FACEBOOK VÍR-Prosím o pomoc

Zpráva

Dominko777 · #1 Příspěvek od **Dominko777** » 24 črc 2011 23:45

Tu je log z HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:45:26, on 25.7.2011
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\ZSSnp211.exe
C:\WINDOWS\Domino.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrator\Desktop\ochrana\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP 2010\qip.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9297 bytes

#2 Příspěvek od **vyosek** » 24 črc 2011 23:51

Zdravim a pekny pozdni vecer preji

Nedavejte prosim logy do code

Dejte log z RSIT - viz muj podpis - je podrobnejsi nez HJT

Dominko777 · #3 Příspěvek od **Dominko777** » 24 črc 2011 23:56

Aj tebe a prepáč to je zvyk z jedného fóra kde je to potrebné..

Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2011-07-25 00:55:37
Systém Microsoft Windows XP Professional Service Pack 3, v.3264
System drive C: has 2 GB (11%) free of 20 GB
Total RAM: 1023 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:55:41, on 25.7.2011
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\ZSSnp211.exe
C:\WINDOWS\Domino.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrator\Desktop\ochrana\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP 2010\qip.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9600 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1757981266-1454471165-1606980848-500.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1757981266-1454471165-1606980848-500.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-04-15 341600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-09 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"H2O"=C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2005-10-23 385024]
"ZSSnp211"=C:\WINDOWS\ZSSnp211.exe [2006-08-19 49152]
"Domino"=C:\WINDOWS\Domino.exe [2006-08-18 49152]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-04-15 202256]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2010-06-23 1043968]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-03-21 1230704]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-09-25 90112]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2011-03-07 89456]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2011-06-15 307200]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2007-12-01 15360]
"Infium"=C:\Program Files\QIP 2010\qip.exe [2011-02-01 5856640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-12-17 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0xBD000000
"NoSMConfigurePrograms"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe"="C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.VP60"=vp6vfw.dll
"VIDC.VP61"=vp6vfw.dll
"VIDC.VP62"=vp6vfw.dll
"VIDC.VP70"=vp7vfw.dll
"msacm.divxa32"=divxa32.acm
"VIDC.X264"=x264vfw.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.HFYU"=huffyuv.dll
"vidc.i263"=i263_32.drv
"VIDC.YV12"=DivX.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"MSVideo8"=VfWWDM32.dll
"msacm.vorbis"=vorbis.acm
"vidc.DIVX"=DivX.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv

======File associations======

.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2011-07-22 17:31:39 ----D---- C:\Documents and Settings\All Users\Application Data\MyHeritage
2011-07-22 17:31:39 ----D---- C:\Documents and Settings\Administrator\Application Data\MyHeritage
2011-07-22 17:30:59 ----D---- C:\Program Files\MyHeritage
2011-07-18 21:02:26 ----A---- C:\Documents and Settings\Administrator\Application Data\burnaware.ini
2011-07-18 21:00:34 ----D---- C:\Program Files\BurnAware Free
2011-07-07 18:34:58 ----A---- C:\WINDOWS\game.ini
2011-07-07 16:02:39 ----D---- C:\Program Files\PowerISO

======List of files/folders modified in the last 1 month======

2011-07-25 00:55:41 ----D---- C:\WINDOWS\Prefetch
2011-07-25 00:55:40 ----D---- C:\Program Files\trend micro
2011-07-25 00:45:35 ----D---- C:\WINDOWS\Internet Logs
2011-07-25 00:21:10 ----D---- C:\WINDOWS\Temp
2011-07-25 00:20:16 ----D---- C:\Program Files\QIP 2010
2011-07-25 00:19:57 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-25 00:09:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-25 00:05:10 ----D---- C:\Documents and Settings\Administrator\Application Data\Skype
2011-07-22 17:40:37 ----D---- C:\WINDOWS\system32
2011-07-22 17:40:37 ----D---- C:\WINDOWS
2011-07-22 17:30:59 ----RD---- C:\Program Files
2011-07-20 02:42:39 ----D---- C:\Documents and Settings\Administrator\Application Data\vlc
2011-07-19 21:42:21 ----SHD---- C:\WINDOWS\CSC
2011-07-18 20:55:18 ----HD---- C:\Config.Msi
2011-07-18 20:28:07 ----SHD---- C:\WINDOWS\Installer
2011-07-18 20:27:59 ----D---- C:\Program Files\Nero
2011-07-18 20:27:53 ----D---- C:\Program Files\Common Files
2011-07-18 09:56:04 ----SD---- C:\WINDOWS\Tasks
2011-07-11 11:29:48 ----D---- C:\TRANSLAT
2011-07-07 18:39:27 ----HD---- C:\Program Files\InstallShield Installation Information
2011-07-07 18:39:14 ----HD---- C:\WINDOWS\inf
2011-07-07 18:38:18 ----D---- C:\WINDOWS\system32\DirectX
2011-07-07 16:02:39 ----D---- C:\WINDOWS\system32\drivers
2011-07-01 19:59:30 ----RD---- C:\Program Files\Skype
2011-07-01 19:59:28 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2011-07-01 19:59:06 ----D---- C:\Documents and Settings\All Users\Application Data\Easybits GO
2011-07-01 19:58:56 ----D---- C:\Documents and Settings\Administrator\Application Data\go
2011-06-28 20:09:24 ----D---- C:\Program Files\Opera
2011-06-28 13:43:45 ----D---- C:\Documents and Settings\All Users\Application Data\Skype Extras

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-06-10 45648]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-06-13 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2010-12-17 31088]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2007-11-30 36352]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2011-06-15 60156]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2010-05-13 532224]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-05 141312]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-07-19 34048]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-12-17 1918464]
R3 CLEDX;Team H2O CLEDX service; C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-10-23 33792]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2007-11-30 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 393088]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2007-11-30 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2007-11-30 32128]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2007-11-30 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2007-11-30 20608]
R3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2011-01-15 30208]
R3 ZSMC211;USB PC Camera (ZS0211); C:\WINDOWS\System32\Drivers\ZS211.sys [2006-08-08 391836]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2007-11-30 14592]
S3 adl8zdk9;adl8zdk9; C:\WINDOWS\system32\drivers\adl8zdk9.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2007-11-30 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 GGSAFERDriver;GGSAFER Driver; \??\D:\Garena\safedrv.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-11-03 25280]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-22 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-22 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-22 21744]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2007-11-30 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2007-11-30 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2007-11-30 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2007-11-30 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2007-11-30 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2007-11-30 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2007-11-30 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2007-11-30 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-12-17 434176]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-02 153376]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2010-06-23 2435592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2007-12-01 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-12-20 520192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-09-28 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

#4 Příspěvek od **vyosek** » 24 črc 2011 23:59

Mohl bych vedet nazev toho fora - resil jste problem jiz tam

Uvolnete volne misto na disku alespon na 5 giga, jinak se system udusi

Dominko777 · #5 Příspěvek od **Dominko777** » 25 črc 2011 00:07

Fórum war-board.net a problém som tam nezačal riešiť z dôvodu toho, že na viry.cz som sa dočítal o chybe ktorá je tu aj aktívne a rýchlo riešená

Systém už má priestor viac ako 5GB

#6 Příspěvek od **vyosek** » 25 črc 2011 00:12

Dominko777 píše:som sa dočítal o chybe ktorá je tu aj aktívne a rýchlo riešená

O jake chybe prosim

Jsem nejak mimo

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich
motji píše: Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Ted nerestartujte PC - prisli byste o ucinek RKillu

Aplikujte exeHelper by Raktor

Linky ke stazeni
- COM soubor http://vyosek.ic.cz/BE/exeHelper.com
- SCR soubor http://vyosek.ic.cz/BE/exeHelper.scr
Utilitu staci spustit jako Spravce (klik pravym mysidlem), probehne oprava a vznikne log exehelperlog.txt

Aplikujte RogueKiller

stell píše: pouzijes RogueKiller>.spustis>>stlac 2> [enter] log vloz sem
http://www.viry.cz/forum/viewtopic.php? ... 05#p981205

Jeste znovu RogueKiller ale nyni s moznosti 3 a pote jeste jednou s moznosti 4

RKill, eXeHelper i RogueKiller by mely udelat logy, vlozte mi je sem

Dominko777 · #7 Příspěvek od **Dominko777** » 25 črc 2011 01:01

Chybe na facebooku- "Hi.How are you"-Netuším ako som sa mohol infikovať ale radšej to čo najskôr riešim-hlavný problém je ZATIAĽ u mňa ten že tento bot odosiela tento vírus ostatným priateľom číže sa veľmi rýchlo šíri..
Prvý krát mi táto správa prišla od mojej priateľky no samozrejme ako kopa iných poškodených som na tú správu odpísal..Nič sa nedialo..(neznáme linky si nevšímam a neotváram ich)..No dnes som sa snažil prihlásiť z priateľkinho pc na FB a v momente ako som klikol prihlásiť- správa "Hi.How are you" sa začala odosielať aj z mojeho konta..A dokonca sa mi vtej chvíli ani FB nespustil-spustila sa iba hlavná strana ktorá hlásila akúsi chybu...

RKill log
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 25.07.2011 at 1:48:08.
Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:

C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\grpconv.exe

Rkill completed on 25.07.2011 at 1:48:44.

eXeHelper log
exeHelper by Raktor
Build 20100414
Run at 01:50:06 on 07/25/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

RogueKiller log
RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3, v.3264) 32 bits version
Started in : Normal mode
User: Administrator [Admin rights]
Mode: Remove -- Date : 07/25/2011 01:52:41

Bad processes: 2
[SUSP PATH] ZSSnp211.EXE -- c:\windows\zssnp211.exe -> KILLED
[SUSP PATH] Domino.EXE -- c:\windows\domino.exe -> KILLED

Registry Entries: 4
[SUSP PATH] HKLM\[...]\Run : ZSSnp211 (C:\WINDOWS\ZSSnp211.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : Domino (C:\WINDOWS\Domino.exe) -> DELETED
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

HOSTS File:
˙ţ1

Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3, v.3264) 32 bits version
Started in : Normal mode
User: Administrator [Admin rights]
Mode: HOSTSFix -- Date : 07/25/2011 01:53:49

Bad processes: 0

HOSTS File:
˙ţ1

Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3, v.3264) 32 bits version
Started in : Normal mode
User: Administrator [Admin rights]
Mode: ProxyFix -- Date : 07/25/2011 01:54:10

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

#8 Příspěvek od **vyosek** » 25 črc 2011 03:13

Super, jdeme dale

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Dominko777 · #9 Příspěvek od **Dominko777** » 25 črc 2011 16:33

Log z ComboFix

ComboFix 11-07-25.02 - Administrator 25.07.2011 14:18:28.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1023.480 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 091231-0] *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
C:\Install.exe
C:\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-06-25 to 2011-07-25 )))))))))))))))))))))))))))))))
.
.
2011-07-22 15:31 . 2011-07-22 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\MyHeritage
2011-07-22 15:31 . 2011-07-22 15:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\MyHeritage
2011-07-22 15:31 . 1998-06-23 22:00 137000 ----a-w- c:\windows\system32\msmapi32.ocx
2011-07-22 15:30 . 2011-07-22 15:40 -------- d-----w- c:\program files\MyHeritage
2011-07-18 19:00 . 2011-07-18 19:00 -------- d-----w- c:\program files\BurnAware Free
2011-07-11 07:04 . 2011-07-11 07:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-07 14:02 . 2011-07-07 14:02 -------- d-----w- c:\program files\PowerISO
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-15 08:23 . 2011-06-15 08:23 60156 ----a-w- c:\windows\system32\drivers\scdemu.sys
2011-06-10 11:27 . 2009-10-30 09:54 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-09-03 17:37 . 2009-09-03 17:37 10437264 ----a-w- c:\program files\opera\program\plugins\PDFNetC.dll
2009-09-03 17:58 . 2009-09-03 17:58 107760 ----a-w- c:\program files\opera\program\plugins\ScorchPDFWrapper.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.

[-] 2008-03-27 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Infium"="c:\program files\QIP 2010\qip.exe" [2011-02-01 5856640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-15 202256]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2011-06-15 307200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-11-30 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-08-13 123904]
"_nltide_3"="advpack.dll" [2007-08-13 123904]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.7.2009 23:18 691696]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [24.6.2009 15:46 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.6.2009 15:46 20560]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [24.6.2009 15:36 34048]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [21.7.2009 0:09 33792]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\d:\garena\safedrv.sys --> d:\garena\safedrv.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [25.3.2010 10:25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1757981266-1454471165-1606980848-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
2011-07-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1757981266-1454471165-1606980848-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.myheritage.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://search.myheritage.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Download Using &BitSpirit - c:\program files\BitSpirit\bsurl.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Application Data\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Application Data\LangSoft\WebIE.dll
TCP: DhcpNameServer = 195.34.133.21 192.168.0.1
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-CToolbar_UNINSTALL - c:\progra~1\Crawler\Toolbar\CToolbar.exe
AddRemove-HijackThis - d:\záloha\PROGRAMY\Ochrana\HiJackThis\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-25 14:26
Windows 5.1.2600 Service Pack 3, v.3264 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HDS728080PLAT20 rev.PF2OA2AA -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-4
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x85EE1D01]<<
c:\docume~1\ADMINI~1\LOCALS~1\Temp\catchme.sys
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x50; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x8471585b; SUB DWORD [EBP-0x4], 0x8471512e; PUSH EDI; CALL 0xffffffffffffe0f7; }
1 nt!IofCallDriver[0x804E1397] -> \Device\Harddisk0\DR0[0x866B2AB8]
3 CLASSPNP[0xF786FFD7] -> nt!IofCallDriver[0x804E1397] -> \Device\0000006c[0x866B5F18]
5 ACPI[0xF76DB620] -> nt!IofCallDriver[0x804E1397] -> [0x866B4D98]
[0x8630CDA0] -> IRP_MJ_CREATE -> 0x85EE1D01
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskHDS728080PLAT20_________________________PF2OA2AA#5&20f2915f&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x85EE1AEA
user & kernel MBR OK
sectors 160836478 (+255): user != kernel
Warning: possible TDL3 rootkit infection !
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(872)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-07-25 14:31:50
ComboFix-quarantined-files.txt 2011-07-25 12:31
.
Pre-Run: 5 770 924 032 bytes free
Post-Run: 5 721 640 960 voľných bajtov
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 711E00A8812160EBAD3E6832D012C243

#10 Příspěvek od **vyosek** » 25 črc 2011 16:38

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

Utilitu spustte a prikazte ji, at skenuje - klik na Start Scan
Pokud utilita najde infikekci, bude ji chtit lecit (Cure), povolte leceni kliknutim na Continue
Pokud utilita najde podezrely soubor (suspicious), bude jej chtit preskocit (Skip), povolte preskoceni kliknutim na Continue
Po dokonceni skenu bude mozna nutny restart PC, povolte jej kliknutim na Reboot now
Po restartu na Vas vyskoci log, pokud se tak nestane, najdete jej primo na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt - jeho obsah sem vlozte
Pokud restart nebude vyzadovan, kliknete na Close a nasledne na Report - vytvori se log - jeho obsah sem vlozte

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Restore::
c:\windows\system32\drivers\tcpip.sys

SRPeek::
c:\windows\system32\drivers\tcpip.sys

Mia::
c:\windows\system32\drivers\tcpip.sys

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"TkBellExe"=-
"DivXUpdate"=-
"PWRISOVM.EXE"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Security Providers]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

File::
c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1757981266-1454471165-1606980848-500.job
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1757981266-1454471165-1606980848-500.job

DDS::
uStart Page = hxxp://search.myheritage.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://search.myheritage.com

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Dominko777 · #11 Příspěvek od **Dominko777** » 25 črc 2011 17:11

TDSSKiller log

2011/07/25 17:41:09.0750 1668 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/25 17:41:10.0015 1668 ================================================================================
2011/07/25 17:41:10.0015 1668 SystemInfo:
2011/07/25 17:41:10.0015 1668
2011/07/25 17:41:10.0015 1668 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/25 17:41:10.0015 1668 Product type: Workstation
2011/07/25 17:41:10.0015 1668 ComputerName: MORPHEUS
2011/07/25 17:41:10.0015 1668 UserName: Administrator
2011/07/25 17:41:10.0015 1668 Windows directory: C:\WINDOWS
2011/07/25 17:41:10.0015 1668 System windows directory: C:\WINDOWS
2011/07/25 17:41:10.0015 1668 Processor architecture: Intel x86
2011/07/25 17:41:10.0015 1668 Number of processors: 2
2011/07/25 17:41:10.0015 1668 Page size: 0x1000
2011/07/25 17:41:10.0015 1668 Boot type: Normal boot
2011/07/25 17:41:10.0015 1668 ================================================================================
2011/07/25 17:41:10.0921 1668 Initialize success
2011/07/25 17:41:15.0140 3128 ================================================================================
2011/07/25 17:41:15.0140 3128 Scan started
2011/07/25 17:41:15.0140 3128 Mode: Manual;
2011/07/25 17:41:15.0140 3128 ================================================================================
2011/07/25 17:41:16.0328 3128 Aavmker4 (7e9ac7c353e49ea7e8b53c64c9814c27) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/07/25 17:41:16.0562 3128 ACPI (15634a4d4371423ad438b93ee0519cb8) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/25 17:41:16.0671 3128 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/25 17:41:16.0765 3128 ADIHdAudAddService (d392183cc5379e302e50ceba635248eb) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/07/25 17:41:16.0921 3128 AEAudioService (9f59ae2de835641fbb0c6afd80d8fa9b) C:\WINDOWS\system32\drivers\AEAudio.sys
2011/07/25 17:41:17.0000 3128 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/25 17:41:17.0093 3128 AFD (e5d9213212ed08dc5f985049f7c68c09) C:\WINDOWS\System32\drivers\afd.sys
2011/07/25 17:41:17.0765 3128 aswFsBlk (b4d09e666cb1d72f2cfab3f8fb395518) C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
2011/07/25 17:41:17.0843 3128 aswMon2 (9c9a6c6e8805c43c372ad9aabea39fd9) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/07/25 17:41:17.0921 3128 aswRdr (4f25bb4a1299006ac04fa02d25a0e62d) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/07/25 17:41:18.0015 3128 aswSP (f8abcec435cb0f918c12fd84b6eaee11) C:\WINDOWS\system32\drivers\aswSP.sys
2011/07/25 17:41:18.0078 3128 aswTdi (95c9ccf994e7c39322aa2ca44a6f8382) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/07/25 17:41:18.0156 3128 AsyncMac (0d4681f78a20b50d691a4f3c9f75eb41) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/25 17:41:18.0234 3128 atapi (335bb30ed68cf3dc0ee2bddb438b6a9b) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/25 17:41:18.0375 3128 AtcL001 (855983087b52c9f16967fe8c290813ee) C:\WINDOWS\system32\DRIVERS\atl01_xp.sys
2011/07/25 17:41:18.0921 3128 ati2mtag (633d22a45283762dc05989751cc1397c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/07/25 17:41:19.0421 3128 Atmarpc (ecf89e5bd58e3a3cc2e7db0f0d9f6c6c) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/25 17:41:19.0609 3128 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/25 17:41:19.0843 3128 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/25 17:41:20.0250 3128 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/25 17:41:20.0453 3128 CCDECODE (6bd9cefa0aac17ee93f277e5b9bef716) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/07/25 17:41:20.0687 3128 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/25 17:41:20.0765 3128 Cdfs (b7b2efd695bb6e937eb3e5b5465b6f47) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/25 17:41:20.0859 3128 Cdrom (1f29616b1fc4d66a988cf97531bcf729) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/25 17:41:21.0000 3128 CLEDX (b53f9635457b56dcffef750e18aec6cb) C:\WINDOWS\system32\DRIVERS\cledx.sys
2011/07/25 17:41:21.0343 3128 Disk (023712144c69e60fcb662cda2715bf16) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/25 17:41:21.0437 3128 dmboot (1e5c89a65465f6d9674898eb4989cb86) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/25 17:41:21.0546 3128 dmio (6cf151f832ec417ffaf68f20ed7d39fb) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/25 17:41:21.0609 3128 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/25 17:41:21.0718 3128 DMusic (c561840c22148f5affb659d547efdbb0) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/25 17:41:21.0859 3128 drmkaud (c13ee685aa1a8950146f7f968eb090bd) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/25 17:41:22.0062 3128 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2011/07/25 17:41:22.0171 3128 Fastfat (f696cf49c72f50ea0c1038c2daa98a00) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/25 17:41:22.0296 3128 Fdc (650fa0d37498f9e2b201a09dbca0b85b) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/25 17:41:22.0359 3128 Fips (74947fd2d6a9151c0bb9c72bdaf0e894) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/25 17:41:22.0453 3128 Flpydisk (3b8607a2bf5aec3dab18cf3612c07c1d) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/25 17:41:22.0546 3128 FltMgr (87ec219a7ae5553144e2086d2d7daa8a) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/07/25 17:41:22.0640 3128 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/25 17:41:22.0703 3128 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/25 17:41:22.0796 3128 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/07/25 17:41:22.0875 3128 Gpc (9479c26a5691ccea495e2438ef11c948) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/25 17:41:22.0968 3128 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/07/25 17:41:23.0046 3128 HDAudBus (cbc3def409549672b915fb9403d63f74) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/07/25 17:41:23.0156 3128 hidusb (5f845228561e9545edc6f9ebfa15d338) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/25 17:41:23.0312 3128 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/07/25 17:41:23.0406 3128 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/07/25 17:41:23.0484 3128 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/07/25 17:41:23.0562 3128 HTTP (681afd0f5d6a12be948181b11a7f80a6) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/25 17:41:23.0781 3128 i8042prt (30abe7000df369d8b1c4174429260aad) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/25 17:41:23.0859 3128 Imapi (e32bf30d20b5c162775f9a3451e87b67) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/25 17:41:24.0093 3128 intelppm (b3731ca1bdb32f83c817263646c31c15) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/25 17:41:24.0171 3128 Ip6Fw (ef9bb587e33c2c245b5b83e882501ff6) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/07/25 17:41:24.0250 3128 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/25 17:41:24.0328 3128 IpInIp (30aba7a3f81e4b76c963cd6caa23cb49) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/25 17:41:24.0406 3128 IpNat (eeb5787bd1445c8dc592f40691781774) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/25 17:41:24.0500 3128 IPSec (bfea19daff955239a16a80c3cdf64fbe) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/25 17:41:24.0593 3128 IRENUM (64e28d94089cff1c3c77f02f99ffac3f) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/25 17:41:24.0687 3128 isapnp (81a40a1118265dfc09c036f7776ebcc0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/25 17:41:24.0796 3128 Kbdclass (4ff969b48f320f6ce0b07247069c4c22) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/25 17:41:24.0859 3128 kbdhid (0cded60b750cb5023e901f1fe4e15556) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/07/25 17:41:24.0953 3128 kmixer (55e8d7039254728e9f071118184ff53b) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/25 17:41:25.0015 3128 KSecDD (23ea4c1a4ca28fd766ed2d3a5beaee3f) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/25 17:41:25.0187 3128 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/25 17:41:25.0265 3128 Modem (add0bb36498e4da9b1b6a3e201b60a18) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/25 17:41:25.0343 3128 Mouclass (e70558b84cb0cb9c739cc48ead2a4323) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/25 17:41:25.0437 3128 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/25 17:41:25.0515 3128 MountMgr (07be8cafd246a7dfb7fd4a387e936e92) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/25 17:41:25.0796 3128 MRxDAV (ac816eff53bca79369f0b8643165368c) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/25 17:41:26.0015 3128 MRxSmb (73484c0377fefa76a4ddd48112ec93a3) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/25 17:41:26.0125 3128 Msfs (4d563545581e72c477ab00741b119853) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/25 17:41:26.0218 3128 MSKSSRV (b16206732e541c04c1860d84447ef5bf) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/25 17:41:26.0296 3128 MSPCLOCK (bd33cfa58c156cbd5419a87c3a4cd0b2) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/25 17:41:26.0390 3128 MSPQM (a7ec2f88fae0f03252a60950660cc3e1) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/25 17:41:26.0484 3128 mssmbios (f41814fd8811b2ba2a43a79aa8cce82a) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/25 17:41:26.0546 3128 MSTEE (330d6d5dd6a02b8de42e3e80646b0bf5) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/07/25 17:41:26.0625 3128 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2011/07/25 17:41:26.0765 3128 Mup (2bb00d68cc9fbda1ee3d9bab9e4fd620) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/25 17:41:26.0859 3128 NABTSFEC (da2fc70d610c065325612735e7356756) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/07/25 17:41:26.0937 3128 NDIS (d1b364f049eb84a883c8a45d3b92ff3b) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/25 17:41:27.0015 3128 NdisIP (d4c3610766da2367e0d219969a1bcaee) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/07/25 17:41:27.0125 3128 NdisTapi (7d0d0f2bf199c2df0a9d1b01406168ac) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/25 17:41:27.0187 3128 Ndisuio (e8969046dc350ecd1e9209dfe341c170) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/25 17:41:27.0281 3128 NdisWan (266fded9836490ff227ad13e677ba4fb) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/25 17:41:27.0375 3128 NDProxy (5aa58d218431c79e36a4878f18414637) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/25 17:41:27.0437 3128 NetBIOS (c70b403d8158e11bf0d43d5b153cbe6b) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/25 17:41:27.0546 3128 NetBT (c181e1f7a2a251b7af6352dcbd8457f3) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/25 17:41:27.0703 3128 Npfs (20c123afc574abf76ba35d39c26ae6df) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/25 17:41:27.0796 3128 Ntfs (34a993d7e519364f5d548b5726917753) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/25 17:41:27.0875 3128 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/25 17:41:27.0968 3128 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/25 17:41:28.0046 3128 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/25 17:41:28.0140 3128 Parport (10572a94d8978619ce4845fe8595c9a5) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/07/25 17:41:28.0218 3128 PartMgr (67075da61516adedd710a9da6c6c8acb) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/25 17:41:28.0312 3128 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/25 17:41:28.0390 3128 PCI (f3cebed46dc3a7f1758745c1d1fa5fcf) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/25 17:41:28.0531 3128 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/25 17:41:28.0640 3128 Pcmcia (1ec157cb90d06455d67c007ada4973ac) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/25 17:41:29.0156 3128 PptpMiniport (87d6a848dc367056778168d40a6f1a70) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/25 17:41:29.0250 3128 PSched (8dc29e493cce832784a60bf7c120f132) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/25 17:41:29.0328 3128 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/25 17:41:29.0437 3128 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/25 17:41:29.0859 3128 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/25 17:41:29.0937 3128 Rasl2tp (dbc6aeda3111edaf60948fc063565006) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/25 17:41:30.0000 3128 RasPppoe (96467fc3e135f0b174b8978bd8ce69f9) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/25 17:41:30.0093 3128 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/25 17:41:30.0187 3128 Rdbss (1116a775bfa71f2c13f3d420da455ff2) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/25 17:41:30.0250 3128 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/25 17:41:30.0328 3128 rdpdr (9b7b9221177c83c7cbfd20b4b67f23dc) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/07/25 17:41:30.0437 3128 RDPWD (0cd1bda7f6848e4de4eed3d36874ffb5) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/25 17:41:30.0531 3128 redbook (11540f52cbc8a4c97467579bbf7ffae2) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/25 17:41:30.0640 3128 SCDEmu (9feb2026a460916d1a1198b460632630) C:\WINDOWS\system32\drivers\SCDEmu.sys
2011/07/25 17:41:30.0750 3128 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/25 17:41:30.0843 3128 SenFiltService (eca77beeb2be8d573cf1b265e44fbfbd) C:\WINDOWS\system32\drivers\Senfilt.sys
2011/07/25 17:41:30.0937 3128 serenum (de23787927cb72533d4869855e955329) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/25 17:41:31.0015 3128 Serial (471168d4b9adfd1f9e692f8779455188) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/25 17:41:31.0109 3128 Sfloppy (dc495a349dfd94fbfe4cf0689ed647b2) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/25 17:41:31.0250 3128 SLIP (70b574953c6062f28c3dcf2394c7ddde) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/07/25 17:41:31.0390 3128 splitter (e477a633ea2d387788879a30666e5998) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/25 17:41:31.0500 3128 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2011/07/25 17:41:31.0500 3128 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/07/25 17:41:31.0500 3128 sptd - detected LockedFile.Multi.Generic (1)
2011/07/25 17:41:31.0593 3128 Sr (8ec0ec1508d5c0dc9f0a46b264b41bff) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/25 17:41:31.0687 3128 Srv (388a576b405fd4c8a4886aa872e8e0f1) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/25 17:41:31.0781 3128 streamip (fc2870338f6a08a562d6bef72e66f478) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/07/25 17:41:31.0890 3128 swenum (a5491f57e70167a10ed40e19d36edd13) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/25 17:41:31.0984 3128 swmidi (5f8ab2829c52609e03560725eaf167f9) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/25 17:41:32.0359 3128 sysaudio (feaee2df25f435c153756707321bbf46) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/25 17:41:32.0453 3128 Tcpip (c63c3555d3da43ef112b62d7da0d45cd) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/25 17:41:32.0453 3128 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\tcpip.sys. Real md5: c63c3555d3da43ef112b62d7da0d45cd, Fake md5: 90caff4b094573449a0872a0f919b178
2011/07/25 17:41:32.0468 3128 Tcpip - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/07/25 17:41:32.0546 3128 TDPIPE (76afdfea26d4cb16e81fa32a22c34376) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/25 17:41:32.0625 3128 TDTCP (2fc82251c9e895aa48624ebe05e5774e) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/25 17:41:32.0765 3128 TermDD (4e55b6f75ad92f13d6abbf8d767cbcec) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/25 17:41:32.0937 3128 Udfs (90374e55f93f2883377902cb9cbfc6db) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/25 17:41:33.0062 3128 Update (415c2a770f4b6932308f9de7b19b3139) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/25 17:41:33.0156 3128 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/07/25 17:41:33.0234 3128 usbaudio (b24cff43deb7ac8f2ac0f2fb8a4ce16d) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/07/25 17:41:33.0312 3128 usbccgp (9a0a8be756bd7a9bad4a3d0e9fa7bd79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/25 17:41:33.0375 3128 usbehci (d37fee874b49d951f68e788d40d8c196) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/25 17:41:33.0468 3128 usbhub (8167383fe00199108f63269c2b8a99e1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/25 17:41:33.0546 3128 usbprint (14caa438f4ebd12dbd43db0273bc0fdc) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/25 17:41:33.0656 3128 usbscan (5be9c3f196c607aaa072ed660f9c0423) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/25 17:41:33.0765 3128 usbstor (e3eef7ae5105a9f99b1807031edb4171) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/25 17:41:33.0828 3128 usbuhci (b02addb9a345cbae360a29b2865c36a1) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/25 17:41:33.0906 3128 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\WINDOWS\system32\DRIVERS\VClone.sys
2011/07/25 17:41:34.0000 3128 VgaSave (cc1f0dd100f577e9b029547fee285813) C:\WINDOWS\System32\drivers\vga.sys
2011/07/25 17:41:34.0140 3128 VolSnap (2abf037f9d447424b58d73706b55b762) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/25 17:41:34.0234 3128 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
2011/07/25 17:41:34.0343 3128 Wanarp (8794191476e6b93161baaa136e309454) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/25 17:41:34.0484 3128 wdmaud (cf66393a0b2e361503bf381ac013b34a) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/25 17:41:34.0687 3128 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/07/25 17:41:34.0843 3128 WSTCODEC (330029931eb8e3384cbc4c10880d5b14) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/07/25 17:41:34.0921 3128 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/25 17:41:35.0000 3128 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/25 17:41:35.0109 3128 ZSMC211 (acba895b45e65232ad54ad7d71ec542f) C:\WINDOWS\system32\Drivers\ZS211.sys
2011/07/25 17:41:35.0140 3128 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/07/25 17:41:35.0250 3128 Boot (0x1200) (9b3e364b9b66ed8d6be80c44cd8a2a8b) \Device\Harddisk0\DR0\Partition0
2011/07/25 17:41:35.0265 3128 Boot (0x1200) (103c26c6b5d2371d143554cd7997de85) \Device\Harddisk0\DR0\Partition1
2011/07/25 17:41:35.0265 3128 ================================================================================
2011/07/25 17:41:35.0265 3128 Scan finished
2011/07/25 17:41:35.0265 3128 ================================================================================
2011/07/25 17:41:35.0265 0736 Detected object count: 2
2011/07/25 17:41:35.0265 0736 Actual detected object count: 2
2011/07/25 17:42:49.0015 0736 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/07/25 17:42:49.0109 0736 Tcpip (c63c3555d3da43ef112b62d7da0d45cd) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/25 17:42:49.0109 0736 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\tcpip.sys. Real md5: c63c3555d3da43ef112b62d7da0d45cd, Fake md5: 90caff4b094573449a0872a0f919b178
2011/07/25 17:42:49.0343 0736 Backup copy not found, trying to cure infected file..
2011/07/25 17:42:49.0343 0736 Cure success, using it..
2011/07/25 17:42:49.0359 0736 C:\WINDOWS\system32\DRIVERS\tcpip.sys - will be cured after reboot
2011/07/25 17:42:49.0359 0736 Rootkit.Win32.TDSS.tdl3(Tcpip) - User select action: Cure
2011/07/25 17:42:58.0437 2184 Deinitialize success

ComboFix log

ComboFix 11-07-25.02 - Administrator 25.07.2011 17:55:21.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1023.419 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 091231-0] *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
FILE ::
"c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1757981266-1454471165-1606980848-500.job"
"c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1757981266-1454471165-1606980848-500.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1757981266-1454471165-1606980848-500.job
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1757981266-1454471165-1606980848-500.job
.
c:\windows\system32\drivers\tcpip.sys . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2011-06-25 to 2011-07-25 )))))))))))))))))))))))))))))))
.
.
2011-07-25 15:44 . 2011-07-25 15:44 -------- d-----w- c:\windows\system32\xircom
2011-07-25 15:44 . 2011-07-25 15:44 -------- d-----w- c:\windows\system32\wbem\snmp
2011-07-25 15:44 . 2011-07-25 15:44 -------- d-----w- c:\program files\microsoft frontpage
2011-07-22 15:31 . 2011-07-22 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\MyHeritage
2011-07-22 15:31 . 2011-07-22 15:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\MyHeritage
2011-07-22 15:31 . 1998-06-23 22:00 137000 ----a-w- c:\windows\system32\msmapi32.ocx
2011-07-22 15:30 . 2011-07-22 15:40 -------- d-----w- c:\program files\MyHeritage
2011-07-18 19:00 . 2011-07-18 19:00 -------- d-----w- c:\program files\BurnAware Free
2011-07-11 07:04 . 2011-07-11 07:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-07 14:02 . 2011-07-07 14:02 -------- d-----w- c:\program files\PowerISO
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-25 15:44 . 2008-03-27 17:52 360064 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-15 08:23 . 2011-06-15 08:23 60156 ----a-w- c:\windows\system32\drivers\scdemu.sys
2011-06-10 11:27 . 2009-10-30 09:54 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-09-03 17:37 . 2009-09-03 17:37 10437264 ----a-w- c:\program files\opera\program\plugins\PDFNetC.dll
2009-09-03 17:58 . 2009-09-03 17:58 107760 ----a-w- c:\program files\opera\program\plugins\ScorchPDFWrapper.dll
.
.
(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-07-25 15:44 . 189E8ECB71AD46B46396815138A3BAB8 . 360064 . . [------] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2011-07-25_12.27.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-25 16:00 . 2011-07-25 16:00 16384 c:\windows\Temp\Perflib_Perfdata_d8.dat
+ 2011-07-25 16:00 . 2011-07-25 16:00 16384 c:\windows\Temp\Perflib_Perfdata_ce8.dat
+ 2001-08-23 13:00 . 2011-07-25 15:49 66086 c:\windows\system32\perfc009.dat
- 2001-08-23 13:00 . 2011-05-04 10:40 66086 c:\windows\system32\perfc009.dat
+ 2001-08-23 13:00 . 2011-07-25 15:49 428122 c:\windows\system32\perfh009.dat
- 2001-08-23 13:00 . 2011-05-04 10:40 428122 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Infium"="c:\program files\QIP 2010\qip.exe" [2011-02-01 5856640]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2007-11-30 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-11-30 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-08-13 123904]
"_nltide_3"="advpack.dll" [2007-08-13 123904]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.7.2009 23:18 691696]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [24.6.2009 15:46 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.6.2009 15:46 20560]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [24.6.2009 15:36 34048]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [21.7.2009 0:09 33792]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\d:\garena\safedrv.sys --> d:\garena\safedrv.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [25.3.2010 10:25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Download Using &BitSpirit - c:\program files\BitSpirit\bsurl.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Application Data\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Application Data\LangSoft\WebIE.dll
TCP: DhcpNameServer = 195.34.133.21 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-84409279.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-25 18:01
Windows 5.1.2600 Service Pack 3, v.3264 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(880)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2480)
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~1\Office14\1051\GrooveIntlResource.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
.
**************************************************************************
.
Completion time: 2011-07-25 18:04:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-25 16:04
ComboFix2.txt 2011-07-25 12:31
.
Pre-Run: 5 743 501 312 bytes free
Post-Run: 5 713 571 840 voľných bajtov
.
- - End Of File - - 734C053B82F6FB52E0207C4BE586DBF6

#12 Příspěvek od **vyosek** » 25 črc 2011 17:25

Odinstalujte Combofix

Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
Napiste ComboFix /Uninstall
Stisknete Enter
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

Provedte aktualizaci - treti zalozka
Provedte uplny sken - nic nemazte
MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

Dominko777 · #13 Příspěvek od **Dominko777** » 25 črc 2011 19:04

MBAM log

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Verzia databázy: 7275

Windows 5.1.2600 Service Pack 3, v.3264
Internet Explorer 7.0.5730.13

25.7.2011 20:03:09
mbam-log-2011-07-25 (20-03-04).txt

Typ kontroly: Úplná kontrola (C:\|D:\|)
Objektov kontrolovaných: 210192
Uplynutý čas: 52 min, 16 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 2
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 21

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GamingHarbor Toolbar (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Adware.DoubleD) -> No action taken.

Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
c:\documents and settings\all users\application data\{f14a989e-0102-460b-adb5-bc208314a307}\Setup.exe (Adware.DoubleD) -> No action taken.
c:\documents and settings\all users\application data\{f14a989e-0102-460b-adb5-bc208314a307}\OFFLINE\36F1A852\3E688669\MyDll.dll (Adware.DoubleD.Gen) -> No action taken.
c:\documents and settings\all users\application data\{f14a989e-0102-460b-adb5-bc208314a307}\OFFLINE\4F73E13A\3E688669\stbapp.dll (Adware.DoubleD.Gen) -> No action taken.
c:\documents and settings\all users\application data\{f14a989e-0102-460b-adb5-bc208314a307}\OFFLINE\50EF6DF6\3E688669\riched20smiley.dll (Adware.DoubleD) -> No action taken.
c:\documents and settings\all users\application data\{f14a989e-0102-460b-adb5-bc208314a307}\OFFLINE\6216A4BD\3E688669\stbyahoo8.dll (Adware.DoubleD.Gen) -> No action taken.
c:\documents and settings\all users\application data\{f14a989e-0102-460b-adb5-bc208314a307}\OFFLINE\628759C1\3E688669\stbOLEX.dll (Adware.DoubleD.Gen) -> No action taken.
c:\documents and settings\all users\application data\{f14a989e-0102-460b-adb5-bc208314a307}\OFFLINE\A26F7F7\3E688669\stbOL.dll (Adware.DoubleD.Gen) -> No action taken.
c:\documents and settings\all users\application data\{f14a989e-0102-460b-adb5-bc208314a307}\OFFLINE\A53562F1\3E688669\aimactivexdll.dll (Adware.DoubleD.Gen) -> No action taken.
c:\documents and settings\all users\application data\{f14a989e-0102-460b-adb5-bc208314a307}\OFFLINE\B3AC8875\3E688669\stbMsn.dll (Adware.DoubleD.Gen) -> No action taken.
c:\documents and settings\all users\application data\{f14a989e-0102-460b-adb5-bc208314a307}\OFFLINE\BED3DEFB\3E688669\stbasst.exe (Adware.DoubleD) -> No action taken.
c:\documents and settings\all users\application data\{f14a989e-0102-460b-adb5-bc208314a307}\OFFLINE\C3C6C2CD\3E688669\stbIE.dll (Adware.DoubleD.Gen) -> No action taken.
c:\documents and settings\all users\application data\{f14a989e-0102-460b-adb5-bc208314a307}\OFFLINE\C41B8701\3E688669\stbAol.dll (Adware.DoubleD.Gen) -> No action taken.
c:\documents and settings\all users\application data\{f14a989e-0102-460b-adb5-bc208314a307}\OFFLINE\C90EEF64\3E688669\axgifanimator.dll (Adware.DoubleD) -> No action taken.
c:\documents and settings\all users\application data\{f14a989e-0102-460b-adb5-bc208314a307}\OFFLINE\CE8732D\3E688669\productinfo.dll (Adware.DoubleD) -> No action taken.
c:\documents and settings\all users\application data\{f14a989e-0102-460b-adb5-bc208314a307}\OFFLINE\D5797E3B\3E688669\stbyahoo9.dll (Adware.DoubleD.Gen) -> No action taken.
c:\documents and settings\all users\application data\{f14a989e-0102-460b-adb5-bc208314a307}\OFFLINE\mfilebagide.dll\bag\productinfo.dll (Adware.DoubleD) -> No action taken.
c:\documents and settings\all users\application data\{f14a989e-0102-460b-adb5-bc208314a307}\OFFLINE\mfilebagide.dll\bag\setup.exe (Adware.DoubleD) -> No action taken.
c:\documents and settings\all users\application data\{f14a989e-0102-460b-adb5-bc208314a307}\OFFLINE\mfilebagide.dll\bag\stbreaim.exe (Adware.DoubleD) -> No action taken.
c:\documents and settings\all users\application data\{f14a989e-0102-460b-adb5-bc208314a307}\OFFLINE\mfilebagide.dll\bag\stbrewlm.exe (Adware.DoubleD) -> No action taken.
c:\documents and settings\all users\application data\{f14a989e-0102-460b-adb5-bc208314a307}\OFFLINE\mfilebagide.dll\bag\stbsh.dll (Adware.DoubleD) -> No action taken.
c:\program files\alcohol soft\alcohol 120\Langs\AX_RU.dll (Malware.Packer.GenX) -> No action taken.

#14 Příspěvek od **vyosek** » 25 črc 2011 19:08

Nalezy smazte

Napiste jak se chova PC

Dominko777 · #15 Příspěvek od **Dominko777** » 25 črc 2011 19:36

Zmazané-pc sa správa normálne no neviem či je vír posielaný ďalej z môjho profilu

VIRY.CZ

FACEBOOK VÍR-Prosím o pomoc

FACEBOOK VÍR-Prosím o pomoc

Re: FACEBOOK VÍR-Prosím o pomoc

Re: FACEBOOK VÍR-Prosím o pomoc

Re: FACEBOOK VÍR-Prosím o pomoc

Re: FACEBOOK VÍR-Prosím o pomoc

Re: FACEBOOK VÍR-Prosím o pomoc

Re: FACEBOOK VÍR-Prosím o pomoc

Re: FACEBOOK VÍR-Prosím o pomoc

Re: FACEBOOK VÍR-Prosím o pomoc

Re: FACEBOOK VÍR-Prosím o pomoc

Re: FACEBOOK VÍR-Prosím o pomoc

Re: FACEBOOK VÍR-Prosím o pomoc

Re: FACEBOOK VÍR-Prosím o pomoc

Re: FACEBOOK VÍR-Prosím o pomoc

Re: FACEBOOK VÍR-Prosím o pomoc