IE sa nepripojí do siete

Zpráva

#16 Příspěvek od **Rudy** » 03 bře 2013 20:55

Ta složka tam nemá co dělat a CF z nějakého důvodu ji nemůže smazat. Stáhněte a spusťte Avenger: http://forum.viry.cz/viewtopic.php?f=11&t=19832 a do bíléhookna zkopírujte:

Folders to delete:
C:\Documents and Settings\Karol\WINDOWS

a klikněte na >Execute<. PC bude restatován. Po restatu znovu spusťte ComboFix.

Kovas · #17 Příspěvek od **Kovas** » 03 bře 2013 21:24

Spustil som Avenger, ten súbor bol zmazaný. Teraz som znova spustil ComboFix a ten znova zamrzol pri mazaní zložky :

C:\WINDOWS\system32\URITTemp

#18 Příspěvek od **Rudy** » 03 bře 2013 21:28

Spusťte znovu Avenger tímto skriptem:

Folders to delete:
C:\WINDOWS\system32\URITTemp

Kovas · #19 Příspěvek od **Kovas** » 03 bře 2013 22:03

Uf, zbehlo to a už ide pripojiť sa na net aj ce Firefox aj cez IE. Tu je log z ComboFix :

ComboFix 13-03-03.01 - Administrator . 03. 2013 21:51:00.6.2 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2039.1349 [GMT 1:00]
Spuštěný z: c:\documents and settings\Karol\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-02-03 do 2013-03-03 )))))))))))))))))))))))))))))))
.
.
2013-03-03 20:47 . 2013-03-03 20:58 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-03-03 07:29 . 2013-03-03 07:29 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2013-03-03 07:20 . 2013-02-28 08:36 368248 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-03 07:20 . 2013-02-28 08:36 29880 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-03 07:20 . 2013-02-28 08:36 49832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-03-03 07:19 . 2013-02-28 08:36 765808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-03 07:19 . 2013-02-28 08:36 62448 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-03 07:19 . 2013-02-28 08:36 163784 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-03 07:19 . 2013-02-28 08:36 66408 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-03 07:19 . 2013-02-28 08:36 49320 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-03 07:19 . 2013-02-28 08:36 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-03 07:19 . 2013-02-28 08:36 41664 ----a-w- c:\windows\avastSS.scr
2013-03-02 23:02 . 2013-03-02 23:02 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2013-03-01 15:34 . 2013-03-01 15:34 -------- d-----w- C:\RSIT
2013-03-01 13:55 . 2013-03-01 13:55 -------- d-----w- c:\windows\system32\wbem\Repository
2013-03-01 13:27 . 2013-03-01 13:27 -------- d-----w- c:\documents and settings\LocalService\IETldCache
2013-03-01 13:02 . 2013-03-01 13:02 -------- d-sh--w- c:\documents and settings\Karol\IECompatCache
2013-03-01 13:02 . 2013-03-01 13:02 -------- d-sh--w- c:\documents and settings\Karol\PrivacIE
2013-03-01 13:01 . 2013-03-01 13:01 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2013-03-01 13:00 . 2013-03-01 13:00 -------- d-sh--w- c:\documents and settings\Karol\IETldCache
2013-03-01 12:54 . 2013-03-01 12:54 -------- d--h--w- c:\windows\ie8
2013-03-01 12:51 . 2012-12-26 20:19 522240 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2013-03-01 12:49 . 2011-08-16 10:45 6144 ------w- c:\windows\system32\dllcache\iecompat.dll
2013-03-01 12:49 . 2012-12-26 20:20 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2013-03-01 12:49 . 2012-12-26 20:19 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2013-03-01 12:49 . 2012-12-26 20:19 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2013-03-01 10:46 . 2013-03-01 10:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Comodo Downloader
2013-03-01 08:06 . 2013-03-01 08:06 272 ----a-w- c:\windows\system32\drivers\sfi.dat
2013-03-01 08:03 . 2013-03-01 08:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\COMODO
2013-03-01 08:03 . 2013-03-01 08:03 -------- d-----w- c:\documents and settings\Karol\Local Settings\Data aplikací\COMODO
2013-02-28 22:44 . 2013-02-28 22:44 -------- d-----w- c:\documents and settings\Karol\Data aplikací\Foxit Software
2013-02-28 19:56 . 2013-02-28 19:56 -------- d-----w- c:\documents and settings\Karol\Local Settings\Data aplikací\Sun
2013-02-28 18:47 . 2013-02-28 18:47 -------- d-----w- c:\program files\Common Files\Java
2013-02-28 18:32 . 2013-02-28 18:32 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-02-28 18:32 . 2013-02-28 18:32 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-28 18:32 . 2013-02-28 18:32 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-28 18:32 . 2013-02-28 18:32 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-28 18:32 . 2013-02-28 18:32 -------- d-----w- c:\program files\Java
2013-02-28 18:18 . 2013-02-28 18:18 -------- d-----w- c:\program files\trend micro
2013-02-28 17:24 . 2013-02-28 17:24 410984 ----a-w- c:\windows\system32\deploytk.dll
2013-02-27 09:19 . 2013-02-27 09:19 -------- d-----w- c:\documents and settings\Karol\Local Settings\Data aplikací\GHISLER
2013-02-27 07:58 . 2013-02-27 07:58 -------- d-----w- c:\documents and settings\Karol\Local Settings\Data aplikací\VS Revo Group
2013-02-27 07:58 . 2009-12-30 11:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2013-02-27 07:58 . 2013-02-27 07:58 -------- d-----w- c:\program files\VS Revo Group
2013-02-15 22:04 . 2013-02-15 22:04 208448 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2013-02-15 22:04 . 2013-02-15 22:04 208448 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-26 03:55 . 2004-06-29 16:09 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 07:26 . 2004-08-17 14:45 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 07:26 . 2004-08-17 14:45 2029568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 10:10 . 2004-06-29 16:10 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2004-06-29 16:10 1294848 ----a-w- c:\windows\system32\quartz.dll
2013-01-02 06:49 . 2000-11-03 13:35 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2012-12-26 20:20 . 2004-06-29 16:10 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:19 . 2004-06-29 16:09 43520 ------w- c:\windows\system32\licmgr10.dll
2012-12-26 20:19 . 2004-06-29 16:09 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:41 . 2004-06-29 16:09 385024 ------w- c:\windows\system32\html.iec
2012-12-16 12:24 . 2004-06-29 16:09 290560 ----a-w- c:\windows\system32\atmfd.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-02-28 08:35 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Secure Disks]
@="{666C7836-A9B6-4AB4-94ED-DC238C81E925}"
[HKEY_CLASSES_ROOT\CLSID\{666C7836-A9B6-4AB4-94ED-DC238C81E925}]
2006-10-29 08:35 391168 ----a-r- c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MultiFrame"="c:\program files\ASUS\Asus MultiFrame\MultiFrame.exe" [2007-06-21 999792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-11 137752]
"ATKHOTKEY"="c:\program files\ATK Hotkey\Hcontrol.exe" [2007-06-29 225280]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-07-03 7708672]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-17 16270848]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2007-06-26 851968]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-24 17920]
"ABLKSR"="c:\windows\ABLKSR\ABLKSR.exe" [2006-01-06 61440]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 974848]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-03-19 33136]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-03-19 37232]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-02-28 4767304]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-09 09:30 74240 ----a-r- c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk.disabled]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk.disabled
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.disabledCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Rychlý začátek s aplikací HP Photosmart Premier.lnk.disabled]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Rychlý začátek s aplikací HP Photosmart Premier.lnk.disabled
backup=c:\windows\pss\Rychlý začátek s aplikací HP Photosmart Premier.lnk.disabledCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 14:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MultiFrame]
2007-06-21 13:07 999792 ------w- c:\program files\ASUS\Asus MultiFrame\MultiFrame.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2005-06-29 14:29 176128 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
2005-08-26 14:49 860160 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-19 10:04 2879488 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-08-10 05:11 573440 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vspdfprsrv.exe]
2007-07-02 18:58 1179648 ----a-w- d:\programy\Visagesoft\eXPert PDF 5\vspdfprsrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2003-12-13 00:50 33792 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TuneUp.ProgramStatisticsSvc"=2 (0x2)
"TuneUp.Defrag"=3 (0x3)
"SymAppCore"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"ISPwdSvc"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ASUS Live Update"=c:\program files\ASUS\ASUS Live Update\ALU.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"LanguageShortcut"="c:\program files\ASUSTek\ASUSDVD\Language\Language.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"RemoteControl"="c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe"
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe"
"SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"DataLayer"=c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ASUSTek\\ASUSDVD\\ASUSDVD.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [3. 3. 2013 8:19 49320]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [3. 3. 2013 8:19 163784]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3. 3. 2013 8:19 765808]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3. 3. 2013 8:20 368248]
R1 ItSDisk;ItSDisk;c:\windows\system32\drivers\itsdisk.sys [19. 5. 2006 10:14 23232]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [29. 6. 2004 17:10 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [29. 6. 2004 17:10 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3. 3. 2013 8:20 29880]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [3. 3. 2013 8:19 66408]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32\StkCSrv.exe [21. 4. 2007 23:42 24576]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [31. 8. 2007 4:40 36864]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [29. 1. 2007 4:13 36608]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\drivers\StkCMini.sys [9. 6. 2007 3:40 1260672]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13. 7. 2012 13:28 160944]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [27. 2. 2013 8:58 27064]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [5. 2. 2009 19:18 90408]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [5. 2. 2009 19:18 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [5. 2. 2009 19:18 122024]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [5. 2. 2009 19:18 115368]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [5. 2. 2009 19:18 25768]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [5. 2. 2009 19:18 111784]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [5. 2. 2009 19:18 117544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-05-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2013-03-03 c:\windows\Tasks\1-Click Maintenance.job
- d:\programy\TuneUP\OneClickStarter.exe [2008-12-11 20:36]
.
2013-03-03 c:\windows\Tasks\Úklid 1 kliknutím.job
- d:\programy\TuneUP\OneClickStarter.exe [2008-12-11 20:36]
.
2013-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-01 17:43]
.
2013-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-01 17:43]
.
2013-03-03 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-03-03 08:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.asus.com
TCP: DhcpNameServer = 217.119.113.244 172.18.100.15
FF - ProfilePath - c:\documents and settings\Karol\Data aplikací\Mozilla\Firefox\Profiles\yrkokjtr.default\
FF - prefs.js: browser.search.selectedEngine - Azet
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=sk&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
------- Asociace souborů -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-CloneCDElbyCDFL - c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe
MSConfigStartUp-CloneCDTray - c:\program files\Elaborate Bytes\CloneCD\CloneCDTray.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-osCheck - c:\program files\Norton Internet Security\osCheck.exe
MSConfigStartUp-SpybotSD TeaTimer - d:\programy\Spybot - Search & Destroy\TeaTimer.exe
HKLM_ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-03 21:58
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4277440607-4281670102-664319314-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(648)
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ItMsg.dll
.
- - - - - - - > 'explorer.exe'(3832)
c:\windows\system32\APSHook.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItMsg.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2013-03-03 22:00:10
ComboFix-quarantined-files.txt 2013-03-03 21:00
.
Před spuštěním: Volných bajtů: 100 497 948 672
Po spuštění: Volných bajtů: 100 474 060 800
.
- - End Of File - - 51C9CCF6F58A8D66364C3FD43657DD07

#20 Příspěvek od **Rudy** » 03 bře 2013 22:28

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Collect::
c:\windows\system32\acovcnt.exe

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Regnull::
[HKEY_USERS\S-1-5-21-4277440607-4281670102-664319314-1005\Software\Microsoft\SystemCertificates\AddressBook*]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Kovas · #21 Příspěvek od **Kovas** » 03 bře 2013 23:02

Spustil som ComboFix so scriptom. Tu je log:

ComboFix 13-03-03.01 - Karol . 03. 2013 22:46:25.7.2 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2039.1302 [GMT 1:00]
Spuštěný z: c:\documents and settings\Karol\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Karol\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
file zipped: c:\windows\system32\acovcnt.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-02-03 do 2013-03-03 )))))))))))))))))))))))))))))))
.
.
2013-03-03 21:54 . 2003-08-01 10:18 3839 ----a-w- c:\windows\system32\drivers\GETPADD.sys
2013-03-03 20:47 . 2013-03-03 21:54 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-03-03 07:29 . 2013-03-03 07:29 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2013-03-03 07:20 . 2013-02-28 08:36 368248 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-03 07:20 . 2013-02-28 08:36 29880 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-03 07:20 . 2013-02-28 08:36 49832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-03-03 07:19 . 2013-02-28 08:36 765808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-03 07:19 . 2013-02-28 08:36 62448 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-03 07:19 . 2013-02-28 08:36 163784 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-03 07:19 . 2013-02-28 08:36 66408 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-03 07:19 . 2013-02-28 08:36 49320 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-03 07:19 . 2013-02-28 08:36 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-03 07:19 . 2013-02-28 08:36 41664 ----a-w- c:\windows\avastSS.scr
2013-03-02 23:02 . 2013-03-02 23:02 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2013-03-01 15:34 . 2013-03-01 15:34 -------- d-----w- C:\RSIT
2013-03-01 13:55 . 2013-03-01 13:55 -------- d-----w- c:\windows\system32\wbem\Repository
2013-03-01 13:27 . 2013-03-01 13:27 -------- d-----w- c:\documents and settings\LocalService\IETldCache
2013-03-01 13:02 . 2013-03-01 13:02 -------- d-sh--w- c:\documents and settings\Karol\IECompatCache
2013-03-01 13:02 . 2013-03-01 13:02 -------- d-sh--w- c:\documents and settings\Karol\PrivacIE
2013-03-01 13:01 . 2013-03-01 13:01 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2013-03-01 13:00 . 2013-03-01 13:00 -------- d-sh--w- c:\documents and settings\Karol\IETldCache
2013-03-01 12:54 . 2013-03-01 12:54 -------- d--h--w- c:\windows\ie8
2013-03-01 12:51 . 2012-12-26 20:19 522240 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2013-03-01 12:49 . 2011-08-16 10:45 6144 ------w- c:\windows\system32\dllcache\iecompat.dll
2013-03-01 12:49 . 2012-12-26 20:20 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2013-03-01 12:49 . 2012-12-26 20:19 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2013-03-01 12:49 . 2012-12-26 20:19 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2013-03-01 10:46 . 2013-03-01 10:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Comodo Downloader
2013-03-01 08:06 . 2013-03-01 08:06 272 ----a-w- c:\windows\system32\drivers\sfi.dat
2013-03-01 08:03 . 2013-03-01 08:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\COMODO
2013-03-01 08:03 . 2013-03-01 08:03 -------- d-----w- c:\documents and settings\Karol\Local Settings\Data aplikací\COMODO
2013-02-28 22:44 . 2013-02-28 22:44 -------- d-----w- c:\documents and settings\Karol\Data aplikací\Foxit Software
2013-02-28 19:56 . 2013-02-28 19:56 -------- d-----w- c:\documents and settings\Karol\Local Settings\Data aplikací\Sun
2013-02-28 18:47 . 2013-02-28 18:47 -------- d-----w- c:\program files\Common Files\Java
2013-02-28 18:32 . 2013-02-28 18:32 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-02-28 18:32 . 2013-02-28 18:32 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-28 18:32 . 2013-02-28 18:32 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-28 18:32 . 2013-02-28 18:32 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-28 18:32 . 2013-02-28 18:32 -------- d-----w- c:\program files\Java
2013-02-28 18:18 . 2013-02-28 18:18 -------- d-----w- c:\program files\trend micro
2013-02-28 17:24 . 2013-02-28 17:24 410984 ----a-w- c:\windows\system32\deploytk.dll
2013-02-27 09:19 . 2013-02-27 09:19 -------- d-----w- c:\documents and settings\Karol\Local Settings\Data aplikací\GHISLER
2013-02-27 07:58 . 2013-02-27 07:58 -------- d-----w- c:\documents and settings\Karol\Local Settings\Data aplikací\VS Revo Group
2013-02-27 07:58 . 2009-12-30 11:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2013-02-27 07:58 . 2013-02-27 07:58 -------- d-----w- c:\program files\VS Revo Group
2013-02-15 22:04 . 2013-02-15 22:04 208448 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2013-02-15 22:04 . 2013-02-15 22:04 208448 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-26 03:55 . 2004-06-29 16:09 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 07:26 . 2004-08-17 14:45 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 07:26 . 2004-08-17 14:45 2029568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 10:10 . 2004-06-29 16:10 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2004-06-29 16:10 1294848 ----a-w- c:\windows\system32\quartz.dll
2013-01-02 06:49 . 2000-11-03 13:35 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2012-12-26 20:20 . 2004-06-29 16:10 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:19 . 2004-06-29 16:09 43520 ------w- c:\windows\system32\licmgr10.dll
2012-12-26 20:19 . 2004-06-29 16:09 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:41 . 2004-06-29 16:09 385024 ------w- c:\windows\system32\html.iec
2012-12-16 12:24 . 2004-06-29 16:09 290560 ----a-w- c:\windows\system32\atmfd.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-02-28 08:35 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Secure Disks]
@="{666C7836-A9B6-4AB4-94ED-DC238C81E925}"
[HKEY_CLASSES_ROOT\CLSID\{666C7836-A9B6-4AB4-94ED-DC238C81E925}]
2006-10-29 08:35 391168 ----a-r- c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-11 137752]
"ATKHOTKEY"="c:\program files\ATK Hotkey\Hcontrol.exe" [2007-06-29 225280]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-07-03 7708672]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-17 16270848]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2007-06-26 851968]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-24 17920]
"ABLKSR"="c:\windows\ABLKSR\ABLKSR.exe" [2006-01-06 61440]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 974848]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-03-19 33136]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-03-19 37232]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-02-28 4767304]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-09 09:30 74240 ----a-r- c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk.disabled]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk.disabled
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.disabledCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Rychlý začátek s aplikací HP Photosmart Premier.lnk.disabled]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Rychlý začátek s aplikací HP Photosmart Premier.lnk.disabled
backup=c:\windows\pss\Rychlý začátek s aplikací HP Photosmart Premier.lnk.disabledCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 14:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MultiFrame]
2007-06-21 13:07 999792 ------w- c:\program files\ASUS\Asus MultiFrame\MultiFrame.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2005-06-29 14:29 176128 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
2005-08-26 14:49 860160 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-19 10:04 2879488 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-08-10 05:11 573440 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vspdfprsrv.exe]
2007-07-02 18:58 1179648 ----a-w- d:\programy\Visagesoft\eXPert PDF 5\vspdfprsrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2003-12-13 00:50 33792 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TuneUp.ProgramStatisticsSvc"=2 (0x2)
"TuneUp.Defrag"=3 (0x3)
"SymAppCore"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"ISPwdSvc"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PowerDVD"="c:\program files\ASUSTek\ASUSDVD\ASUSDVD.exe" /autostart
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ASUS Live Update"=c:\program files\ASUS\ASUS Live Update\ALU.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"LanguageShortcut"="c:\program files\ASUSTek\ASUSDVD\Language\Language.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"RemoteControl"="c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe"
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe"
"SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"DataLayer"=c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ASUSTek\\ASUSDVD\\ASUSDVD.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [3. 3. 2013 8:19 49320]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [3. 3. 2013 8:19 163784]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3. 3. 2013 8:19 765808]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3. 3. 2013 8:20 368248]
R1 ItSDisk;ItSDisk;c:\windows\system32\drivers\itsdisk.sys [19. 5. 2006 10:14 23232]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [29. 6. 2004 17:10 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [29. 6. 2004 17:10 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3. 3. 2013 8:20 29880]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [3. 3. 2013 8:19 66408]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32\StkCSrv.exe [21. 4. 2007 23:42 24576]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [31. 8. 2007 4:40 36864]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [29. 1. 2007 4:13 36608]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\drivers\StkCMini.sys [9. 6. 2007 3:40 1260672]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13. 7. 2012 13:28 160944]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [27. 2. 2013 8:58 27064]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [5. 2. 2009 19:18 90408]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [5. 2. 2009 19:18 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [5. 2. 2009 19:18 122024]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [5. 2. 2009 19:18 115368]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [5. 2. 2009 19:18 25768]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [5. 2. 2009 19:18 111784]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [5. 2. 2009 19:18 117544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-05-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2013-03-03 c:\windows\Tasks\1-Click Maintenance.job
- d:\programy\TuneUP\OneClickStarter.exe [2008-12-11 20:36]
.
2013-03-03 c:\windows\Tasks\Úklid 1 kliknutím.job
- d:\programy\TuneUP\OneClickStarter.exe [2008-12-11 20:36]
.
2013-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-01 17:43]
.
2013-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-01 17:43]
.
2013-03-03 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-03-03 08:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.sk/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 217.119.113.244 172.18.100.15
FF - ProfilePath - c:\documents and settings\Karol\Data aplikací\Mozilla\Firefox\Profiles\yrkokjtr.default\
FF - prefs.js: browser.search.selectedEngine - Azet
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=sk&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-03 22:54
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4277440607-4281670102-664319314-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(648)
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ItMsg.dll
.
- - - - - - - > 'explorer.exe'(3548)
c:\windows\system32\APSHook.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItMsg.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\ACEngSvr.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\windows\system32\acovcnt.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Celkový čas: 2013-03-03 22:58:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-03-03 21:58
ComboFix2.txt 2013-03-03 21:00
.
Před spuštěním: Volných bajtů: 100 500 504 576
Po spuštění: Volných bajtů: 100 467 441 664
.
- - End Of File - - 9E7941B550638811B35EED9D8ACBF6D1
Nahr nˇ probŘhlo ŁspŘçnŘ

#22 Příspěvek od **Rudy** » 04 bře 2013 20:00

Log již vypadá OK.

Kovas · #23 Příspěvek od **Kovas** » 04 bře 2013 20:10

Tie aktualizácie Windows čo som písal v úvode, stále nejdú nainštalovať. Nechať to tak? Systém beží v pohode. To Comodo už radšej neskúšať znova inštalovať?

Combofix môžem odinštalovať?

#24 Příspěvek od **Rudy** » 04 bře 2013 20:22

Zkuste to ručně: http://www.update.microsoft.com/windows ... ankspage=5 .

Kovas · #25 Příspěvek od **Kovas** » 04 bře 2013 20:37

Súšal som už aj toto z tejto ich stránky http://support.microsoft.com/kb/2608523/sk
ale keď som si vytvoril podľa popisu CleanSilverlight.cmd uložil ho na plochu a potom som klikol pravým tlačidlom myši na CleanSilverlight.cmd súbor na ploche a neobjavila sa mi možnosť Spustiť ako správca, čo nerozumiem prečo.

#26 Příspěvek od **Rudy** » 04 bře 2013 21:39

Koukneme ještě na rootkity. Spusťte tento program:

Stáhněte Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/

Uložte nejlépe na Plochu a rozbalte
Spusťte kliknutím na mbar
Nyní postupně klikněte na Next a Update
Po dokončení update (aktualizace) databáze klikněte opět na Next
Nechte zaškrtnute všechny tři možnosti a kliněte na Scan čímž spustíte prohledavani PC
Po dokončeni skenu (cca 5 minutek) zkontrolujte, zda-li je u všech nalezů (samozrejme pokud budou) zatržítko
Tež zkontrolujte, jestli je zatržitko u Create Restore point
Nyní klikněte na CleanUp čímž nalezenou infekci odstraníme
PC bude restartován
Složka mbar by měla obsahovat log (a zřejmě se i sám otevře) mbar-log-rok-měsíc-den (hodina-minuta-sekunda).txt, ten mi sem dejte.

Kovas · #27 Příspěvek od **Kovas** » 04 bře 2013 21:50

ten odkaz mi ale ukazuje ako nefunkčný

#28 Příspěvek od **Rudy** » 04 bře 2013 22:20

Omlouvám se. Tento je správný: http://downloads.malwarebytes.org/file/mbar

Kovas · #29 Příspěvek od **Kovas** » 04 bře 2013 22:27

Už som našiel správny link. Celé to zbehlo, ale po ukončení sa nereštartoval systém. Musel som ho reštartovať. Tu je log

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.13

File system is: FAT32
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.828000 GHz
Memory total: 2138222592, free: 1461587968

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.13

File system is: FAT32
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.828000 GHz
Memory total: 2138222592, free: 1483329536

------------ Kernel report ------------
03/04/2013 22:02:18
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
Fastfat.sys
KSecDD.sys
WudfPf.sys
NDIS.sys
Mup.sys
aswVmm.sys
aswRvrt.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igxpmp32.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\l151x86.sys
\SystemRoot\system32\DRIVERS\NETw4x32.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmptsk.sys
\SystemRoot\system32\DRIVERS\rimsptsk.sys
\SystemRoot\system32\DRIVERS\rixdptsk.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbfiltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\IFXTPM.SYS
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\Afc.sys
\SystemRoot\System32\Drivers\cdrbsdrv.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ATKACPI.sys
\SystemRoot\System32\Drivers\tosrfcom.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\System32\Drivers\RootMdm.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\tosporte.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\smserial.sys
\SystemRoot\system32\drivers\MODEMCSA.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\System32\Drivers\AswRdr.SYS
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\ItSDisk.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\system32\DRIVERS\ATSwpDrv.sys
\SystemRoot\System32\Drivers\StkCMini.sys
\SystemRoot\System32\Drivers\StkCPipe.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\igxpgd32.dll
\SystemRoot\System32\igxprd32.dll
\SystemRoot\System32\igxpdv32.DLL
\SystemRoot\System32\igxpdx32.DLL
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\AegisP.sys
\SystemRoot\system32\DRIVERS\nwlnkipx.sys
\SystemRoot\system32\DRIVERS\nwlnknb.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\s24trans.sys
\??\C:\Program Files\ATKGFNEX\ASMMAP.sys
\SystemRoot\system32\DRIVERS\nwrdr.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\ASPI32.SYS
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\nwlnkspx.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8abc7ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-e\
Lower Device Object: 0xffffffff8abdad98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.03.04.10
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8abc7ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8ac17e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8abc7ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8ac8f248, DeviceName: \Device\00000086\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8abdad98, DeviceName: \Device\Ide\IdeDeviceP1T0L0-e\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe54d0a00, 0xffffffff8abc7ab8, 0xffffffff840e89b0
Lower DeviceData: 0xffffffffe4af1e10, 0xffffffff8abdad98, 0xffffffff84271f18
<<<3>>>
Volume: C:
File system type: FAT
SectorSize = 512, ClusterSize = 32768 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: FAT
SectorSize = 512, ClusterSize = 32768 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B51AB51A

Partition information:

Partition 0 type is Other (0x1b)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 8193087

Partition 1 type is Other (0xc)
Partition is ACTIVE.
Partition starts at LBA: 8193150 Numsec = 293025600
Partition file system is FAT32
Partition is bootable

Partition 2 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 301218750 Numsec = 187173315

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...
Done!
Performing system, memory and registry scan...
Infected: c:\Documents and Settings\Karol\Oblíbené položky\Free Porn Videos - Porn Tube, Free Porn, Porn, Sex, Tube, Free, 18, XXX, Porn Movies, You Porn, Sex Videos.url --> [Rogue.Link]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: FAT
SectorSize = 512, ClusterSize = 32768 bytes
Removal successful. No system shutdown is required.
=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.13

File system is: FAT32
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.828000 GHz
Memory total: 2138222592, free: 1643376640

Removal queue found; removal started
Removing c:\Documents and Settings\Karol\Oblíbené položky\Free Porn Videos - Porn Tube, Free Porn, Porn, Sex, Tube, Free, 18, XXX, Porn Movies, You Porn, Sex Videos.url...
Removal finished
=======================================

#30 Příspěvek od **Rudy** » 04 bře 2013 22:56

Toto je také OK. Stáhněte Dial-a-fix: http://www.slunecnice.cz/sw/dial-a-fix/stahnout/ , rozbalte, spusťte, zaškrtněte >Fix windows update< a klikněte na >GO<. Pak restartujte PC a vyzkoušejte funkci.

VIRY.CZ

IE sa nepripojí do siete

Re: IE sa nepripojí do siete

Re: IE sa nepripojí do siete

Re: IE sa nepripojí do siete

Re: IE sa nepripojí do siete

Re: IE sa nepripojí do siete

Re: IE sa nepripojí do siete

Re: IE sa nepripojí do siete

Re: IE sa nepripojí do siete

Re: IE sa nepripojí do siete

Re: IE sa nepripojí do siete

Re: IE sa nepripojí do siete

Re: IE sa nepripojí do siete

Re: IE sa nepripojí do siete

Re: IE sa nepripojí do siete

Re: IE sa nepripojí do siete