prosím o kontrolu logu

vratilenergy · Příspěvekod **vratilenergy** » 01 srp 2011 11:36

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:34:35, on 1.8.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Mouse Driver\MouseDrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\EgisTec IPS\PmmUpdate.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\EgisTec MyWinLocker\MWLTSR.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Game Maker 6.1\Osa9.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIVTBTSrv.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 1\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 1\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search13.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2475029
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId= ... nkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search13.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: GdfrDUEn - {A3CF7606-E683-4375-A372-96B75DA0AEF7} - C:\Program Files\Stylish Profile\enlbrdr.dll
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll (file missing)
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [TNOD UP] "C:\Program Files\TNod User & Password Finder\TNODUP.exe" /i
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [MWLTSR] C:\Program Files\EgisTec MyWinLocker\MWLTSR.exe /run
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Startup] C:\Documents and Settings\admin\Data aplikací\Microsoft\svchost.exe
O4 - HKCU\..\Run: [RGSC] D:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O4 - Startup: MS Office Tools.lnk = C:\Program Files\Game Maker 6.1\Osa9.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: PlayerScore.lnk = D:\World of Warcraft\PlayerScoreClient\PlayerScore.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm
O9 - Extra 'Tools' menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati ... 0.31.0.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O20 - Winlogon Notify: RelevantKnowledge - C:\Program Files\RelevantKnowledge\rlls.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11427 bytes

Reklama

Příspěvekod **Žbeky** » 01 srp 2011 18:27

Fixni:

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search13.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2475029
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search13.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll (file missing)
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TNOD UP] "C:\Program Files\TNod User & Password Finder\TNODUP.exe" /i
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Startup] C:\Documents and Settings\admin\Data aplikací\Microsoft\svchost.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O4 - Startup: MS Office Tools.lnk = C:\Program Files\Game Maker 6.1\Osa9.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati ... 0.31.0.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O20 - Winlogon Notify: RelevantKnowledge - C:\Program Files\RelevantKnowledge\rlls.dll (file missing)

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

vratilenergy · Příspěvekod **vratilenergy** » 02 srp 2011 12:30

Malwarebytes' Anti-Malware
www.malwarebytes.org

Verze databáze:

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2.8.2011 12:18:54
mbam-log-2011-08-02 (12-18-50).txt

Typ: Rychlá kontrola
Kontrolované objekty: 153442
Uplynulý čas: 6 minut, 5 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 21
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 5
Infikované soubory: 18

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CLASSES_ROOT\CLSID\{A3CF7606-E683-4375-A372-96B75DA0AEF7} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{730CEAB8-D22B-4A64-8A3F-D3BAAA911992} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{FB9F522E-9480-4952-9CFD-2FAEC7DE51DC} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\enlbrdr.GdfrDUEn.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\enlbrdr.GdfrDUEn (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A3CF7606-E683-4375-A372-96B75DA0AEF7} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3CF7606-E683-4375-A372-96B75DA0AEF7} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> No action taken.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
c:\program files\funwebproducts (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Shared (Adware.MyWebSearch) -> No action taken.
c:\program files\relevantknowledge (Spyware.MarketScore) -> No action taken.
c:\program files\relevantknowledge\components (Spyware.MarketScore) -> No action taken.
c:\documents and settings\all users\nabídka start\Programy\relevantknowledge (Spyware.MarketScore) -> No action taken.

Infikované soubory:
c:\program files\stylish profile\enlbrdr.dll (Trojan.BHO) -> No action taken.
c:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> No action taken.
c:\program files\funwebproducts\Shared\000E10C4.dat (Adware.MyWebSearch) -> No action taken.
c:\program files\relevantknowledge\chrome.manifest (Spyware.MarketScore) -> No action taken.
c:\program files\relevantknowledge\install.rdf (Spyware.MarketScore) -> No action taken.
c:\program files\relevantknowledge\MSVCP71.DLL (Spyware.MarketScore) -> No action taken.
c:\program files\relevantknowledge\MSVCR71.DLL (Spyware.MarketScore) -> No action taken.
c:\program files\relevantknowledge\rlls64.dll (Spyware.MarketScore) -> No action taken.
c:\program files\relevantknowledge\rloci.bin (Spyware.MarketScore) -> No action taken.
c:\program files\relevantknowledge\rlph.dll (Spyware.MarketScore) -> No action taken.
c:\program files\relevantknowledge\rlvknlg64.exe (Spyware.MarketScore) -> No action taken.
c:\program files\relevantknowledge\rlxf.dll (Spyware.MarketScore) -> No action taken.
c:\program files\relevantknowledge\components\rlxg.dll (Spyware.MarketScore) -> No action taken.
c:\documents and settings\all users\nabídka start\Programy\relevantknowledge\about relevantknowledge.lnk (Spyware.MarketScore) -> No action taken.
c:\documents and settings\all users\nabídka start\Programy\relevantknowledge\privacy policy and user license agreement.lnk (Spyware.MarketScore) -> No action taken.
c:\documents and settings\all users\nabídka start\Programy\relevantknowledge\Support.lnk (Spyware.MarketScore) -> No action taken.
c:\documents and settings\all users\nabídka start\Programy\relevantknowledge\uninstall instructions.lnk (Spyware.MarketScore) -> No action taken.
c:\documents and settings\admin\Plocha\Explorer.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.

Příspěvekod **memphisto** » 02 srp 2011 18:39

- Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštìní se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynù, bìhem aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by mìl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

vratilenergy · Příspěvekod **vratilenergy** » 02 srp 2011 19:41

Malwarebytes' Anti-Malware
www.malwarebytes.org

Verze databáze:

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2.8.2011 19:18:39
mbam-log-2011-08-02 (19-18-39).txt

Typ: Rychlá kontrola
Kontrolované objekty: 153171
Uplynulý čas: 5 minut, 40 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 21
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 5
Infikované soubory: 18

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CLASSES_ROOT\CLSID\{A3CF7606-E683-4375-A372-96B75DA0AEF7} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{730CEAB8-D22B-4A64-8A3F-D3BAAA911992} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{FB9F522E-9480-4952-9CFD-2FAEC7DE51DC} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\enlbrdr.GdfrDUEn.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\enlbrdr.GdfrDUEn (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A3CF7606-E683-4375-A372-96B75DA0AEF7} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3CF7606-E683-4375-A372-96B75DA0AEF7} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\components (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\documents and settings\all users\nabídka start\Programy\relevantknowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.

Infikované soubory:
c:\program files\stylish profile\enlbrdr.dll (Trojan.BHO) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Shared\000E10C4.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\chrome.manifest (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\install.rdf (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\MSVCP71.DLL (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\MSVCR71.DLL (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\rlls64.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\rloci.bin (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\rlph.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\rlvknlg64.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\rlxf.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\components\rlxg.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\documents and settings\all users\nabídka start\Programy\relevantknowledge\about relevantknowledge.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\documents and settings\all users\nabídka start\Programy\relevantknowledge\privacy policy and user license agreement.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\documents and settings\all users\nabídka start\Programy\relevantknowledge\Support.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\documents and settings\all users\nabídka start\Programy\relevantknowledge\uninstall instructions.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\documents and settings\admin\Plocha\Explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

---------------------------------------------------------------------------------------------------------------------------

ComboFix 11-08-02.02 - admin 02.08.2011 19:30:27.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.803 [GMT 2:00]
Spuštěný z: c:\documents and settings\admin\Dokumenty\Sta×enÚ soubory\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\admin\Data aplikací\pcouffin.sys
c:\documents and settings\admin\WINDOWS
c:\windows\av.exe
c:\windows\driver.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-02 do 2011-08-02 )))))))))))))))))))))))))))))))
.
.
2011-08-02 10:17 . 2008-09-01 08:18 1564544 ----a-w- c:\windows\system32\drivers\VMHybr64.sys
2011-08-02 10:17 . 2008-09-01 08:05 1060224 ----a-w- c:\windows\system32\drivers\VMHybrid.sys
2011-08-02 10:17 . 2011-08-02 10:17 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-08-02 10:17 . 2003-02-27 14:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-08-02 10:17 . 2002-12-05 12:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-08-02 10:17 . 2002-12-02 13:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-08-02 10:17 . 2002-12-02 11:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-08-02 10:17 . 2002-12-02 11:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-08-02 10:17 . 2011-08-02 10:17 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-08-02 10:15 . 2010-09-23 13:46 81936 ----a-w- c:\windows\system32\RtNicProp32.dll
2011-08-02 10:15 . 2010-09-23 13:46 102416 ----a-w- c:\windows\system32\RTNUninst32.dll
2011-08-02 10:10 . 2009-11-02 15:47 11520 ----a-w- c:\windows\system32\drivers\gMouUsb.sys
2011-08-02 10:10 . 2009-11-02 15:43 20480 ----a-w- c:\windows\system32\drivers\gHidPnp.sys
2011-08-02 10:10 . 2009-06-30 10:13 17408 ----a-w- c:\windows\system32\drivers\gMouPS2.sys
2011-08-02 10:09 . 2011-08-02 10:09 -------- d-----w- C:\Genius
2011-08-02 10:08 . 2011-08-02 10:08 -------- d-----w- c:\documents and settings\admin\Data aplikací\Malwarebytes
2011-08-02 10:08 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-02 10:08 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-02 10:08 . 2011-08-02 10:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-02 10:05 . 2010-11-03 16:15 359016 ----a-w- c:\windows\vncutil.exe
2011-08-02 10:05 . 2011-07-06 11:27 60008 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-08-02 10:05 . 2010-11-03 16:14 129640 ----a-w- c:\windows\RtkAudioService.exe
2011-08-02 10:05 . 2009-11-18 05:17 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2011-08-02 10:05 . 2009-11-18 05:16 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2011-08-02 10:04 . 2011-03-30 18:46 101392 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys
2011-08-02 10:04 . 2011-08-02 10:04 -------- d-----w- c:\program files\ATI
2011-08-02 10:03 . 2011-08-02 10:03 -------- d-----w- C:\ATI
2011-08-02 09:51 . 2011-08-02 09:51 -------- d-----w- c:\program files\Driver-Soft
2011-08-02 08:22 . 2011-08-02 08:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\PCHealth
2011-08-01 17:02 . 2011-08-01 17:02 -------- d-----w- C:\Graphics
2011-08-01 17:02 . 2006-06-17 10:52 104448 ------w- c:\windows\system32\mwdds.dll
2011-08-01 17:02 . 2006-06-17 09:44 183296 ------w- c:\windows\system32\mwgfx.dll
2011-08-01 17:02 . 2005-11-12 23:28 238080 ------w- c:\windows\system32\mwgfx24.dll
2011-08-01 17:02 . 2004-05-14 09:13 56832 ------w- c:\windows\system32\mwace.dll
2011-07-31 19:20 . 2011-07-31 19:20 388096 ----a-r- c:\documents and settings\admin\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-31 19:20 . 2011-07-31 19:20 -------- d-----w- c:\program files\Trend Micro
2011-07-31 17:51 . 2011-07-31 17:56 -------- d-----w- c:\windows\system32\NtmsData
2011-07-31 16:39 . 2011-07-31 16:39 -------- d-----w- c:\documents and settings\admin\Data aplikací\Blender Foundation
2011-07-31 08:22 . 2011-07-31 18:46 -------- d-----w- c:\program files\Google
2011-07-28 20:54 . 2011-07-31 20:42 -------- d-----w- c:\program files\TmUnitedForever
2011-07-26 06:57 . 2011-07-26 06:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 17:10 . 2011-07-22 17:10 -------- d-----w- c:\documents and settings\admin\Data aplikací\Ashampoo
2011-07-22 17:10 . 2011-07-22 17:10 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\ashampoo
2011-07-22 17:10 . 2011-07-22 17:10 -------- d-----w- c:\program files\Ashampoo
2011-07-22 17:06 . 2011-07-22 17:06 81920 ----a-w- c:\documents and settings\admin\Data aplikací\ezpinst.exe
2011-07-22 17:06 . 2011-07-22 17:06 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2011-07-22 17:06 . 2011-07-22 17:06 -------- d-----w- c:\documents and settings\admin\Data aplikací\Vso
2011-07-22 17:05 . 2011-07-22 21:55 -------- d-----w- c:\program files\McFunSoft DVD Creator
2011-07-21 15:59 . 2011-07-21 15:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-07-21 15:56 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-07-21 15:56 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-07-21 15:56 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2011-07-21 15:56 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-07-21 15:56 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2011-07-21 15:56 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-07-21 15:56 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2011-07-21 15:56 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-07-14 11:07 . 2011-07-14 11:07 -------- d-----w- C:\GMouse20
2011-07-14 09:48 . 2011-07-14 09:48 -------- d-----w- c:\documents and settings\admin\Phone Browser
2011-07-14 09:48 . 2011-07-22 16:49 -------- d-----w- c:\documents and settings\admin\Data aplikací\Nokia Multimedia Player
2011-07-14 09:31 . 2011-07-14 09:31 -------- d-----w- c:\program files\Common Files\PCSuite
2011-07-14 09:31 . 2007-02-22 09:15 12288 ----a-w- c:\windows\system32\drivers\nmwcdcm.sys
2011-07-14 09:31 . 2007-02-22 09:15 12288 ----a-w- c:\windows\system32\drivers\nmwcdcj.sys
2011-07-14 09:31 . 2007-02-22 09:15 137216 ----a-w- c:\windows\system32\drivers\nmwcd.sys
2011-07-14 09:31 . 2007-02-22 09:15 8320 ----a-w- c:\windows\system32\drivers\nmwcdc.sys
2011-07-14 09:31 . 2007-02-22 09:15 65536 ----a-w- c:\windows\system32\nmwcdcocls.dll
2011-07-07 20:56 . 2011-07-07 20:56 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\The Lord of the Rings Online
2011-07-07 20:37 . 2011-07-07 20:39 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\Turbine
2011-07-07 20:03 . 2011-07-07 20:03 -------- d-----w- c:\program files\Turbine
2011-07-07 16:21 . 2011-07-07 21:18 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\PMB Files
2011-07-07 16:21 . 2011-07-07 16:21 -------- d-----w- c:\documents and settings\All Users\Data aplikac
2011-07-07 16:20 . 2011-07-07 16:20 -------- d-----w- c:\program files\Pando Networks
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-13 03:39 . 2011-03-11 20:23 6881616 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-11 12:17 . 2009-10-06 21:35 1698408 ----a-w- c:\windows\RtlExUpd.dll
2011-07-07 15:39 . 2009-10-06 21:35 6367848 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2011-07-05 14:08 . 2009-10-06 21:35 20053608 ----a-w- c:\windows\RTHDCPL.EXE
2011-06-30 14:15 . 2009-10-06 21:35 891496 ----a-w- c:\windows\system32\RTSndMgr.CPL
2011-06-06 11:35 . 2006-03-02 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2010-02-10 03:18 . 2011-03-21 14:04 2131336 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"CreativeMouse "="c:\program files\Mouse Driver\MouseDrv.exe" [2004-06-27 503808]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"MWLTSR"="c:\program files\EgisTec MyWinLocker\MWLTSR.exe" [2010-12-23 125808]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"TaskTray"="c:\program files\Driver-Soft\SuperOvladac\TaskTray.exe" [2011-01-27 284016]
"RTHDCPL"="RTHDCPL.EXE" [2011-07-05 20053608]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2009-09-03 61440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
PlayerScore.lnk - d:\world of warcraft\PlayerScoreClient\PlayerScore.exe [2011-1-31 247808]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 661776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Game Maker 6.1\\Osa9.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Ubisoft\\The Settlers 7 Offline Launcher\\server.exe"=
"d:\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"d:\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\MOH2010\\Medal Of Honor 2010.Limited Edition\\Binaries\\moh.exe"=
"c:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"c:\\Program Files\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57963:TCP"= 57963:TCP:Pando Media Booster
"57963:UDP"= 57963:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.10.2009 18:36 691696]
R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [23.5.2010 21:36 2944]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [11.4.2011 22:20 18024]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [11.4.2011 22:20 15208]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [11.4.2011 22:20 60800]
R2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files\Common Files\EgisTec\Services\EgisTicketService.exe [23.12.2010 16:50 172912]
R2 GeniusMouseService;GeniusMouseService;c:\genius\ioCentre\GMouseService.exe [2.8.2011 12:10 12288]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2.8.2011 12:04 101392]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [2.8.2011 12:10 20480]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [2.8.2011 12:10 11520]
S1 MpKsl390cd5e1;MpKsl390cd5e1;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{72140F87-9B1A-49CC-89EA-5199431E4F87}\MpKsl390cd5e1.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{72140F87-9B1A-49CC-89EA-5199431E4F87}\MpKsl390cd5e1.sys [?]
S1 MpKsl816fdbe6;MpKsl816fdbe6;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{5E1743FC-3B28-4BE9-BFA8-C823F5E1085B}\MpKsl816fdbe6.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{5E1743FC-3B28-4BE9-BFA8-C823F5E1085B}\MpKsl816fdbe6.sys [?]
S1 MpKsld46b6fac;MpKsld46b6fac;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{055712E2-5CF4-47AE-899D-F5C647A67D0C}\MpKsld46b6fac.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{055712E2-5CF4-47AE-899D-F5C647A67D0C}\MpKsld46b6fac.sys [?]
S1 MpKslf4102502;MpKslf4102502;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{35037900-57AD-4626-8705-7BB7694114BF}\MpKslf4102502.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{35037900-57AD-4626-8705-7BB7694114BF}\MpKslf4102502.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2.8.2011 12:05 1691480]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [2.8.2011 12:10 17408]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2.8.2011 12:08 41272]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
2011-08-02 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
2011-08-02 c:\windows\Tasks\User_Feed_Synchronization-{9AECBA5B-7C1A-4CE2-A94D-F3B0AAAD1364}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{E01CA4DC-E4D9-4370-ACD3-15625CE6D6B5}: NameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\flivi97c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - szn.cz
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 2475029&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
HKCU-Run-ares - c:\program files\Ares\Ares.exe
HKCU-Run-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
HKCU-Run-RGSC - d:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
AddRemove-Adobe Flash Player Plugin - c:\windows\system32\Macromed\Flash\FlashUtil10u_Plugin.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-02 19:35
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\docume~1\admin\LOCALS~1\Temp\~DS.tmp 10379434 bytes
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2025429265-152049171-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:3e,a2,bf,a3,d4,b4,e9,5d,f1,ed,3e,fe,60,af,8f,84,6b,f2,c2,6e,51,
80,8e,8a,76,80,21,65,77,3a,e3,24,d9,97,35,35,3a,ad,4d,58,28,83,65,46,fd,e4,\
"rkeysecu"=hex:bf,4a,44,ef,d6,5f,38,bd,b3,33,bc,72,0f,eb,72,fa
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3920)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\savedump.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\windows\RTHDCPL.EXE
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclIVTBTSrv.exe
.
**************************************************************************
.
Celkový čas: 2011-08-02 19:39:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-02 17:38
.
Před spuštěním: Volných bajtů: 21 948 227 584
Po spuštění: Volných bajtů: 21 933 576 192
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 837A9DD08DD3A6B0953813351803E379

Příspěvekod **memphisto** » 03 srp 2011 01:17

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\program files\Common Files\AskToolbarInstaller.exe
c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{72140F87-9B1A-49CC-89EA-5199431E4F87}\MpKsl390cd5e1.sys
c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{5E1743FC-3B28-4BE9-BFA8-C823F5E1085B}\MpKsl816fdbe6.sys
c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{055712E2-5CF4-47AE-899D-F5C647A67D0C}\MpKsld46b6fac.sys
c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{35037900-57AD-4626-8705-7BB7694114BF}\MpKslf4102502.sys
c:\program files\Google\Update\GoogleUpdate.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000

Driver::
MpKsl390cd5e1
MpKsl816fdbe6
MpKsld46b6fac
MpKslf4102502
gupdate
gupdatem

Firefox::
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\flivi97c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 2475029&q=

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

vratilenergy · Příspěvekod **vratilenergy** » 03 srp 2011 01:57

ComboFix 11-08-02.03 - admin 03.08.2011 1:46.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1287 [GMT 2:00]
Spuštěný z: c:\documents and settings\admin\Dokumenty\Stažené soubory\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\admin\Dokumenty\Stažené soubory\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{055712E2-5CF4-47AE-899D-F5C647A67D0C}\MpKsld46b6fac.sys"
"c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{35037900-57AD-4626-8705-7BB7694114BF}\MpKslf4102502.sys"
"c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{5E1743FC-3B28-4BE9-BFA8-C823F5E1085B}\MpKsl816fdbe6.sys"
"c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{72140F87-9B1A-49CC-89EA-5199431E4F87}\MpKsl390cd5e1.sys"
"c:\program files\Common Files\AskToolbarInstaller.exe"
"c:\program files\Google\Update\GoogleUpdate.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\AskToolbarInstaller.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Legacy_MPKSL390CD5E1
-------\Legacy_MPKSL816FDBE6
-------\Legacy_MPKSLF4102502
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_MpKsl390cd5e1
-------\Service_MpKsl816fdbe6
-------\Service_MpKsld46b6fac
-------\Service_MpKslf4102502
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-02 do 2011-08-02 )))))))))))))))))))))))))))))))
.
.
2011-08-02 10:17 . 2008-09-01 08:18 1564544 ----a-w- c:\windows\system32\drivers\VMHybr64.sys
2011-08-02 10:17 . 2008-09-01 08:05 1060224 ----a-w- c:\windows\system32\drivers\VMHybrid.sys
2011-08-02 10:17 . 2011-08-02 10:17 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-08-02 10:17 . 2003-02-27 14:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-08-02 10:17 . 2002-12-05 12:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-08-02 10:17 . 2002-12-02 13:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-08-02 10:17 . 2002-12-02 11:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-08-02 10:17 . 2002-12-02 11:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-08-02 10:17 . 2011-08-02 10:17 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-08-02 10:15 . 2010-09-23 13:46 81936 ----a-w- c:\windows\system32\RtNicProp32.dll
2011-08-02 10:15 . 2010-09-23 13:46 102416 ----a-w- c:\windows\system32\RTNUninst32.dll
2011-08-02 10:10 . 2009-11-02 15:47 11520 ----a-w- c:\windows\system32\drivers\gMouUsb.sys
2011-08-02 10:10 . 2009-11-02 15:43 20480 ----a-w- c:\windows\system32\drivers\gHidPnp.sys
2011-08-02 10:10 . 2009-06-30 10:13 17408 ----a-w- c:\windows\system32\drivers\gMouPS2.sys
2011-08-02 10:09 . 2011-08-02 10:09 -------- d-----w- C:\Genius
2011-08-02 10:08 . 2011-08-02 10:08 -------- d-----w- c:\documents and settings\admin\Data aplikací\Malwarebytes
2011-08-02 10:08 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-02 10:08 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-02 10:08 . 2011-08-02 10:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-02 10:05 . 2010-11-03 16:15 359016 ----a-w- c:\windows\vncutil.exe
2011-08-02 10:05 . 2011-07-06 11:27 60008 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-08-02 10:05 . 2010-11-03 16:14 129640 ----a-w- c:\windows\RtkAudioService.exe
2011-08-02 10:05 . 2009-11-18 05:17 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2011-08-02 10:05 . 2009-11-18 05:16 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2011-08-02 10:04 . 2011-03-30 18:46 101392 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys
2011-08-02 10:04 . 2011-08-02 10:04 -------- d-----w- c:\program files\ATI
2011-08-02 10:03 . 2011-08-02 10:03 -------- d-----w- C:\ATI
2011-08-02 09:51 . 2011-08-02 09:51 -------- d-----w- c:\program files\Driver-Soft
2011-08-02 08:22 . 2011-08-02 08:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\PCHealth
2011-08-01 17:02 . 2011-08-01 17:02 -------- d-----w- C:\Graphics
2011-08-01 17:02 . 2006-06-17 10:52 104448 ------w- c:\windows\system32\mwdds.dll
2011-08-01 17:02 . 2006-06-17 09:44 183296 ------w- c:\windows\system32\mwgfx.dll
2011-08-01 17:02 . 2005-11-12 23:28 238080 ------w- c:\windows\system32\mwgfx24.dll
2011-08-01 17:02 . 2004-05-14 09:13 56832 ------w- c:\windows\system32\mwace.dll
2011-07-31 19:20 . 2011-07-31 19:20 388096 ----a-r- c:\documents and settings\admin\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-31 19:20 . 2011-07-31 19:20 -------- d-----w- c:\program files\Trend Micro
2011-07-31 17:51 . 2011-07-31 17:56 -------- d-----w- c:\windows\system32\NtmsData
2011-07-31 16:39 . 2011-07-31 16:39 -------- d-----w- c:\documents and settings\admin\Data aplikací\Blender Foundation
2011-07-31 08:22 . 2011-07-31 18:46 -------- d-----w- c:\program files\Google
2011-07-28 20:54 . 2011-07-31 20:42 -------- d-----w- c:\program files\TmUnitedForever
2011-07-26 06:57 . 2011-07-26 06:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 17:10 . 2011-07-22 17:10 -------- d-----w- c:\documents and settings\admin\Data aplikací\Ashampoo
2011-07-22 17:10 . 2011-07-22 17:10 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\ashampoo
2011-07-22 17:10 . 2011-07-22 17:10 -------- d-----w- c:\program files\Ashampoo
2011-07-22 17:06 . 2011-07-22 17:06 81920 ----a-w- c:\documents and settings\admin\Data aplikací\ezpinst.exe
2011-07-22 17:06 . 2011-07-22 17:06 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2011-07-22 17:06 . 2011-07-22 17:06 -------- d-----w- c:\documents and settings\admin\Data aplikací\Vso
2011-07-22 17:05 . 2011-07-22 21:55 -------- d-----w- c:\program files\McFunSoft DVD Creator
2011-07-21 15:59 . 2011-07-21 15:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-07-21 15:56 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-07-21 15:56 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-07-21 15:56 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2011-07-21 15:56 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-07-21 15:56 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2011-07-21 15:56 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-07-21 15:56 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2011-07-21 15:56 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-07-14 11:07 . 2011-07-14 11:07 -------- d-----w- C:\GMouse20
2011-07-14 09:48 . 2011-07-14 09:48 -------- d-----w- c:\documents and settings\admin\Phone Browser
2011-07-14 09:48 . 2011-07-22 16:49 -------- d-----w- c:\documents and settings\admin\Data aplikací\Nokia Multimedia Player
2011-07-14 09:31 . 2011-07-14 09:31 -------- d-----w- c:\program files\Common Files\PCSuite
2011-07-14 09:31 . 2007-02-22 09:15 12288 ----a-w- c:\windows\system32\drivers\nmwcdcm.sys
2011-07-14 09:31 . 2007-02-22 09:15 12288 ----a-w- c:\windows\system32\drivers\nmwcdcj.sys
2011-07-14 09:31 . 2007-02-22 09:15 137216 ----a-w- c:\windows\system32\drivers\nmwcd.sys
2011-07-14 09:31 . 2007-02-22 09:15 8320 ----a-w- c:\windows\system32\drivers\nmwcdc.sys
2011-07-14 09:31 . 2007-02-22 09:15 65536 ----a-w- c:\windows\system32\nmwcdcocls.dll
2011-07-07 20:56 . 2011-07-07 20:56 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\The Lord of the Rings Online
2011-07-07 20:37 . 2011-07-07 20:39 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\Turbine
2011-07-07 20:03 . 2011-07-07 20:03 -------- d-----w- c:\program files\Turbine
2011-07-07 16:21 . 2011-07-07 21:18 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\PMB Files
2011-07-07 16:21 . 2011-07-07 16:21 -------- d-----w- c:\documents and settings\All Users\Data aplikac
2011-07-07 16:20 . 2011-07-07 16:20 -------- d-----w- c:\program files\Pando Networks
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-13 03:39 . 2011-03-11 20:23 6881616 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-11 12:17 . 2009-10-06 21:35 1698408 ----a-w- c:\windows\RtlExUpd.dll
2011-07-07 15:39 . 2009-10-06 21:35 6367848 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2011-07-05 14:08 . 2009-10-06 21:35 20053608 ----a-w- c:\windows\RTHDCPL.EXE
2011-06-30 14:15 . 2009-10-06 21:35 891496 ----a-w- c:\windows\system32\RTSndMgr.CPL
2011-06-06 11:35 . 2006-03-02 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-02_17.35.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-02 23:52 . 2011-08-02 23:52 16384 c:\windows\temp\Perflib_Perfdata_c78.dat
+ 2011-08-02 23:51 . 2011-08-02 23:51 16384 c:\windows\temp\Perflib_Perfdata_410.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"CreativeMouse "="c:\program files\Mouse Driver\MouseDrv.exe" [2004-06-27 503808]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"MWLTSR"="c:\program files\EgisTec MyWinLocker\MWLTSR.exe" [2010-12-23 125808]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"TaskTray"="c:\program files\Driver-Soft\SuperOvladac\TaskTray.exe" [2011-01-27 284016]
"RTHDCPL"="RTHDCPL.EXE" [2011-07-05 20053608]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2009-09-03 61440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
PlayerScore.lnk - d:\world of warcraft\PlayerScoreClient\PlayerScore.exe [2011-1-31 247808]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 661776]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Game Maker 6.1\\Osa9.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Ubisoft\\The Settlers 7 Offline Launcher\\server.exe"=
"d:\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"d:\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\MOH2010\\Medal Of Honor 2010.Limited Edition\\Binaries\\moh.exe"=
"c:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"c:\\Program Files\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57963:TCP"= 57963:TCP:Pando Media Booster
"57963:UDP"= 57963:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.10.2009 18:36 691696]
R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [23.5.2010 21:36 2944]
R1 MpKsl2aac186f;MpKsl2aac186f;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{FE5BD442-EE7A-4898-9FE3-2861EA92C2F3}\MpKsl2aac186f.sys [2.8.2011 22:03 28752]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [11.4.2011 22:20 18024]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [11.4.2011 22:20 15208]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [11.4.2011 22:20 60800]
R2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files\Common Files\EgisTec\Services\EgisTicketService.exe [23.12.2010 16:50 172912]
R2 GeniusMouseService;GeniusMouseService;c:\genius\ioCentre\GMouseService.exe [2.8.2011 12:10 12288]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2.8.2011 12:04 101392]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [2.8.2011 12:10 20480]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [2.8.2011 12:10 11520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2.8.2011 12:05 1691480]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [2.8.2011 12:10 17408]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2.8.2011 12:08 41272]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
2011-08-02 c:\windows\Tasks\User_Feed_Synchronization-{9AECBA5B-7C1A-4CE2-A94D-F3B0AAAD1364}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{E01CA4DC-E4D9-4370-ACD3-15625CE6D6B5}: NameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\flivi97c.default\
FF - prefs.js: browser.startup.homepage - szn.cz
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-03 01:51
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2025429265-152049171-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:3e,a2,bf,a3,d4,b4,e9,5d,f1,ed,3e,fe,60,af,8f,84,6b,f2,c2,6e,51,
80,8e,8a,76,80,21,65,77,3a,e3,24,d9,97,35,35,3a,ad,4d,58,28,83,65,46,fd,e4,\
"rkeysecu"=hex:bf,4a,44,ef,d6,5f,38,bd,b3,33,bc,72,0f,eb,72,fa
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(4072)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\savedump.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\windows\RTHDCPL.EXE
c:\genius\ioCentre\gMouseTask.exe
c:\genius\ioCentre\gKbdTask.exe
c:\genius\ioCentre\gIoCentreFunMgm.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\windows\system32\wscntfy.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclIVTBTSrv.exe
.
**************************************************************************
.
Celkový čas: 2011-08-03 01:54:23 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-02 23:54
ComboFix2.txt 2011-08-02 17:39
.
Před spuštěním: Volných bajtů: 21 935 607 808
Po spuštění: Volných bajtů: 21 921 841 152
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 14F53BCE9670AC40560FD3862E6EE0CB

Příspěvekod **Žbeky** » 03 srp 2011 15:07

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Driver::
nmwcdnsu

File::
c:\windows\system32\drivers\nmwcdnsu.sys

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

vratilenergy · Příspěvekod **vratilenergy** » 03 srp 2011 18:50

ComboFix 11-08-03.02 - admin 03.08.2011 18:23:16.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1367 [GMT 2:00]
Spuštěný z: c:\documents and settings\admin\Dokumenty\Stažené soubory\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\admin\Plocha\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\windows\system32\drivers\nmwcdnsu.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_nmwcdnsu
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-03 do 2011-08-03 )))))))))))))))))))))))))))))))
.
.
2011-08-03 12:15 . 2011-08-03 12:15 -------- d-----w- c:\program files\Blender Foundation
2011-08-02 10:17 . 2008-09-01 08:18 1564544 ----a-w- c:\windows\system32\drivers\VMHybr64.sys
2011-08-02 10:17 . 2008-09-01 08:05 1060224 ----a-w- c:\windows\system32\drivers\VMHybrid.sys
2011-08-02 10:17 . 2011-08-02 10:17 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-08-02 10:17 . 2003-02-27 14:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-08-02 10:17 . 2002-12-05 12:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-08-02 10:17 . 2002-12-02 13:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-08-02 10:17 . 2002-12-02 11:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-08-02 10:17 . 2002-12-02 11:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-08-02 10:17 . 2011-08-02 10:17 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-08-02 10:15 . 2010-09-23 13:46 81936 ----a-w- c:\windows\system32\RtNicProp32.dll
2011-08-02 10:15 . 2010-09-23 13:46 102416 ----a-w- c:\windows\system32\RTNUninst32.dll
2011-08-02 10:10 . 2009-11-02 15:47 11520 ----a-w- c:\windows\system32\drivers\gMouUsb.sys
2011-08-02 10:10 . 2009-11-02 15:43 20480 ----a-w- c:\windows\system32\drivers\gHidPnp.sys
2011-08-02 10:10 . 2009-06-30 10:13 17408 ----a-w- c:\windows\system32\drivers\gMouPS2.sys
2011-08-02 10:09 . 2011-08-02 10:09 -------- d-----w- C:\Genius
2011-08-02 10:08 . 2011-08-02 10:08 -------- d-----w- c:\documents and settings\admin\Data aplikací\Malwarebytes
2011-08-02 10:08 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-02 10:08 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-02 10:08 . 2011-08-02 10:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-02 10:05 . 2010-11-03 16:15 359016 ----a-w- c:\windows\vncutil.exe
2011-08-02 10:05 . 2011-07-06 11:27 60008 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-08-02 10:05 . 2010-11-03 16:14 129640 ----a-w- c:\windows\RtkAudioService.exe
2011-08-02 10:05 . 2009-11-18 05:17 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2011-08-02 10:05 . 2009-11-18 05:16 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2011-08-02 10:04 . 2011-03-30 18:46 101392 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys
2011-08-02 10:04 . 2011-08-02 10:04 -------- d-----w- c:\program files\ATI
2011-08-02 10:03 . 2011-08-02 10:03 -------- d-----w- C:\ATI
2011-08-02 09:51 . 2011-08-02 09:51 -------- d-----w- c:\program files\Driver-Soft
2011-08-02 08:22 . 2011-08-02 08:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\PCHealth
2011-08-01 17:02 . 2011-08-01 17:02 -------- d-----w- C:\Graphics
2011-08-01 17:02 . 2006-06-17 10:52 104448 ------w- c:\windows\system32\mwdds.dll
2011-08-01 17:02 . 2006-06-17 09:44 183296 ------w- c:\windows\system32\mwgfx.dll
2011-08-01 17:02 . 2005-11-12 23:28 238080 ------w- c:\windows\system32\mwgfx24.dll
2011-08-01 17:02 . 2004-05-14 09:13 56832 ------w- c:\windows\system32\mwace.dll
2011-07-31 19:20 . 2011-07-31 19:20 388096 ----a-r- c:\documents and settings\admin\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-31 19:20 . 2011-07-31 19:20 -------- d-----w- c:\program files\Trend Micro
2011-07-31 17:51 . 2011-07-31 17:56 -------- d-----w- c:\windows\system32\NtmsData
2011-07-31 16:39 . 2011-07-31 16:39 -------- d-----w- c:\documents and settings\admin\Data aplikací\Blender Foundation
2011-07-31 08:22 . 2011-07-31 18:46 -------- d-----w- c:\program files\Google
2011-07-28 20:54 . 2011-07-31 20:42 -------- d-----w- c:\program files\TmUnitedForever
2011-07-26 06:57 . 2011-07-26 06:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 17:10 . 2011-07-22 17:10 -------- d-----w- c:\documents and settings\admin\Data aplikací\Ashampoo
2011-07-22 17:10 . 2011-07-22 17:10 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\ashampoo
2011-07-22 17:10 . 2011-07-22 17:10 -------- d-----w- c:\program files\Ashampoo
2011-07-22 17:06 . 2011-07-22 17:06 81920 ----a-w- c:\documents and settings\admin\Data aplikací\ezpinst.exe
2011-07-22 17:06 . 2011-07-22 17:06 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2011-07-22 17:06 . 2011-07-22 17:06 -------- d-----w- c:\documents and settings\admin\Data aplikací\Vso
2011-07-22 17:05 . 2011-07-22 21:55 -------- d-----w- c:\program files\McFunSoft DVD Creator
2011-07-21 15:59 . 2011-07-21 15:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-07-21 15:56 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-07-21 15:56 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-07-21 15:56 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2011-07-21 15:56 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-07-21 15:56 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2011-07-21 15:56 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-07-21 15:56 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2011-07-21 15:56 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-07-14 11:07 . 2011-07-14 11:07 -------- d-----w- C:\GMouse20
2011-07-14 09:48 . 2011-07-14 09:48 -------- d-----w- c:\documents and settings\admin\Phone Browser
2011-07-14 09:48 . 2011-07-22 16:49 -------- d-----w- c:\documents and settings\admin\Data aplikací\Nokia Multimedia Player
2011-07-14 09:31 . 2011-07-14 09:31 -------- d-----w- c:\program files\Common Files\PCSuite
2011-07-14 09:31 . 2007-02-22 09:15 12288 ----a-w- c:\windows\system32\drivers\nmwcdcm.sys
2011-07-14 09:31 . 2007-02-22 09:15 12288 ----a-w- c:\windows\system32\drivers\nmwcdcj.sys
2011-07-14 09:31 . 2007-02-22 09:15 137216 ----a-w- c:\windows\system32\drivers\nmwcd.sys
2011-07-14 09:31 . 2007-02-22 09:15 8320 ----a-w- c:\windows\system32\drivers\nmwcdc.sys
2011-07-14 09:31 . 2007-02-22 09:15 65536 ----a-w- c:\windows\system32\nmwcdcocls.dll
2011-07-07 20:56 . 2011-07-07 20:56 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\The Lord of the Rings Online
2011-07-07 20:37 . 2011-07-07 20:39 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\Turbine
2011-07-07 20:03 . 2011-07-07 20:03 -------- d-----w- c:\program files\Turbine
2011-07-07 16:21 . 2011-07-07 21:18 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\PMB Files
2011-07-07 16:21 . 2011-07-07 16:21 -------- d-----w- c:\documents and settings\All Users\Data aplikac
2011-07-07 16:20 . 2011-07-07 16:20 -------- d-----w- c:\program files\Pando Networks
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-13 03:39 . 2011-03-11 20:23 6881616 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-11 12:17 . 2009-10-06 21:35 1698408 ----a-w- c:\windows\RtlExUpd.dll
2011-07-07 15:39 . 2009-10-06 21:35 6367848 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2011-07-05 14:08 . 2009-10-06 21:35 20053608 ----a-w- c:\windows\RTHDCPL.EXE
2011-06-30 14:15 . 2009-10-06 21:35 891496 ----a-w- c:\windows\system32\RTSndMgr.CPL
2011-06-06 11:35 . 2006-03-02 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-02_17.35.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-03 16:29 . 2011-08-03 16:29 16384 c:\windows\temp\Perflib_Perfdata_c0c.dat
+ 2011-08-03 16:28 . 2011-08-03 16:28 16384 c:\windows\temp\Perflib_Perfdata_668.dat
+ 2011-08-03 08:01 . 2006-07-21 08:14 86016 c:\windows\system32\ReinstallBackups\0013\DriverFiles\SOUNDMAN.EXE
+ 2011-08-03 08:01 . 2008-04-14 06:53 23552 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\wdmaud.drv
+ 2011-08-03 08:01 . 2008-04-13 22:15 49408 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\stream.sys
+ 2011-08-03 08:01 . 2008-04-13 22:15 60160 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\drmk.sys
+ 2011-08-03 08:01 . 2005-05-03 10:43 69632 c:\windows\system32\ReinstallBackups\0013\DriverFiles\ALCMTR.EXE
+ 2011-08-03 08:01 . 2008-04-14 06:51 4096 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\ksuser.dll
+ 2011-08-03 08:01 . 2007-03-07 06:59 131072 c:\windows\system32\ReinstallBackups\0013\DriverFiles\RTLCPAPI.dll
+ 2011-08-03 08:01 . 2007-03-15 06:39 262144 c:\windows\system32\ReinstallBackups\0013\DriverFiles\RTCOMDLL.dll
+ 2011-08-03 08:01 . 2008-04-13 22:49 146048 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\portcls.sys
+ 2011-08-03 08:01 . 2008-04-13 22:46 141056 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\ks.sys
+ 2011-08-03 08:01 . 2007-04-04 09:22 1822720 c:\windows\system32\ReinstallBackups\0013\DriverFiles\SkyTel.exe
+ 2011-08-03 08:01 . 2007-01-16 02:39 1191936 c:\windows\system32\ReinstallBackups\0013\DriverFiles\RtlUpd.exe
+ 2011-08-03 08:01 . 2007-03-23 11:19 9715200 c:\windows\system32\ReinstallBackups\0013\DriverFiles\RTLCPL.EXE
+ 2011-08-03 08:01 . 2007-04-10 11:04 4397568 c:\windows\system32\ReinstallBackups\0013\DriverFiles\RtkHDAud.sys
+ 2011-08-03 08:01 . 2006-10-11 09:42 2157568 c:\windows\system32\ReinstallBackups\0013\DriverFiles\MicCal.exe
+ 2011-08-03 08:01 . 2006-05-04 08:26 2808832 c:\windows\system32\ReinstallBackups\0013\DriverFiles\ALCWZRD.EXE
+ 2011-08-03 08:01 . 2007-04-10 07:28 16126464 c:\windows\system32\ReinstallBackups\0013\DriverFiles\RTHDCPL.EXE
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"CreativeMouse "="c:\program files\Mouse Driver\MouseDrv.exe" [2004-06-27 503808]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"MWLTSR"="c:\program files\EgisTec MyWinLocker\MWLTSR.exe" [2010-12-23 125808]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"TaskTray"="c:\program files\Driver-Soft\SuperOvladac\TaskTray.exe" [2011-01-27 284016]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2009-09-03 61440]
"RTHDCPL"="RTHDCPL.EXE" [2011-07-05 20053608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
PlayerScore.lnk - d:\world of warcraft\PlayerScoreClient\PlayerScore.exe [2011-1-31 247808]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 661776]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Game Maker 6.1\\Osa9.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Ubisoft\\The Settlers 7 Offline Launcher\\server.exe"=
"d:\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"d:\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\MOH2010\\Medal Of Honor 2010.Limited Edition\\Binaries\\moh.exe"=
"c:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"c:\\Program Files\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57963:TCP"= 57963:TCP:Pando Media Booster
"57963:UDP"= 57963:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.10.2009 18:36 691696]
R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [23.5.2010 21:36 2944]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [11.4.2011 22:20 18024]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [11.4.2011 22:20 15208]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [11.4.2011 22:20 60800]
R2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files\Common Files\EgisTec\Services\EgisTicketService.exe [23.12.2010 16:50 172912]
R2 GeniusMouseService;GeniusMouseService;c:\genius\ioCentre\GMouseService.exe [2.8.2011 12:10 12288]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2.8.2011 12:04 101392]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [2.8.2011 12:10 20480]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [2.8.2011 12:10 11520]
S1 MpKsl8b102ad2;MpKsl8b102ad2;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DEE92A65-AA09-43C1-92A6-B8739FCAE560}\MpKsl8b102ad2.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DEE92A65-AA09-43C1-92A6-B8739FCAE560}\MpKsl8b102ad2.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2.8.2011 12:05 1691480]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [2.8.2011 12:10 17408]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2.8.2011 12:08 41272]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
2011-08-03 c:\windows\Tasks\User_Feed_Synchronization-{9AECBA5B-7C1A-4CE2-A94D-F3B0AAAD1364}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{E01CA4DC-E4D9-4370-ACD3-15625CE6D6B5}: NameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\flivi97c.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - szn.cz
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-03 18:28
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2025429265-152049171-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:3e,a2,bf,a3,d4,b4,e9,5d,f1,ed,3e,fe,60,af,8f,84,6b,f2,c2,6e,51,
80,8e,8a,76,80,21,65,77,3a,e3,24,d9,97,35,35,3a,ad,4d,58,28,83,65,46,fd,e4,\
"rkeysecu"=hex:bf,4a,44,ef,d6,5f,38,bd,b3,33,bc,72,0f,eb,72,fa
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(828)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3780)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\savedump.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\windows\system32\wscntfy.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclIVTBTSrv.exe
.
**************************************************************************
.
Celkový čas: 2011-08-03 18:31:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-03 16:31
ComboFix2.txt 2011-08-02 23:54
ComboFix3.txt 2011-08-02 17:39
.
Před spuštěním: Volných bajtů: 22 086 742 016
Po spuštění: Volných bajtů: 22 073 950 208
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - EF185919EF9F752F47A04F78121E9245

Příspěvekod **Žbeky** » 03 srp 2011 18:57

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Driver::
MpKsl8b102ad2

File::
c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DEE92A65-AA09-43C1-92A6-B8739FCAE560}\MpKsl8b102ad2.sys

Firefox::
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\flivi97c.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

vratilenergy · Příspěvekod **vratilenergy** » 03 srp 2011 19:26

ComboFix 11-08-03.02 - admin 03.08.2011 19:16:07.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1363 [GMT 2:00]
Spuštěný z: c:\documents and settings\admin\Dokumenty\Stažené soubory\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\admin\Plocha\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DEE92A65-AA09-43C1-92A6-B8739FCAE560}\MpKsl8b102ad2.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MPKSL8B102AD2
-------\Service_MpKsl8b102ad2
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-03 do 2011-08-03 )))))))))))))))))))))))))))))))
.
.
2011-08-03 12:15 . 2011-08-03 12:15 -------- d-----w- c:\program files\Blender Foundation
2011-08-02 10:17 . 2008-09-01 08:18 1564544 ----a-w- c:\windows\system32\drivers\VMHybr64.sys
2011-08-02 10:17 . 2008-09-01 08:05 1060224 ----a-w- c:\windows\system32\drivers\VMHybrid.sys
2011-08-02 10:17 . 2011-08-02 10:17 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-08-02 10:17 . 2003-02-27 14:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-08-02 10:17 . 2002-12-05 12:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-08-02 10:17 . 2002-12-02 13:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-08-02 10:17 . 2002-12-02 11:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-08-02 10:17 . 2002-12-02 11:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-08-02 10:17 . 2011-08-02 10:17 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-08-02 10:15 . 2010-09-23 13:46 81936 ----a-w- c:\windows\system32\RtNicProp32.dll
2011-08-02 10:15 . 2010-09-23 13:46 102416 ----a-w- c:\windows\system32\RTNUninst32.dll
2011-08-02 10:10 . 2009-11-02 15:47 11520 ----a-w- c:\windows\system32\drivers\gMouUsb.sys
2011-08-02 10:10 . 2009-11-02 15:43 20480 ----a-w- c:\windows\system32\drivers\gHidPnp.sys
2011-08-02 10:10 . 2009-06-30 10:13 17408 ----a-w- c:\windows\system32\drivers\gMouPS2.sys
2011-08-02 10:09 . 2011-08-02 10:09 -------- d-----w- C:\Genius
2011-08-02 10:08 . 2011-08-02 10:08 -------- d-----w- c:\documents and settings\admin\Data aplikací\Malwarebytes
2011-08-02 10:08 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-02 10:08 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-02 10:08 . 2011-08-02 10:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-02 10:05 . 2010-11-03 16:15 359016 ----a-w- c:\windows\vncutil.exe
2011-08-02 10:05 . 2011-07-06 11:27 60008 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-08-02 10:05 . 2010-11-03 16:14 129640 ----a-w- c:\windows\RtkAudioService.exe
2011-08-02 10:05 . 2009-11-18 05:17 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2011-08-02 10:05 . 2009-11-18 05:16 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2011-08-02 10:04 . 2011-03-30 18:46 101392 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys
2011-08-02 10:04 . 2011-08-02 10:04 -------- d-----w- c:\program files\ATI
2011-08-02 10:03 . 2011-08-02 10:03 -------- d-----w- C:\ATI
2011-08-02 09:51 . 2011-08-02 09:51 -------- d-----w- c:\program files\Driver-Soft
2011-08-02 08:22 . 2011-08-02 08:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\PCHealth
2011-08-01 17:02 . 2011-08-01 17:02 -------- d-----w- C:\Graphics
2011-08-01 17:02 . 2006-06-17 10:52 104448 ------w- c:\windows\system32\mwdds.dll
2011-08-01 17:02 . 2006-06-17 09:44 183296 ------w- c:\windows\system32\mwgfx.dll
2011-08-01 17:02 . 2005-11-12 23:28 238080 ------w- c:\windows\system32\mwgfx24.dll
2011-08-01 17:02 . 2004-05-14 09:13 56832 ------w- c:\windows\system32\mwace.dll
2011-07-31 19:20 . 2011-07-31 19:20 388096 ----a-r- c:\documents and settings\admin\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-31 19:20 . 2011-07-31 19:20 -------- d-----w- c:\program files\Trend Micro
2011-07-31 17:51 . 2011-07-31 17:56 -------- d-----w- c:\windows\system32\NtmsData
2011-07-31 16:39 . 2011-07-31 16:39 -------- d-----w- c:\documents and settings\admin\Data aplikací\Blender Foundation
2011-07-31 08:22 . 2011-07-31 18:46 -------- d-----w- c:\program files\Google
2011-07-28 20:54 . 2011-07-31 20:42 -------- d-----w- c:\program files\TmUnitedForever
2011-07-26 06:57 . 2011-07-26 06:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 17:10 . 2011-07-22 17:10 -------- d-----w- c:\documents and settings\admin\Data aplikací\Ashampoo
2011-07-22 17:10 . 2011-07-22 17:10 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\ashampoo
2011-07-22 17:10 . 2011-07-22 17:10 -------- d-----w- c:\program files\Ashampoo
2011-07-22 17:06 . 2011-07-22 17:06 81920 ----a-w- c:\documents and settings\admin\Data aplikací\ezpinst.exe
2011-07-22 17:06 . 2011-07-22 17:06 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2011-07-22 17:06 . 2011-07-22 17:06 -------- d-----w- c:\documents and settings\admin\Data aplikací\Vso
2011-07-22 17:05 . 2011-07-22 21:55 -------- d-----w- c:\program files\McFunSoft DVD Creator
2011-07-21 15:59 . 2011-07-21 15:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-07-21 15:56 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-07-21 15:56 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-07-21 15:56 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2011-07-21 15:56 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-07-21 15:56 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2011-07-21 15:56 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-07-21 15:56 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2011-07-21 15:56 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-07-14 11:07 . 2011-07-14 11:07 -------- d-----w- C:\GMouse20
2011-07-14 09:48 . 2011-07-14 09:48 -------- d-----w- c:\documents and settings\admin\Phone Browser
2011-07-14 09:48 . 2011-07-22 16:49 -------- d-----w- c:\documents and settings\admin\Data aplikací\Nokia Multimedia Player
2011-07-14 09:31 . 2011-07-14 09:31 -------- d-----w- c:\program files\Common Files\PCSuite
2011-07-14 09:31 . 2007-02-22 09:15 12288 ----a-w- c:\windows\system32\drivers\nmwcdcm.sys
2011-07-14 09:31 . 2007-02-22 09:15 12288 ----a-w- c:\windows\system32\drivers\nmwcdcj.sys
2011-07-14 09:31 . 2007-02-22 09:15 137216 ----a-w- c:\windows\system32\drivers\nmwcd.sys
2011-07-14 09:31 . 2007-02-22 09:15 8320 ----a-w- c:\windows\system32\drivers\nmwcdc.sys
2011-07-14 09:31 . 2007-02-22 09:15 65536 ----a-w- c:\windows\system32\nmwcdcocls.dll
2011-07-07 20:56 . 2011-07-07 20:56 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\The Lord of the Rings Online
2011-07-07 20:37 . 2011-07-07 20:39 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\Turbine
2011-07-07 20:03 . 2011-07-07 20:03 -------- d-----w- c:\program files\Turbine
2011-07-07 16:21 . 2011-07-07 21:18 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\PMB Files
2011-07-07 16:21 . 2011-07-07 16:21 -------- d-----w- c:\documents and settings\All Users\Data aplikac
2011-07-07 16:20 . 2011-07-07 16:20 -------- d-----w- c:\program files\Pando Networks
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-13 03:39 . 2011-03-11 20:23 6881616 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-11 12:17 . 2009-10-06 21:35 1698408 ----a-w- c:\windows\RtlExUpd.dll
2011-07-07 15:39 . 2009-10-06 21:35 6367848 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2011-07-05 14:08 . 2009-10-06 21:35 20053608 ----a-w- c:\windows\RTHDCPL.EXE
2011-06-30 14:15 . 2009-10-06 21:35 891496 ----a-w- c:\windows\system32\RTSndMgr.CPL
2011-06-06 11:35 . 2006-03-02 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-02_17.35.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-03 17:21 . 2011-08-03 17:21 16384 c:\windows\temp\Perflib_Perfdata_ca8.dat
+ 2011-08-03 17:21 . 2011-08-03 17:21 16384 c:\windows\temp\Perflib_Perfdata_854.dat
+ 2011-08-03 08:01 . 2006-07-21 08:14 86016 c:\windows\system32\ReinstallBackups\0013\DriverFiles\SOUNDMAN.EXE
+ 2011-08-03 08:01 . 2008-04-14 06:53 23552 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\wdmaud.drv
+ 2011-08-03 08:01 . 2008-04-13 22:15 49408 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\stream.sys
+ 2011-08-03 08:01 . 2008-04-13 22:15 60160 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\drmk.sys
+ 2011-08-03 08:01 . 2005-05-03 10:43 69632 c:\windows\system32\ReinstallBackups\0013\DriverFiles\ALCMTR.EXE
+ 2011-08-03 08:01 . 2008-04-14 06:51 4096 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\ksuser.dll
+ 2011-08-03 08:01 . 2007-03-07 06:59 131072 c:\windows\system32\ReinstallBackups\0013\DriverFiles\RTLCPAPI.dll
+ 2011-08-03 08:01 . 2007-03-15 06:39 262144 c:\windows\system32\ReinstallBackups\0013\DriverFiles\RTCOMDLL.dll
+ 2011-08-03 08:01 . 2008-04-13 22:49 146048 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\portcls.sys
+ 2011-08-03 08:01 . 2008-04-13 22:46 141056 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\ks.sys
+ 2011-08-03 08:01 . 2007-04-04 09:22 1822720 c:\windows\system32\ReinstallBackups\0013\DriverFiles\SkyTel.exe
+ 2011-08-03 08:01 . 2007-01-16 02:39 1191936 c:\windows\system32\ReinstallBackups\0013\DriverFiles\RtlUpd.exe
+ 2011-08-03 08:01 . 2007-03-23 11:19 9715200 c:\windows\system32\ReinstallBackups\0013\DriverFiles\RTLCPL.EXE
+ 2011-08-03 08:01 . 2007-04-10 11:04 4397568 c:\windows\system32\ReinstallBackups\0013\DriverFiles\RtkHDAud.sys
+ 2011-08-03 08:01 . 2006-10-11 09:42 2157568 c:\windows\system32\ReinstallBackups\0013\DriverFiles\MicCal.exe
+ 2011-08-03 08:01 . 2006-05-04 08:26 2808832 c:\windows\system32\ReinstallBackups\0013\DriverFiles\ALCWZRD.EXE
+ 2011-08-03 08:01 . 2007-04-10 07:28 16126464 c:\windows\system32\ReinstallBackups\0013\DriverFiles\RTHDCPL.EXE
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"CreativeMouse "="c:\program files\Mouse Driver\MouseDrv.exe" [2004-06-27 503808]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"MWLTSR"="c:\program files\EgisTec MyWinLocker\MWLTSR.exe" [2010-12-23 125808]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"TaskTray"="c:\program files\Driver-Soft\SuperOvladac\TaskTray.exe" [2011-01-27 284016]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2009-09-03 61440]
"RTHDCPL"="RTHDCPL.EXE" [2011-07-05 20053608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
PlayerScore.lnk - d:\world of warcraft\PlayerScoreClient\PlayerScore.exe [2011-1-31 247808]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 661776]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Game Maker 6.1\\Osa9.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Ubisoft\\The Settlers 7 Offline Launcher\\server.exe"=
"d:\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"d:\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\MOH2010\\Medal Of Honor 2010.Limited Edition\\Binaries\\moh.exe"=
"c:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"c:\\Program Files\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57963:TCP"= 57963:TCP:Pando Media Booster
"57963:UDP"= 57963:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.10.2009 18:36 691696]
R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [23.5.2010 21:36 2944]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [11.4.2011 22:20 18024]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [11.4.2011 22:20 15208]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [11.4.2011 22:20 60800]
R2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files\Common Files\EgisTec\Services\EgisTicketService.exe [23.12.2010 16:50 172912]
R2 GeniusMouseService;GeniusMouseService;c:\genius\ioCentre\GMouseService.exe [2.8.2011 12:10 12288]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2.8.2011 12:04 101392]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [2.8.2011 12:10 20480]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [2.8.2011 12:10 11520]
S1 MpKslff8ce201;MpKslff8ce201;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{CEDF8869-97EB-475A-BF55-1F8D7AA9E85C}\MpKslff8ce201.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{CEDF8869-97EB-475A-BF55-1F8D7AA9E85C}\MpKslff8ce201.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2.8.2011 12:05 1691480]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [2.8.2011 12:10 17408]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2.8.2011 12:08 41272]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
2011-08-03 c:\windows\Tasks\User_Feed_Synchronization-{9AECBA5B-7C1A-4CE2-A94D-F3B0AAAD1364}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{E01CA4DC-E4D9-4370-ACD3-15625CE6D6B5}: NameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\flivi97c.default\
FF - prefs.js: browser.startup.homepage - szn.cz
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-03 19:21
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2025429265-152049171-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:3e,a2,bf,a3,d4,b4,e9,5d,f1,ed,3e,fe,60,af,8f,84,6b,f2,c2,6e,51,
80,8e,8a,76,80,21,65,77,3a,e3,24,d9,97,35,35,3a,ad,4d,58,28,83,65,46,fd,e4,\
"rkeysecu"=hex:bf,4a,44,ef,d6,5f,38,bd,b3,33,bc,72,0f,eb,72,fa
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2584)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\savedump.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\windows\system32\wscntfy.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclIVTBTSrv.exe
.
**************************************************************************
.
Celkový čas: 2011-08-03 19:24:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-03 17:24
ComboFix2.txt 2011-08-03 16:31
ComboFix3.txt 2011-08-02 23:54
ComboFix4.txt 2011-08-02 17:39
.
Před spuštěním: Volných bajtů: 22 064 844 800
Po spuštění: Volných bajtů: 22 046 498 816
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - F9307FC24E4BB7219DEAE351B29D38B4

Příspěvekod **Žbeky** » 03 srp 2011 20:02

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials

+ Nový log z HJT

Jak se chová PC?

prosím o kontrolu logu

prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Kdo je online