Prosim o kontrolu

Zpráva

ANGILO · #1 Příspěvek od **ANGILO** » 30 pro 2011 17:14

Logfile of random's system information tool 1.09 (written by random/random)
Run by Tibor at 2011-12-30 16:56:42
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 21 GB (34%) free of 62 GB
Total RAM: 3070 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:56:56, on 30.12.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\BitTorrent\BitTorrent.exe
C:\Documents and Settings\Tibor\Application Data\GameRanger\GameRanger\GameRanger.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Tibor\Desktop\RSIT.exe
C:\Program Files\trend micro\Tibor.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBit0.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBit0.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBit0.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\System32\winsys2.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe"
O4 - HKCU\..\Run: [Msg.exe] C:\Documents and Settings\All Users\Msg.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [DTite.exe] C:\Documents and Settings\Tibor\Application Data\DTite.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'Default user')
O4 - Startup: GameRanger.lnk = C:\Documents and Settings\Tibor\Application Data\GameRanger\GameRanger\GameRanger.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 7743 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{AB5F8386-325A-44D1-8497-62DBD0119BB1}.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Tibor\Application Data\Mozilla\Firefox\Profiles\u6bbdvcj.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.google.sk/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7, jqs@sun.com:1.0, {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:2.7.2.0, {20a82645-c095-46ed-80e3-08825760534b}:1.1, toolbar@ask.com:3.13.1.100009, {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}:3.2.5.2, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.14.1, {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8312, {203FB6B2-2E1E-4474-863B-4C483ECCE78E}:1.2.0, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.24"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.1.7&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon Easy-PhotoPrint EX
"Path"=C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18]
"Description"=Veetle TV Core
"Path"=C:\Program Files\Veetle\plugins\npVeetle.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18]
"Description"=Veetle TV Player
"Path"=C:\Program Files\Veetle\Player\npvlc.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np32dsw.dll
npdeployJava1.dll
npdnu.dll
npdnu.xpt
npdnupdater2.dll
npdnupdater2.xpt
npFoxitReaderPlugin.dll
NPOFFICE.DLL
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
ShockwavePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Documents and Settings\Tibor\Application Data\Mozilla\Firefox\Profiles\u6bbdvcj.default\extensions\
{0b38152b-1b20-484d-a11f-5e04a9b0661f}
{20a82645-c095-46ed-80e3-08825760534b}
{800b5000-a755-47e1-992b-48a1c1357f07}
{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}

C:\Documents and Settings\Tibor\Application Data\Mozilla\Firefox\Profiles\u6bbdvcj.default\searchplugins\
askcom.xml
conduit.xml
icqplugin-1.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngin0.dll [2011-01-01 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08 202144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
BitTorrentBar Toolbar - C:\Program Files\BitTorrentBar\tbBit0.dll [2011-01-01 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-09-21 3853984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-04 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - BitTorrentBar Toolbar - C:\Program Files\BitTorrentBar\tbBit0.dll [2011-01-01 3911776]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngin0.dll [2011-01-01 3911776]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08 1619352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WinSys2"=C:\WINDOWS\System32\winsys2.exe [2009-05-18 208896]
"LiveMonitor"=C:\Program Files\MSI\Live Update 3\LMonitor.exe [2009-02-24 498688]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2005-11-08 128920]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2009-10-19 1983816]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2009-09-04 767312]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 997920]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2011-04-14 20053608]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2011-12-24 460872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"=C:\Program Files\BitTorrent\BitTorrent.exe [2011-06-07 400760]
"Msg.exe"=C:\Documents and Settings\All Users\Msg.exe [2011-10-02 498688]
"ICQ"=C:\Program Files\ICQ7.2\ICQ.exe [2011-01-05 133432]
"DTite.exe"=C:\Documents and Settings\Tibor\Application Data\DTite.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\chromium]
C:\Program Files\Google\Chrome\Application\chrome.exe [2011-12-07 1047096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-07-09 570664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Tibor^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2010-06-07 1195520]

C:\Documents and Settings\Tibor\Start Menu\Programs\Startup
GameRanger.lnk - C:\Documents and Settings\Tibor\Application Data\GameRanger\GameRanger\GameRanger.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\World of Warcraft\Launcher.exe"="D:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\BitTorrent\BitTorrent.exe"="C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Codemasters\F1 2010\F1_2010_game.exe"="C:\Program Files\Codemasters\F1 2010\F1_2010_game.exe:*:Enabled:F1 2010"
"C:\Documents and Settings\Tibor\Application Data\GameRanger\GameRanger\GameRanger.exe"="C:\Documents and Settings\Tibor\Application Data\GameRanger\GameRanger\GameRanger.exe:*:Enabled:GameRanger"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"D:\F1\F1_2010_game.exe"="D:\F1\F1_2010_game.exe:*:Enabled:F1 2010 Executable"
"C:\Program Files\Google\Chrome\Application\chrome.exe"="C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\World of Warcraft\BackgroundDownloader.exe"="D:\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"D:\World of Warcraft Public Test\Launcher.exe"="D:\World of Warcraft Public Test\Launcher.exe:*:Enabled:Blizzard Launcher"
"D:\World of Warcraft Public Test\LauncherB.exe"="D:\World of Warcraft Public Test\LauncherB.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"E:\asarel\ACRSP.exe"="E:\asarel\ACRSP.exe:*:Enabled:Assassin's Creed Revelations"
"E:\asarel\ACRMP.exe"="E:\asarel\ACRMP.exe:*:Enabled:Assassin's Creed Revelations Multiplayer"
"E:\asarel\AssassinsCreedRevelations.exe"="E:\asarel\AssassinsCreedRevelations.exe:*:Enabled:Assassin's Creed Revelations Update"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FFDS"=ff_vfw.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.VP60"=vp6vfw.dll
"VIDC.VP61"=vp6vfw.dll
"VIDC.VP62"=vp6vfw.dll
"VIDC.VP70"=vp7vfw.dll
"VIDC.X264"=vp7vfw.dll
"vidc.i263"=i263_32.drv
"VIDC.HFYU"=huffyuv.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.ac3filter"=ac3filter.acm
"msacm.divxa32"=divxa32.acm
"msacm.l3codecp"=l3codecp.acm
"msacm.lameacm"=lameACM.acm
"msacm.vorbis"=vorbis.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-12-30 16:56:42 ----D---- C:\rsit
2011-12-30 16:56:42 ----D---- C:\Program Files\trend micro
2011-12-29 19:30:34 ----A---- C:\WINDOWS\ntbtlog.txt
2011-12-29 19:26:17 ----SHD---- C:\RECYCLER
2011-12-29 17:46:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-12-29 17:46:36 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-12-28 22:36:24 ----D---- C:\Documents and Settings\Tibor\Application Data\Malwarebytes
2011-12-28 22:36:23 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-12-28 20:56:28 ----ASH---- C:\Documents and Settings\Tibor\Application Data\Sys6925.Config Collection.sys
2011-12-28 20:56:12 ----D---- C:\Program Files\jv16 PowerTools 2010
2011-12-28 18:53:37 ----D---- C:\WINDOWS\system32\sda
2011-12-28 18:53:36 ----A---- C:\WINDOWS\system32\RtsUStoricon.dll
2011-12-28 18:53:36 ----A---- C:\WINDOWS\system32\RtsUStor.dll
2011-12-28 18:53:36 ----A---- C:\WINDOWS\system32\drivers\RtsUStor.sys
2011-12-28 18:52:32 ----A---- C:\WINDOWS\system32\RTNUninst32.dll
2011-12-28 18:51:54 ----A---- C:\WINDOWS\system32\drivers\intelide.sys
2011-12-28 16:40:47 ----D---- C:\WINDOWS\pss
2011-12-28 16:24:47 ----D---- C:\Program Files\CCleaner
2011-12-28 15:54:53 ----A---- C:\WINDOWS\system32\drivers\mouhid.sys
2011-12-28 15:54:42 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
2011-12-28 12:53:13 ----SHD---- C:\WINDOWS\CSC
2011-12-13 19:14:41 ----D---- C:\Documents and Settings\Tibor\Application Data\Registry Mechanic
2011-12-13 19:13:36 ----A---- C:\WINDOWS\system32\Cache.db

======List of files/folders modified in the last 1 month======

2011-12-30 16:56:48 ----D---- C:\WINDOWS\Prefetch
2011-12-30 16:56:42 ----D---- C:\Program Files
2011-12-30 16:56:33 ----D---- C:\Documents and Settings\Tibor\Application Data\BitTorrent
2011-12-30 16:53:13 ----D---- C:\Documents and Settings\Tibor\Application Data\ICQ
2011-12-30 16:52:35 ----D---- C:\WINDOWS\Temp
2011-12-29 20:24:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-12-29 19:43:44 ----SD---- C:\WINDOWS\Tasks
2011-12-29 19:38:03 ----D---- C:\WINDOWS
2011-12-29 19:30:54 ----SHD---- C:\System Volume Information
2011-12-29 19:25:48 ----D---- C:\WINDOWS\Minidump
2011-12-29 19:25:16 ----D---- C:\WINDOWS\system32\Restore
2011-12-29 18:57:34 ----D---- C:\WINDOWS\SoftwareDistribution
2011-12-29 18:50:10 ----A---- C:\WINDOWS\system.ini
2011-12-29 18:49:16 ----D---- C:\WINDOWS\system32\drivers
2011-12-29 18:49:16 ----D---- C:\WINDOWS\system32
2011-12-29 18:49:15 ----D---- C:\WINDOWS\AppPatch
2011-12-29 18:49:15 ----D---- C:\Program Files\Common Files
2011-12-29 18:48:20 ----D---- C:\WINDOWS\system32\CatRoot2
2011-12-29 18:43:51 ----D---- C:\WINDOWS\system32\drivers\etc
2011-12-29 18:21:27 ----D---- C:\WINDOWS\Logs
2011-12-29 17:18:06 ----D---- C:\Program Files\Mozilla Firefox
2011-12-28 22:50:28 ----D---- C:\Documents and Settings
2011-12-28 21:18:24 ----D---- C:\WINDOWS\system32\config
2011-12-28 21:06:14 ----D---- C:\WINDOWS\Debug
2011-12-28 20:54:56 ----D---- C:\Program Files\Registry Mechanic
2011-12-28 19:19:42 ----HD---- C:\WINDOWS\inf
2011-12-28 18:54:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-12-28 18:54:32 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-12-28 18:54:09 ----D---- C:\WINDOWS\system32\RTCOM
2011-12-28 16:38:36 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2011-12-28 16:38:35 ----D---- C:\Program Files\Common Files\Symantec Shared
2011-12-28 16:35:26 ----SHD---- C:\WINDOWS\Installer
2011-12-28 16:30:02 ----D---- C:\Documents and Settings\Tibor\Application Data\uTorrent
2011-12-28 16:30:02 ----D---- C:\Documents and Settings\Tibor\Application Data\Skype
2011-12-15 23:45:14 ----D---- C:\Program Files\Internet Explorer
2011-12-15 23:45:02 ----HD---- C:\WINDOWS\$hf_mig$
2011-12-15 23:44:59 ----A---- C:\WINDOWS\system32\MRT.exe
2011-12-15 23:44:52 ----A---- C:\WINDOWS\win.ini
2011-12-13 19:14:33 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-12-13 19:13:36 ----SD---- C:\Documents and Settings\Tibor\Application Data\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-11-06 664064]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2010-11-06 223128]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2011-05-03 6404712]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2009-04-30 8055584]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RtsUStor.sys [2009-08-10 171520]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2010-09-09 234728]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 MpKsl09f8e6b8;MpKsl09f8e6b8; \??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1BB60C7B-5854-4A13-8E90-99581761C38C}\MpKsl09f8e6b8.sys []
S1 MpKsl0a0a7b95;MpKsl0a0a7b95; \??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1BB60C7B-5854-4A13-8E90-99581761C38C}\MpKsl0a0a7b95.sys []
S1 MpKsl23fdf47a;MpKsl23fdf47a; \??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1CDDC130-F088-46C0-8FAC-E5052F9B7F4E}\MpKsl23fdf47a.sys []
S1 MpKsl9f7cc369;MpKsl9f7cc369; \??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1CDDC130-F088-46C0-8FAC-E5052F9B7F4E}\MpKsl9f7cc369.sys []
S1 MpKslc4670040;MpKslc4670040; \??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3C6EF3A9-920A-40E7-9C9C-3B27C35FAF8D}\MpKslc4670040.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 FXDrv32;FXDrv32; \??\J:\FXDrv32.sys []
S3 GMSIPCI;GMSIPCI; \??\J:\INSTALL\GMSIPCI.SYS []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 rt2870;Belkin 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2008-10-29 644096]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 11736]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2011-03-19 75136]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-31 136176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-31 136176]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 30 pro 2011 19:16

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\Program Files\ConduitEngine
C:\Program Files\Skype\Toolbars
C:\Program Files\Google\Update
C:\Program Files\Veetle\plugins\npVeetle.dll
C:\WINDOWS\System32\winsys2.exe
J:\FXDrv32.sys

:services
gupdate
gupdatem
FXDrv32

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
[-HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
[-HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WinSys2"=-

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na MoveIt!. PC bude restartován. Při čištění musí být připojena jednotka J:\. Je na ni rootkit.

ANGILO · #3 Příspěvek od **ANGILO** » 30 pro 2011 21:57

J: -momentalne nemam k dispozicii ...
spustil som OTM bez riadku "J:\FXDrv32.sys" - plocha sa vyprazdnila a PC zamrzlo ....

#4 Příspěvek od **Rudy** » 30 pro 2011 22:23

ANGILO píše:J: -momentalne nemam k dispozicii ...
spustil som OTM bez riadku "J:\FXDrv32.sys" - plocha sa vyprazdnila a PC zamrzlo ....

Spusťte to i s tím řádkem. Já jsem nikde nepsal, pokud nemáte k dispozici jednotku J:\, abyste cokoli na skriptu měnil. Ten fake driver máte v kompu, jen soubor je na J:\. Soubor pak normálně smažete, až bude J:\ k dispozici. Restartujte natvrdo a pokud se vám nepodřilo nějak nakopnout systém, spusťte znovu.

ANGILO · #5 Příspěvek od **ANGILO** » 31 pro 2011 10:23

chova sa to uplne rovnako - po spusteni sa vymaze plocha a PC zamrzne s presypackami

#6 Příspěvek od **Rudy** » 31 pro 2011 11:26

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

ANGILO · #7 Příspěvek od **ANGILO** » 31 pro 2011 11:52

ComboFix 11-12-31.01 - Tibor 31.12.2011 11:35:39.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3070.2169 [GMT 1:00]
Running from: c:\documents and settings\Tibor\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-31 )))))))))))))))))))))))))))))))
.
.
2011-12-30 21:49 . 2011-12-30 21:49 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21419E2E-2201-448A-BBA6-78A82C039975}\MpKsl70d62ba5.sys
2011-12-30 21:34 . 2011-12-30 21:34 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21419E2E-2201-448A-BBA6-78A82C039975}\MpKsl0f058351.sys
2011-12-30 20:28 . 2011-12-30 20:28 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21419E2E-2201-448A-BBA6-78A82C039975}\MpKsla5fb743a.sys
2011-12-30 19:19 . 2011-12-30 19:19 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21419E2E-2201-448A-BBA6-78A82C039975}\MpKsl4260809a.sys
2011-12-30 19:19 . 2011-12-31 09:17 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21419E2E-2201-448A-BBA6-78A82C039975}\offreg.dll
2011-12-30 19:19 . 2011-11-30 01:21 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21419E2E-2201-448A-BBA6-78A82C039975}\mpengine.dll
2011-12-30 18:40 . 2011-12-30 18:40 -------- d-----w- C:\_OTM
2011-12-30 15:56 . 2011-12-30 15:56 -------- d-----w- C:\rsit
2011-12-30 15:56 . 2011-12-30 15:56 -------- d-----w- c:\program files\trend micro
2011-12-29 16:46 . 2011-12-29 16:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-29 16:46 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-29 16:18 . 2011-12-21 08:07 121816 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-12-29 16:18 . 2011-12-21 08:07 97240 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-12-29 16:18 . 2011-12-21 08:07 814040 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-12-29 16:18 . 2011-12-21 08:07 486360 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-12-29 16:18 . 2011-12-21 08:07 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2011-12-29 16:18 . 2011-12-21 08:07 2124760 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-12-29 16:18 . 2011-12-21 08:07 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-12-29 16:18 . 2011-12-21 04:29 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-12-29 16:18 . 2011-12-21 04:29 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2011-12-29 16:18 . 2011-12-21 04:29 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2011-12-29 16:18 . 2011-12-21 04:29 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2011-12-29 16:18 . 2011-12-21 04:29 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-12-28 21:50 . 2011-12-28 21:50 -------- d-----w- c:\documents and settings\Administrator
2011-12-28 21:36 . 2011-12-29 16:46 -------- d-----w- c:\documents and settings\Tibor\Application Data\Malwarebytes
2011-12-28 21:36 . 2011-12-29 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-28 19:56 . 2011-12-28 19:56 22 --sha-w- c:\windows\Sys3390 SettingsCollection.bin
2011-12-28 19:56 . 2011-12-28 19:56 22 --sha-w- c:\documents and settings\Tibor\Application Data\Sys6925.Config Collection.sys
2011-12-28 19:56 . 2011-12-28 20:03 -------- d-----w- c:\program files\jv16 PowerTools 2010
2011-12-28 17:53 . 2011-12-28 17:53 -------- d-----w- c:\windows\system32\sda
2011-12-28 17:53 . 2009-08-10 15:06 171520 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2011-12-28 17:53 . 2009-06-22 15:51 270336 ----a-w- c:\windows\system32\RtsUStor.dll
2011-12-28 17:53 . 2009-02-02 22:27 7360512 ----a-w- c:\windows\system32\RtsUStoricon.dll
2011-12-28 17:52 . 2010-07-26 16:35 102416 ----a-w- c:\windows\system32\RTNUninst32.dll
2011-12-28 17:51 . 2008-04-13 23:10 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2011-12-28 17:51 . 2008-04-13 23:10 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2011-12-28 15:24 . 2011-12-28 15:24 -------- d-----w- c:\program files\CCleaner
2011-12-28 14:54 . 2001-08-17 12:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2011-12-28 14:54 . 2001-08-17 12:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-12-28 14:54 . 2008-04-13 23:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2011-12-28 14:54 . 2008-04-13 23:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-12-13 18:14 . 2011-12-13 18:14 -------- d-----w- c:\documents and settings\Tibor\Application Data\Registry Mechanic
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-30 01:21 . 2010-10-25 18:19 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-23 13:25 . 2003-03-31 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 13:29 . 2010-10-23 15:12 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-04 19:20 . 2003-03-31 12:00 916992 ------w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2003-03-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2003-03-31 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2009-09-24 17:20 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2003-03-31 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2003-03-31 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2003-03-31 12:00 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2002-08-29 01:04 2027008 ------w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2003-03-31 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2009-09-24 17:49 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-02 13:09 . 2011-10-02 13:09 498688 ----a-w- c:\documents and settings\All Users\Msg.exe
2011-12-21 08:07 . 2011-12-29 16:18 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBit0.dll" [2011-01-01 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-01 16:52 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngin0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-01-01 16:52 3911776 ----a-w- c:\program files\BitTorrentBar\tbBit0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBit0.dll" [2011-01-01 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2011-01-01 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\tbBit0.dll" [2011-01-01 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2011-01-01 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2011-06-07 400760]
"Msg.exe"="c:\documents and settings\All Users\Msg.exe" [2011-10-02 498688]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinSys2"="c:\windows\System32\winsys2.exe" [2009-05-18 208896]
"LiveMonitor"="c:\program files\MSI\Live Update 3\LMonitor.exe" [2009-02-24 498688]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"RTHDCPL"="RTHDCPL.EXE" [2011-04-14 20053608]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\ctfmon.exe" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Tibor\Start Menu\Programs\Startup\
GameRanger.lnk - c:\documents and settings\Tibor\Application Data\GameRanger\GameRanger\GameRanger.exe [2011-4-28 1449696]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tibor^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Tibor\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\chromium]
2011-12-07 11:16 1047096 ----a-w- c:\program files\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-18 15:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-07-09 13:39 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\World of Warcraft\\Launcher.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Codemasters\\F1 2010\\F1_2010_game.exe"=
"c:\\Documents and Settings\\Tibor\\Application Data\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"d:\\F1\\F1_2010_game.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\World of Warcraft\\BackgroundDownloader.exe"=
"d:\\World of Warcraft Public Test\\Launcher.exe"=
"d:\\World of Warcraft Public Test\\LauncherB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"e:\\asarel\\ACRSP.exe"=
"e:\\asarel\\ACRMP.exe"=
"e:\\asarel\\AssassinsCreedRevelations.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.11.2010 20:49 664064]
R1 MpKsl0f058351;MpKsl0f058351;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21419E2E-2201-448A-BBA6-78A82C039975}\MpKsl0f058351.sys [30.12.2011 22:34 29904]
R1 MpKsl4260809a;MpKsl4260809a;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21419E2E-2201-448A-BBA6-78A82C039975}\MpKsl4260809a.sys [30.12.2011 20:19 29904]
R1 MpKsl70d62ba5;MpKsl70d62ba5;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21419E2E-2201-448A-BBA6-78A82C039975}\MpKsl70d62ba5.sys [30.12.2011 22:49 29904]
R1 MpKsla5fb743a;MpKsla5fb743a;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21419E2E-2201-448A-BBA6-78A82C039975}\MpKsla5fb743a.sys [30.12.2011 21:28 29904]
R1 MpKslfa65fb23;MpKslfa65fb23;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21419E2E-2201-448A-BBA6-78A82C039975}\MpKslfa65fb23.sys [31.12.2011 10:17 29904]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [29.12.2011 17:46 652872]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [29.12.2011 17:46 20464]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [28.12.2011 18:53 171520]
S1 MpKsl09f8e6b8;MpKsl09f8e6b8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1BB60C7B-5854-4A13-8E90-99581761C38C}\MpKsl09f8e6b8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1BB60C7B-5854-4A13-8E90-99581761C38C}\MpKsl09f8e6b8.sys [?]
S1 MpKsl0a0a7b95;MpKsl0a0a7b95;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1BB60C7B-5854-4A13-8E90-99581761C38C}\MpKsl0a0a7b95.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1BB60C7B-5854-4A13-8E90-99581761C38C}\MpKsl0a0a7b95.sys [?]
S1 MpKsl23fdf47a;MpKsl23fdf47a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1CDDC130-F088-46C0-8FAC-E5052F9B7F4E}\MpKsl23fdf47a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1CDDC130-F088-46C0-8FAC-E5052F9B7F4E}\MpKsl23fdf47a.sys [?]
S1 MpKsl9f7cc369;MpKsl9f7cc369;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1CDDC130-F088-46C0-8FAC-E5052F9B7F4E}\MpKsl9f7cc369.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1CDDC130-F088-46C0-8FAC-E5052F9B7F4E}\MpKsl9f7cc369.sys [?]
S1 MpKslc4670040;MpKslc4670040;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3C6EF3A9-920A-40E7-9C9C-3B27C35FAF8D}\MpKslc4670040.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3C6EF3A9-920A-40E7-9C9C-3B27C35FAF8D}\MpKslc4670040.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31.10.2010 13:35 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [24.9.2009 19:01 1691480]
S3 FXDrv32;FXDrv32;\??\j:\fxdrv32.sys --> j:\FXDrv32.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [31.10.2010 13:35 136176]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLFA65FB23
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-31 12:34]
.
2011-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-31 12:34]
.
2011-12-31 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
2011-12-31 c:\windows\Tasks\User_Feed_Synchronization-{AB5F8386-325A-44D1-8497-62DBD0119BB1}.job
- c:\windows\system32\msfeedssync.exe [2009-09-24 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 217.73.16.2 8.8.8.8
FF - ProfilePath - c:\documents and settings\Tibor\Application Data\Mozilla\Firefox\Profiles\u6bbdvcj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-DTite.exe - c:\documents and settings\Tibor\Application Data\DTite.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-31 11:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-823518204-515967899-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3980)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-12-31 11:39:22
ComboFix-quarantined-files.txt 2011-12-31 10:39
.
Pre-Run: 22 005 080 064 bytes free
Post-Run: 21 955 633 152 bytes free
.
- - End Of File - - FA672DA48766F3434B16D0F3C6D7F5CB

#8 Příspěvek od **Rudy** » 31 pro 2011 12:35

ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Folder::
c:\program files\ConduitEngine

Collect::
c:\windows\System32\winsys2.exe
j:\fxdrv32.sys

Driver::
FXDrv32

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinSys2"=-

Firefox::
FF - ProfilePath - c:\documents and settings\Tibor\Application Data\Mozilla\Firefox\Profiles\u6bbdvcj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.7&q=

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu. Důrazně vás upozorňuji, abyste nijak neupravoval skript!

Obrázek

ANGILO · #9 Příspěvek od **ANGILO** » 31 pro 2011 14:56

script sa spustil, ale zamrzlo to ...
po restarte som to spustil v nudzovom rezime
log

ComboFix 11-12-31.02 - Tibor 31.12.2011 15:46:08.5.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3070.2642 [GMT 1:00]
Running from: c:\documents and settings\Tibor\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tibor\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
file zipped: c:\windows\System32\winsys2.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ConduitEngine
c:\program files\ConduitEngine\appContextMenu.xml
c:\program files\ConduitEngine\ConduitEngin0.dll
c:\program files\ConduitEngine\ConduitEngin1.dll
c:\program files\ConduitEngine\ConduitEngine.dll
c:\program files\ConduitEngine\ConduitEngineHelper.exe
c:\program files\ConduitEngine\ConduitEngineUninstall.exe
c:\program files\ConduitEngine\engineContextMenu.xml
c:\program files\ConduitEngine\EngineSettings.json
c:\program files\ConduitEngine\INSTALL.LOG
c:\program files\ConduitEngine\toolbar.cfg
c:\windows\System32\winsys2.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_FXDRV32
-------\Service_FXDrv32
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-31 )))))))))))))))))))))))))))))))
.
.
2011-12-30 19:19 . 2011-11-30 01:21 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21419E2E-2201-448A-BBA6-78A82C039975}\mpengine.dll
2011-12-30 18:40 . 2011-12-30 18:40 -------- d-----w- C:\_OTM
2011-12-30 15:56 . 2011-12-30 15:56 -------- d-----w- C:\rsit
2011-12-30 15:56 . 2011-12-30 15:56 -------- d-----w- c:\program files\trend micro
2011-12-29 16:46 . 2011-12-29 16:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-29 16:46 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-29 16:18 . 2011-12-21 08:07 121816 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-12-29 16:18 . 2011-12-21 08:07 97240 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-12-29 16:18 . 2011-12-21 08:07 814040 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-12-29 16:18 . 2011-12-21 08:07 486360 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-12-29 16:18 . 2011-12-21 08:07 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2011-12-29 16:18 . 2011-12-21 08:07 2124760 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-12-29 16:18 . 2011-12-21 08:07 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-12-29 16:18 . 2011-12-21 04:29 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-12-29 16:18 . 2011-12-21 04:29 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2011-12-29 16:18 . 2011-12-21 04:29 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2011-12-29 16:18 . 2011-12-21 04:29 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2011-12-29 16:18 . 2011-12-21 04:29 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-12-28 21:50 . 2011-12-28 21:50 -------- d-----w- c:\documents and settings\Administrator
2011-12-28 21:36 . 2011-12-29 16:46 -------- d-----w- c:\documents and settings\Tibor\Application Data\Malwarebytes
2011-12-28 21:36 . 2011-12-29 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-28 19:56 . 2011-12-28 19:56 22 --sha-w- c:\windows\Sys3390 SettingsCollection.bin
2011-12-28 19:56 . 2011-12-28 19:56 22 --sha-w- c:\documents and settings\Tibor\Application Data\Sys6925.Config Collection.sys
2011-12-28 19:56 . 2011-12-28 20:03 -------- d-----w- c:\program files\jv16 PowerTools 2010
2011-12-28 17:53 . 2011-12-28 17:53 -------- d-----w- c:\windows\system32\sda
2011-12-28 17:53 . 2009-08-10 15:06 171520 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2011-12-28 17:53 . 2009-06-22 15:51 270336 ----a-w- c:\windows\system32\RtsUStor.dll
2011-12-28 17:53 . 2009-02-02 22:27 7360512 ----a-w- c:\windows\system32\RtsUStoricon.dll
2011-12-28 17:52 . 2010-07-26 16:35 102416 ----a-w- c:\windows\system32\RTNUninst32.dll
2011-12-28 17:51 . 2008-04-13 23:10 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2011-12-28 17:51 . 2008-04-13 23:10 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2011-12-28 15:24 . 2011-12-28 15:24 -------- d-----w- c:\program files\CCleaner
2011-12-28 14:54 . 2001-08-17 12:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2011-12-28 14:54 . 2001-08-17 12:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-12-28 14:54 . 2008-04-13 23:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2011-12-28 14:54 . 2008-04-13 23:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-12-13 18:14 . 2011-12-13 18:14 -------- d-----w- c:\documents and settings\Tibor\Application Data\Registry Mechanic
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-30 01:21 . 2010-10-25 18:19 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-23 13:25 . 2003-03-31 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 13:29 . 2010-10-23 15:12 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-04 19:20 . 2003-03-31 12:00 916992 ------w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2003-03-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2003-03-31 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2009-09-24 17:20 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2003-03-31 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2003-03-31 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2003-03-31 12:00 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2002-08-29 01:04 2027008 ------w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2003-03-31 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2009-09-24 17:49 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-12-21 08:07 . 2011-12-29 16:18 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-31_10.38.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-31 14:54 . 2011-12-31 14:54 16384 c:\windows\temp\Perflib_Perfdata_6a4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBit0.dll" [2011-01-01 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-01-01 16:52 3911776 ----a-w- c:\program files\BitTorrentBar\tbBit0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBit0.dll" [2011-01-01 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\tbBit0.dll" [2011-01-01 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2011-06-07 400760]
"Msg.exe"="c:\documents and settings\All Users\Msg.exe" [2011-10-02 498688]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432]
"DTite.exe"="c:\documents and settings\Tibor\Application Data\DTite.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LiveMonitor"="c:\program files\MSI\Live Update 3\LMonitor.exe" [2009-02-24 498688]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"RTHDCPL"="RTHDCPL.EXE" [2011-04-14 20053608]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\ctfmon.exe" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Tibor\Start Menu\Programs\Startup\
GameRanger.lnk - c:\documents and settings\Tibor\Application Data\GameRanger\GameRanger\GameRanger.exe [2011-4-28 1449696]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tibor^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Tibor\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\chromium]
2011-12-07 11:16 1047096 ----a-w- c:\program files\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-18 15:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-07-09 13:39 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\World of Warcraft\\Launcher.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Codemasters\\F1 2010\\F1_2010_game.exe"=
"c:\\Documents and Settings\\Tibor\\Application Data\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"d:\\F1\\F1_2010_game.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\World of Warcraft\\BackgroundDownloader.exe"=
"d:\\World of Warcraft Public Test\\Launcher.exe"=
"d:\\World of Warcraft Public Test\\LauncherB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"e:\\asarel\\ACRSP.exe"=
"e:\\asarel\\ACRMP.exe"=
"e:\\asarel\\AssassinsCreedRevelations.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.11.2010 20:49 664064]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [29.12.2011 17:46 652872]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [29.12.2011 17:46 20464]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [28.12.2011 18:53 171520]
S1 MpKsl09f8e6b8;MpKsl09f8e6b8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1BB60C7B-5854-4A13-8E90-99581761C38C}\MpKsl09f8e6b8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1BB60C7B-5854-4A13-8E90-99581761C38C}\MpKsl09f8e6b8.sys [?]
S1 MpKsl0a0a7b95;MpKsl0a0a7b95;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1BB60C7B-5854-4A13-8E90-99581761C38C}\MpKsl0a0a7b95.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1BB60C7B-5854-4A13-8E90-99581761C38C}\MpKsl0a0a7b95.sys [?]
S1 MpKsl23fdf47a;MpKsl23fdf47a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1CDDC130-F088-46C0-8FAC-E5052F9B7F4E}\MpKsl23fdf47a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1CDDC130-F088-46C0-8FAC-E5052F9B7F4E}\MpKsl23fdf47a.sys [?]
S1 MpKsl9f7cc369;MpKsl9f7cc369;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1CDDC130-F088-46C0-8FAC-E5052F9B7F4E}\MpKsl9f7cc369.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1CDDC130-F088-46C0-8FAC-E5052F9B7F4E}\MpKsl9f7cc369.sys [?]
S1 MpKslc4670040;MpKslc4670040;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3C6EF3A9-920A-40E7-9C9C-3B27C35FAF8D}\MpKslc4670040.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3C6EF3A9-920A-40E7-9C9C-3B27C35FAF8D}\MpKslc4670040.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31.10.2010 13:35 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [24.9.2009 19:01 1691480]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [31.10.2010 13:35 136176]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-31 12:34]
.
2011-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-31 12:34]
.
2011-12-31 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
2011-12-31 c:\windows\Tasks\User_Feed_Synchronization-{AB5F8386-325A-44D1-8497-62DBD0119BB1}.job
- c:\windows\system32\msfeedssync.exe [2009-09-24 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 217.73.16.2 8.8.8.8
FF - ProfilePath - c:\documents and settings\Tibor\Application Data\Mozilla\Firefox\Profiles\u6bbdvcj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-conduitEngine - c:\program files\ConduitEngine\ConduitEngineUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-31 15:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-823518204-515967899-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2288)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
.
**************************************************************************
.
Completion time: 2011-12-31 15:56:50 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-31 14:56
ComboFix2.txt 2011-12-31 10:39
.
Pre-Run: 21 955 268 608 bytes free
Post-Run: 9 adresárov, 21 831 548 928 voľných bajtov
.
- - End Of File - - 9398E87F20CB24257E84E87532800C28
Upload was successful

#10 Příspěvek od **Rudy** » 31 pro 2011 17:55

Log již vypadá čistý. Nezapoměňte z jednotky J:\ odmazat soubor FXDrv32.sys .

ANGILO · #11 Příspěvek od **ANGILO** » 31 pro 2011 18:45

Dakujem velmi pekne,
a pri tejto prilezitosti dakujem za celorocnu podporu a trpezlivost celemu teamu fora viry.cz a preto
Veseleho Silvestra Vam chcem zazelat, aby mal clovek cloveka rad. V Novm roku vela lasky, blaha, sily, zdravia, uspechov a stastia.

#12 Příspěvek od **Rudy** » 31 pro 2011 19:26

Vy nemáte zač a já děkuji za přání a zároveň vám přeji šťastný a veselý nový rok 2012, mnoho zdarví štěstí a splněných přání!

ANGILO · #13 Příspěvek od **ANGILO** » 01 led 2012 14:54

Zdravim v Novom roku,
mohol by som poprosit o nazor k nasledovnym aktivitam
log z MBaM
2012/01/01 11:50:39 +0100 TIBOR-PC Tibor MESSAGE Starting protection
2012/01/01 11:50:44 +0100 TIBOR-PC Tibor MESSAGE Protection started successfully
2012/01/01 11:50:47 +0100 TIBOR-PC Tibor MESSAGE Starting IP protection
2012/01/01 11:51:01 +0100 TIBOR-PC Tibor MESSAGE IP Protection started successfully
2012/01/01 12:00:50 +0100 TIBOR-PC Tibor MESSAGE Executing scheduled update: Daily
2012/01/01 12:00:57 +0100 TIBOR-PC Tibor MESSAGE Scheduled update executed successfully: database updated from version v2011.12.31.03 to version v2012.01.01.01
2012/01/01 12:00:57 +0100 TIBOR-PC Tibor MESSAGE Starting database refresh
2012/01/01 12:00:57 +0100 TIBOR-PC Tibor MESSAGE Stopping IP protection
2012/01/01 12:00:57 +0100 TIBOR-PC Tibor MESSAGE IP Protection stopped
2012/01/01 12:01:01 +0100 TIBOR-PC Tibor MESSAGE Database refreshed successfully
2012/01/01 12:01:01 +0100 TIBOR-PC Tibor MESSAGE Starting IP protection
2012/01/01 12:01:02 +0100 TIBOR-PC Tibor MESSAGE IP Protection started successfully
2012/01/01 12:17:01 +0100 TIBOR-PC Tibor IP-BLOCK 91.197.237.144 (Type: incoming)
2012/01/01 12:20:19 +0100 TIBOR-PC Tibor IP-BLOCK 89.28.119.21 (Type: incoming)
2012/01/01 12:21:28 +0100 TIBOR-PC Tibor IP-BLOCK 213.182.206.150 (Type: incoming)
2012/01/01 12:24:49 +0100 TIBOR-PC Tibor IP-BLOCK 77.78.238.170 (Type: outgoing)
2012/01/01 12:44:05 +0100 TIBOR-PC Tibor MESSAGE Starting protection
2012/01/01 12:44:10 +0100 TIBOR-PC Tibor MESSAGE Protection started successfully
2012/01/01 12:44:14 +0100 TIBOR-PC Tibor MESSAGE Starting IP protection
2012/01/01 12:44:28 +0100 TIBOR-PC Tibor MESSAGE IP Protection started successfully
2012/01/01 12:49:37 +0100 TIBOR-PC Tibor IP-BLOCK 67.215.246.204 (Type: outgoing)
2012/01/01 12:49:40 +0100 TIBOR-PC Tibor IP-BLOCK 67.215.246.204 (Type: outgoing)
2012/01/01 12:49:46 +0100 TIBOR-PC Tibor IP-BLOCK 67.215.246.204 (Type: outgoing)
2012/01/01 12:53:22 +0100 TIBOR-PC Tibor IP-BLOCK 77.78.238.170 (Type: incoming)
2012/01/01 13:01:02 +0100 TIBOR-PC Tibor IP-BLOCK 212.113.33.197 (Type: outgoing)
2012/01/01 13:07:35 +0100 TIBOR-PC Tibor IP-BLOCK 77.78.238.170 (Type: incoming)
2012/01/01 13:22:39 +0100 TIBOR-PC Tibor IP-BLOCK 89.28.119.21 (Type: incoming)
2012/01/01 13:30:39 +0100 TIBOR-PC Tibor IP-BLOCK 83.128.43.42 (Type: outgoing)
2012/01/01 13:31:14 +0100 TIBOR-PC Tibor IP-BLOCK 77.78.238.170 (Type: outgoing)
2012/01/01 13:31:37 +0100 TIBOR-PC Tibor IP-BLOCK 77.78.247.3 (Type: outgoing)
2012/01/01 13:47:03 +0100 TIBOR-PC Tibor IP-BLOCK 77.78.238.170 (Type: outgoing)
2012/01/01 13:47:23 +0100 TIBOR-PC Tibor IP-BLOCK 222.65.70.85 (Type: outgoing)
2012/01/01 13:50:44 +0100 TIBOR-PC Tibor IP-BLOCK 77.78.238.170 (Type: incoming)
2012/01/01 13:51:53 +0100 TIBOR-PC Tibor IP-BLOCK 89.28.125.168 (Type: incoming)
2012/01/01 14:05:37 +0100 TIBOR-PC Tibor IP-BLOCK 195.161.7.26 (Type: incoming)
2012/01/01 14:16:17 +0100 TIBOR-PC Tibor IP-BLOCK 77.78.238.170 (Type: outgoing)
2012/01/01 14:16:42 +0100 TIBOR-PC Tibor IP-BLOCK 218.8.134.100 (Type: outgoing)
2012/01/01 14:18:34 +0100 TIBOR-PC Tibor IP-BLOCK 77.78.238.170 (Type: incoming)
2012/01/01 14:19:52 +0100 TIBOR-PC Tibor IP-BLOCK 89.28.87.182 (Type: incoming)
2012/01/01 14:24:28 +0100 TIBOR-PC Tibor IP-BLOCK 89.28.119.21 (Type: incoming)
2012/01/01 14:32:18 +0100 TIBOR-PC Tibor IP-BLOCK 77.78.238.170 (Type: outgoing)
2012/01/01 14:32:27 +0100 TIBOR-PC Tibor IP-BLOCK 77.78.238.170 (Type: incoming)

#14 Příspěvek od **Rudy** » 01 led 2012 17:36

Jedná se o kontrolu komunikace PC s internetem. Nějaký problém?

VIRY.CZ

Prosim o kontrolu

Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu