Prosím o kontrolu logu zamrza Pc

Zpráva

Rybiz · #1 Příspěvek od **Rybiz** » 16 čer 2012 19:01

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Run by Rybajz at 19:58:27 on 2012-06-16
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1562 [GMT 2:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Creative\USB Headsets\Volume Panel\VolPanlu.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?AF=111361&babsrc=HP_ss&mntrId=54d52cd500000000000000ff82908faf
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\data aplikací\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: TheBflix Class: {e77b2837-d38b-44c7-bf44-c8d410bbd83d} - c:\documents and settings\all users\data aplikací\thebflix\bhoclass.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SweetPacks Browser Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: SweetPacks Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [VolPanel] "c:\program files\creative\usb headsets\volume panel\VolPanlu.exe" /r
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [JMB36X Configure] c:\windows\system32\JMRaidTool.exe boot
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
mRun: [Sweetpacks Communicator] c:\program files\sweetim\communicator\SweetPacksUpdateManager.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} - hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
TCP: DhcpNameServer = 192.168.9.30 192.168.9.35
TCP: Interfaces\{CC6FD1E4-B570-462D-92BC-530CE34567F7} : DhcpNameServer = 192.168.9.30 192.168.9.35
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\rybajz\data aplikací\mozilla\firefox\profiles\s83i7oal.default\
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-16 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-3 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-3 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-3 44768]
R2 ezGOSvc;Easybits GO Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2004-8-17 14336]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-1-13 101904]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-8-3 69120]
R3 skfilt;skfilt;c:\windows\system32\drivers\skfilt.sys [2010-4-3 1670016]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2011-6-6 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 257224]
S3 cpuz132;cpuz132;\??\c:\docume~1\rybajz\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\rybajz\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-4-3 79360]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-28 113120]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2011-6-6 736104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva386;XDva386;\??\c:\windows\system32\xdva386.sys --> c:\windows\system32\XDva386.sys [?]
.
=============== Created Last 30 ================
.
2012-06-13 09:17:53 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-12 21:59:46 -------- d-----w- c:\documents and settings\rybajz\data aplikací\.mono
2012-06-10 21:11:59 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-10 21:11:59 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-05-29 14:04:49 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2012-05-29 14:04:30 -------- d-----w- c:\program files\common files\xing shared
2012-05-29 14:04:23 150696 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2012-05-29 14:04:18 129144 ----a-w- c:\program files\mozilla firefox\plugins\nprpplugin.dll
2012-05-26 10:55:38 -------- d-----w- c:\program files\SweetIM
2012-05-24 21:41:54 -------- d-----w- c:\documents and settings\rybajz\data aplikací\LolClient2
.
==================== Find3M ====================
.
2012-06-09 17:27:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-09 17:27:10 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-31 13:19:33 602624 ----a-w- c:\windows\system32\crypt32.dll
2012-05-29 14:04:13 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-05-29 14:04:13 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-21 19:51:39 139448 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-05-21 19:51:24 282472 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-05-21 19:51:24 282472 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-05-21 19:14:48 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-05-21 19:14:32 282472 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-05-16 15:09:43 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:55:54 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:44:09 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:44:09 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-06 17:16:10 22328 ----a-w- c:\documents and settings\rybajz\data aplikací\PnkBstrK.sys
2012-05-05 03:14:53 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14:53 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:39 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2004-07-09 02:08:36 472576 ----a-w- c:\program files\dxsetup.exe
2004-07-09 02:08:34 2242560 ----a-w- c:\program files\dsetup32.dll
2004-07-09 01:03:10 62976 ----a-w- c:\program files\DSETUP.dll
.
============= FINISH: 19:59:15,25 ===============

#2 Příspěvek od **Rudy** » 16 čer 2012 19:16

Poprosím o log ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Rybiz · #3 Příspěvek od **Rybiz** » 17 čer 2012 00:42

diky moc

ComboFix 12-06-15.06 - Rybajz 17.06.2012 1:30.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1553 [GMT 2:00]
Spuštěný z: c:\documents and settings\Rybajz\Dokumenty\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\iun6002.exe
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\tmp.reg
c:\windows\system32\tmp10A.tmp
c:\windows\system32\tmp10B.tmp
c:\windows\system32\tmp110.tmp
c:\windows\system32\tmp111.tmp
c:\windows\system32\tmp16C.tmp
c:\windows\system32\tmp16D.tmp
c:\windows\system32\tmp1CD.tmp
c:\windows\system32\tmp1CE.tmp
c:\windows\system32\tmp33.tmp
c:\windows\system32\tmp34.tmp
c:\windows\system32\tmp45.tmp
c:\windows\system32\tmp46.tmp
c:\windows\system32\tmp48.tmp
c:\windows\system32\tmp49.tmp
c:\windows\system32\tmp5F8.tmp
c:\windows\system32\tmp5F9.tmp
c:\windows\system32\tmp75.tmp
c:\windows\system32\tmp76.tmp
c:\windows\system32\tmp95.tmp
c:\windows\system32\tmp96.tmp
c:\windows\system32\tmp9C.tmp
c:\windows\system32\tmp9D.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-16 do 2012-06-16 )))))))))))))))))))))))))))))))
.
.
2012-06-16 22:18 . 2012-06-16 22:18 -------- d-----w- c:\documents and settings\Rybajz\Local Settings\Data aplikací\Overwolf
2012-06-13 09:17 . 2012-05-11 14:44 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-12 21:59 . 2012-06-12 21:59 -------- d-----w- c:\documents and settings\Rybajz\Data aplikací\.mono
2012-06-12 21:59 . 2012-06-12 21:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\.mono
2012-06-10 21:11 . 2012-06-10 21:11 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-10 21:11 . 2012-06-10 21:11 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-05-29 14:04 . 2012-05-29 14:04 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2012-05-29 14:04 . 2012-05-29 14:04 -------- d-----w- c:\program files\Common Files\xing shared
2012-05-29 14:04 . 2012-05-29 14:04 150696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2012-05-29 14:04 . 2012-05-29 14:04 129144 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpplugin.dll
2012-05-26 10:55 . 2012-05-26 10:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SweetIM
2012-05-26 10:55 . 2012-05-26 10:56 -------- d-----w- c:\program files\SweetIM
2012-05-24 21:41 . 2012-05-24 21:41 -------- d-----w- c:\documents and settings\Rybajz\Data aplikací\LolClient2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-09 17:27 . 2012-03-30 14:19 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-09 17:27 . 2011-05-17 13:03 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-31 13:19 . 2004-08-17 13:49 602624 ----a-w- c:\windows\system32\crypt32.dll
2012-05-29 14:04 . 2003-03-18 20:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-05-29 14:04 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-21 19:51 . 2010-12-31 17:26 139448 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-05-21 19:51 . 2010-12-31 17:25 282472 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-05-21 19:51 . 2010-04-04 20:10 282472 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-05-21 19:14 . 2010-12-31 17:25 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-05-21 19:14 . 2010-04-04 17:52 282472 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-05-16 15:09 . 2004-08-17 13:49 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:55 . 2004-08-17 13:44 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:44 . 2004-08-17 13:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 14:44 . 2004-08-17 13:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 11:38 . 2004-08-17 13:44 385024 ----a-w- c:\windows\system32\html.iec
2012-05-06 17:16 . 2010-12-31 18:11 22328 ----a-w- c:\documents and settings\Rybajz\Data aplikací\PnkBstrK.sys
2012-05-05 03:14 . 2004-08-17 15:45 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-05 03:14 . 2004-08-17 13:45 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-02 13:46 . 2010-04-03 13:10 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2004-07-09 02:08 . 2004-07-09 02:08 472576 ----a-w- c:\program files\dxsetup.exe
2004-07-09 02:08 . 2004-07-09 02:08 2242560 ----a-w- c:\program files\dsetup32.dll
2004-07-09 01:03 . 2004-07-09 01:03 62976 ----a-w- c:\program files\DSETUP.dll
2012-06-10 21:11 . 2011-06-22 14:17 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2012-02-19 130864]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-02-19 12:46 1337648 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-02-19 1337648]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-02-19 1337648]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files\Creative\USB Headsets\Volume Panel\VolPanlu.exe" [2008-05-05 221300]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-09 98304]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-06 4241512]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-02-16 114992]
"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-02-26 295728]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-05-29 296056]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^GamersFirst LIVE!.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Rybajz\\Data aplikací\\uTorrent\\utorrent.exe"=
"d:\\Hry\\Footbalecek\\Football Superstars\\FSClientr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"d:\\Hry\\Test Drive\\TestDriveUnlimited.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonUS\\NGM\\NGM.exe"=
"c:\\Documents and Settings\\All Users\\Dokumenty\\FIFAOnlineSetup\\NFE.exe"=
"d:\\Hry\\World_of_Tanks_closed_Beta\\WOTLauncher.exe"=
"d:\\Hry\\World_of_Tanks_closed_Beta\\WorldOfTanks.exe"=
"d:\\Hry\\World_of_Tanks_closed_Beta\\WorldOfTanks_notraces.exe"=
"d:\\Hry\\BF 4 FREE\\BFP4f.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"d:\\Hry\\Arma2\\arma2.exe"=
"d:\\Hry\\Arma2\\arma2OA.exe"=
"d:\\Hry\\Shift2\\shift2u.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Hry\\Cod4\\iw3mp.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\SweetIM\\Communicator\\SweetPacksUpdateManager.exe"=
"c:\\Program Files\\Tunngle\\tnglctrl.exe"=
"c:\\Program Files\\Tunngle\\tunngle.exe"=
"d:\\Hry\\Arma2\\Expansion\\beta\\arma2oa.exe"=
"c:\\Documents and Settings\\Rybajz\\Dokumenty\\Downloads\\Runes_of_Magic_5_0_0_2535_slim.exe"=
"d:\\Hry\\Runes of Magic\\Client.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56504:TCP"= 56504:TCP:Pando Media Booster
"56504:UDP"= 56504:UDP:Pando Media Booster
"58813:TCP"= 58813:TCP:Pando Media Booster
"58813:UDP"= 58813:UDP:Pando Media Booster
"56980:TCP"= 56980:TCP:Pando Media Booster
"56980:UDP"= 56980:UDP:Pando Media Booster
"57914:TCP"= 57914:TCP:Pando Media Booster
"57914:UDP"= 57914:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.4.2010 19:32 445936]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [16.6.2011 12:17 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3.4.2010 23:13 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3.4.2010 23:13 20696]
R2 ezGOSvc;Easybits GO Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [17.8.2004 15:49 14336]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [13.1.2012 18:51 101904]
R3 skfilt;skfilt;c:\windows\system32\drivers\skfilt.sys [3.4.2010 22:34 1670016]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [6.6.2011 11:23 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 9:50 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30.3.2012 16:19 257224]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [3.4.2010 22:32 79360]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [28.4.2012 0:11 113120]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [6.6.2011 11:23 736104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
S3 XDva386;XDva386;\??\c:\windows\system32\XDva386.sys --> c:\windows\system32\XDva386.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezGOSvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-06-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 17:27]
.
2012-06-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1547161642-412668190-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]
.
2012-06-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1547161642-412668190-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.babylon.com/?AF=111361&babsrc=HP_ss&mntrId=54d52cd500000000000000ff82908faf
uInternet Settings,ProxyOverride = *.local
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.9.30 192.168.9.35
DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} - hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab
FF - ProfilePath - c:\documents and settings\Rybajz\Data aplikací\Mozilla\Firefox\Profiles\s83i7oal.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111361
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 54d52cd500000000000000ff82908faf
FF - user.js: extensions.BabylonToolbar_i.hardId - 54d52cd500000000000000ff82908faf
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15410
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1710:28
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-17 01:37
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1547161642-412668190-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:a4,1b,ff,3d,14,de,db,dd,3c,b7,c4,01,57,1d,b6,1c,ea,f8,68,54,c3,6a,27,
d7,d2,e1,bd,64,34,96,3b,e2,ea,8b,89,c6,a3,28,43,ba,c0,d2,7f,f8,1e,a6,8c,d6,\
"??"=hex:59,e5,97,70,47,08,a5,1e,f6,13,83,cc,52,0d,a6,6c
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1088)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2012-06-17 01:40:27
ComboFix-quarantined-files.txt 2012-06-16 23:40
.
Před spuštěním: 4 969 938 944
Po spuštění: 5 204 885 504
.
- - End Of File - - F61E180BA11137B1671252778A6D3F74

#4 Příspěvek od **Rudy** » 17 čer 2012 10:19

Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Folder::
c:\program files\SweetIM
c:\program files\uTorrentBar

Collect::
c:\windows\system32\XDva386.sys

Driver::
XDva386

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"=-
[-HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
[-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SweetIM"=-
"Sweetpacks Communicator"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56504:TCP"=-
"56504:UDP"=-
"58813:TCP"=-
"58813:UDP"=-
"56980:TCP"=-
"56980:UDP"=-
"57914:TCP"=-

Firefox::
FF - ProfilePath - c:\documents and settings\Rybajz\Data aplikací\Mozilla\Firefox\Profiles\s83i7oal.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111361
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 54d52cd500000000000000ff82908faf
FF - user.js: extensions.BabylonToolbar_i.hardId - 54d52cd500000000000000ff82908faf
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15410
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1710:28
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

Regnull::
[HKEY_USERS\S-1-5-21-1547161642-412668190-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

VIRY.CZ

Prosím o kontrolu logu zamrza Pc

Prosím o kontrolu logu zamrza Pc

Re: Prosím o kontrolu logu zamrza Pc

Re: Prosím o kontrolu logu zamrza Pc

Re: Prosím o kontrolu logu zamrza Pc