Facebook vir - prosím pomoc

Zpráva

A_N_D_R_E · #1 Příspěvek od **A_N_D_R_E** » 31 črc 2011 15:16

Dobrý den, před pár dny můj notebook napadl tento vir. Notebook běží jen v nouzovém režimu.

Zde je můj log:
--------------------------------------------------------------------------------------

Logfile of random's system information tool 1.09 (written by random/random)
Run by uzivatel at 2011-07-31 16:02:53
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 87 GB (38%) free of 230 GB
Total RAM: 1919 MB (62% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{3F73DE68-BB4A-41D5-824C-5FCC8F150AED}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Windows\WebIE.dll [2010-02-03 491520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-07-18 386264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-07-18 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
SMTTB2009 Class - C:\Program Files\FaceSmooch Toolbar\tbcore3.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21 509496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Windows\WebIE.dll [2010-02-03 491520]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-02-15 4390912]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-23 815104]
"ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]
"ASUSTPE"=C:\Windows\system32\ASUSTPE.exe [2006-12-12 106496]
"ASUS Camera ScreenSaver"=C:\Windows\ASScrProlog.exe [2008-10-14 37232]
"ASUS Screen Saver Protector"=C:\Windows\ASScrPro.exe [2008-10-14 33136]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"wxpdrv"=C:\Windows\services32.exe [2011-07-24 1174016]
"tray_ico"= []
"tray_ico0"=C:\Windows\update.tray-15-0\svchost.exe []
"tray_ico1"=C:\Windows\update.tray-2-0\svchost.exe []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"1843173.exe"=C:\Windows\Temp\1843173.exe []
"sysdriver32.exe"=C:\Windows\sysdriver32.exe rezerv []
"sysdriver32_.exe"=C:\Windows\sysdriver32_.exe rezerv []
"7476712.exe"=C:\Users\uzivatel\AppData\Local\Temp\7476712.exe []
"1103923.exe"=C:\Users\uzivatel\AppData\Local\Temp\1103923.exe []
"5400900.exe"=C:\Users\uzivatel\AppData\Local\Temp\5400900.exe []
"4355554.exe"=C:\Windows\Temp\4355554.exe []
"4591734.exe"=C:\Users\uzivatel\AppData\Local\Temp\4591734.exe []
"8992190.exe"=C:\Users\uzivatel\AppData\Local\Temp\8992190.exe []
"7105821.exe"=C:\Windows\Temp\7105821.exe []
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-07-04 3493720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
""= []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"OEXPRESS"=C:\Windows\OETRN.EXE [2010-02-03 26624]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe /s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
C:\Program Files\Winamp Remote\bin\OrbTray.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Users\uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"VIDC.I420"=MSh263.drv
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"VIDC.MKVC"=KMVIDC32.DLL
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
"wave1"=serwvdrv.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-07-31 15:55:18 ----D---- C:\Program Files\trend micro
2011-07-31 15:55:17 ----D---- C:\rsit
2011-07-25 10:01:16 ----A---- C:\Windows\system32\drivers\aswSP.sys
2011-07-25 10:01:16 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2011-07-25 10:01:13 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2011-07-25 10:01:12 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2011-07-25 10:01:12 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2011-07-25 10:01:11 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2011-07-25 10:00:51 ----A---- C:\Windows\avastSS.scr
2011-07-25 10:00:50 ----A---- C:\Windows\system32\aswBoot.exe
2011-07-25 10:00:35 ----D---- C:\ProgramData\AVAST Software
2011-07-25 10:00:35 ----D---- C:\Program Files\AVAST Software
2011-07-25 09:05:17 ----A---- C:\Windows\iplist.txt
2011-07-24 23:17:03 ----A---- C:\Windows\front_ip_list.txt
2011-07-24 14:03:16 ----D---- C:\Windows\av_ico
2011-07-24 14:01:10 ----HD---- C:\Windows\update.1
2011-07-24 14:01:07 ----HD---- C:\Windows\update.tray-2-0-lnk
2011-07-24 14:01:07 ----HD---- C:\Windows\update.tray-2-0
2011-07-24 14:01:07 ----HD---- C:\Windows\update.tray-15-0-lnk
2011-07-24 14:01:07 ----HD---- C:\Windows\update.tray-15-0
2011-07-24 13:49:07 ----A---- C:\Windows\winlog-ids.txt
2011-07-24 13:49:07 ----A---- C:\Windows\winlog-dirs.txt
2011-07-24 13:49:02 ----A---- C:\Windows\services32.exe
2011-07-21 14:49:20 ----A---- C:\Windows\_MSRSTRT.EXE
2011-07-18 16:34:20 ----D---- C:\ProgramData\McAfee
2011-07-18 16:30:03 ----A---- C:\Windows\system32\javaws.exe
2011-07-18 16:30:00 ----A---- C:\Windows\system32\javaw.exe
2011-07-18 16:29:59 ----A---- C:\Windows\system32\java.exe
2011-07-18 16:28:16 ----D---- C:\Program Files\Java
2011-07-17 14:21:33 ----D---- C:\Program Files\Common Files\Java
2011-07-14 22:20:02 ----A---- C:\Windows\system32\win32k.sys
2011-07-14 22:19:59 ----A---- C:\Windows\system32\kernel32.dll
2011-07-14 22:19:56 ----A---- C:\Windows\system32\winsrv.dll
2011-07-14 22:19:55 ----A---- C:\Windows\system32\csrsrv.dll

======List of files/folders modified in the last 1 month======

2011-07-31 15:55:18 ----RD---- C:\Program Files
2011-07-31 15:54:00 ----D---- C:\Windows\Temp
2011-07-31 15:53:52 ----D---- C:\Windows\Tasks
2011-07-25 11:08:52 ----D---- C:\Windows\System32
2011-07-25 11:08:45 ----D---- C:\Users\uzivatel\AppData\Roaming\Real
2011-07-25 11:00:34 ----D---- C:\Users\uzivatel\AppData\Roaming\Adobe
2011-07-25 10:34:46 ----AD---- C:\Windows
2011-07-25 10:32:31 ----D---- C:\Windows\inf
2011-07-25 10:03:19 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-25 10:01:16 ----D---- C:\Windows\system32\drivers
2011-07-25 10:01:07 ----SHD---- C:\Windows\Installer
2011-07-25 10:01:07 ----HD---- C:\Config.Msi
2011-07-25 10:01:06 ----D---- C:\Windows\winsxs
2011-07-25 10:00:35 ----HD---- C:\ProgramData
2011-07-25 09:59:55 ----A---- C:\Windows\MAILTRAN.INI
2011-07-25 08:56:24 ----D---- C:\Windows\system32\Tasks
2011-07-25 08:49:58 ----A---- C:\Windows\system32\acovcnt.exe
2011-07-24 22:31:21 ----SD---- C:\Users\uzivatel\AppData\Roaming\Microsoft
2011-07-24 14:01:09 ----SHD---- C:\$Recycle.Bin
2011-07-21 15:12:46 ----D---- C:\Windows\Prefetch
2011-07-21 14:50:44 ----D---- C:\Program Files\My_WebcamMax
2011-07-21 14:48:55 ----D---- C:\Program Files\Google
2011-07-21 14:47:47 ----D---- C:\Program Files\Common Files
2011-07-21 14:47:45 ----D---- C:\ProgramData\Adobe
2011-07-21 14:44:00 ----HD---- C:\Windows\system32\GroupPolicy
2011-07-21 14:43:19 ----D---- C:\Windows\system32\catroot
2011-07-18 23:41:04 ----D---- C:\Windows\system32\catroot2
2011-07-18 17:56:33 ----D---- C:\Program Files\Real
2011-07-18 17:54:36 ----A---- C:\Windows\system32\msvcr71.dll
2011-07-18 16:28:42 ----A---- C:\Windows\system32\deployJava1.dll
2011-07-15 21:31:13 ----A---- C:\Windows\system32\mrt.exe
2011-07-15 21:31:05 ----D---- C:\ProgramData\Microsoft Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-15 7680]
R3 RTSTOR;USB Mass Storage Device; C:\Windows\system32\drivers\RTSTOR.SYS [2007-01-10 35328]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-23 181304]
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-11-01 691696]
S1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-07-04 25432]
S1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-07-04 441176]
S1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-07-04 309848]
S1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-07-04 43608]
S1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S1 MpKsl1582d180;MpKsl1582d180; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7743C167-7935-4CAA-9A51-ED5DBF327F4C}\MpKsl1582d180.sys []
S1 MpKsl3c21e29f;MpKsl3c21e29f; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C4132202-8501-425D-B0F2-F422289206E7}\MpKsl3c21e29f.sys []
S1 MpKsl7bdb5830;MpKsl7bdb5830; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FFBC7CCD-629C-48BE-870C-8A96E445F6AC}\MpKsl7bdb5830.sys []
S1 MpKslb00b9afc;MpKslb00b9afc; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7743C167-7935-4CAA-9A51-ED5DBF327F4C}\MpKslb00b9afc.sys []
S1 MpKsld220dbfd;MpKsld220dbfd; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7743C167-7935-4CAA-9A51-ED5DBF327F4C}\MpKsld220dbfd.sys []
S1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
S2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-07-04 19544]
S2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-02-06 113448]
S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller; C:\Windows\system32\DRIVERS\l260x86.sys [2007-08-17 28672]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-02-28 694784]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-10-14 220160]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-10-14 29184]
S3 Dot4;Ovladač MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-02-14 1740904]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-03-26 15232]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-21 18432]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-11-17 47360]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-02-02 2385920]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-21 8192]
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam; C:\Windows\System32\Drivers\StkCMini.sys [2007-06-06 1260672]
S3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2006-11-30 113792]
S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2006-10-05 73600]
S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2006-10-28 40960]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-05 94208]
S2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-02-02 565248]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-07-04 42184]
S2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe []
S2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-07 135664]
S2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2011-06-28 2151640]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S2 srvsysdriver32;srvsysdriver32; C:\Windows\sysdriver32.exe srv []
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service; C:\Windows\System32\StkCSrv.exe [2007-04-19 24576]
S2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2006-10-31 77824]
S2 wxpdrivers;wxpdrivers; C:\Windows\update.1\svchost.exe srv []
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-07 135664]
S3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

-----------------------------------------------------------------------------------------

Předem děkuji za Vaši odpověď

Danstahr · #2 Příspěvek od **Danstahr** » 31 črc 2011 15:17

Dobrý podvečer

,

Stáhněte MBAM a vložte sem jeho log podle návodu zde, při výběru skenu zvolte Úplný sken.

Zatím nic nemažte, MBAM může mít falešné detekce!

A_N_D_R_E · #3 Příspěvek od **A_N_D_R_E** » 31 črc 2011 16:30

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 5214

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19088

31.7.2011 17:27:16
mbam-log-2011-07-31 (17-26-32).txt

Typ kontroly: Úplný test (C:\|D:\|E:\|F:\|)
Testované objekty: 303001
Uplynulý čas: 53 minut, 51 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 1
Infikované hodnoty v registru: 2
Infikované datové položky v registru: 3
Infikované složky: 1
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> No action taken.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Agent) -> Value: tray_ico0 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico1 (Trojan.Agent) -> Value: tray_ico1 -> No action taken.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
c:\program files\funwebproducts (Adware.MyWebSearch) -> No action taken.

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Danstahr · #4 Příspěvek od **Danstahr** » 31 črc 2011 17:16

Infekci nalezenou MBAMem smažte.

Pozor! Tato utilita má velkou schopnost mazat a její použití je určeno výhradně členům týmu tohoto fóra. Svévolné použití může vést ke zboření a reinstalaci systému

Stáhněte ComboFix a uložte jej na Plochu.

Vypněte všechny rezidentní štíty antivirů a všechny programy běžící na pozadí.

Spusťte ComboFix s administrátorským oprávněním.

Potvrďte licenční podmínky a případně i instalaci konzoly pro zotavení

Během skenu nechte počítač naprosto v klidu.

Sken trvá zhruba 15 minut, ale doba se může lišit v závislosti na stavu systému

Po dokončení skenu se zobrazí log (pokud by se neotevřel, lze jej nalézt na systémovém disku jako ComboFix.txt), obsah logu vložte sem

ComboFixu si do dalšího pokynu nevšímejte

A_N_D_R_E · #5 Příspěvek od **A_N_D_R_E** » 31 črc 2011 19:54

ComboFix 11-07-31.03 - uzivatel 31.07.2011 20:23:33.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.1919.1394 [GMT 2:00]
Spuštěný z: c:\users\uzivatel\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\uzivatel\AppData\Local\Microsoft\Windows\Temporary Internet Files\MAILTRAN.INI
c:\users\uzivatel\AppData\Local\Microsoft\Windows\Temporary Internet Files\SLOVA.WAV
c:\users\uzivatel\AppData\Local\Microsoft\Windows\Temporary Internet Files\TRNCOM.INI
c:\users\uzivatel\AppData\Local\Microsoft\Windows\Temporary Internet Files\WDICT32.INI
c:\users\uzivatel\AppData\Local\Microsoft\Windows\Temporary Internet Files\WTRAN32.INI
c:\users\uzivatel\AppData\Roaming\inst.exe
c:\windows\front_ip_list.txt
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\proc_list1.log
c:\windows\security\Database\tmp.edb
c:\windows\services32.exe
c:\windows\update.1
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-28 do 2011-07-31 )))))))))))))))))))))))))))))))
.
.
2011-07-31 14:25 . 2011-07-31 14:25 -------- d-----w- c:\users\uzivatel\AppData\Roaming\Malwarebytes
2011-07-31 14:25 . 2010-11-29 15:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-31 14:25 . 2011-07-31 14:25 -------- d-----w- c:\programdata\Malwarebytes
2011-07-31 14:25 . 2010-11-29 15:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-31 14:25 . 2011-07-31 14:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-31 13:55 . 2011-07-31 13:55 -------- d-----w- c:\program files\trend micro
2011-07-31 13:55 . 2011-07-31 13:55 -------- d-----w- C:\rsit
2011-07-25 08:01 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-25 08:01 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-25 08:01 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-25 08:01 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-25 08:01 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-25 08:01 . 2011-07-04 11:32 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-25 08:00 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-25 08:00 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-25 08:00 . 2011-07-25 08:00 -------- d-----w- c:\programdata\AVAST Software
2011-07-25 08:00 . 2011-07-25 08:00 -------- d-----w- c:\program files\AVAST Software
2011-07-24 12:03 . 2011-07-24 12:03 -------- d-----w- c:\windows\av_ico
2011-07-24 12:01 . 2011-07-25 08:34 -------- d--h--w- c:\windows\update.tray-2-0
2011-07-24 12:01 . 2011-07-25 08:34 -------- d--h--w- c:\windows\update.tray-15-0
2011-07-24 12:01 . 2011-07-24 12:01 -------- d--h--w- c:\windows\update.tray-2-0-lnk
2011-07-24 12:01 . 2011-07-24 12:01 -------- d--h--w- c:\windows\update.tray-15-0-lnk
2011-07-21 12:49 . 2011-07-21 12:49 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-07-18 15:35 . 2011-07-18 15:35 -------- d-----w- c:\users\uzivatel\AppData\Local\Apple
2011-07-18 14:34 . 2011-07-18 14:34 -------- d-----w- c:\programdata\McAfee
2011-07-18 14:28 . 2011-07-18 14:28 -------- d-----w- c:\program files\Java
2011-07-17 12:21 . 2011-07-17 12:21 -------- d-----w- c:\program files\Common Files\Java
2011-07-14 20:20 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-14 20:19 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-14 20:19 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-25 06:49 . 2008-10-14 12:11 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-07-20 07:44 . 2011-07-23 17:45 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1D8A817E-3DF5-4347-9942-7CC60615F455}\mpengine.dll
2011-07-18 15:54 . 2008-12-27 23:17 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-07-18 14:28 . 2010-10-08 11:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-29 19:33 . 2010-10-11 06:49 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-05-28 06:08 . 2011-06-21 17:46 916480 ----a-w- c:\windows\system32\wininet.dll
2011-05-28 06:04 . 2011-06-21 17:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-28 06:04 . 2011-06-21 17:46 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-28 06:04 . 2011-06-21 17:46 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-28 06:04 . 2011-06-21 17:46 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-05-28 05:10 . 2011-06-21 17:46 385024 ----a-w- c:\windows\system32\html.iec
2011-05-28 04:33 . 2011-06-21 17:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-28 04:31 . 2011-06-21 17:46 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 17:14 . 2009-10-03 11:56 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"OEXPRESS"="c:\windows\OETRN.EXE" [2010-02-03 26624]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-23 815104]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2006-12-12 106496]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-10-14 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-10-14 33136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-11-29 443728]
.
c:\users\uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-5 393216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-18 2752512]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 14:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02 36352 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-01 691696]
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 MpKsl1582d180;MpKsl1582d180;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7743C167-7935-4CAA-9A51-ED5DBF327F4C}\MpKsl1582d180.sys [x]
R1 MpKsl3c21e29f;MpKsl3c21e29f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C4132202-8501-425D-B0F2-F422289206E7}\MpKsl3c21e29f.sys [x]
R1 MpKsl7bdb5830;MpKsl7bdb5830;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FFBC7CCD-629C-48BE-870C-8A96E445F6AC}\MpKsl7bdb5830.sys [x]
R1 MpKslb00b9afc;MpKslb00b9afc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7743C167-7935-4CAA-9A51-ED5DBF327F4C}\MpKslb00b9afc.sys [x]
R1 MpKsld220dbfd;MpKsld220dbfd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7743C167-7935-4CAA-9A51-ED5DBF327F4C}\MpKsld220dbfd.sys [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 135664]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2007-04-19 24576]
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l260x86.sys [2007-08-17 28672]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 135664]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-03-26 15232]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2007-06-06 1260672]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-06-28 2151640]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 11:19]
.
2011-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 16:05]
.
2011-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 16:05]
.
2011-07-25 c:\windows\Tasks\User_Feed_Synchronization-{3F73DE68-BB4A-41D5-824C-5FCC8F150AED}.job
- c:\windows\system32\msfeedssync.exe [2011-06-21 04:32]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.bigseekpro.com/facesmooch3a/{F3681B ... A6E7796258}
mStart Page = hxxp://www.bigseekpro.com/facesmooch3a/{F3681B ... A6E7796258}
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-wxpdrv - c:\windows\services32.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
MSConfigStartUp-CloneCDTray - c:\program files\SlySoft\CloneCD\CloneCDTray.exe
MSConfigStartUp-Orb - c:\program files\Winamp Remote\bin\OrbTray.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKLM_ActiveSetup-ccc-core-static - msiexec
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-31 20:35
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\wbem\unsecapp.exe
c:\windows\helppane.exe
.
**************************************************************************
.
Celkový čas: 2011-07-31 20:40:42 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-31 18:40
.
Před spuštěním: Volných bajtů: 91 283 222 528
Po spuštění: Volných bajtů: 103 823 007 744
.
- - End Of File - - 950BB76D575F9A244CA6CDFEE6E3B1D2

Danstahr · #6 Příspěvek od **Danstahr** » 31 črc 2011 20:13

Otevřete Poznámkový blok, vložte do něj následující text a uložte soubor na Plochu jako CFScript.txt. Pak soubor přetáhněte na ikonu ComboFixu (viz obrázek). Po restartu se otevře log, ten sem vložte (už by to mělo jít do normálního režimu).

Kód: Vybrat vše

killall::

folder::
c:\windows\av_ico
c:\windows\update.tray-2-0
c:\windows\update.tray-15-0
c:\windows\update.tray-2-0-lnk
c:\windows\update.tray-15-0-lnk

file::
c:\windows\system32\acovcnt.exe
c:\windows\helppane.exe


registry::

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"=dword:00000001

reboot::

A_N_D_R_E · #7 Příspěvek od **A_N_D_R_E** » 31 črc 2011 21:05

ComboFix 11-07-31.03 - uzivatel 31.07.2011 21:43:07.2.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.1919.1235 [GMT 2:00]
Spuštěný z: c:\users\uzivatel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\uzivatel\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\helppane.exe"
"c:\windows\system32\acovcnt.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\av_ico
c:\windows\av_ico\ico_defender_start.ico
c:\windows\av_ico\ico_NOD_AV_START.ico
c:\windows\av_ico\ico_NOD_SYSINSP.ico
c:\windows\av_ico\ico_NOD_SYSRESC.ico
c:\windows\av_ico\ico_NOD_TXT.ico
c:\windows\av_ico\ico_NOD_UNINSTALL.ico
c:\windows\system32\acovcnt.exe
c:\windows\update.tray-15-0-lnk
c:\windows\update.tray-15-0-lnk\svchost.exe
c:\windows\update.tray-15-0
c:\windows\update.tray-2-0-lnk
c:\windows\update.tray-2-0-lnk\svchost.exe
c:\windows\update.tray-2-0
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-28 do 2011-07-31 )))))))))))))))))))))))))))))))
.
.
2011-07-31 19:50 . 2011-07-31 19:52 -------- d-----w- c:\users\uzivatel\AppData\Local\temp
2011-07-31 19:50 . 2011-07-31 19:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-31 14:25 . 2011-07-31 14:25 -------- d-----w- c:\users\uzivatel\AppData\Roaming\Malwarebytes
2011-07-31 14:25 . 2010-11-29 15:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-31 14:25 . 2011-07-31 14:25 -------- d-----w- c:\programdata\Malwarebytes
2011-07-31 14:25 . 2010-11-29 15:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-31 14:25 . 2011-07-31 14:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-31 13:55 . 2011-07-31 13:55 -------- d-----w- c:\program files\trend micro
2011-07-31 13:55 . 2011-07-31 13:55 -------- d-----w- C:\rsit
2011-07-25 08:01 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-25 08:01 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-25 08:01 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-25 08:01 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-25 08:01 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-25 08:01 . 2011-07-04 11:32 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-25 08:00 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-25 08:00 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-25 08:00 . 2011-07-25 08:00 -------- d-----w- c:\programdata\AVAST Software
2011-07-25 08:00 . 2011-07-25 08:00 -------- d-----w- c:\program files\AVAST Software
2011-07-21 12:49 . 2011-07-21 12:49 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-07-18 15:35 . 2011-07-18 15:35 -------- d-----w- c:\users\uzivatel\AppData\Local\Apple
2011-07-18 14:34 . 2011-07-18 14:34 -------- d-----w- c:\programdata\McAfee
2011-07-18 14:28 . 2011-07-18 14:28 -------- d-----w- c:\program files\Java
2011-07-17 12:21 . 2011-07-17 12:21 -------- d-----w- c:\program files\Common Files\Java
2011-07-14 20:20 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-14 20:19 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-14 20:19 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-20 07:44 . 2011-07-23 17:45 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1D8A817E-3DF5-4347-9942-7CC60615F455}\mpengine.dll
2011-07-18 15:54 . 2008-12-27 23:17 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-07-18 14:28 . 2010-10-08 11:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-29 19:33 . 2010-10-11 06:49 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-05-28 06:08 . 2011-06-21 17:46 916480 ----a-w- c:\windows\system32\wininet.dll
2011-05-28 06:04 . 2011-06-21 17:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-28 06:04 . 2011-06-21 17:46 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-28 06:04 . 2011-06-21 17:46 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-28 06:04 . 2011-06-21 17:46 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-05-28 05:10 . 2011-06-21 17:46 385024 ----a-w- c:\windows\system32\html.iec
2011-05-28 04:33 . 2011-06-21 17:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-28 04:31 . 2011-06-21 17:46 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 17:14 . 2009-10-03 11:56 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"OEXPRESS"="c:\windows\OETRN.EXE" [2010-02-03 26624]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-23 815104]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2006-12-12 106496]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-10-14 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-10-14 33136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-11-29 443728]
.
c:\users\uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-5 393216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-18 2752512]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 14:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02 36352 ----a-w- c:\program files\Winamp\winampa.exe
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-01 691696]
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 MpKsl1582d180;MpKsl1582d180;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7743C167-7935-4CAA-9A51-ED5DBF327F4C}\MpKsl1582d180.sys [x]
R1 MpKsl3c21e29f;MpKsl3c21e29f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C4132202-8501-425D-B0F2-F422289206E7}\MpKsl3c21e29f.sys [x]
R1 MpKsl7bdb5830;MpKsl7bdb5830;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FFBC7CCD-629C-48BE-870C-8A96E445F6AC}\MpKsl7bdb5830.sys [x]
R1 MpKslb00b9afc;MpKslb00b9afc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7743C167-7935-4CAA-9A51-ED5DBF327F4C}\MpKslb00b9afc.sys [x]
R1 MpKsld220dbfd;MpKsld220dbfd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7743C167-7935-4CAA-9A51-ED5DBF327F4C}\MpKsld220dbfd.sys [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 135664]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2007-04-19 24576]
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l260x86.sys [2007-08-17 28672]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 135664]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-03-26 15232]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2007-06-06 1260672]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-06-28 2151640]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 11:19]
.
2011-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 16:05]
.
2011-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 16:05]
.
2011-07-25 c:\windows\Tasks\User_Feed_Synchronization-{3F73DE68-BB4A-41D5-824C-5FCC8F150AED}.job
- c:\windows\system32\msfeedssync.exe [2011-06-21 04:32]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.bigseekpro.com/facesmooch3a/{F3681B ... A6E7796258}
mStart Page = hxxp://www.bigseekpro.com/facesmooch3a/{F3681B ... A6E7796258}
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-31 21:54
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\wbem\unsecapp.exe
c:\windows\helppane.exe
.
**************************************************************************
.
Celkový čas: 2011-07-31 21:58:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-31 19:58
ComboFix2.txt 2011-07-31 18:40
.
Před spuštěním: Volných bajtů: 103 841 337 344
Po spuštění: Volných bajtů: 103 834 103 808
.
- - End Of File - - 6D54F92E0F19419C8CC6C15326787F3B

A_N_D_R_E · #8 Příspěvek od **A_N_D_R_E** » 31 črc 2011 21:34

Notebook furt jde v nouzovém režimu. Nejspíš někde bude ještě chyba

Danstahr · #9 Příspěvek od **Danstahr** » 31 črc 2011 22:27

Co konkrétně se děje při pokusu o nabootování do normálního režimu?

Otevřete Poznámkový blok, vložte do něj následující text a uložte soubor na Plochu jako CFScript.txt. Pak soubor přetáhněte na ikonu ComboFixu (viz obrázek). Po restartu se otevře log, ten sem vložte (už by to mělo jít do normálního režimu).

Kód: Vybrat vše

killall::

file::
c:\windows\helppane.exe

reglock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

reboot::

A_N_D_R_E · #10 Příspěvek od **A_N_D_R_E** » 01 srp 2011 07:36

Právě že se neděje nic. Normálně to načítá a automaticky to skočí do nouzového režimu. Když zkusím přes F8 spustit normální režim, tak to nereaguje, ani tentokrát.

ComboFix 11-07-31.03 - uzivatel 01.08.2011 8:09.4.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.1919.1353 [GMT 2:00]
Spuštěný z: c:\users\uzivatel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\uzivatel\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\helppane.exe"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-01 do 2011-08-01 )))))))))))))))))))))))))))))))
.
.
2011-08-01 06:18 . 2011-08-01 06:20 -------- d-----w- c:\users\uzivatel\AppData\Local\temp
2011-08-01 06:18 . 2011-08-01 06:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-31 14:25 . 2011-07-31 14:25 -------- d-----w- c:\users\uzivatel\AppData\Roaming\Malwarebytes
2011-07-31 14:25 . 2010-11-29 15:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-31 14:25 . 2011-07-31 14:25 -------- d-----w- c:\programdata\Malwarebytes
2011-07-31 14:25 . 2010-11-29 15:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-31 14:25 . 2011-07-31 14:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-31 13:55 . 2011-07-31 13:55 -------- d-----w- c:\program files\trend micro
2011-07-31 13:55 . 2011-07-31 13:55 -------- d-----w- C:\rsit
2011-07-25 08:01 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-25 08:01 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-25 08:01 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-25 08:01 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-25 08:01 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-25 08:01 . 2011-07-04 11:32 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-25 08:00 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-25 08:00 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-25 08:00 . 2011-07-25 08:00 -------- d-----w- c:\programdata\AVAST Software
2011-07-25 08:00 . 2011-07-25 08:00 -------- d-----w- c:\program files\AVAST Software
2011-07-23 17:45 . 2011-07-20 07:44 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1D8A817E-3DF5-4347-9942-7CC60615F455}\mpengine.dll
2011-07-21 12:49 . 2011-07-21 12:49 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-07-18 15:35 . 2011-07-18 15:35 -------- d-----w- c:\users\uzivatel\AppData\Local\Apple
2011-07-18 14:34 . 2011-07-18 14:34 -------- d-----w- c:\programdata\McAfee
2011-07-18 14:28 . 2011-07-18 14:28 -------- d-----w- c:\program files\Java
2011-07-17 12:21 . 2011-07-17 12:21 -------- d-----w- c:\program files\Common Files\Java
2011-07-14 20:20 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-14 20:19 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-14 20:19 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-18 15:54 . 2008-12-27 23:17 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-07-18 14:28 . 2010-10-08 11:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-29 19:33 . 2010-10-11 06:49 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-05-28 06:08 . 2011-06-21 17:46 916480 ----a-w- c:\windows\system32\wininet.dll
2011-05-28 06:04 . 2011-06-21 17:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-28 06:04 . 2011-06-21 17:46 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-28 06:04 . 2011-06-21 17:46 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-28 06:04 . 2011-06-21 17:46 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-05-28 05:10 . 2011-06-21 17:46 385024 ----a-w- c:\windows\system32\html.iec
2011-05-28 04:33 . 2011-06-21 17:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-28 04:31 . 2011-06-21 17:46 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 17:14 . 2009-10-03 11:56 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"OEXPRESS"="c:\windows\OETRN.EXE" [2010-02-03 26624]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-23 815104]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2006-12-12 106496]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-10-14 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-10-14 33136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-11-29 443728]
.
c:\users\uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-5 393216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-18 2752512]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 14:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02 36352 ----a-w- c:\program files\Winamp\winampa.exe
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-01 691696]
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 MpKsl1582d180;MpKsl1582d180;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7743C167-7935-4CAA-9A51-ED5DBF327F4C}\MpKsl1582d180.sys [x]
R1 MpKsl3c21e29f;MpKsl3c21e29f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C4132202-8501-425D-B0F2-F422289206E7}\MpKsl3c21e29f.sys [x]
R1 MpKsl7bdb5830;MpKsl7bdb5830;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FFBC7CCD-629C-48BE-870C-8A96E445F6AC}\MpKsl7bdb5830.sys [x]
R1 MpKslb00b9afc;MpKslb00b9afc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7743C167-7935-4CAA-9A51-ED5DBF327F4C}\MpKslb00b9afc.sys [x]
R1 MpKsld220dbfd;MpKsld220dbfd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7743C167-7935-4CAA-9A51-ED5DBF327F4C}\MpKsld220dbfd.sys [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 135664]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2007-04-19 24576]
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l260x86.sys [2007-08-17 28672]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 135664]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-03-26 15232]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2007-06-06 1260672]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 11:19]
.
2011-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 16:05]
.
2011-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 16:05]
.
2011-07-25 c:\windows\Tasks\User_Feed_Synchronization-{3F73DE68-BB4A-41D5-824C-5FCC8F150AED}.job
- c:\windows\system32\msfeedssync.exe [2011-06-21 04:32]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.bigseekpro.com/facesmooch3a/{F3681B ... A6E7796258}
mStart Page = hxxp://www.bigseekpro.com/facesmooch3a/{F3681B ... A6E7796258}
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-01 08:23
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2011-08-01 08:27:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-01 06:27
ComboFix2.txt 2011-07-31 20:27
ComboFix3.txt 2011-07-31 19:58
ComboFix4.txt 2011-07-31 18:40
.
Před spuštěním: Volných bajtů: 103 846 195 200
Po spuštění: Volných bajtů: 103 834 480 640
.
- - End Of File - - 61D36268DEEF48D24E73ED2180F24A17

Danstahr · #11 Příspěvek od **Danstahr** » 01 srp 2011 09:32

Stáhněte a uložte na plochu http://jpshortstuff.247fixes.com/SystemLook.exe nebo http://images.malwareremoval.com/jpshor ... emLook.exe

Dvojklikem na ikonu program spusťte.
Do bílého okénka zkopírujte text z následujícího bílého pole.

Kód: Vybrat vše

:filefind
*helppane*

Klikněte na Look, po dokončení skenu na Vás vyskočí log, zkopírujte ho sem.
Log se také bude nacházet na ploše v souboru SystemLook.txt

Stáhněte SPTD, spusťte jej a zvolte možnost Uninstall, poté restartujte počítač. Pokud to nepůjde, tenhle krok přeskočte.

Stáhněte Defogger, spusťte jej a zvolte možnost Disable, poté restartujte počítač. Pokud to nepůjde, tenhle krok přeskočte.

Stáhněte GMER a vložte sem oba jeho logy podle návodu zde.

A_N_D_R_E · #12 Příspěvek od **A_N_D_R_E** » 01 srp 2011 11:38

LOG ze SystemLook :
----------------------
SystemLook 30.07.11 by jpshortstuff
Log created at 12:23 on 01/08/2011 by uzivatel
Administrator - Elevation successful

========== filefind ==========

Searching for "*helppane*"
C:\Windows\HelpPane.exe --a---- 498176 bytes [02:24 21/01/2008] [02:24 21/01/2008] 3708CCEE4878EB0B9E7B92355A631853
C:\Windows\cs-CZ\helppane.exe.mui --a---- 24576 bytes [06:42 21/01/2008] [06:42 21/01/2008] 7601E3ABF1C44ACF3AD51A558A8BDC81
C:\Windows\System32\HelpPaneProxy.dll --a---- 67072 bytes [02:23 21/01/2008] [02:23 21/01/2008] 627AFB8E607DF6DE6E0D81FFDC5E4C4C
C:\Windows\winsxs\x86_microsoft-windows-help-client.resources_31bf3856ad364e35_6.0.6000.16386_cs-cz_3c465ad9f9c0ddc0\helppane.exe.mui --a---- 24576 bytes [06:42 21/01/2008] [06:42 21/01/2008] 7601E3ABF1C44ACF3AD51A558A8BDC81
C:\Windows\winsxs\x86_microsoft-windows-help-clientproxy_31bf3856ad364e35_6.0.6001.18000_none_c54a049513b4ab41\HelpPaneProxy.dll --a---- 67072 bytes [02:23 21/01/2008] [02:23 21/01/2008] 627AFB8E607DF6DE6E0D81FFDC5E4C4C
C:\Windows\winsxs\x86_microsoft-windows-help-client_31bf3856ad364e35_6.0.6001.18000_none_6c1890222e16b0ed\HelpPane.exe --a---- 498176 bytes [02:24 21/01/2008] [02:24 21/01/2008] 3708CCEE4878EB0B9E7B92355A631853

-= EOF =-

Danstahr · #13 Příspěvek od **Danstahr** » 01 srp 2011 12:29

V předchozím příspěvkuprosím pokračujte dále sptd, defoggerem a GMERem.

Soubor C:\Windows\HelpPane.exe otestujte na virustotal.com, pokud bude potřeba, zvolte nový sken.

Na problém s nouzovým režimem zkuste následující postup :

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R
Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
```
msconfig
```
Kliknete na OK
Prepnete se na zalozku Spuštění počítače
Podivejte se, ci nemate zaskrtnute Bezpecne spousteni - pokud ano, tak odskrtnete
Nasledny restart by jiz mel vest do normalniho rezimu

A_N_D_R_E · #14 Příspěvek od **A_N_D_R_E** » 01 srp 2011 17:51

První LOG_

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-08-01 12:50:49
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250827AS rev.3.AAA
Running: gmer.exe; Driver: C:\Users\uzivatel\AppData\Local\Temp\uwrirkob.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Společnost Microsoft)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Druhý log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-01 18:48:21
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250827AS rev.3.AAA
Running: gmer.exe; Driver: C:\Users\uzivatel\AppData\Local\Temp\uwrirkob.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1100] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74467817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1100] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [744BA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1100] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7446BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1100] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7445F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1100] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [744675E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1100] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7445E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1100] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74498395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1100] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7446DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1100] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7445FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1100] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7445FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1100] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [744571CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1100] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [744ECAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1100] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7448C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1100] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7445D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1100] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74456853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1100] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7445687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1100] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74462AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Společnost Microsoft)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e8cdc985e
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x84 0x3D 0x6D 0xE1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5C 0xD4 0x76 0xF7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAA 0x3C 0xA7 0x8D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xAA 0x3C 0xA7 0x8D ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e8cdc985e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD0 0xAC 0xF2 0x92 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5C 0xD4 0x76 0xF7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAA 0x3C 0xA7 0x8D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xAA 0x3C 0xA7 0x8D ...

---- EOF - GMER 1.0.15 ----

A_N_D_R_E · #15 Příspěvek od **A_N_D_R_E** » 01 srp 2011 18:02

Wow, jupíííííííííí !!

Tak to vypadá, že notebook běží už normálně. Opravdu výborná stránka, už jsem se bála, že ho budu muset dát do opravy.

Děkuju Vám moc

VIRY.CZ

Facebook vir - prosím pomoc

Facebook vir - prosím pomoc

Re: Facebook vir - prosím pomoc

Re: Facebook vir - prosím pomoc

Re: Facebook vir - prosím pomoc

Re: Facebook vir - prosím pomoc

Re: Facebook vir - prosím pomoc

Re: Facebook vir - prosím pomoc

Re: Facebook vir - prosím pomoc

Re: Facebook vir - prosím pomoc

Re: Facebook vir - prosím pomoc

Re: Facebook vir - prosím pomoc

Re: Facebook vir - prosím pomoc

Re: Facebook vir - prosím pomoc

Re: Facebook vir - prosím pomoc

Re: Facebook vir - prosím pomoc