Security Shield prosím o pomoc

Zpráva

Haltaa · #1 Příspěvek od **Haltaa** » 30 čer 2012 16:20

Dobrý den, dostal se mi do PC vir Security Shield. Po spuštění PC mi to nedovolí nic udělat, ale po pár minutách zmizí a mohu s PC pracovat jako by se nic nestalo. Doufám, že se z logu dá zjistit kde ta mrška je...

Logfile of random's system information tool 1.09 (written by random/random)
Run by Haltaa at 2012-06-30 17:14:43
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 22 GB (44%) free of 50 GB
Total RAM: 511 MB (14% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:18:42, on 30.6.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Seznam.cz\postak.exe
C:\Program Files\QIP 2010\qip.exe
C:\Documents and Settings\Haltaa\Nabídka Start\Programy\Po spuštění\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Loaris\Trojan Remover 1.2\ltr12.exe
D:\Downloads\RSIT.exe
C:\Program Files\trend micro\Haltaa.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {95289393-33EA-4F8D-B952-483415B9C955} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (file missing)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.2.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (file missing)
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (file missing)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\postak.exe" -s
O4 - HKCU\..\Run: [MediaGet2] C:\Documents and Settings\Haltaa\Local Settings\Data aplikací\MediaGet2\mediaget.exe --minimized
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Documents and Settings\Haltaa\Data aplikací\QipGuard\QipGuard.exe /p
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP 2010\qip.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ctfmon.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwar ... TSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: QipGuard - Unknown owner - C:\Program Files\QipGuard\QipGuard.exe (file missing)

--
End of file - 7617 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Haltaa\Data aplikací\Mozilla\Firefox\Profiles\hjlwqqdw.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18"
prefs.js - "keyword.URL" - "http://www.google.com/search?ie=UTF-8&oe=utf-8&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{FFB96CC1-7EB3-449D-B827-DB661701C6BB}"=C:\Program Files\CheckPoint\ZAForceField\TrustChecker

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi]
"Description"=ZoneAlarm LTD Toolbar Api
"Path"=C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
NPOFF12.DLL
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Haltaa\Data aplikací\Mozilla\Firefox\Profiles\hjlwqqdw.default\extensions\
anttoolbar@ant.com
{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}

C:\Documents and Settings\Haltaa\Data aplikací\Mozilla\Firefox\Profiles\hjlwqqdw.default\searchplugins\
qip-search.xml
sweetim.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-02-28 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ZoneAlarm Security Engine Registrar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-02-28 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-02-28 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Ukazatel S-Rank - C:\Program Files\Seznam.cz\core.2.dll [2010-05-19 1117976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll []
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"C-Media Mixer"=Mixer.exe /startup []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"CmPCIaudio"=RunDll32 CMICNFG3.cpl,CMICtrlWnd []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
"ISW"= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Seznam Postak"=C:\Program Files\Seznam.cz\postak.exe [2010-05-19 462104]
"MediaGet2"=C:\Documents and Settings\Haltaa\Local Settings\Data aplikací\MediaGet2\mediaget.exe --minimized []
"QIP Internet Guardian"=C:\Documents and Settings\Haltaa\Data aplikací\QipGuard\QipGuard.exe /p []
"Infium"=C:\Program Files\QIP 2010\qip.exe [2012-03-23 7351760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-10-23 202024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Haltaa\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe /c []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr.exe]
C:\Documents and Settings\Haltaa\Data aplikací\QtHGW\adUtJ\1.2.4.635\msnmsgr.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-09-20 1836328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe -onlytray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []

C:\Documents and Settings\Haltaa\Nabídka Start\Programy\Po spuštění
ctfmon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-05-09 52224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\QIP 2010\qip.exe"="C:\Program Files\QIP 2010\qip.exe:*:Enabled:QIP 2010"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Counter-Strike 1.6\hl.exe"="C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Soldat\Soldat.exe"="C:\Soldat\Soldat.exe:*:Enabled:http://soldat.pl"
"C:\Program Files\Java\jre6\launch4j-tmp\frd.exe"="C:\Program Files\Java\jre6\launch4j-tmp\frd.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\WINDOWS\system32\msiexec.exe"="C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup"
"C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe"="C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"msacm.divxa32"=msaud32_divx.acm
"VIDC.FPS1"=frapsvid.dll
"vidc.iv50"=ir50_32.dll
"msacm.iac2"=C:\WINDOWS\system32\Iac25_32.ax
"msacm.ac3filter"=ac3filter.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"vidc.iv32"=C:\WINDOWS\system32\ir32_32.dll
"vidc.iv31"=C:\WINDOWS\system32\ir32_32.dll

======List of files/folders created in the last 1 month======

2012-06-30 17:03:01 ----D---- C:\Program Files\Loaris
2012-06-28 13:01:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Drivers HeadQuarters Inc
2012-06-28 12:55:57 ----D---- C:\Documents and Settings\Haltaa\Data aplikací\GetRightToGo
2012-06-27 23:06:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\Blizzard Entertainment
2012-06-27 19:55:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\Blizzard
2012-06-27 16:20:41 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2012-06-27 15:51:00 ----A---- C:\Documents and Settings\Haltaa\Data aplikací\pcouffin.sys
2012-06-27 15:51:00 ----A---- C:\Documents and Settings\Haltaa\Data aplikací\inst.exe
2012-06-13 13:52:47 ----D---- C:\Documents and Settings\Haltaa\Data aplikací\twinstar_launcher
2012-06-07 20:36:17 ----D---- C:\Documents and Settings\Haltaa\Data aplikací\Samsung
2012-06-07 20:28:56 ----A---- C:\WINDOWS\system32\drivers\ssadcm.sys
2012-06-07 20:28:55 ----A---- C:\WINDOWS\system32\drivers\WdfCoInstaller01005.dll
2012-06-07 20:28:54 ----A---- C:\WINDOWS\system32\drivers\ssadwh.sys
2012-06-07 20:27:09 ----A---- C:\WINDOWS\system32\Redemption.dll
2012-06-07 20:26:22 ----D---- C:\Program Files\MarkAny
2012-06-07 20:24:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Samsung
2012-06-06 20:45:38 ----D---- C:\Documents and Settings\Haltaa\Data aplikací\Leadertech

======List of files/folders modified in the last 1 month======

2012-06-30 17:15:00 ----D---- C:\Program Files\trend micro
2012-06-30 17:14:35 ----D---- C:\WINDOWS\Prefetch
2012-06-30 17:03:01 ----RD---- C:\Program Files
2012-06-30 14:47:05 ----D---- C:\Program Files\Mozilla Firefox
2012-06-30 14:46:49 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-06-30 14:34:54 ----D---- C:\WINDOWS\Temp
2012-06-30 14:32:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-06-29 22:17:14 ----D---- C:\Documents and Settings\Haltaa\Data aplikací\AIMP
2012-06-27 16:20:41 ----D---- C:\Program Files\Common Files
2012-06-27 15:43:00 ----A---- C:\WINDOWS\SIERRA.INI
2012-06-27 15:40:37 ----D---- C:\WINDOWS\twain_32
2012-06-25 23:44:58 ----A---- C:\WINDOWS\NeroDigital.ini
2012-06-25 23:44:46 ----D---- C:\Documents and Settings\Haltaa\Data aplikací\vlc
2012-06-20 19:13:58 ----D---- C:\WINDOWS\system32\CatRoot2
2012-06-17 18:28:55 ----HD---- C:\Program Files\InstallShield Installation Information
2012-06-16 23:03:14 ----D---- C:\Documents and Settings\Haltaa\Data aplikací\uTorrent
2012-06-14 22:23:21 ----D---- C:\Program Files\Counter-Strike 1.6
2012-06-13 14:26:44 ----D---- C:\WINDOWS\system32
2012-06-13 14:21:13 ----HD---- C:\WINDOWS\inf
2012-06-13 14:21:13 ----DC---- C:\WINDOWS\system32\DRVSTORE
2012-06-13 14:20:03 ----D---- C:\WINDOWS\system32\drivers
2012-06-13 14:14:15 ----SHD---- C:\WINDOWS\Installer
2012-06-13 14:12:42 ----D---- C:\WINDOWS
2012-06-13 14:07:47 ----RSD---- C:\WINDOWS\assembly
2012-06-13 11:13:24 ----D---- C:\WINDOWS\Microsoft.NET
2012-06-07 20:30:35 ----D---- C:\WINDOWS\system32\CatRoot
2012-06-07 20:20:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-06-07 20:19:20 ----D---- C:\WINDOWS\WinSxS
2012-06-07 15:54:03 ----D---- C:\Program Files\JDownloader

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-14 42368]
R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2011-07-30 639224]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 P3;Ovladač procesoru Intel PentiumIII; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-14 46592]
R3 cmuda3;C-Media PCI Audio Interface; C:\WINDOWS\system32\drivers\cmudax3.sys [2008-12-03 1519424]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-10-24 117760]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 ati3z1wd;ati3z1wd; C:\WINDOWS\system32\drivers\ati3z1wd.sys []
S3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2001-12-10 357070]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
S3 P17;Sound Blaster Audigy; C:\WINDOWS\system32\drivers\P17.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys []
S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-07-17 109952]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-05-09 40704]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-02-28 153376]
R2 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200; C:\Program Files\Nero\Update\NASvc.exe [2010-05-04 503080]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 QipGuard;QipGuard; C:\Program Files\QipGuard\QipGuard.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-30 113120]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-10-23 382248]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-05-09 823808]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 30 čer 2012 18:09

Zdravim a pekny den preji

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich
motji píše: Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Ted nerestartujte PC - prisli byste o ucinek RKillu

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Ukoncete vsechny programy
Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Pockejte na dokonceni PreScanu
Zvolte moznost Prohledat (scan)
Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte

Haltaa · #3 Příspěvek od **Haltaa** » 30 čer 2012 18:16

RogueKiller V7.6.1 [06/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v: Normální režim
Uživatel: Haltaa [Práva správce]
Mód: Kontrola -- Datum: 06/30/2012 19:14:37

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Záznamy Registrů: 4 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : QIP Internet Guardian (C:\Documents and Settings\Haltaa\Data aplikací\QipGuard\QipGuard.exe /p) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1220945662-1078081533-1801674531-1003[...]\Run : QIP Internet Guardian (C:\Documents and Settings\Haltaa\Data aplikací\QipGuard\QipGuard.exe /p) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤
IRP[IRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF8392B40)
IRP[IRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF8392B40)
IRP[IRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF8392B40)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF8392B40)
IRP[IRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF8392B40)
IRP[IRP_MJ_DEVICE_CHANGE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF8392B40)

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
127.0.0.1 www.example.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500AAJB-00J3A0 +++++
--- User ---
[MBR] 19ef69272aece3450c813c9c67fb06ab
[BSP] 918a16ca3521a509fbba9aaf953a120d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 49996 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 102392640 | Size: 188468 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[1].txt >>
RKreport[1].txt

#4 Příspěvek od **vyosek** » 30 čer 2012 18:22

Spustte znovu RogueKiller

Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Zvolte moznost Prohledat a pote Smazat a nasledne Zprava - otevre se log, ten sem vlozte
Pak kliknete na Oprava Host a Zprava - otevre se log, ten sem vlozte

Haltaa · #5 Příspěvek od **Haltaa** » 30 čer 2012 18:31

první log:

RogueKiller V7.6.1 [06/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v: Normální režim
Uživatel: Haltaa [Práva správce]
Mód: Odebrat -- Datum: 06/30/2012 19:29:24

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Záznamy Registrů: 3 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : QIP Internet Guardian (C:\Documents and Settings\Haltaa\Data aplikací\QipGuard\QipGuard.exe /p) -> DELETED
[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤
IRP[IRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF8392B40)
IRP[IRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF8392B40)
IRP[IRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF8392B40)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF8392B40)
IRP[IRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF8392B40)
IRP[IRP_MJ_DEVICE_CHANGE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF8392B40)

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
127.0.0.1 www.example.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500AAJB-00J3A0 +++++
--- User ---
[MBR] 19ef69272aece3450c813c9c67fb06ab
[BSP] 918a16ca3521a509fbba9aaf953a120d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 49996 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 102392640 | Size: 188468 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

druhý log:

RogueKiller V7.6.1 [06/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v: Normální režim
Uživatel: Haltaa [Práva správce]
Mód: Oprava HOSTS -- Datum: 06/30/2012 19:30:45

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
127.0.0.1 www.example.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]

¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost

Dokončeno : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

#6 Příspěvek od **vyosek** » 30 čer 2012 18:34

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Haltaa · #7 Příspěvek od **Haltaa** » 30 čer 2012 19:19

ComboFix 12-06-30.01 - Haltaa 30.06.2012 19:46:21.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.54 [GMT 2:00]
Spuštěný z: c:\documents and settings\Haltaa\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
c:\documents and settings\Haltaa\Local Settings\Data aplikací\yjtmwccyut.exe
c:\recycled\Recycled
c:\windows\IsUn0405.exe
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\ijl11.dll
c:\windows\system32\muzapp.exe
c:\windows\system32\vbpng1.dll
D:\autorun.inf
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-28 do 2012-06-30 )))))))))))))))))))))))))))))))
.
.
2012-06-28 11:01 . 2012-06-28 11:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Drivers HeadQuarters Inc
2012-06-28 10:55 . 2012-06-28 10:57 -------- d-----w- c:\documents and settings\Haltaa\Data aplikací\GetRightToGo
2012-06-27 21:06 . 2012-06-27 22:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Blizzard Entertainment
2012-06-27 17:55 . 2012-06-27 17:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Blizzard
2012-06-27 14:20 . 2012-06-27 14:20 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2012-06-27 13:51 . 2012-06-27 13:51 87608 ----a-w- c:\documents and settings\Haltaa\Data aplikací\inst.exe
2012-06-27 13:51 . 2012-06-27 13:51 47360 ----a-w- c:\documents and settings\Haltaa\Data aplikací\pcouffin.sys
2012-06-13 11:52 . 2012-06-13 11:54 -------- d-----w- c:\documents and settings\Haltaa\Data aplikací\twinstar_launcher
2012-06-07 18:36 . 2012-06-13 12:14 -------- d-----w- c:\documents and settings\Haltaa\Local Settings\Data aplikací\Samsung
2012-06-07 18:36 . 2012-06-07 18:36 -------- d-----w- c:\documents and settings\Haltaa\Data aplikací\Samsung
2012-06-07 18:35 . 2008-04-14 06:52 26624 ----a-w- c:\documents and settings\LocalService\Data aplikací\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2012-06-07 18:28 . 2011-06-02 05:47 10472 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2012-06-07 18:28 . 2010-12-21 05:55 1416680 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll
2012-06-07 18:28 . 2011-06-02 05:47 10344 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2012-06-07 18:27 . 2012-05-23 16:50 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-06-07 18:26 . 2012-06-07 18:26 -------- d-----w- c:\program files\MarkAny
2012-06-07 18:24 . 2012-06-13 12:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Samsung
2012-06-07 18:09 . 2012-06-07 18:09 -------- d-----w- c:\documents and settings\Haltaa\Local Settings\Data aplikací\Downloaded Installations
2012-06-06 18:45 . 2012-06-06 18:45 -------- d-----w- c:\documents and settings\Haltaa\Data aplikací\Leadertech
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-23 16:49 . 2012-05-23 16:49 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2012-05-23 16:49 . 2012-05-23 16:49 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2012-05-23 16:49 . 2012-05-23 16:49 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2012-05-23 16:49 . 2012-05-23 16:49 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2012-05-23 16:49 . 2012-05-23 16:49 569344 ----a-w- c:\windows\system32\muzdecode.ax
2012-05-23 16:49 . 2012-05-23 16:49 491520 ----a-w- c:\windows\system32\muzapp.dll
2012-05-23 16:49 . 2012-05-23 16:49 45320 ----a-w- c:\windows\system32\MAMACExtract.dll
2012-05-23 16:49 . 2012-05-23 16:49 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2012-05-23 16:49 . 2012-05-23 16:49 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2012-05-23 16:49 . 2012-05-23 16:49 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2012-05-23 16:49 . 2012-05-23 16:49 200704 ----a-w- c:\windows\system32\muzwmts.dll
2012-05-23 16:49 . 2012-05-23 16:49 143360 ----a-w- c:\windows\system32\3DAudio.ax
2012-05-23 16:49 . 2012-05-23 16:49 14336 ----a-w- c:\windows\system32\avrt123.dll
2012-05-23 16:49 . 2012-05-23 16:49 135168 ----a-w- c:\windows\system32\muzaf1.dll
2012-05-23 16:49 . 2012-05-23 16:49 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2012-05-23 16:49 . 2012-05-23 16:49 122880 ----a-w- c:\windows\system32\muzeffect.ax
2012-05-23 16:49 . 2012-05-23 16:49 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2012-06-30 12:46 . 2012-06-30 12:46 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2010-05-19 462104]
"Infium"="c:\program files\QIP 2010\qip.exe" [2012-03-23 7351760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"C-Media Mixer"="Mixer.exe" [2001-11-15 1216512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Haltaa\Nabídka Start\Programy\Po spuštění\
ctfmon.exe [2006-12-17 61985]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-10-23 12:18 202024 ----a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-09-20 06:51 1836328 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 12:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\QIP 2010\\qip.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.7.2011 17:08 639224]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [4.5.2010 12:07 503080]
S2 QipGuard;QipGuard;c:\program files\QipGuard\QipGuard.exe --> c:\program files\QipGuard\QipGuard.exe [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [26.4.2012 16:52 113120]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\documents and settings\Haltaa\Data aplikací\Mozilla\Firefox\Profiles\hjlwqqdw.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedie (cs)
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-MediaGet2 - c:\documents and settings\Haltaa\Local Settings\Data aplikací\MediaGet2\mediaget.exe
HKLM-Run-CmPCIaudio - CMICNFG3.cpl
HKLM-Run-ISW - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Google Update - c:\documents and settings\Haltaa\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
MSConfigStartUp-msnmsgr - c:\documents and settings\Haltaa\Data aplikací\QtHGW\adUtJ\1.2.4.635\msnmsgr.exe
MSConfigStartUp-NokiaSuite - c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
MSConfigStartUp-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-30 19:59
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2012-06-30 20:04:37
ComboFix-quarantined-files.txt 2012-06-30 18:04
.
Před spuštěním: Volných bajtů: 23 162 232 832
Po spuštění: Volných bajtů: 23 150 911 488
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - BB9AF174C52E8274A1732C59D6F61AAB

#8 Příspěvek od **vyosek** » 30 čer 2012 21:41

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-
"SunJavaUpdateSched"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Infium"=-

Driver::
QipGuard
NAUpdate

DDS::
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://search.qip.ru/ie

Firefox::
FF - ProfilePath - c:\documents and settings\Haltaa\Data aplikací\Mozilla\Firefox\Profiles\hjlwqqdw.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Haltaa · #9 Příspěvek od **Haltaa** » 30 čer 2012 22:09

ComboFix 12-06-30.01 - Haltaa 30.06.2012 22:53:06.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.208 [GMT 2:00]
Spuštěný z: c:\documents and settings\Haltaa\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Haltaa\Plocha\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NAUPDATE
-------\Legacy_QIPGUARD
-------\Service_NAUpdate
-------\Service_QipGuard
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-28 do 2012-06-30 )))))))))))))))))))))))))))))))
.
.
2012-06-28 11:01 . 2012-06-28 11:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Drivers HeadQuarters Inc
2012-06-28 10:55 . 2012-06-28 10:57 -------- d-----w- c:\documents and settings\Haltaa\Data aplikací\GetRightToGo
2012-06-27 21:06 . 2012-06-27 22:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Blizzard Entertainment
2012-06-27 17:55 . 2012-06-27 17:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Blizzard
2012-06-27 14:20 . 2012-06-27 14:20 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2012-06-27 13:51 . 2012-06-27 13:51 87608 ----a-w- c:\documents and settings\Haltaa\Data aplikací\inst.exe
2012-06-27 13:51 . 2012-06-27 13:51 47360 ----a-w- c:\documents and settings\Haltaa\Data aplikací\pcouffin.sys
2012-06-13 11:52 . 2012-06-13 11:54 -------- d-----w- c:\documents and settings\Haltaa\Data aplikací\twinstar_launcher
2012-06-07 18:36 . 2012-06-13 12:14 -------- d-----w- c:\documents and settings\Haltaa\Local Settings\Data aplikací\Samsung
2012-06-07 18:36 . 2012-06-07 18:36 -------- d-----w- c:\documents and settings\Haltaa\Data aplikací\Samsung
2012-06-07 18:35 . 2008-04-14 06:52 26624 ----a-w- c:\documents and settings\LocalService\Data aplikací\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2012-06-07 18:28 . 2011-06-02 05:47 10472 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2012-06-07 18:28 . 2010-12-21 05:55 1416680 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll
2012-06-07 18:28 . 2011-06-02 05:47 10344 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2012-06-07 18:27 . 2012-05-23 16:50 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-06-07 18:26 . 2012-06-07 18:26 -------- d-----w- c:\program files\MarkAny
2012-06-07 18:24 . 2012-06-13 12:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Samsung
2012-06-07 18:09 . 2012-06-07 18:09 -------- d-----w- c:\documents and settings\Haltaa\Local Settings\Data aplikací\Downloaded Installations
2012-06-06 18:45 . 2012-06-06 18:45 -------- d-----w- c:\documents and settings\Haltaa\Data aplikací\Leadertech
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-23 16:49 . 2012-05-23 16:49 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2012-05-23 16:49 . 2012-05-23 16:49 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2012-05-23 16:49 . 2012-05-23 16:49 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2012-05-23 16:49 . 2012-05-23 16:49 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2012-05-23 16:49 . 2012-05-23 16:49 569344 ----a-w- c:\windows\system32\muzdecode.ax
2012-05-23 16:49 . 2012-05-23 16:49 491520 ----a-w- c:\windows\system32\muzapp.dll
2012-05-23 16:49 . 2012-05-23 16:49 45320 ----a-w- c:\windows\system32\MAMACExtract.dll
2012-05-23 16:49 . 2012-05-23 16:49 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2012-05-23 16:49 . 2012-05-23 16:49 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2012-05-23 16:49 . 2012-05-23 16:49 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2012-05-23 16:49 . 2012-05-23 16:49 200704 ----a-w- c:\windows\system32\muzwmts.dll
2012-05-23 16:49 . 2012-05-23 16:49 143360 ----a-w- c:\windows\system32\3DAudio.ax
2012-05-23 16:49 . 2012-05-23 16:49 14336 ----a-w- c:\windows\system32\avrt123.dll
2012-05-23 16:49 . 2012-05-23 16:49 135168 ----a-w- c:\windows\system32\muzaf1.dll
2012-05-23 16:49 . 2012-05-23 16:49 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2012-05-23 16:49 . 2012-05-23 16:49 122880 ----a-w- c:\windows\system32\muzeffect.ax
2012-05-23 16:49 . 2012-05-23 16:49 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2012-06-30 12:46 . 2012-06-30 12:46 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-30_17.59.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-30 21:03 . 2012-06-30 21:03 16384 c:\windows\temp\Perflib_Perfdata_1f4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2010-05-19 462104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2001-11-15 1216512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Haltaa\Nabídka Start\Programy\Po spuštění\
ctfmon.exe [2006-12-17 61985]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\QIP 2010\\qip.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.7.2011 17:08 639224]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [26.4.2012 16:52 113120]
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\documents and settings\Haltaa\Data aplikací\Mozilla\Firefox\Profiles\hjlwqqdw.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedie (cs)
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-30 23:04
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3944)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\Mixer.exe
c:\windows\system32\RUNDLL32.EXE
c:\documents and settings\Haltaa\Nabídka Start\Programy\Po spuc:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\System32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2012-06-30 23:08:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-06-30 21:08
ComboFix2.txt 2012-06-30 18:04
.
Před spuštěním: Volných bajtů: 23 228 788 736
Po spuštění: Volných bajtů: 23 110 336 512
.
- - End Of File - - 9D2BAFDDFBE568581C43CE207A1F7BDF

#10 Příspěvek od **vyosek** » 30 čer 2012 22:25

Jak se chova nas pacient

Haltaa · #11 Příspěvek od **Haltaa** » 30 čer 2012 22:33

Zatím jsem nikde nepostřehl nějaký problém. Zatím je to OK. Děkuji mockrát.

#12 Příspěvek od **vyosek** » 01 črc 2012 09:54

Tak jeste uklidime

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

VIRY.CZ

Security Shield prosím o pomoc

Security Shield prosím o pomoc

Re: Security Shield prosím o pomoc

Re: Security Shield prosím o pomoc

Re: Security Shield prosím o pomoc

Re: Security Shield prosím o pomoc

Re: Security Shield prosím o pomoc

Re: Security Shield prosím o pomoc

Re: Security Shield prosím o pomoc

Re: Security Shield prosím o pomoc

Re: Security Shield prosím o pomoc

Re: Security Shield prosím o pomoc

Re: Security Shield prosím o pomoc