XP Antispyware 2012 problém

Zpráva

DavidR · #1 Příspěvek od **DavidR** » 27 pro 2011 17:38

Zdravím, dostala se mi do počítače tato havěť. Postupuji podle návodu z tohoto tématu: http://www.viry.cz/forum/viewtopic.php? ... 75&start=0
Budu rád když mi s tím pomůžete.
Zde je log z ComboFix:

ComboFix 11-12-27.01 - Uživatel 27.12.2011 17:17:39.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1137 [GMT 1:00]
Spuštěný z: c:\documents and settings\Uživatel\Plocha\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Uživatel\Local Settings\Data aplikací\psk.exe
c:\windows\_ds1.tmp
c:\windows\_ds14.tmp
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\tmp205.tmp
c:\windows\system32\tmp206.tmp
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_XPROTECTOR
-------\Service_XPROTECTOR
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-27 do 2011-12-27 )))))))))))))))))))))))))))))))
.
.
2011-12-27 16:24 . 2011-12-27 16:24 56200 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{D5BA781C-A290-43ED-A413-75424976A4A4}\offreg.dll
2011-12-27 15:41 . 2011-12-27 15:41 -------- d-----w- c:\documents and settings\Administrator
2011-12-25 23:02 . 2011-05-16 15:13 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-12-24 10:54 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{D5BA781C-A290-43ED-A413-75424976A4A4}\mpengine.dll
2011-12-19 17:36 . 2011-12-19 18:44 1356015440 ----a-w- c:\program files\WoT_0.7.0_eu_patch.exe
2011-12-03 16:15 . 2011-12-03 16:15 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\DDMSettings
2011-12-03 16:13 . 2011-12-03 16:13 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 5
2011-12-03 16:13 . 2011-12-03 16:13 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-12-03 16:11 . 2011-12-03 16:13 -------- d-----w- c:\program files\DivX
2011-12-03 16:10 . 2011-12-03 16:13 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DivX
2011-11-29 20:02 . 2011-11-29 20:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-29 20:01 . 2011-11-29 20:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-23 21:49 . 2007-12-18 15:38 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-12-23 21:49 . 2009-10-01 12:53 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-12-23 21:49 . 2007-12-18 15:38 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-12-22 17:21 . 2007-12-18 15:38 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-11-23 14:40 . 2004-08-18 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 10:47 . 2011-06-05 12:56 6823496 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-04 19:13 . 2004-08-18 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2004-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-18 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-30 10:09 . 2007-12-03 15:34 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-10-28 05:32 . 2004-08-18 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2004-08-18 12:00 2150912 ------w- c:\windows\system32\ntoskrnl.exe
2011-10-26 10:49 . 2004-08-17 15:45 2029056 ------w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-08-18 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-17 22:55 . 2011-10-16 11:20 112832 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2011-10-16 11:05 . 2011-10-16 10:32 181728 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2011-10-10 14:22 . 2007-11-28 15:54 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-09 14:44 . 2007-12-18 15:38 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-10-09 10:08 . 2008-11-01 13:41 22328 ----a-w- c:\documents and settings\Uživatel\Data aplikací\PnkBstrK.sys
2011-10-09 10:07 . 2008-12-19 12:39 2250024 ----a-w- c:\windows\system32\pbsvc.exe
2011-11-09 09:20 . 2011-06-21 16:23 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 20:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[7] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\ERDNT\cache\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\dllcache\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys
[7] 2004-08-03 21:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-19 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Abyssus"="c:\program files\Razer\Abyssus\razerhid.exe" [2011-03-10 231936]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\
Obsah aplikace OneNote.onetoc2 [2011-6-24 3656]
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
GamePark klient 2.lnk - c:\program files\GamePark2\gpcl.exe [2011-9-7 409088]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Panzers1\\Run\\panzers.exe"=
"c:\\Program Files\\Return to Castle Wolfenstein\\WolfMP.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Age of Empires II\\empires2.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Age of Empires II\\Age2_x1\\age2_x1.exe"=
"c:\\Program Files\\Age of Empires II\\Age2C_1.0.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\Documents and Settings\\Uživatel\\Data aplikací\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Matrix Games\\Steel Panthers World At War\\MECH.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Ubisoft\\IL-2 Sturmovik 1946\\UPUpdate\\rsync.exe"=
"c:\\Program Files\\Ubisoft\\IL-2 Sturmovik 1946\\il2fb.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_22\\bin\\java.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
"c:\\Games\\World_of_Tanks\\WOTLauncher.exe"=
"c:\\Program Files\\EA SPORTS\\F1 Challenge 99-02\\F1 Challenge 99-02.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21000:TCP"= 21000:TCP:Il2
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [16.5.2011 16:03 64512]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6.12.2005 16:11 35328]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27.5.2009 12:43 642560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [1.12.2010 19:13 247608]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [29.4.2011 11:11 2152152]
R3 Abyssus03;Razer Abyssus USB Filter Driver;c:\windows\system32\drivers\Abyssus.sys [24.10.2011 17:12 9216]
R3 hidkmdf;Filter Driver Service for HID-KMDF Interface layer;c:\windows\system32\drivers\hidkmdf.sys [24.10.2011 17:12 6656]
R3 VKbms;Virtual HID Minidriver;c:\windows\system32\drivers\VKbms.sys [24.10.2011 17:12 10240]
R3 WLAN; Wireless LAN Driver;c:\windows\system32\drivers\wlanNDS.sys [14.4.2010 12:11 54784]
S0 avrqern;avrqern;c:\windows\system32\drivers\wnsafw.sys --> c:\windows\system32\drivers\wnsafw.sys [?]
S1 MpKsl0ab92504;MpKsl0ab92504;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{555A6748-EE9F-4D47-BA2A-B74F7915EF78}\MpKsl0ab92504.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{555A6748-EE9F-4D47-BA2A-B74F7915EF78}\MpKsl0ab92504.sys [?]
S1 MpKsl2f563d87;MpKsl2f563d87;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{64ADB921-6C17-456E-8553-0E9160AE7F87}\MpKsl2f563d87.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{64ADB921-6C17-456E-8553-0E9160AE7F87}\MpKsl2f563d87.sys [?]
S1 MpKsl3ebf1667;MpKsl3ebf1667;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{05710C11-5498-445A-BE3E-52ADB555F991}\MpKsl3ebf1667.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{05710C11-5498-445A-BE3E-52ADB555F991}\MpKsl3ebf1667.sys [?]
S1 MpKsl6ddcabd1;MpKsl6ddcabd1;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{02DA5D39-588F-44AE-BBD1-83195AAEBB61}\MpKsl6ddcabd1.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{02DA5D39-588F-44AE-BBD1-83195AAEBB61}\MpKsl6ddcabd1.sys [?]
S1 MpKsl6e5f1444;MpKsl6e5f1444;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{D5BA781C-A290-43ED-A413-75424976A4A4}\MpKsl6e5f1444.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{D5BA781C-A290-43ED-A413-75424976A4A4}\MpKsl6e5f1444.sys [?]
S1 MpKslb2f70deb;MpKslb2f70deb;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{CB9F5590-3125-41CF-B0C6-0139F2A19AB6}\MpKslb2f70deb.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{CB9F5590-3125-41CF-B0C6-0139F2A19AB6}\MpKslb2f70deb.sys [?]
S1 MpKslcfef7cf6;MpKslcfef7cf6;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{A82F730F-DE9C-488C-83BA-F06C76F260A0}\MpKslcfef7cf6.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{A82F730F-DE9C-488C-83BA-F06C76F260A0}\MpKslcfef7cf6.sys [?]
S1 vkoawudm;vkoawudm;\??\c:\windows\system32\drivers\vkoawudm.sys --> c:\windows\system32\drivers\vkoawudm.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19.9.2010 13:06 135664]
S2 HWiNFO32;HWiNFO32 Kernel Driver;\??\c:\docume~1\UIVATE~1\LOCALS~1\Temp\HWiNFO32.SYS --> c:\docume~1\UIVATE~1\LOCALS~1\Temp\HWiNFO32.SYS [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\UIVATE~1\LOCALS~1\Temp\ELS43.tmp --> c:\docume~1\UIVATE~1\LOCALS~1\Temp\ELS43.tmp [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [19.9.2010 13:06 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [29.4.2011 11:11 15232]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WUAUSERV
.
Obsah adresáře 'Naplánované úlohy'
.
2011-12-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-29 07:40]
.
2011-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-19 12:06]
.
2011-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-19 12:06]
.
2011-12-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/#utm_source=icq&utm_medium=generic
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 213.226.240.126 192.168.0.254
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\xlxnhwfy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q=
.
.
------- Asociace souborů -------
.
.txt=bftxtfile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
HKCU-Run-Voobly - (no file)
AddRemove-Flash Convert 2.5_is1 - c:\program files\Flash Convert\unins000.exe
AddRemove-spwawv820Public - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-27 17:25
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet009\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\UIVATE~1\LOCALS~1\Temp\ELS43.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1409082233-1214440339-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
[HKEY_USERS\S-1-5-21-1409082233-1214440339-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d0,eb,ed,f8,12,95,2f,7e,c1,70,83,94,43,3d,c0,8c,af,06,7d,3c,d6,90,d5,
bb,8e,6c,61,f5,97,aa,7c,39,01,33,95,c1,5b,39,c8,f0,1b,71,62,cc,b8,96,ff,0e,\
"??"=hex:b4,26,b9,b6,4e,c7,ca,ea,c3,7a,c2,0f,6a,85,de,43
.
[HKEY_USERS\S-1-5-21-1409082233-1214440339-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:b7,4f,54,5d,51,29,a8,15,53,13,ff,df,c1,e6,11,9f,5e,48,eb,07,98,
89,69,a9,13,89,0c,e5,46,d9,03,f9,15,16,90,3f,71,6e,94,dc,7f,57,0c,f5,b2,1b,\
"rkeysecu"=hex:90,79,f2,d6,71,3f,a8,df,15,53,a8,6b,0f,d0,32,0b
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3020)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Razer\Abyssus\razertra.exe
c:\program files\Razer\Abyssus\razerofa.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Celkový čas: 2011-12-27 17:32:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-12-27 16:32
.
Před spuštěním: Volných bajtů: 71 317 250 048
Po spuštění: Volných bajtů: 71 512 412 160
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - FA857E2C515470A764EC10870E66FF89

#2 Příspěvek od **Rudy** » 27 pro 2011 18:45

Také zdravím!
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Folder::
c:\program files\Google\GoogleToolbarNotifier
c:\program files\Google\Update

Collect::
c:\windows\system32\drivers\wnsafw.sys
c:\windows\system32\drivers\vkoawudm.sys

Driver::
avrqern
gupdate
gupdatem
vkoawudm

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=-

Firefox::
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\xlxnhwfy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_result ... r=1.3.3&q=
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.3.6&q=

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

DavidR · #3 Příspěvek od **DavidR** » 27 pro 2011 19:27

Tak hotovo, děkuji moc za pomoc.

#4 Příspěvek od **Rudy** » 27 pro 2011 19:36

Pokud je vše OK, odinstalujte CF Start>spustit>(napsat) combofix /uninstall>OK. Nemáte zač!

VIRY.CZ

XP Antispyware 2012 problém

XP Antispyware 2012 problém

Re: XP Antispyware 2012 problém

Re: XP Antispyware 2012 problém

Re: XP Antispyware 2012 problém