log, zajtra napíšem ako sa chová ale zatial sa mi zdá že ide lepšie.

Příspěvekod **Žbeky** » 08 dub 2011 19:18

Fixni:

Kód: Vybrat vše

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O16 - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} (CCTVUpdateInstall) - http://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll

Pokud nebudou problémy, můžeš dát vyřešeno

Clutch · Příspěvekod **Clutch** » 08 dub 2011 20:28

Všetko vyzeralo dobre. Zrazu však starý problém - 100% CPU Usage :-(

Tu sú procesy:
Obrázek

Příspěvekod **Žbeky** » 08 dub 2011 20:31

Co jsi u toho měl spuštěného, že se ti vytížil průzkumník?

Clutch · Příspěvekod **Clutch** » 08 dub 2011 20:34

len internet a media player classic

Příspěvekod **Žbeky** » 08 dub 2011 20:38

A když vypneš media player tak to předpokládám spadne. Asi chyba kodeků. Odinstaluj staré a nahoď K-Lite codec pack. Nebo zkus přehrávač VLC

Clutch · Příspěvekod **Clutch** » 08 dub 2011 20:40

Práveže player som vypol a stále je 100%. Momentálne tak beží len internet a ten predsa nemôže vyťažiť na 100%.

Poprosím o kontrolu logu + Vyřešeno

Re: Poprosím o kontrolu logu

Re: Poprosím o kontrolu logu

Re: Poprosím o kontrolu logu

Re: Poprosím o kontrolu logu

Re: Poprosím o kontrolu logu

Re: Poprosím o kontrolu logu

Re: Poprosím o kontrolu logu

Re: Poprosím o kontrolu logu

Re: Poprosím o kontrolu logu

Re: Poprosím o kontrolu logu

Re: Poprosím o kontrolu logu

Re: Poprosím o kontrolu logu

Kdo je online