moc prosííím o kontrolu logu je to urgentní

Zpráva

otee · #1 Příspěvek od **otee** » 22 črc 2011 15:59

ComboFix 11-07-22.01 - petr 22.07.2011 15:54:37.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1013.527 [GMT 2:00]
Spuštěný z: c:\documents and settings\petr\Dokumenty\Sta×enÚ soubory\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\FullRemove.exe
c:\documents and settings\petr\Plocha\Flash-Player.exe
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\proc_list1.log
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.5.0
c:\windows\update.tray-7-0\svchost.exe
c:\windows\update.tray-9-0\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
D:\AUTORUN.INF
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVIECHECK
-------\Legacy_SRVSYSDRIVER32
-------\Legacy_WXPDRIVERS
-------\Service_wxpdrivers
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-22 do 2011-07-22 )))))))))))))))))))))))))))))))
.
.
2011-07-22 13:33 . 2008-04-14 06:51 870784 ------w- c:\windows\system32\ati3d1ag.dll
2011-07-22 13:31 . 2008-04-14 06:51 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2011-07-22 13:30 . 2006-12-28 22:31 19569 ----a-w- c:\windows\000001_.tmp
2011-07-22 13:30 . 2011-07-22 13:30 -------- d-----w- c:\windows\EHome
2011-07-22 13:24 . 2008-04-14 05:44 58496 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2011-07-22 13:24 . 2008-04-14 05:44 58496 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-07-22 13:21 . 2011-07-22 13:23 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-07-22 13:21 . 2011-07-22 13:21 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2011-07-22 13:20 . 2011-07-22 13:22 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-07-22 13:20 . 2011-07-22 13:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2011-07-22 13:20 . 2011-07-22 13:24 -------- d-----w- c:\documents and settings\petr\Data aplikací\DAEMON Tools Lite
2011-07-22 12:53 . 2011-07-22 12:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 12:43 . 2011-07-22 13:59 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-22 12:43 . 2011-07-22 12:43 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-22 11:37 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-22 11:37 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-22 11:37 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-22 11:37 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-22 11:37 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-22 11:37 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-22 11:37 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-22 11:37 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-22 11:36 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-22 11:36 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-22 11:17 . 2011-07-22 11:17 -------- d-----w- c:\documents and settings\petr\Data aplikací\URSoft
2011-07-22 11:16 . 2011-07-22 11:16 -------- d-----w- c:\program files\Your Uninstaller 2010
2011-07-20 09:15 . 2011-07-20 09:15 -------- d-----w- c:\documents and settings\Administrator
2011-07-19 20:27 . 2011-07-22 12:45 -------- d-----w- c:\windows\av_ico
2011-07-19 20:25 . 2011-07-22 13:59 -------- d--h--w- c:\windows\update.tray-9-0
2011-07-19 20:25 . 2011-07-19 20:25 -------- d--h--w- c:\windows\update.tray-9-0-lnk
2011-07-19 20:14 . 2011-07-19 20:14 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-07-06 14:17 . 2011-07-06 14:17 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-06 14:17 . 2011-07-06 14:17 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-06 09:51 . 2008-04-14 06:51 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-07-06 09:51 . 2008-04-14 06:51 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-07-06 09:51 . 2008-04-14 12:00 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-07-06 09:51 . 2008-04-14 12:00 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 11:35 . 2010-08-09 18:24 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:32 . 2010-08-09 08:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2010-08-09 18:24 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2010-08-09 18:23 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2010-08-09 18:24 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2010-08-09 18:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 16:06 . 2010-08-09 18:24 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2010-08-09 18:23 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2010-08-09 18:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2010-08-09 18:23 385024 ----a-w- c:\windows\system32\html.iec
2011-07-06 14:17 . 2011-05-16 21:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 12:01 . 2011-02-16 14:59 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-26 17:40 120176 ----a-w- c:\program files\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" [2011-06-29 124216]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-06-22 968272]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-17 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-17 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-17 141336]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-12 19521056]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936]
"SuiteTray"="c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-26 337264]
"EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" [2010-03-10 201584]
"EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2010-03-10 407920]
"mwlDaemon"="c:\program files\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-26 349552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"iSyncData"="c:\program files\Acer\Android Manager\iSync.exe" [2010-01-08 407416]
"AndroidManager"="c:\program files\Acer\Android Manager\AML.exe" [2010-01-08 508280]
"iPatchData"="c:\program files\Acer\Updater\iUpdate.exe" [2010-11-30 489848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-8-9 704032]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-28 607584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [22.7.2011 15:21 218688]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [9.8.2010 13:00 17840]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [9.8.2010 13:00 15280]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [9.8.2010 13:00 58800]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [9.8.2010 20:25 321104]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [12.5.2011 11:59 247608]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [9.8.2010 13:08 260640]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [9.8.2010 12:44 243232]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [9.8.2010 20:25 61552]
R3 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [26.5.2010 19:41 305520]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13.2.2011 2:26 135664]
S2 McMPFSvc;McAfee Služba programu Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc --> c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9.8.2010 12:25 1691480]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [9.8.2010 12:26 82384]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13.2.2011 2:26 135664]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [10.6.2010 11:40 24448]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [10.6.2010 11:40 100992]
S3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\Drivers\S6000KNT.sys --> c:\windows\system32\Drivers\S6000KNT.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-22 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-02-27 15:50]
.
2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 00:25]
.
2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 00:25]
.
.
------- Doplňkový sken -------
.
uStart Page = my.daemon-search.com
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&m=aod255&r=0xph0211w205l04f4wul5w47j2u468
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 10.10.0.10 192.168.0.1
FF - ProfilePath - c:\documents and settings\petr\Data aplikací\Mozilla\Firefox\Profiles\jgty2dbu.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.6&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - c:\program files\AVAST Software\Avast\ashShell.dll
HKCU-Run-Steam - c:\program files\Steam\Steam.exe
HKLM-Run-wxpdrv - c:\windows\services32.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico0 - c:\windows\update.tray-7-0\svchost.exe
HKLM-Run-tray_ico1 - c:\windows\update.tray-9-0\svchost.exe
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
HKLM-Run-avast - c:\program files\AVAST Software\Avast\avastUI.exe
AddRemove-avast - c:\program files\AVAST Software\Avast\aswRunDll.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-22 16:02
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2272)
c:\program files\EgisTec MyWinLocker\x86\psdprotect.dll
c:\program files\EgisTec MyWinLocker\x86\sysenv.dll
c:\program files\EgisTec MyWinLocker\x86\XmlLite.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\BTNEIG~1.DLL
c:\windows\system32\wbtapi.dll
c:\windows\system32\btwpimif.dll
c:\windows\system32\btosif.dll
c:\windows\system32\btrez.dll
c:\windows\system32\btwicons.dll
c:\windows\system32\BtXpPanel.Dll
c:\windows\system32\msls31.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Launch Manager\LMworker.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-07-22 16:06:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-22 14:06
.
Před spuštěním: Volných bajtů: 123 211 841 536
Po spuštění: Volných bajtů: 124 073 119 744
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=AlwaysOff /fastdetect
.
- - End Of File - - 8EF7EC093A19B10010AE98A99C542137

#2 Příspěvek od **stell** » 22 črc 2011 16:19

zdravim
Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
File::
c:\windows\000001_.tmp
Folder::
c:\windows\update.tray-7-0
c:\windows\update.tray-7-0-lnk
c:\windows\av_ico
c:\windows\update.tray-9-0
c:\windows\update.tray-9-0-lnk

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :
Obrázek

Po skonceni skenu vlož log čo ComboFix vytvorí

otee · #3 Příspěvek od **otee** » 22 črc 2011 16:59

nejde vypnout avast nelze sním jakkoli operovat nezobrazí se mi ani už.rozhraní nejde odinstalovat win ho nevidí jako nainstalovaný program Your uninstaller také ne.
jen vyskočí tabulka s anglickým nápisem že avast pracuje v nějakým super režimu

#4 Příspěvek od **stell** » 22 črc 2011 17:04

http://www.avast.com/cs-cz/uninstall-utility
Pouzi od-instalator pre AVAST, a potom ked vycistime pc, nainstalujes spat.

otee · #5 Příspěvek od **otee** » 22 črc 2011 17:36

udelal jsem vše podle tvých rad tady je new log
zatím moooc děkuju za snahu

ComboFix 09-03-15.01 - petr 2011-07-22 18:28:05.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.1013.599 [GMT 2:00]
Spuštěný z: c:\documents and settings\petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\petr\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -

FILE ::
c:\windows\000001_.tmp
.

((((((((((((((((((((((((( Soubory vytvořené od 2011-06-22 do 2011-07-22 )))))))))))))))))))))))))))))))
.

2011-07-22 16:34 . 2011-07-22 16:34 110,592 --a------ c:\windows\l1rezerv.exe
2011-07-22 16:33 . 2011-07-22 16:33 <DIR> d--h----- c:\windows\update.2
2011-07-22 16:33 . 2011-07-17 03:24 4,636,907 --a------ c:\windows\geoiplist
2011-07-22 16:33 . 2011-07-22 16:33 904,792 --a------ c:\windows\geoiplist.rar
2011-07-22 16:33 . 2011-07-22 16:33 246,272 --a------ c:\windows\unrar.exe
2011-07-22 16:33 . 2011-07-22 16:33 114,176 --a------ c:\windows\systemup.exe
2011-07-22 16:11 . 2011-07-22 16:11 <DIR> d-------- c:\program files\AVAST Software
2011-07-22 16:11 . 2011-07-22 16:11 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-07-22 16:09 . 2011-07-22 16:08 249,344 --a------ c:\windows\sysdriver32_.exe
2011-07-22 16:09 . 2011-07-22 16:35 179 --a------ c:\windows\info1
2011-07-22 16:09 . 2011-07-22 16:09 0 --a------ c:\windows\loader2.exe_ok
2011-07-22 16:08 . 2011-07-22 16:08 249,344 --a------ c:\windows\sysdriver32.exe
2011-07-22 15:51 . 2011-06-26 08:45 256,000 --a------ c:\windows\PEV.exe
2011-07-22 15:51 . 2010-11-07 19:20 208,896 --a------ c:\windows\MBR.exe
2011-07-22 15:31 . 2008-04-13 22:04 1,897,408 --------- c:\windows\system32\drivers\nv4_mini.sys
2011-07-22 15:30 . 2011-07-22 15:30 <DIR> d-------- c:\windows\EHome
2011-07-22 15:24 . 2008-04-14 07:44 58,496 --a------ c:\windows\system32\drivers\redbook.sys
2011-07-22 15:24 . 2008-04-14 07:44 58,496 --a--c--- c:\windows\system32\dllcache\redbook.sys
2011-07-22 15:21 . 2011-07-22 17:17 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2011-07-22 15:20 . 2011-07-22 17:17 <DIR> d-------- c:\program files\DAEMON Tools Lite
2011-07-22 15:20 . 2011-07-22 15:24 <DIR> d-------- c:\documents and settings\petr\Data aplikací\DAEMON Tools Lite
2011-07-22 15:20 . 2011-07-22 15:43 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2011-07-22 14:53 . 2011-07-22 14:53 404,640 --a------ c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 13:37 . 2011-07-04 13:36 441,176 --a------ c:\windows\system32\drivers\aswSnx.sys
2011-07-22 13:36 . 2011-07-04 13:43 40,112 --a------ c:\windows\avastSS.scr
2011-07-22 13:17 . 2011-07-22 13:17 <DIR> d-------- c:\documents and settings\petr\Data aplikací\URSoft
2011-07-22 13:16 . 2011-07-22 13:16 <DIR> d-------- c:\program files\Your Uninstaller 2010
2011-07-20 11:15 . 2010-08-09 12:46 <DIR> d-------- c:\documents and settings\Administrator\Plocha
2011-07-20 11:15 . 2010-08-09 12:46 <DIR> d--h----- c:\documents and settings\Administrator\Okolní tiskárny
2011-07-20 11:15 . 2010-08-09 12:46 <DIR> d--h----- c:\documents and settings\Administrator\Okolní síť
2011-07-20 11:15 . 2011-02-13 01:36 <DIR> dr------- c:\documents and settings\Administrator\Oblíbené položky
2011-07-20 11:15 . 2010-08-09 10:49 <DIR> d--h----- c:\documents and settings\Administrator\Šablony
2011-07-20 11:15 . 2010-08-09 12:46 <DIR> dr------- c:\documents and settings\Administrator\Nabídka Start
2011-07-20 11:15 . 2010-08-09 11:18 <DIR> d--hs---- c:\documents and settings\Administrator\IETldCache
2011-07-20 11:15 . 2011-02-13 01:13 <DIR> dr------- c:\documents and settings\Administrator\Dokumenty
2011-07-20 11:15 . 2011-02-13 01:27 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Liteon
2011-07-20 11:15 . 2010-08-09 12:21 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\InstallShield
2011-07-20 11:15 . 2011-02-13 01:27 <DIR> dr-h----- c:\documents and settings\Administrator\Data aplikací
2011-07-20 11:15 . 2011-02-13 01:13 <DIR> d-------- c:\documents and settings\Administrator\Bluetooth Software
2011-07-20 11:15 . 2011-07-22 16:16 <DIR> d-------- c:\documents and settings\Administrator
2011-07-19 22:14 . 2011-07-19 22:14 <DIR> d-------- c:\documents and settings\LocalService\Nabídka Start
2011-07-06 11:51 . 2008-04-14 08:51 21,504 --a------ c:\windows\system32\hidserv.dll
2011-07-06 11:51 . 2008-04-14 08:51 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2011-07-06 11:51 . 2008-04-14 14:00 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys
2011-07-06 11:51 . 2008-04-14 14:00 14,592 --a--c--- c:\windows\system32\dllcache\kbdhid.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-22 16:20 --------- d-----w c:\documents and settings\petr\Data aplikací\Skype
2011-07-22 16:20 --------- d-----w c:\documents and settings\petr\Data aplikací\ICQ
2011-07-22 15:26 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2011-07-22 11:32 --------- d-----w c:\program files\Google
2011-07-20 08:13 --------- d-----w c:\program files\Acer GameZone
2011-07-14 09:25 --------- d-----w c:\documents and settings\All Users\Data aplikací\boost_interprocess
2011-06-30 08:10 --------- d-----w c:\program files\ICQ7.5
2011-07-06 14:17 142,296 ----a-w c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 12:01 24,376 ----a-w c:\program files\mozilla firefox\components\Scriptff.dll
2011-04-17 04:27 262,144 --sha-w c:\windows\system32\config\systemprofile\IETldCache\index.dat
2010-08-09 09:18 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Feeds Cache\index.dat
.

((((((((((((((((((((((((((((( SnapShot_2011-07-22_18.15.05.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-22 16:30:09 16,384 ----atw c:\windows\temp\Perflib_Perfdata_2a0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-26 19:40 120176 --a------ c:\program files\EgisTec MyWinLocker\x86\psdprotect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" [2011-06-29 124216]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-06-22 968272]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-17 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-17 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-17 141336]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936]
"EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" [2010-03-10 201584]
"EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2010-03-10 407920]
"mwlDaemon"="c:\program files\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-26 349552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"iSyncData"="c:\program files\Acer\Android Manager\iSync.exe" [2010-01-08 407416]
"AndroidManager"="c:\program files\Acer\Android Manager\AML.exe" [2010-01-08 508280]
"iPatchData"="c:\program files\Acer\Updater\iUpdate.exe" [2010-11-30 489848]
"sysdriver32.exe"="c:\windows\sysdriver32.exe" [2011-07-22 249344]
"sysdriver32_.exe"="c:\windows\sysdriver32_.exe" [2011-07-22 249344]
"systemup"="c:\windows\systemup.exe" [2011-07-22 114176]
"l1rezerv.exe"="c:\windows\l1rezerv.exe" [2011-07-22 110592]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-12 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-08-09 704032]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-07-28 607584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"DisableThumbnailCache"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\update.2\\svchost.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2010-08-09 17840]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2010-08-09 15280]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2010-08-09 58800]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2010-08-09 321104]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2011-05-12 247608]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2010-08-09 260640]
R2 srviecheck;srviecheck;c:\windows\update.2\svchost.exe srv --> c:\windows\update.2\svchost.exe srv [?]
R2 srvsysdriver32;srvsysdriver32;c:\windows\sysdriver32.exe srv --> c:\windows\sysdriver32.exe srv [?]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-08-09 243232]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2010-08-09 61552]
R3 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-26 305520]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2010-08-09 69120]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 135664]
S2 McMPFSvc;McAfee Služba programu Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc --> c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-08-09 1691480]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [2010-08-09 82384]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 135664]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [2010-06-10 24448]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2010-06-10 100992]
S3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\Drivers\S6000KNT.sys --> c:\windows\system32\Drivers\S6000KNT.sys [?]
S3 TP;TP;c:\docume~1\petr\LOCALS~1\Temp\TP.exe --> c:\docume~1\petr\LOCALS~1\Temp\TP.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2011-07-22 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-02-05 17:50]

2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 02:25]

2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 02:25]
.
.
------- Doplňkový sken -------
.
uStart Page = my.daemon-search.com
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&m=aod255&r=0xph0211w205l04f4wul5w47j2u468
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
FF - ProfilePath - c:\documents and settings\petr\Data aplikací\Mozilla\Firefox\Profiles\jgty2dbu.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.6&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\Microsoft Silverlight\3.0.40624.0\npctrlui.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-22 18:29:40
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\update.2\svchost.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\windows\update.2\svchost.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Launch Manager\LMworker.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-07-22 18:32:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-22 16:32:31

Před spuštěním: Volných bajtů: 127 133 315 072
Po spuštění: Volných bajtů: 127,117,955,072

238 --- E O F --- 2011-07-22 13:46:57

#6 Příspěvek od **stell** » 22 črc 2011 17:41

takto, combofix uz je po zaruke,
odinstaluj
klikni na start >>spustit>>vloz tento prikaz>>
combofix /uninstall
klkni na ok

stiahnes cerstvu verziu combofixu a spust ho podla navodu
PROSIM CITAJTE POZORNE NAVOD!!!,

Použij ComboFix podle tohoto návodu: http://www.bleepingcomputer.com/combofi ... t-combofix
Log znej vloz sem.

otee · #7 Příspěvek od **otee** » 22 črc 2011 18:18

ComboFix 11-07-22.02 - petr 22.07.2011 19:05:34.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1013.628 [GMT 2:00]
Spuštěný z: c:\documents and settings\petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\petr\Plocha\CFScript.txt
.
FILE ::
"c:\windows\000001_.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\l1rezerv.exe
c:\windows\loader2.exe_ok
c:\windows\proc_list1.log
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\systemup.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVIECHECK
-------\Legacy_SRVSYSDRIVER32
-------\Service_srviecheck
-------\Service_srvsysdriver32
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-22 do 2011-07-22 )))))))))))))))))))))))))))))))
.
.
2011-07-22 14:33 . 2011-07-22 14:33 246272 ----a-w- c:\windows\unrar.exe
2011-07-22 14:16 . 2011-07-22 14:16 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-22 14:11 . 2011-07-22 16:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-07-22 14:11 . 2011-07-22 14:11 -------- d-----w- c:\program files\AVAST Software
2011-07-22 13:31 . 2008-04-14 06:51 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2011-07-22 13:30 . 2011-07-22 13:30 -------- d-----w- c:\windows\EHome
2011-07-22 13:24 . 2008-04-14 05:44 58496 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2011-07-22 13:24 . 2008-04-14 05:44 58496 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-07-22 13:21 . 2011-07-22 15:17 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2011-07-22 13:20 . 2011-07-22 15:17 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-07-22 13:20 . 2011-07-22 13:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2011-07-22 13:20 . 2011-07-22 13:24 -------- d-----w- c:\documents and settings\petr\Data aplikací\DAEMON Tools Lite
2011-07-22 12:53 . 2011-07-22 12:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 11:17 . 2011-07-22 11:17 -------- d-----w- c:\documents and settings\petr\Data aplikací\URSoft
2011-07-22 11:16 . 2011-07-22 11:16 -------- d-----w- c:\program files\Your Uninstaller 2010
2011-07-20 09:15 . 2011-07-22 14:16 -------- d-----w- c:\documents and settings\Administrator
2011-07-19 20:14 . 2011-07-19 20:14 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-07-06 14:17 . 2011-07-06 14:17 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-06 14:17 . 2011-07-06 14:17 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-06 09:51 . 2008-04-14 06:51 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-07-06 09:51 . 2008-04-14 06:51 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-07-06 09:51 . 2008-04-14 12:00 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-07-06 09:51 . 2008-04-14 12:00 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 11:35 . 2010-08-09 18:24 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:32 . 2010-08-09 08:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2010-08-09 18:24 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2010-08-09 18:23 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2010-08-09 18:24 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2010-08-09 18:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 16:06 . 2010-08-09 18:24 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2010-08-09 18:23 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2010-08-09 18:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2010-08-09 18:23 385024 ----a-w- c:\windows\system32\html.iec
2011-07-06 14:17 . 2011-05-16 21:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 12:01 . 2011-02-16 14:59 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-26 17:40 120176 ----a-w- c:\program files\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" [2011-06-29 124216]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-06-22 968272]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-17 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-17 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-17 141336]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-12 19521056]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936]
"EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" [2010-03-10 201584]
"EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2010-03-10 407920]
"mwlDaemon"="c:\program files\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-26 349552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"iSyncData"="c:\program files\Acer\Android Manager\iSync.exe" [2010-01-08 407416]
"AndroidManager"="c:\program files\Acer\Android Manager\AML.exe" [2010-01-08 508280]
"iPatchData"="c:\program files\Acer\Updater\iUpdate.exe" [2010-11-30 489848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-8-9 704032]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-28 607584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:1029 /KBD:2 /dir:C:\Program
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [9.8.2010 13:00 17840]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [9.8.2010 13:00 15280]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [9.8.2010 13:00 58800]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [9.8.2010 20:25 321104]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [12.5.2011 11:59 247608]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [9.8.2010 13:08 260640]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [9.8.2010 12:44 243232]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [9.8.2010 20:25 61552]
R3 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [26.5.2010 19:41 305520]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13.2.2011 2:26 135664]
S2 McMPFSvc;McAfee Služba programu Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc --> c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9.8.2010 12:25 1691480]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [9.8.2010 12:26 82384]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13.2.2011 2:26 135664]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [10.6.2010 11:40 24448]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [10.6.2010 11:40 100992]
S3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\Drivers\S6000KNT.sys --> c:\windows\system32\Drivers\S6000KNT.sys [?]
S3 TP;TP;c:\docume~1\petr\LOCALS~1\Temp\TP.exe --> c:\docume~1\petr\LOCALS~1\Temp\TP.exe [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-22 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-02-27 15:50]
.
2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 00:25]
.
2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 00:25]
.
.
------- Doplňkový sken -------
.
uStart Page = my.daemon-search.com
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&m=aod255&r=0xph0211w205l04f4wul5w47j2u468
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
FF - ProfilePath - c:\documents and settings\petr\Data aplikací\Mozilla\Firefox\Profiles\jgty2dbu.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.6&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-sysdriver32.exe - c:\windows\sysdriver32.exe
HKLM-Run-sysdriver32_.exe - c:\windows\sysdriver32_.exe
HKLM-Run-systemup - c:\windows\systemup.exe
HKLM-Run-l1rezerv.exe - c:\windows\l1rezerv.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-22 19:13
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3312)
c:\program files\EgisTec MyWinLocker\x86\psdprotect.dll
c:\program files\EgisTec MyWinLocker\x86\sysenv.dll
c:\program files\EgisTec MyWinLocker\x86\XmlLite.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\BTNEIG~1.DLL
c:\windows\system32\wbtapi.dll
c:\windows\system32\btwpimif.dll
c:\windows\system32\btosif.dll
c:\windows\system32\btrez.dll
c:\windows\system32\btwicons.dll
c:\windows\system32\BtXpPanel.Dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wscntfy.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Launch Manager\LMworker.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-07-22 19:16:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-22 17:16
ComboFix2.txt 2011-07-22 16:32
.
Před spuštěním: Volných bajtů: 126 934 872 064
Po spuštění: Volných bajtů: 126 916 988 928
.
- - End Of File - - 1A54DCE0D1F6FC7A380E7D3567D39992

#8 Příspěvek od **stell** » 22 črc 2011 18:24

Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
File::
c:\windows\unrar.exe
Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"BootExecute"=hex(7):61,00,75,00,74,00,6f,00,63,00,68,00,65,00,63,00,6b,00,20,\
00,61,00,75,00,74,00,6f,00,63,00,68,00,6b,00,20,00,2a,00,00,00,4f,00,4f,00,\
44,00,42,00,53,00,00,00,00,00

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :
Obrázek

Po skonceni skenu vlož log čo ComboFix vytvorí

otee · #9 Příspěvek od **otee** » 22 črc 2011 18:44

ComboFix 11-07-22.02 - petr 22.07.2011 19:30:05.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1013.576 [GMT 2:00]
Spuštěný z: c:\documents and settings\petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\petr\Plocha\CFScript.txt
.
FILE ::
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\unrar.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-22 do 2011-07-22 )))))))))))))))))))))))))))))))
.
.
2011-07-22 14:16 . 2011-07-22 14:16 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-22 14:11 . 2011-07-22 16:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-07-22 14:11 . 2011-07-22 14:11 -------- d-----w- c:\program files\AVAST Software
2011-07-22 13:31 . 2008-04-14 06:51 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2011-07-22 13:30 . 2011-07-22 13:30 -------- d-----w- c:\windows\EHome
2011-07-22 13:24 . 2008-04-14 05:44 58496 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2011-07-22 13:24 . 2008-04-14 05:44 58496 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-07-22 13:21 . 2011-07-22 15:17 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2011-07-22 13:20 . 2011-07-22 15:17 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-07-22 13:20 . 2011-07-22 13:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2011-07-22 13:20 . 2011-07-22 13:24 -------- d-----w- c:\documents and settings\petr\Data aplikací\DAEMON Tools Lite
2011-07-22 12:53 . 2011-07-22 12:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 11:17 . 2011-07-22 11:17 -------- d-----w- c:\documents and settings\petr\Data aplikací\URSoft
2011-07-22 11:16 . 2011-07-22 11:16 -------- d-----w- c:\program files\Your Uninstaller 2010
2011-07-20 09:15 . 2011-07-22 14:16 -------- d-----w- c:\documents and settings\Administrator
2011-07-19 20:14 . 2011-07-19 20:14 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-07-06 14:17 . 2011-07-06 14:17 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-06 14:17 . 2011-07-06 14:17 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-06 09:51 . 2008-04-14 06:51 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-07-06 09:51 . 2008-04-14 06:51 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-07-06 09:51 . 2008-04-14 12:00 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-07-06 09:51 . 2008-04-14 12:00 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 11:35 . 2010-08-09 18:24 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:32 . 2010-08-09 08:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2010-08-09 18:24 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2010-08-09 18:23 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2010-08-09 18:24 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2010-08-09 18:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 16:06 . 2010-08-09 18:24 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2010-08-09 18:23 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2010-08-09 18:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2010-08-09 18:23 385024 ----a-w- c:\windows\system32\html.iec
2011-07-06 14:17 . 2011-05-16 21:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 12:01 . 2011-02-16 14:59 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-26 17:40 120176 ----a-w- c:\program files\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" [2011-06-29 124216]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-06-22 968272]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-17 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-17 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-17 141336]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-12 19521056]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936]
"EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" [2010-03-10 201584]
"EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2010-03-10 407920]
"mwlDaemon"="c:\program files\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-26 349552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"iSyncData"="c:\program files\Acer\Android Manager\iSync.exe" [2010-01-08 407416]
"AndroidManager"="c:\program files\Acer\Android Manager\AML.exe" [2010-01-08 508280]
"iPatchData"="c:\program files\Acer\Updater\iUpdate.exe" [2010-11-30 489848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-8-9 704032]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-28 607584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ a\0u\0t\0o\0c\0h\0e\0c\0k\0 \0a\0u\0t\0o\0c\0h\0k\0 \0*\0\0\0O\0O\0D\0B\0S\0\0\0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [9.8.2010 13:00 17840]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [9.8.2010 13:00 15280]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [9.8.2010 13:00 58800]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [9.8.2010 20:25 321104]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [12.5.2011 11:59 247608]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [9.8.2010 13:08 260640]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [9.8.2010 12:44 243232]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [9.8.2010 20:25 61552]
R3 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [26.5.2010 19:41 305520]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13.2.2011 2:26 135664]
S2 McMPFSvc;McAfee Služba programu Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc --> c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9.8.2010 12:25 1691480]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [9.8.2010 12:26 82384]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13.2.2011 2:26 135664]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [10.6.2010 11:40 24448]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [10.6.2010 11:40 100992]
S3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\Drivers\S6000KNT.sys --> c:\windows\system32\Drivers\S6000KNT.sys [?]
S3 TP;TP;c:\docume~1\petr\LOCALS~1\Temp\TP.exe --> c:\docume~1\petr\LOCALS~1\Temp\TP.exe [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-22 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-02-27 15:50]
.
2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 00:25]
.
2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 00:25]
.
.
------- Doplňkový sken -------
.
uStart Page = my.daemon-search.com
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&m=aod255&r=0xph0211w205l04f4wul5w47j2u468
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
FF - ProfilePath - c:\documents and settings\petr\Data aplikací\Mozilla\Firefox\Profiles\jgty2dbu.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.6&q=
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-22 19:36
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2044)
c:\program files\EgisTec MyWinLocker\x86\psdprotect.dll
c:\program files\EgisTec MyWinLocker\x86\sysenv.dll
c:\program files\EgisTec MyWinLocker\x86\XmlLite.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\BTNEIG~1.DLL
c:\windows\system32\wbtapi.dll
c:\windows\system32\btwpimif.dll
c:\windows\system32\btosif.dll
c:\windows\system32\btrez.dll
c:\windows\system32\btwicons.dll
c:\windows\system32\BtXpPanel.Dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wscntfy.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Launch Manager\LMworker.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-07-22 19:40:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-22 17:40
ComboFix2.txt 2011-07-22 16:32
.
Před spuštěním: Volných bajtů: 126 924 005 376
Po spuštění: Volných bajtů: 126 909 177 856
.
- - End Of File - - 3709E42A326B47EE158A6C10BD

#10 Příspěvek od **stell** » 22 črc 2011 19:02

tu su dajake zbytky s Mcafee firewal, odstranime to. ok
Toto je co za softver??
c:\program files\EgisTec MyWinLocker

otee · #11 Příspěvek od **otee** » 22 črc 2011 19:19

neco ohledně šifrování dám to pryč

#12 Příspěvek od **stell** » 22 črc 2011 19:22

nemusis, len som nevedel co to je
Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
Driver::
TP
McMPFSvc
ICQ Service
Folder::
c:\program files\Common Files\Mcafee
Rootkit::
c:\docume~1\petr\LOCALS~1\Temp\TP.exe

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :
Obrázek

Po skonceni skenu vlož log čo ComboFix vytvorí
[/code]

otee · #13 Příspěvek od **otee** » 22 črc 2011 19:52

ComboFix 11-07-22.02 - petr 22.07.2011 20:33:09.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1013.580 [GMT 2:00]
Spuštěný z: c:\documents and settings\petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\petr\Plocha\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ICQ_SERVICE
-------\Legacy_MCMPFSVC
-------\Legacy_TP
-------\Service_ICQ Service
-------\Service_McMPFSvc
-------\Service_TP
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-22 do 2011-07-22 )))))))))))))))))))))))))))))))
.
.
2011-07-22 14:16 . 2011-07-22 14:16 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-22 14:11 . 2011-07-22 18:25 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-07-22 14:11 . 2011-07-22 14:11 -------- d-----w- c:\program files\AVAST Software
2011-07-22 13:31 . 2008-04-14 06:51 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2011-07-22 13:30 . 2011-07-22 13:30 -------- d-----w- c:\windows\EHome
2011-07-22 13:24 . 2008-04-14 05:44 58496 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2011-07-22 13:24 . 2008-04-14 05:44 58496 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-07-22 13:21 . 2011-07-22 15:17 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2011-07-22 13:20 . 2011-07-22 15:17 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-07-22 13:20 . 2011-07-22 13:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2011-07-22 13:20 . 2011-07-22 13:24 -------- d-----w- c:\documents and settings\petr\Data aplikací\DAEMON Tools Lite
2011-07-22 12:53 . 2011-07-22 12:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 11:17 . 2011-07-22 11:17 -------- d-----w- c:\documents and settings\petr\Data aplikací\URSoft
2011-07-22 11:16 . 2011-07-22 11:16 -------- d-----w- c:\program files\Your Uninstaller 2010
2011-07-20 09:15 . 2011-07-22 14:16 -------- d-----w- c:\documents and settings\Administrator
2011-07-19 20:14 . 2011-07-19 20:14 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-07-06 14:17 . 2011-07-06 14:17 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-06 14:17 . 2011-07-06 14:17 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-06 09:51 . 2008-04-14 06:51 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-07-06 09:51 . 2008-04-14 06:51 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-07-06 09:51 . 2008-04-14 12:00 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-07-06 09:51 . 2008-04-14 12:00 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 11:35 . 2010-08-09 18:24 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:32 . 2010-08-09 08:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2010-08-09 18:24 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2010-08-09 18:23 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2010-08-09 18:24 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2010-08-09 18:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 16:06 . 2010-08-09 18:24 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2010-08-09 18:23 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2010-08-09 18:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2010-08-09 18:23 385024 ----a-w- c:\windows\system32\html.iec
2011-07-06 14:17 . 2011-05-16 21:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 12:01 . 2011-02-16 14:59 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-22_17.13.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-09 10:59 . 2011-07-22 18:21 327680 c:\windows\Installer\{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}\ARPPRODUCTICON.exe
- 2010-08-09 10:59 . 2010-08-09 10:59 327680 c:\windows\Installer\{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}\ARPPRODUCTICON.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-26 17:40 120176 ----a-w- c:\program files\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" [2011-06-29 124216]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-06-22 968272]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-17 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-17 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-17 141336]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-12 19521056]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936]
"EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" [2010-03-10 201584]
"EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2010-03-10 407920]
"mwlDaemon"="c:\program files\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-26 349552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"iSyncData"="c:\program files\Acer\Android Manager\iSync.exe" [2010-01-08 407416]
"AndroidManager"="c:\program files\Acer\Android Manager\AML.exe" [2010-01-08 508280]
"iPatchData"="c:\program files\Acer\Updater\iUpdate.exe" [2010-11-30 489848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-8-9 704032]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-28 607584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ a\0u\0t\0o\0c\0h\0e\0c\0k\0 \0a\0u\0t\0o\0c\0h\0k\0 \0*\0O\0O\0D\0B\0S
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [9.8.2010 13:00 17840]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [9.8.2010 13:00 15280]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [9.8.2010 13:00 58800]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [9.8.2010 20:25 321104]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [9.8.2010 13:08 260640]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [9.8.2010 12:44 243232]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [9.8.2010 20:25 61552]
R3 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [26.5.2010 19:41 305520]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13.2.2011 2:26 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9.8.2010 12:25 1691480]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [9.8.2010 12:26 82384]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13.2.2011 2:26 135664]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [10.6.2010 11:40 24448]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [10.6.2010 11:40 100992]
S3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\Drivers\S6000KNT.sys --> c:\windows\system32\Drivers\S6000KNT.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-22 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-02-27 15:50]
.
2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 00:25]
.
2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 00:25]
.
.
------- Doplňkový sken -------
.
uStart Page = my.daemon-search.com
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&m=aod255&r=0xph0211w205l04f4wul5w47j2u468
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 10.10.0.10 192.168.0.1
FF - ProfilePath - c:\documents and settings\petr\Data aplikací\Mozilla\Firefox\Profiles\jgty2dbu.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.6&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-SuiteTray - c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-22 20:46
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(660)
c:\program files\EgisTec MyWinLocker\x86\psdprotect.dll
c:\program files\EgisTec MyWinLocker\x86\sysenv.dll
c:\program files\EgisTec MyWinLocker\x86\XmlLite.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\BTNEIG~1.DLL
c:\windows\system32\wbtapi.dll
c:\windows\system32\btwpimif.dll
c:\windows\system32\btosif.dll
c:\windows\system32\btrez.dll
c:\windows\system32\btwicons.dll
c:\windows\system32\BtXpPanel.Dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wscntfy.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Launch Manager\LMworker.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-07-22 20:49:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-22 18:49
ComboFix2.txt 2011-07-22 17:40
ComboFix3.txt 2011-07-22 16:32
.
Před spuštěním: Volných bajtů: 126 642 143 232
Po spuštění: Volných bajtů: 126 621 757 440
.
- - End Of File - - 0324345C1886B71B465AF011EE4007F0

#14 Příspěvek od **stell** » 22 črc 2011 20:03

Vypni obnovu systemu, restart a zapnut spat.
1:odinstaluj combofix
2:Nainstaluj Antivirak[avast, Avira] http://www.viry.cz/forum/viewtopic.php?f=29&t=6152
Nainstaluj Firewall [pctools] http://www.viry.cz/forum/viewtopic.php? ... 36#p868836

A to je vsetko.

otee · #15 Příspěvek od **otee** » 22 črc 2011 20:06

mnohokrát ti děkuji ... jsi borec mno mám se co učit díky moc. bye

VIRY.CZ

moc prosííím o kontrolu logu je to urgentní

moc prosííím o kontrolu logu je to urgentní

Re: moc prosííím o kontrolu logu je to urgentní

Re: moc prosííím o kontrolu logu je to urgentní

Re: moc prosííím o kontrolu logu je to urgentní

Re: moc prosííím o kontrolu logu je to urgentní

Re: moc prosííím o kontrolu logu je to urgentní

Re: moc prosííím o kontrolu logu je to urgentní

Re: moc prosííím o kontrolu logu je to urgentní

Re: moc prosííím o kontrolu logu je to urgentní

Re: moc prosííím o kontrolu logu je to urgentní

Re: moc prosííím o kontrolu logu je to urgentní

Re: moc prosííím o kontrolu logu je to urgentní

Re: moc prosííím o kontrolu logu je to urgentní

Re: moc prosííím o kontrolu logu je to urgentní

Re: moc prosííím o kontrolu logu je to urgentní