Kontrola logu - používání trainerů atp. Vyřešeno

[FIDLIK]

Dobrý den,
nemám s pc problémy jen to chci pro jistotu zkontrolovat po bratránkovi, který mi sem nastahoval nějaký blbosti, ale většinu sem snad odstranil..

HJT:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:59:28, on 15.5.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Steam\steam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\nethall1\Plocha\APPS\HiJackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe" /S
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 3015 bytes


MBAM:
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.61.0.1400
http://www.malwarebytes.org

Verze databáze: v2012.04.30.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
nethall1 :: NETHALL [administrátor]

Ochrana: Zakázána

15.5.2012 7:59:51
mbam-log-2012-05-15 (07-59-51).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 219956
Uplynulý čas: 6 minut, 11 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

[Reklama]

[memphisto]

fix:
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

Udělej ještě Combofix. Nemám tu bohužel návod, tak z jiného tématu

[FIDLIK]

ComboFix 12-05-14.03 - nethall1 15.05.2012 8:48.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.603 [GMT 2:00]
Spuštěný z: c:\documents and settings\nethall1\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-04-15 do 2012-05-15 )))))))))))))))))))))))))))))))
.
.
2012-12-28 21:58 . 2012-12-28 21:58 -------- d-----w- c:\program files\Vypínač na dobrou noc
2012-12-28 21:44 . 2012-12-28 21:44 -------- d-----w- c:\program files\uTorrent
2012-12-28 21:44 . 2012-05-15 06:33 -------- d-----w- c:\documents and settings\nethall1\Data aplikací\uTorrent
2012-12-27 20:08 . 2012-12-27 20:08 -------- d-----w- c:\program files\CPUID
2012-12-27 20:08 . 2011-09-21 09:25 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2012-12-27 18:41 . 2012-05-14 21:10 -------- d-----w- c:\documents and settings\nethall1\Data aplikací\mIRC
2012-12-27 18:10 . 2012-12-27 18:10 -------- d-----w- c:\documents and settings\nethall1\Data aplikací\NVIDIA
2012-12-27 17:53 . 2012-04-15 16:47 -------- d-----w- c:\program files\VideoLAN
2012-12-27 17:53 . 2012-05-15 06:00 -------- d-----w- c:\documents and settings\nethall1\Data aplikací\skypePM
2012-12-27 17:52 . 2012-05-15 06:19 -------- d-----w- c:\documents and settings\nethall1\Data aplikací\Skype
2012-12-27 17:50 . 2012-12-27 17:50 -------- d-----w- c:\program files\Common Files\Skype
2012-12-27 17:50 . 2012-04-30 11:05 -------- d-----r- c:\program files\Skype
2012-12-27 17:48 . 2012-03-31 15:13 -------- d-----w- c:\documents and settings\nethall1\Data aplikací\GHISLER
2012-12-27 17:48 . 2012-03-31 15:13 -------- d-----w- C:\totalcmd
2012-12-27 17:48 . 2012-03-09 06:57 545 ----a-w- c:\windows\UC.PIF
2012-12-27 17:48 . 2012-03-09 06:57 545 ----a-w- c:\windows\RAR.PIF
2012-12-27 17:48 . 2012-03-09 06:57 545 ----a-w- c:\windows\NOCLOSE.PIF
2012-12-27 17:48 . 2012-03-09 06:57 545 ----a-w- c:\windows\LHA.PIF
2012-12-27 17:48 . 2012-03-09 06:57 545 ----a-w- c:\windows\ARJ.PIF
2012-05-13 20:19 . 2012-05-13 20:19 -------- d-----w- c:\documents and settings\nethall1\Local Settings\Data aplikací\Identities
2012-05-13 18:39 . 2012-05-13 18:39 -------- d-----w- c:\program files\VentriloMIX
2012-05-12 09:41 . 2012-05-12 09:41 -------- d-----w- c:\documents and settings\nethall1\Data aplikací\dvdcss
2012-05-10 14:53 . 2012-05-10 15:00 -------- d-----w- c:\documents and settings\nethall1\Local Settings\Data aplikací\Google
2012-05-10 14:48 . 2012-05-11 16:58 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-10 14:48 . 2012-05-11 16:58 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-10 12:29 . 2012-05-10 12:29 -------- d-----w- c:\program files\CrystalDiskInfo
2012-05-10 11:16 . 2012-05-10 11:16 -------- d-----w- c:\documents and settings\nethall1\Data aplikací\LolClient
2012-05-10 11:15 . 2012-05-10 11:15 -------- d-----w- C:\T3Fun
2012-05-10 09:38 . 2012-05-10 09:38 -------- d-----w- C:\Riot Games
2012-05-08 14:55 . 2012-05-14 18:41 -------- d-----w- c:\documents and settings\nethall1\Local Settings\Data aplikací\PMB Files
2012-05-08 14:55 . 2012-05-08 14:55 -------- d-----w- c:\documents and settings\All Users\Data aplikac
2012-05-08 14:54 . 2012-05-08 14:54 -------- d-----w- c:\program files\Pando Networks
2012-05-07 10:34 . 2012-05-07 10:34 -------- d-----w- c:\windows\Multihack .United
2012-05-07 10:27 . 2012-05-08 11:06 -------- d-----w- c:\documents and settings\nethall1\Data aplikací\MSDCSC
2012-05-04 16:01 . 2008-04-14 06:52 26624 ----a-w- c:\documents and settings\LocalService\Data aplikací\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2012-05-03 21:02 . 2012-05-13 17:48 -------- d-----w- c:\program files\Metin2
2012-05-03 13:13 . 2012-05-03 21:07 -------- d-----w- c:\program files\M2Fish
2012-04-30 22:46 . 2012-05-02 20:03 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2012-04-30 22:45 . 2012-04-30 22:45 -------- d-----w- c:\program files\Notebook Hardware Control
2012-04-30 19:14 . 2012-04-30 19:14 -------- d-----w- c:\program files\ESET
2012-04-30 10:59 . 2012-04-30 10:59 -------- d-----w- c:\program files\GPU-Z
2012-04-30 10:40 . 2012-04-30 10:40 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-30 10:40 . 2012-04-30 10:40 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-30 10:40 . 2012-04-30 10:40 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-30 09:43 . 2008-09-10 16:58 270336 ----a-w- c:\windows\system32\CMRMDRV3.exe
2012-04-30 09:43 . 2008-09-11 09:10 278528 ----a-w- c:\windows\CmiPCIUninstall.exe
2012-04-30 09:43 . 2012-04-30 09:43 -------- d-----w- c:\program files\C-Media PCI Audio Device
2012-04-30 09:43 . 2009-03-18 09:34 1512960 ----a-w- c:\windows\system32\drivers\cmudax3.sys
2012-04-28 11:14 . 2012-04-28 11:14 -------- d-----w- c:\documents and settings\nethall1\Local Settings\Data aplikací\OCCT
2012-04-27 19:30 . 2009-02-24 16:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2012-04-27 19:30 . 2012-04-27 19:30 -------- d-----w- c:\program files\MagicDisc
2012-04-27 19:20 . 2012-04-27 19:20 -------- d-----w- c:\program files\MagicISO
2012-04-27 15:51 . 2012-04-27 15:51 -------- d-----w- c:\program files\MadOnion.com
2012-04-27 15:51 . 2001-09-05 03:18 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-04-27 15:51 . 2001-09-05 03:18 225280 ------w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
2012-04-27 15:51 . 2001-09-05 03:14 176128 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-04-27 15:51 . 2001-09-05 03:13 32768 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-04-27 15:51 . 2001-09-05 03:24 610436 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-04-27 13:13 . 2012-04-27 13:13 -------- d-----w- c:\documents and settings\nethall1\Data aplikací\OnLive App
2012-04-27 13:13 . 2012-04-27 13:13 -------- d-----w- c:\program files\OnLive
2012-04-25 12:08 . 2012-04-25 12:09 -------- d-----w- c:\documents and settings\nethall1\Metin
2012-04-24 15:11 . 2012-04-24 15:11 -------- d-----w- c:\documents and settings\nethall1\Local Settings\Data aplikací\GHISLER
2012-04-24 09:11 . 2012-04-24 09:11 -------- d-----w- c:\program files\Folder Size
2012-04-22 12:47 . 2012-04-22 12:47 -------- d-----w- c:\documents and settings\UpdatusUser
2012-04-22 11:37 . 2012-04-22 11:37 -------- d-----w- c:\program files\Doom 3
2012-04-22 11:14 . 2012-04-22 11:14 -------- d-----w- c:\program files\directx
2012-04-22 08:49 . 2012-04-24 08:41 -------- d-----w- c:\program files\Soluto
2012-04-22 08:49 . 2012-04-22 08:49 -------- d-----w- c:\documents and settings\All Users\Soluto
2012-04-22 08:28 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-04-22 08:26 . 2012-04-22 08:28 -------- d-----w- C:\6bdc3a329f9a866b6eeabc84
2012-04-17 15:13 . 2012-04-17 15:13 -------- d-----w- c:\documents and settings\nethall1\VirtualBox VMs
2012-04-17 15:12 . 2012-04-17 16:29 -------- d-----w- c:\documents and settings\nethall1\.VirtualBox
2012-04-17 14:57 . 2012-04-17 16:28 -------- d-----w- c:\documents and settings\nethall1\Data aplikací\Hamachi
2012-04-17 14:57 . 2012-04-17 14:57 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2012-04-17 14:57 . 2012-04-17 14:57 -------- d-----w- c:\program files\Hamachi
2012-04-17 13:57 . 2011-12-21 11:47 154416 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-04-17 13:56 . 2012-04-24 08:41 -------- dc----w- c:\windows\system32\DRVSTORE
2012-04-17 13:56 . 2011-12-21 11:47 33072 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-04-17 13:56 . 2012-04-17 13:56 -------- d-----w- c:\program files\Oracle
2012-04-16 14:25 . 2012-04-16 14:25 -------- d-----w- c:\documents and settings\nethall1\Data aplikací\TeamViewer
2012-04-15 16:48 . 2012-05-12 23:54 -------- d-----w- c:\documents and settings\nethall1\Data aplikací\vlc
2012-04-15 12:56 . 2009-06-25 11:20 1446264 ----a-w- c:\program files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-22 11:01 . 2012-04-01 12:28 53248 ----a-w- c:\windows\unrar.dll
2012-04-04 13:56 . 2012-04-05 20:26 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 15:05 . 2012-03-31 15:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-31 15:05 . 2012-03-31 15:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-30 14:16 . 2012-03-30 14:16 22328 ----a-w- c:\documents and settings\nethall1\Data aplikací\PnkBstrK.sys
2012-03-30 14:00 . 2012-03-30 14:00 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-29 23:58 . 2012-03-27 15:04 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-29 23:58 . 2012-03-27 15:04 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-29 23:58 . 2012-03-27 15:04 5918720 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-29 23:58 . 2012-03-27 15:04 2522944 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-29 23:58 . 2012-03-27 15:04 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-29 23:58 . 2012-03-27 15:04 2291712 ----a-w- c:\windows\system32\nvapi.dll
2012-02-29 23:58 . 2012-03-27 15:04 18624512 ----a-w- c:\windows\system32\nvoglnt.dll
2012-02-29 23:58 . 2012-03-27 15:04 17534976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-29 23:58 . 2012-03-27 15:04 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-29 23:58 . 2012-03-26 18:45 4309760 ----a-w- c:\windows\system32\nv4_disp.dll
2012-02-29 23:58 . 2012-03-26 18:45 13417632 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-02-29 20:30 . 2012-03-27 15:05 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-02-29 20:30 . 2012-03-27 15:05 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-02-29 20:30 . 2012-03-27 15:05 15494464 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:30 . 2012-03-27 15:05 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-02-29 20:30 . 2012-03-27 15:05 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-04-30 10:40 . 2012-03-26 18:39 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2008-07-25 09:16 35320 --sha-w- c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
2008-07-25 09:17 1172472 --sha-w- c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2012-03-26 1242448]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe" [2009-08-22 2781184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^nethall1^Nabídka Start^Programy^Po spuštění^MagicDisc.lnk]
path=c:\documents and settings\nethall1\Nabídka Start\Programy\Po spuštění\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-02-13 08:06 3481408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-05-10 14:53 116648 ----atw- c:\documents and settings\nethall1\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 13:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MicroUpdate]
2008-07-25 09:17 1172472 --shatr- c:\documents and settings\nethall1\Data aplikací\MSDCSC\mAcD6Q1ALe12\mAcD6Q1ALe12\msdcsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-14 06:52 171008 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NotebookHardwareControl]
2007-05-04 16:16 2629632 ----a-w- c:\program files\Notebook Hardware Control\nhc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2012-02-29 20:30 15494464 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2012-02-29 20:30 108352 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAM Idle Professional]
2006-01-17 03:38 135168 ----a-w- c:\program files\RAM Idle LE\RAM_XP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-08-02 21:12 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\nethall1\\Games\\Tom Clancy's H.A.W.X\\HAWX.exe"=
"c:\\Documents and Settings\\nethall1\\Games\\Tom Clancy's H.A.W.X\\HAWX_dx10.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\T3Fun\\Hellgate\\HGLLauncher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\active152\\counter-strike\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58554:TCP"= 58554:TCP:Pando Media Booster
"58554:UDP"= 58554:UDP:Pando Media Booster
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [30.3.2012 16:00 242240]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [17.4.2012 15:57 154416]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [17.4.2012 15:56 33072]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [27.12.2012 22:08 21992]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [21.12.2011 13:47 101680]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [21.12.2011 13:47 113456]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5.4.2012 22:26 22344]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [30.4.2012 12:40 129976]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5.4.2012 22:26 654408]
S4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [22.4.2012 14:47 2348352]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 212.158.124.142 192.168.1.1
FF - ProfilePath - c:\documents and settings\nethall1\Data aplikací\Mozilla\Firefox\Profiles\imtt38uv.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-CmPCIaudio - CMICNFG3.cpl
MSConfigStartUp-GoogleUpdate - c:\documents and settings\nethall1\Local Settings\Temp\GoogleUpdate.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-15 08:52
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
.
Celkový čas: 2012-05-15 08:54:27
ComboFix-quarantined-files.txt 2012-05-15 06:54
.
Před spuštěním: Volných bajtů: 42 722 033 664
Po spuštění: Volných bajtů: 42 680 610 816
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - DFA4DAF5416EC72AF30EA3577A57190D

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

KillAll::
File::
c:\windows\unrar.dll
c:\documents and settings\nethall1\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
c:\documents and settings\nethall1\Data aplikací\MSDCSC\mAcD6Q1ALe12\mAcD6Q1ALe12\msdcsc.exe

Folder::
c:\program files\ESET

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MicroUpdate]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[FIDLIK]

Combofix:
ComboFix 12-05-15.01 - nethall1 15.05.2012 11:16:45.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.517 [GMT 2:00]
Spuštěný z: c:\documents and settings\nethall1\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\nethall1\Plocha\CFScript.txt
.
FILE ::
"c:\documents and settings\nethall1\Data aplikací\MSDCSC\mAcD6Q1ALe12\mAcD6Q1ALe12\msdcsc.exe"
"c:\documents and settings\nethall1\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe"
"c:\windows\unrar.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ESET
c:\windows\unrar.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-04-15 do 2012-05-15 )))))))))))))))))))))))))))))))
.
.
2012-12-28 21:58 . 2012-12-28 21:58 -------- d-----w- c:\program files\Vypínač na dobrou noc
2012-12-28 21:44 . 2012-12-28 21:44 -------- d-----w- c:\program files\uTorrent
2012-12-28 21:44 . 2012-05-15 06:33 -------- d-----w- c:\documents and settings\nethall1\Data aplikací\uTorrent
2012-12-27 20:08 . 2012-12-27 20:08 -------- d-----w- c:\program files\CPUID
2012-12-27 20:08 . 2011-09-21 09:25 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2012-12-27 18:41 . 2012-05-15 08:08 -------- d-----w- c:\documents and settings\nethall1\Data aplikací\mIRC
2012-12-27 18:10 . 2012-12-27 18:10 -------- d-----w- c:\documents and settings\nethall1\Data aplikací\NVIDIA
2012-12-27 17:53 . 2012-04-15 16:47 -------- d-----w- c:\program files\VideoLAN
2012-12-27 17:53 . 2012-05-15 06:00 -------- d-----w- c:\documents and settings\nethall1\Data aplikací\skypePM
2012-12-27 17:52 . 2012-05-15 09:16 -------- d-----w- c:\documents and settings\nethall1\Data aplikací\Skype
2012-12-27 17:50 . 2012-12-27 17:50 -------- d-----w- c:\program files\Common Files\Skype
2012-12-27 17:50 . 2012-04-30 11:05 -------- d-----r- c:\program files\Skype
2012-12-27 17:48 . 2012-03-31 15:13 -------- d-----w- c:\documents and settings\nethall1\Data aplikací\GHISLER
2012-12-27 17:48 . 2012-03-31 15:13 -------- d-----w- C:\totalcmd
2012-12-27 17:48 . 2012-03-09 06:57 545 ----a-w- c:\windows\UC.PIF
2012-12-27 17:48 . 2012-03-09 06:57 545 ----a-w- c:\windows\RAR.PIF
2012-12-27 17:48 . 2012-03-09 06:57 545 ----a-w- c:\windows\NOCLOSE.PIF
2012-12-27 17:48 . 2012-03-09 06:57 545 ----a-w- c:\windows\LHA.PIF
2012-12-27 17:48 . 2012-03-09 06:57 545 ----a-w- c:\windows\ARJ.PIF
2012-05-13 20:19 . 2012-05-13 20:19 -------- d-----w- c:\documents and settings\nethall1\Local Settings\Data aplikací\Identities
2012-05-13 18:39 . 2012-05-13 18:39 -------- d-----w- c:\program files\VentriloMIX
2012-05-12 09:41 . 2012-05-12 09:41 -------- d-----w- c:\documents and settings\nethall1\Data aplikací\dvdcss
2012-05-10 14:53 . 2012-05-10 15:00 -------- d-----w- c:\documents and settings\nethall1\Local Settings\Data aplikací\Google
2012-05-10 14:48 . 2012-05-11 16:58 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-10 14:48 . 2012-05-11 16:58 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-10 12:29 . 2012-05-10 12:29 -------- d-----w- c:\program files\CrystalDiskInfo
2012-05-10 11:16 . 2012-05-10 11:16 -------- d-----w- c:\documents and settings\nethall1\Data aplikací\LolClient
2012-05-10 11:15 . 2012-05-10 11:15 -------- d-----w- C:\T3Fun
2012-05-10 09:38 . 2012-05-10 09:38 -------- d-----w- C:\Riot Games
2012-05-08 14:55 . 2012-05-14 18:41 -------- d-----w- c:\documents and settings\nethall1\Local Settings\Data aplikací\PMB Files
2012-05-08 14:55 . 2012-05-08 14:55 -------- d-----w- c:\documents and settings\All Users\Data aplikac
2012-05-08 14:54 . 2012-05-08 14:54 -------- d-----w- c:\program files\Pando Networks
2012-05-07 10:34 . 2012-05-07 10:34 -------- d-----w- c:\windows\Multihack .United
2012-05-07 10:27 . 2012-05-08 11:06 -------- d-----w- c:\documents and settings\nethall1\Data aplikací\MSDCSC
2012-05-04 16:01 . 2008-04-14 06:52 26624 ----a-w- c:\documents and settings\LocalService\Data aplikací\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2012-05-03 21:02 . 2012-05-13 17:48 -------- d-----w- c:\program files\Metin2
2012-05-03 13:13 . 2012-05-03 21:07 -------- d-----w- c:\program files\M2Fish
2012-04-30 22:46 . 2012-05-02 20:03 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2012-04-30 22:45 . 2012-04-30 22:45 -------- d-----w- c:\program files\Notebook Hardware Control
2012-04-30 10:59 . 2012-04-30 10:59 -------- d-----w- c:\program files\GPU-Z
2012-04-30 10:40 . 2012-04-30 10:40 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-30 10:40 . 2012-04-30 10:40 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-30 10:40 . 2012-04-30 10:40 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-30 09:43 . 2008-09-10 16:58 270336 ----a-w- c:\windows\system32\CMRMDRV3.exe
2012-04-30 09:43 . 2008-09-11 09:10 278528 ----a-w- c:\windows\CmiPCIUninstall.exe
2012-04-30 09:43 . 2012-04-30 09:43 -------- d-----w- c:\program files\C-Media PCI Audio Device
2012-04-30 09:43 . 2009-03-18 09:34 1512960 ----a-w- c:\windows\system32\drivers\cmudax3.sys
2012-04-28 11:14 . 2012-04-28 11:14 -------- d-----w- c:\documents and settings\nethall1\Local Settings\Data aplikací\OCCT
2012-04-27 19:30 . 2009-02-24 16:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2012-04-27 19:30 . 2012-04-27 19:30 -------- d-----w- c:\program files\MagicDisc
2012-04-27 19:20 . 2012-04-27 19:20 -------- d-----w- c:\program files\MagicISO
2012-04-27 15:51 . 2012-04-27 15:51 -------- d-----w- c:\program files\MadOnion.com
2012-04-27 15:51 . 2001-09-05 03:18 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-04-27 15:51 . 2001-09-05 03:18 225280 ------w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
2012-04-27 15:51 . 2001-09-05 03:14 176128 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-04-27 15:51 . 2001-09-05 03:13 32768 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-04-27 15:51 . 2001-09-05 03:24 610436 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-04-27 13:13 . 2012-04-27 13:13 -------- d-----w- c:\documents and settings\nethall1\Data aplikací\OnLive App
2012-04-27 13:13 . 2012-04-27 13:13 -------- d-----w- c:\program files\OnLive
2012-04-25 12:08 . 2012-04-25 12:09 -------- d-----w- c:\documents and settings\nethall1\Metin
2012-04-24 15:11 . 2012-04-24 15:11 -------- d-----w- c:\documents and settings\nethall1\Local Settings\Data aplikací\GHISLER
2012-04-24 09:11 . 2012-04-24 09:11 -------- d-----w- c:\program files\Folder Size
2012-04-22 12:47 . 2012-04-22 12:47 -------- d-----w- c:\documents and settings\UpdatusUser
2012-04-22 11:37 . 2012-04-22 11:37 -------- d-----w- c:\program files\Doom 3
2012-04-22 11:14 . 2012-04-22 11:14 -------- d-----w- c:\program files\directx
2012-04-22 08:49 . 2012-04-24 08:41 -------- d-----w- c:\program files\Soluto
2012-04-22 08:49 . 2012-04-22 08:49 -------- d-----w- c:\documents and settings\All Users\Soluto
2012-04-22 08:28 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-04-22 08:26 . 2012-04-22 08:28 -------- d-----w- C:\6bdc3a329f9a866b6eeabc84
2012-04-17 15:13 . 2012-04-17 15:13 -------- d-----w- c:\documents and settings\nethall1\VirtualBox VMs
2012-04-17 15:12 . 2012-04-17 16:29 -------- d-----w- c:\documents and settings\nethall1\.VirtualBox
2012-04-17 14:57 . 2012-04-17 16:28 -------- d-----w- c:\documents and settings\nethall1\Data aplikací\Hamachi
2012-04-17 14:57 . 2012-04-17 14:57 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2012-04-17 14:57 . 2012-04-17 14:57 -------- d-----w- c:\program files\Hamachi
2012-04-17 13:57 . 2011-12-21 11:47 154416 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-04-17 13:56 . 2012-04-24 08:41 -------- dc----w- c:\windows\system32\DRVSTORE
2012-04-17 13:56 . 2011-12-21 11:47 33072 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-04-17 13:56 . 2012-04-17 13:56 -------- d-----w- c:\program files\Oracle
2012-04-16 14:25 . 2012-04-16 14:25 -------- d-----w- c:\documents and settings\nethall1\Data aplikací\TeamViewer
2012-04-15 16:48 . 2012-05-12 23:54 -------- d-----w- c:\documents and settings\nethall1\Data aplikací\vlc
2012-04-15 12:56 . 2009-06-25 11:20 1446264 ----a-w- c:\program files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 13:56 . 2012-04-05 20:26 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 15:05 . 2012-03-31 15:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-31 15:05 . 2012-03-31 15:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-30 14:16 . 2012-03-30 14:16 22328 ----a-w- c:\documents and settings\nethall1\Data aplikací\PnkBstrK.sys
2012-03-30 14:00 . 2012-03-30 14:00 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-29 23:58 . 2012-03-27 15:04 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-29 23:58 . 2012-03-27 15:04 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-29 23:58 . 2012-03-27 15:04 5918720 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-29 23:58 . 2012-03-27 15:04 2522944 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-29 23:58 . 2012-03-27 15:04 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-29 23:58 . 2012-03-27 15:04 2291712 ----a-w- c:\windows\system32\nvapi.dll
2012-02-29 23:58 . 2012-03-27 15:04 18624512 ----a-w- c:\windows\system32\nvoglnt.dll
2012-02-29 23:58 . 2012-03-27 15:04 17534976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-29 23:58 . 2012-03-27 15:04 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-29 23:58 . 2012-03-26 18:45 4309760 ----a-w- c:\windows\system32\nv4_disp.dll
2012-02-29 23:58 . 2012-03-26 18:45 13417632 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-02-29 20:30 . 2012-03-27 15:05 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-02-29 20:30 . 2012-03-27 15:05 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-02-29 20:30 . 2012-03-27 15:05 15494464 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:30 . 2012-03-27 15:05 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-02-29 20:30 . 2012-03-27 15:05 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-04-30 10:40 . 2012-03-26 18:39 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2008-07-25 09:16 35320 --sha-w- c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
2008-07-25 09:17 1172472 --sha-w- c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-15_06.52.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-15 09:23 . 2012-05-15 09:23 16384 c:\windows\temp\Perflib_Perfdata_5bc.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2012-03-26 1242448]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe" [2009-08-22 2781184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^nethall1^Nabídka Start^Programy^Po spuštění^MagicDisc.lnk]
path=c:\documents and settings\nethall1\Nabídka Start\Programy\Po spuštění\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-02-13 08:06 3481408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 13:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-14 06:52 171008 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NotebookHardwareControl]
2007-05-04 16:16 2629632 ----a-w- c:\program files\Notebook Hardware Control\nhc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2012-02-29 20:30 15494464 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2012-02-29 20:30 108352 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAM Idle Professional]
2006-01-17 03:38 135168 ----a-w- c:\program files\RAM Idle LE\RAM_XP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-08-02 21:12 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\nethall1\\Games\\Tom Clancy's H.A.W.X\\HAWX.exe"=
"c:\\Documents and Settings\\nethall1\\Games\\Tom Clancy's H.A.W.X\\HAWX_dx10.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\T3Fun\\Hellgate\\HGLLauncher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\active152\\counter-strike\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58554:TCP"= 58554:TCP:Pando Media Booster
"58554:UDP"= 58554:UDP:Pando Media Booster
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [30.3.2012 16:00 242240]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [17.4.2012 15:57 154416]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [17.4.2012 15:56 33072]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [27.12.2012 22:08 21992]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [21.12.2011 13:47 101680]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [21.12.2011 13:47 113456]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5.4.2012 22:26 22344]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [30.4.2012 12:40 129976]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5.4.2012 22:26 654408]
S4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [22.4.2012 14:47 2348352]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 212.158.124.142 192.168.1.1
FF - ProfilePath - c:\documents and settings\nethall1\Data aplikací\Mozilla\Firefox\Profiles\imtt38uv.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-15 11:24
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3568)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Celkový čas: 2012-05-15 11:25:46 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-05-15 09:25
ComboFix2.txt 2012-05-15 06:54
.
Před spuštěním: Volných bajtů: 42 669 170 688
Po spuštění: Volných bajtů: 42 657 378 304
.
- - End Of File - - E932840541F1D317172EE5A245F85E72


ASWMBR:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-15 11:43:20
-----------------------------
11:43:20.125 OS Version: Windows 5.1.2600 Service Pack 3
11:43:20.125 Number of processors: 1 586 0xC00
11:43:20.140 ComputerName: NETHALL UserName:
11:43:20.562 Initialize success
11:43:25.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:43:25.343 Disk 0 Vendor: HDT722516DLA380 V43OA9BA Size: 157066MB BusType: 3
11:43:25.375 Disk 0 MBR read successfully
11:43:25.375 Disk 0 MBR scan
11:43:25.375 Disk 0 Windows XP default MBR code
11:43:25.390 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 157057 MB offset 63
11:43:25.390 Disk 0 scanning sectors +321653430
11:43:25.484 Disk 0 scanning C:\WINDOWS\system32\drivers
11:43:31.515 Service scanning
11:43:42.843 Modules scanning
11:43:48.875 Disk 0 trace - called modules:
11:43:48.875 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
11:43:48.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86533ab8]
11:43:48.875 3 CLASSPNP.SYS[f761cfd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x865cad98]
11:43:48.875 Scan finished successfully
11:57:00.796 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\nethall1\Plocha\MBR.dat"
11:57:00.796 The log file has been saved successfully to "C:\Documents and Settings\nethall1\Plocha\aswMBR.txt"

[memphisto]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials

+ Nový log z HJT

Jak se chová PC?

[FIDLIK]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:00:40, on 15.5.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Steam\Steam.exe
C:\záloha 80gb\mIRC\mirc.exe
C:\Documents and Settings\nethall1\Plocha\APPS\Ventrilo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\nethall1\Plocha\APPS\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe" /S
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 2922 bytes



Vypadá to dobře, stím pc ani tak problémy nebyly.. ikdyž sem pocitoval navýšení pingu :).. zatim tedy děkuju a dávám vyřešeno pokud neuvidíte nic v logu. Děkuji

[memphisto]

HJT ok

[FIDLIK]

dávám vyřešeno