Nefunkční TCP/IP připojení

[stell]

no zmaz ten log,c vytvoril ping.bat, pretoze potom on tam pise do oho isteho logu.
1:Otvorte Notepad (Poznámkový blok) a skopíruj do neho text.
2:Potom klikneme na záložku Súbor v menu Uložiť ako.. ..
3:Ako je Názov súboru, tak do toho riadku napíšeme:oprava.reg
4:Typ súboru tak tam vyberiete všetky súbory
5:A uložíme ho na plochu.
6:2 x klikneme naň,povolíme zápis do registra,reštartujeme počítač.

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip]
"Type"=dword:00000001
"Start"=dword:00000001
"Tag"=dword:00000003

a skus ping.bat. log vloz sem

[Porqueroll]

Tak už to funguje! Akorát poznámka - hned jak se avast rozběhal, tak napsal, že našel v C:/Program rootkit, tuším, že SVC: CLPSVS...jde o problém, nebo o nějakou součást používaných programů?

Pro pořádek log:

Konfigurace protokolu IP systému Windows
Název hostitele . . . . . . . . . : lubos
Primární přípona DNS. . . . . . . :
Typ uzlu . . . . . . . . . . . . : neznámý
Povoleno směrování IP . . . . . . : Ne WINS Proxy povoleno . . . . . . . : Ne
Adaptér sítě Ethernet Bezdrátové připojení k síti:
Přípona DNS podle připojení . . . :
Popis . . . . . . . . . . . . . . : ASUS 802.11g
síťový adaptér
Fyzická Adresa. . . . . . . . . . : 00-1B-FC-FA-6D-96
Protokol DHCP povolen . . . . . . : Ano
Automatická konfigurace povolena : Ano
Adresa IP . . . . . . . . . . . . : 10.0.0.151
Maska podsítě . . . . . . . . . . : 255.255.255.0 Výchozí brána . . . . . . . . . . : 10.0.0.138
Server DHCP . . . . . . . . . . . : 10.0.0.138
Servery DNS . . . . . . . . . . . : 10.0.0.138
Zapůjčeno . . . . . . . . . . . . : 12. prosince 2012 20:42:14
Zápůjčka vyprší . . . . . . . . . : 15. prosince 2012 20:42:14
Adaptér sítě Ethernet Připojení k místní síti:
Stav média . . . . . . . . . . . : odpojeno
Popis . . . . . . . . . . . . . . : Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller
Fyzická Adresa. . . . . . . . . . : 00-1D-60-EF-12-31
Server: UnKnown
Address: 10.0.0.138

N˙zev: facebook.com
Addresses: 173.252.101.16, 66.220.152.16, 66.220.158.16, 69.171.224.32
69.171.229.16, 173.252.100.16

Pýˇkaz PING na facebook.com [66.220.152.16] s d‚lkou 32 bajt…:OdpovŘÔ od 66.220.152.16: bajty=32 źas=193ms TTL=236OdpovŘÔ od 66.220.152.16: bajty=32 źas=185ms TTL=236OdpovŘÔ od 66.220.152.16: bajty=32 źas=182ms TTL=236Statistika ping pro 66.220.152.16:Pakety: Odeslan‚ = 3, Pýijat‚ = 3, Ztracen‚ = 0 (ztr ta 0%),Pýibli§n  doba do pýijetˇ odezvy v milisekund ch: Minimum = 182ms, Maximum = 193ms, Pr…mŘr = 186ms
===========================================================================
Seznam rozhranˇ
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 1b fc fa 6d 96 ...... ASUS 802.11g síťový adaptér
0x10004 ...00 1d 60 ef 12 31 ...... Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller
===========================================================================
===========================================================================
Aktivnˇ smŘrov nˇ:
Cˇl v sˇti Sˇśov  maska Br na Rozhranˇ Metrika
0.0.0.0 0.0.0.0 10.0.0.138 10.0.0.151 25
10.0.0.0 255.255.255.0 10.0.0.151 10.0.0.151 25
10.0.0.151 255.255.255.255 127.0.0.1 127.0.0.1 25
10.255.255.255 255.255.255.255 10.0.0.151 10.0.0.151 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 10.0.0.151 10.0.0.151 25
255.255.255.255 255.255.255.255 10.0.0.151 10.0.0.151 1
255.255.255.255 255.255.255.255 10.0.0.151 10004 1
Věchozˇ br na: 10.0.0.138
===========================================================================
Trval‚ trasy:
¦ dn‚

[stell]

takto, takuto sluzbu nepoznam, zatial ignoruj hlasku AVASTU a spust MBAR ANTI-ROOTKIT.
Stiahnete Malwarebytes Anti-Rootkit
http://www.bleepingcomputer.com/downloa ... it/dl/133/
Ulozte na Plochu a rozbaľte
Spustite kliknutim na mbanr
Teraz postupne kliknete na Next a Update
Po dokončení update (aktualizácia) databazy kliknete opäť na Next
Nechajte zaškrtnuté vsetky tri moznosti a klin na Scan čím spustíte prehľadávanie PC
Po dokončení skenu skontrolujte, či je u vsetkych nálezov (samozrejme ak budú) fajka.
Tiez skontrolujte, jetsli je zaškrtnutie Create Restore point
Teraz kliknete na CleanUp čím nájdenú infekciu odstránime
PC sa reštartuje
Zlozka mbar by mala obsahovať log (a zrejme sa aj sam otvorí) mbar-log-rok-mesiac-deň (hodina-minúta-sekunda). Txt, ten mi sem dajte.

[Porqueroll]

Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2012.12.12.12

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Luboš :: LUBOS [administrator]

12.12.2012 21:45:38
mbar-log-2012-12-12 (21-45-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28540
Time elapsed: 18 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ctfmon.exe (Trojan.FakeMS) -> Data: C:\WINDOWS\system32\ctfmon.exe -> Delete on reboot.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|CTFMON.EXE (Trojan.FakeMS) -> Data: C:\WINDOWS\system32\CTFMON.EXE -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[stell]

ok, daj este log z combofix
http://www.bleepingcomputer.com/combofi ... t-combofix

[Porqueroll]

¨ComboFix 12-12-13.02 - Luboš 13.12.2012 16:55:58.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1195 [GMT 1:00]
Spuštěný z: c:\documents and settings\LuboÜ\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\xmlUpdater.exe
c:\documents and settings\Default User\xmlUpdater.exe
c:\documents and settings\Luboš\Recent\Thumbs.db
c:\program files\Mozilla Firefox\searchplugins\search.xml
C:\Thumbs.db
c:\windows\msmqinst.log
c:\windows\system32\Cache
c:\windows\system32\Cache\1842be26c70cd610.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c0d97d56c93c8804.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\e778f15353caa6bd.fb
c:\windows\system32\config\systemprofile\xmlUpdater.exe
c:\windows\system32\TZLog.log
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wininit.ini
G:\Autorun.inf
.
c:\windows\system32\calc.exe . . . je infikován!!
.
c:\windows\system32\notepad.exe . . . je infikován!!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-13 do 2012-12-13 )))))))))))))))))))))))))))))))
.
.
2012-12-12 20:21 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{F6E6E771-1B51-4003-8819-DB5EA6DEC9E4}\mpengine.dll
2012-12-12 19:56 . 2012-12-12 19:56 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\GeekBuddyRSP
2012-12-12 19:54 . 2012-12-12 19:54 -------- d-----w- c:\program files\Common Files\Comodo
2012-12-10 17:09 . 2012-12-10 17:09 -------- d-----w- c:\documents and settings\Lubo?
2012-12-09 19:57 . 2012-12-09 19:57 -------- d-----w- c:\program files\trend micro
2012-12-09 10:55 . 2012-12-12 19:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\CPA_VA
2012-12-09 08:36 . 2012-12-12 19:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Comodo
2012-12-09 08:35 . 2012-12-12 19:57 -------- d-----w- c:\program files\COMODO
2012-12-08 08:24 . 2012-12-08 08:24 -------- d-----w- c:\documents and settings\Luboš\Data aplikací\ElevatedDiagnostics
2012-12-04 08:41 . 2012-12-04 08:41 36112 ----a-w- c:\windows\system32\drivers\CFRMD.sys
2012-11-25 14:09 . 2012-11-25 14:09 -------- d-----w- c:\program files\Galactic Gaming Guild
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 21:14 . 2012-03-31 18:37 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 21:14 . 2011-05-21 16:41 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-04 08:41 . 2012-12-04 08:41 36112 ----a-w- c:\windows\inf\CFRMD\cfrmd.sys
2012-11-13 11:56 . 2008-04-14 05:45 1875456 ----a-w- c:\windows\system32\win32k.sys
2012-11-08 18:00 . 2009-05-10 13:59 6812136 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-11-07 23:38 . 2012-03-11 20:13 99080 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-11-07 23:38 . 2012-03-11 20:13 32640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-11-07 23:38 . 2012-03-11 20:13 497952 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-11-07 23:38 . 2012-03-11 20:13 18096 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-11-07 23:37 . 2012-03-11 20:13 34024 ----a-w- c:\windows\system32\cmdcsr.dll
2012-11-07 23:37 . 2012-03-11 20:13 301264 ----a-w- c:\windows\system32\guard32.dll
2012-11-06 00:41 . 2008-04-14 06:37 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-02 02:03 . 2008-04-14 06:51 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:12 . 2008-07-28 21:25 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:12 . 2008-04-23 04:16 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:12 . 2008-04-23 04:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2008-07-28 21:24 385024 ----a-w- c:\windows\system32\html.iec
2012-10-30 22:51 . 2011-06-05 07:55 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2009-09-13 15:48 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2009-09-13 15:48 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2009-09-13 15:48 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2009-09-13 15:48 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2009-09-13 15:48 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2009-09-13 15:48 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2009-09-13 15:48 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2010-11-13 08:36 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2009-09-13 15:47 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-02 18:04 . 2008-04-14 06:52 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-29 17:54 . 2012-10-26 18:45 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-24 13:32 . 2012-06-23 08:48 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 13:32 . 2010-04-18 13:31 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 11:51 . 2012-10-17 16:21 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-28 13:35 . 2012-10-28 13:32 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-08-15 19:42 . A23DF7213FE43F712F27A74DBCA5222B . 1593856 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2008-08-15 . 12A799AD9415AE9C8ABCC5F75E9CF034 . 557056 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2008-08-15 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[-] 2008-08-15 . F0C7CFFD1165068388311C793E32C4CC . 1482240 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2008-04-14 . C2DCB09A1EA98F248DD9A5DE195B3DF3 . 277504 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2008-08-15 . 94927BB89A6825C4A5952A2BF78F027B . 40960 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2008-07-28 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Luboš\Data aplikací\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Luboš\Data aplikací\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Luboš\Data aplikací\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"True transparacy"="c:\program files\extra\True Transparency\TrueTransparency.exe" [2008-06-24 372224]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-10-16 813584]
Start GeekBuddy.lnk - c:\program files\COMODO\GeekBuddy\launcher.exe [2012-11-1 49360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 10:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\g:\0autocheck autochk /p \??\G:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" -s
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"VisualTaskTips"=c:\program files\VisualTaskTips\VisualTaskTips.exe
"TransBar"=c:\program files\extra\TransBar\TransBar.exe /S
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"ViOrb"=c:\program files\extra\ViOrb\ViOrb.exe
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"Philips Device Listener"="c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\SEGA\\Beijing 2008\\Beijing.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\Anno4.exe"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\Anno4Web.exe"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\Addon.exe"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\AddonWeb.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Disney Interactive Studios\\Split Second\\SplitSecond.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Civilization4.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Documents and Settings\\Luboš\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Dreamlords\\dreamlords.exe"=
"c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlashGet3.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\football manager 2011\\fm.exe"=
"c:\\Program Files\\Origin Games\\FIFA 13 Demo\\Game\\fifa13_demo.exe"=
"g:\\Program Files\\KONAMI\\Pro Evolution Soccer 2011\\pes2011.exe"=
"c:\program files\Common Files\Comodo\GeekBuddyRSP.exe"= c:\program files\Common Files\Comodo\GeekBuddyRSP.exe:127.0.0.1/255.255.255.255:Enabled:GeekBuddy RSP
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.5.2009 15:02 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5.6.2011 8:55 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13.9.2009 16:48 361032]
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [4.12.2012 9:41 36112]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [11.3.2012 21:13 497952]
R1 mdf15;mdf15;c:\program files\Clarus\Samsung SecretZone\mdf15.sys [19.3.2010 21:48 12800]
R1 mvd20;mvd20;c:\program files\Clarus\Samsung SecretZone\mvd20.sys [19.3.2010 21:48 64000]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13.9.2009 16:48 21256]
R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\Common Files\Comodo\launcher_service.exe [1.11.2012 8:52 70352]
R2 GeekBuddyRSP;GeekBuddy Remote Screen Protocol;c:\program files\Common Files\Comodo\GeekBuddyRSP.exe [31.10.2012 15:46 1467088]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [16.10.2010 11:47 10384]
R2 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [25.12.2010 12:38 47616]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [14.12.2011 12:47 1514304]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 15:49 13592]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [10.5.2009 15:50 36864]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29.9.2009 8:11 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29.9.2009 8:11 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29.9.2009 8:11 12928]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [22.9.2011 13:08 10064]
S2 MSR Service;Virtual Disk Service Manager;c:\program files\Clarus\Samsung SecretZone\MSSvc.exe [19.3.2010 21:48 114688]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\56.tmp --> c:\windows\system32\56.tmp [?]
S4 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [11.3.2012 21:13 32640]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2009-03-08 02:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 21:14]
.
2012-12-13 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-02 22:50]
.
2012-12-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 14:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://java.sun.com/j2se/downloads.html
IE: Download all by FlashGet3 - c:\documents and settings\Luboš\Data aplikací\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\documents and settings\Luboš\Data aplikací\FlashGetBHO\GetUrl.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Stahnou vse FlashGet3 - c:\documents and settings\Luboš\Data aplikací\FlashGetBHO\GetAllUrl.htm
IE: Stahnout FlashGet3 - c:\documents and settings\Luboš\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?? - c:\documents and settings\Luboš\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\Luboš\Data aplikací\FlashGetBHO\GetAllUrl.htm
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} -
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Luboš\Data aplikací\Mozilla\Firefox\Profiles\qx3s0uar.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - ExtSQL: 2012-10-17 18:21; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: !HIDDEN! 2009-09-02 07:20; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ddrnw
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ddrnw
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=ddrnw&q=
FF - user.js: extensions.funmoods_i.id - b84d895f000000000000001d60ef1231
FF - user.js: extensions.funmoods_i.instlDay - 15371
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1617:14
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - ddrnw
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{34AB3C4C-DA1A-4067-96F4-31452C7CFE65} - (no file)
HKLM-Run-tvncontrol - c:\program files\Common Files\Comodo\tvnserver.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-13 17:07
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
C:\avast! sandbox
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\56.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1229272821-73586283-1801674531-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\Luboš\\Data aplikací\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-1229272821-73586283-1801674531-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\Luboš\\Data aplikací\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-1229272821-73586283-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:20,85,08,e4,4c,58,8e,73,7a,e0,a1,99,79,91,f1,09,0b,ab,99,58,df,5a,3e,
3c,cf,2b,38,ef,19,de,7c,d2,d9,56,9d,44,3a,9d,af,84,c3,4f,e8,91,f4,d2,9d,1c,\
"??"=hex:f4,94,0f,7b,d0,75,4d,60,81,7e,15,98,67,64,de,0f
.
[HKEY_USERS\S-1-5-21-1229272821-73586283-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:a4,a9,14,e3,cd,8b,e5,e7,f7,10,9b,5f,ba,a2,70,7c,6e,7d,b2,cb,68,
23,60,17,30,db,07,bc,51,17,11,d1,53,2f,85,9e,42,a7,ba,6e,48,34,af,cd,2b,05,\
"rkeysecu"=hex:2b,30,d7,2e,fb,0c,9c,0f,fb,58,0f,f4,d8,61,59,2d
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\guard32.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(832)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
c:\windows\system32\setupapi.dll
.
- - - - - - - > 'csrss.exe'(736)
c:\windows\system32\cmdcsr.dll
.
Celkový čas: 2012-12-13 17:13:18
ComboFix-quarantined-files.txt 2012-12-13 16:13
.
Před spuštěním: Volných bajtů: 11 290 726 400
Po spuštění: Volných bajtů: 11 337 326 592
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - DDB50E47F18DE51B4102CBCA40B7EFF8

[stell]

spust program Systemlook a vloz do okna tento script.,,klik look

Kód: Vybrat vše

:filefind 
calc.exe
notepad.exe

log vloz sem

[Porqueroll]

SystemLook 30.07.11 by jpshortstuff
Log created at 18:47 on 13/12/2012 by Luboš
Administrator - Elevation successful

========== filefind ==========

Searching for "calc.exe"
C:\WINDOWS\system32\calc.exe --a---- 227840 bytes [13:03 10/05/2009] [09:00 02/10/2002] 44F63F70962CB24306716235C80DB26B

Searching for "notepad.exe"
C:\Program Files\PSPad editor\Notepad.exe --a---- 7712 bytes [06:31 23/05/2011] [12:29 08/01/2005] 46F181DE55F77574668C4F4F0A2593D5
C:\WINDOWS\notepad.exe --a---- 166912 bytes [14:54 10/05/2009] [21:15 15/08/2008] 678505B22CEE5A4A154CF8A75B42A3AE
C:\WINDOWS\system32\notepad.exe --a---- 102912 bytes [21:15 15/08/2008] [21:22 01/10/2002] DBE7DC1C86180A6BA7805F449CFC07B2

-= EOF =-

[stell]

Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do nehocelý tex:

Kód: Vybrat vše

KILLALL::
FCOPY::
C:\WINDOWS\notepad.exe | C:\WINDOWS\system32\notepad.exe
srpeek::
C:\WINDOWS\system32\calc.exe
Extra::
FireFox::
FF - ProfilePath - c:\documents and settings\Luboš\Data aplikací\Mozilla\Firefox\Profiles\qx3s0uar.default\
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ddrnw
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ddrnw
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=ddrnw&q=
FF - user.js: extensions.funmoods_i.id - b84d895f000000000000001d60ef1231
FF - user.js: extensions.funmoods_i.instlDay - 15371
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1617:14
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - ddrnw
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
Driver::
MEMSWEEP2
Registry::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"=-
Rootkit::
c:\windows\system32\56.tmp
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
ClearJavaCache::
Reboot::

Potom klik na Subor -> Uložiť ako.. .-> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *]všetky súbory
A ulož ho na plochu> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :


Po skonceni skenu vlož log .

[Porqueroll]

ComboFix 12-12-13.02 - Luboš 13.12.2012 20:39:58.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1252 [GMT 1:00]
Spuštěný z: c:\documents and settings\Luboš\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Luboš\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\calc.exe . . . je infikován!!
.
.
--------------- FCopy ---------------
.
c:\windows\notepad.exe --> c:\windows\system32\notepad.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MEMSWEEP2
-------\Service_MEMSWEEP2
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-13 do 2012-12-13 )))))))))))))))))))))))))))))))
.
.
2012-12-12 20:21 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{F6E6E771-1B51-4003-8819-DB5EA6DEC9E4}\mpengine.dll
2012-12-12 19:56 . 2012-12-12 19:56 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\GeekBuddyRSP
2012-12-12 19:54 . 2012-12-12 19:54 -------- d-----w- c:\program files\Common Files\Comodo
2012-12-10 17:09 . 2012-12-10 17:09 -------- d-----w- c:\documents and settings\Lubo?
2012-12-09 19:57 . 2012-12-09 19:57 -------- d-----w- c:\program files\trend micro
2012-12-09 10:55 . 2012-12-12 19:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\CPA_VA
2012-12-09 08:36 . 2012-12-12 19:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Comodo
2012-12-09 08:35 . 2012-12-12 19:57 -------- d-----w- c:\program files\COMODO
2012-12-08 08:24 . 2012-12-08 08:24 -------- d-----w- c:\documents and settings\Luboš\Data aplikací\ElevatedDiagnostics
2012-12-04 08:41 . 2012-12-04 08:41 36112 ----a-w- c:\windows\system32\drivers\CFRMD.sys
2012-11-25 14:09 . 2012-11-25 14:09 -------- d-----w- c:\program files\Galactic Gaming Guild
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 20:06 . 2012-12-13 20:06 0 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2012-12-12 21:14 . 2012-03-31 18:37 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 21:14 . 2011-05-21 16:41 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-04 08:41 . 2012-12-04 08:41 36112 ----a-w- c:\windows\inf\CFRMD\cfrmd.sys
2012-11-13 11:56 . 2008-04-14 05:45 1875456 ----a-w- c:\windows\system32\win32k.sys
2012-11-08 18:00 . 2009-05-10 13:59 6812136 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-11-07 23:38 . 2012-03-11 20:13 99080 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-11-07 23:38 . 2012-03-11 20:13 32640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-11-07 23:38 . 2012-03-11 20:13 497952 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-11-07 23:38 . 2012-03-11 20:13 18096 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-11-07 23:37 . 2012-03-11 20:13 34024 ----a-w- c:\windows\system32\cmdcsr.dll
2012-11-07 23:37 . 2012-03-11 20:13 301264 ----a-w- c:\windows\system32\guard32.dll
2012-11-06 00:41 . 2008-04-14 06:37 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-02 02:03 . 2008-04-14 06:51 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:12 . 2008-07-28 21:25 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:12 . 2008-04-23 04:16 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:12 . 2008-04-23 04:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2008-07-28 21:24 385024 ----a-w- c:\windows\system32\html.iec
2012-10-30 22:51 . 2011-06-05 07:55 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2009-09-13 15:48 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2009-09-13 15:48 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2009-09-13 15:48 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2009-09-13 15:48 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2009-09-13 15:48 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2009-09-13 15:48 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2009-09-13 15:48 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2010-11-13 08:36 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2009-09-13 15:47 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-02 18:04 . 2008-04-14 06:52 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-29 17:54 . 2012-10-26 18:45 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-24 13:32 . 2012-06-23 08:48 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 13:32 . 2010-04-18 13:31 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 11:51 . 2012-10-17 16:21 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-28 13:35 . 2012-10-28 13:32 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-08-15 19:42 . A23DF7213FE43F712F27A74DBCA5222B . 1593856 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2008-08-15 . 12A799AD9415AE9C8ABCC5F75E9CF034 . 557056 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2008-08-15 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[-] 2008-08-15 . F0C7CFFD1165068388311C793E32C4CC . 1482240 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2008-04-14 . C2DCB09A1EA98F248DD9A5DE195B3DF3 . 277504 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2008-08-15 . 94927BB89A6825C4A5952A2BF78F027B . 40960 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2008-07-28 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Luboš\Data aplikací\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Luboš\Data aplikací\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Luboš\Data aplikací\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"True transparacy"="c:\program files\extra\True Transparency\TrueTransparency.exe" [2008-06-24 372224]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-10-16 813584]
Start GeekBuddy.lnk - c:\program files\COMODO\GeekBuddy\launcher.exe [2012-11-1 49360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 10:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\g:\0autocheck autochk /p \??\G:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" -s
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"VisualTaskTips"=c:\program files\VisualTaskTips\VisualTaskTips.exe
"TransBar"=c:\program files\extra\TransBar\TransBar.exe /S
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"ViOrb"=c:\program files\extra\ViOrb\ViOrb.exe
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"Philips Device Listener"="c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\SEGA\\Beijing 2008\\Beijing.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\Anno4.exe"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\Anno4Web.exe"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\Addon.exe"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\AddonWeb.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Disney Interactive Studios\\Split Second\\SplitSecond.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Civilization4.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Documents and Settings\\Luboš\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Dreamlords\\dreamlords.exe"=
"c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlashGet3.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\football manager 2011\\fm.exe"=
"c:\\Program Files\\Origin Games\\FIFA 13 Demo\\Game\\fifa13_demo.exe"=
"g:\\Program Files\\KONAMI\\Pro Evolution Soccer 2011\\pes2011.exe"=
"c:\program files\Common Files\Comodo\GeekBuddyRSP.exe"= c:\program files\Common Files\Comodo\GeekBuddyRSP.exe:127.0.0.1/255.255.255.255:Enabled:GeekBuddy RSP
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.5.2009 15:02 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5.6.2011 8:55 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13.9.2009 16:48 361032]
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [4.12.2012 9:41 36112]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [11.3.2012 21:13 497952]
R1 mdf15;mdf15;c:\program files\Clarus\Samsung SecretZone\mdf15.sys [19.3.2010 21:48 12800]
R1 mvd20;mvd20;c:\program files\Clarus\Samsung SecretZone\mvd20.sys [19.3.2010 21:48 64000]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13.9.2009 16:48 21256]
R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\Common Files\Comodo\launcher_service.exe [1.11.2012 8:52 70352]
R2 GeekBuddyRSP;GeekBuddy Remote Screen Protocol;c:\program files\Common Files\Comodo\GeekBuddyRSP.exe [31.10.2012 15:46 1467088]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [16.10.2010 11:47 10384]
R2 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [25.12.2010 12:38 47616]
R2 MSR Service;Virtual Disk Service Manager;c:\program files\Clarus\Samsung SecretZone\MSSvc.exe [19.3.2010 21:48 114688]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [14.12.2011 12:47 1514304]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 15:49 13592]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [10.5.2009 15:50 36864]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29.9.2009 8:11 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29.9.2009 8:11 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29.9.2009 8:11 12928]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [22.9.2011 13:08 10064]
S4 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [11.3.2012 21:13 32640]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2009-03-08 02:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 21:14]
.
2012-12-13 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-02 22:50]
.
2012-12-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 14:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://java.sun.com/j2se/downloads.html
IE: ????3??
IE: ????3??????
IE: Download all by FlashGet3 - c:\documents and settings\Luboš\Data aplikací\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\documents and settings\Luboš\Data aplikací\FlashGetBHO\GetUrl.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Stahnou vse FlashGet3 - c:\documents and settings\Luboš\Data aplikací\FlashGetBHO\GetAllUrl.htm
IE: Stahnout FlashGet3 - c:\documents and settings\Luboš\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?? - c:\documents and settings\Luboš\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\Luboš\Data aplikací\FlashGetBHO\GetAllUrl.htm
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} -
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Luboš\Data aplikací\Mozilla\Firefox\Profiles\qx3s0uar.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - ExtSQL: 2012-10-17 18:21; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: !HIDDEN! 2009-09-02 07:20; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-13 21:02
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1229272821-73586283-1801674531-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*
N}Ź]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\Luboš\\Data aplikací\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-1229272821-73586283-1801674531-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*
N}ŹhQčţ”Ąc]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\Luboš\\Data aplikací\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-1229272821-73586283-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:20,85,08,e4,4c,58,8e,73,7a,e0,a1,99,79,91,f1,09,0b,ab,99,58,df,5a,3e,
3c,cf,2b,38,ef,19,de,7c,d2,d9,56,9d,44,3a,9d,af,84,c3,4f,e8,91,f4,d2,9d,1c,\
"??"=hex:f4,94,0f,7b,d0,75,4d,60,81,7e,15,98,67,64,de,0f
.
[HKEY_USERS\S-1-5-21-1229272821-73586283-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:a4,a9,14,e3,cd,8b,e5,e7,f7,10,9b,5f,ba,a2,70,7c,6e,7d,b2,cb,68,
23,60,17,30,db,07,bc,51,17,11,d1,53,2f,85,9e,42,a7,ba,6e,48,34,af,cd,2b,05,\
"rkeysecu"=hex:2b,30,d7,2e,fb,0c,9c,0f,fb,58,0f,f4,d8,61,59,2d
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1216)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(1304)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
c:\windows\system32\setupapi.dll
.
- - - - - - - > 'explorer.exe'(348)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\guard32.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\msi.dll
c:\documents and settings\Luboš\Data aplikací\Dropbox\bin\DropboxExt.13.dll
c:\windows\System32\cscui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\MPR.dll
.
- - - - - - - > 'csrss.exe'(1108)
c:\windows\system32\cmdcsr.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WgaTray.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\UAService7.exe
c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
c:\windows\RTHDCPL.EXE
c:\program files\COMODO\GeekBuddy\unit_manager.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2012-12-13 21:14:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-13 20:14
ComboFix2.txt 2012-12-13 16:13
.
Před spuštěním: Volných bajtů: 11 301 818 368
Po spuštění: Volných bajtů: 11 135 197 184
.
- - End Of File - - 7CB27ADA2919F11BDAEE13AE7813AB71

[stell]

takto,
1:Tento program odinstalovat.
c:\program files\Spybot - Search & Destroy

2:c:\windows\system32\calc.exe . . . je infikován!!

c:\windows\system32\calc.exe premenuj na calc.exe stary

pretoze na disku nemas tento subor, a ak mas druhy system xp-sp3, tak prekopiruj do zlozky c:\windows\system32\
novy subor calc.exe

3:Tieto subory:otestuj na
http://www.virustotal.com
stale daj REANALYSE, linky z testov vloz sem.
c:\windows\system32\winlogon.exe
c:\windows\system32\user32.dll
c:\windows\system32\comres.dll
c:\windows\explorer.exe
c:\windows\regedit.exe
c:\windows\system32\ctfmon.exe

[Porqueroll]

1. Nebudu potřebovat jinej spyware?

2. A kdeže mám vzít ten nový calc.exe?

3.
Winlogon.exe
https://www.virustotal.com/file/cacdb2f ... 355434802/

User32.dll
https://www.virustotal.com/file/e8ab1fe ... 355435128/

Comres.dll
https://www.virustotal.com/file/c584314 ... 355435428/

Ctfmon.exe
https://www.virustotal.com/file/542b57f ... 355435651/

Explorer.exe
https://www.virustotal.com/file/09c8a6a ... 355435905/

Regedit.exe
https://www.virustotal.com/file/bd5a051 ... 355436133/

[Porqueroll]

1. Samozřejmě anti-spyware, ne spyware

[stell]

Nie, nebudes potrebovat, antispyware, ci ich mas alebo nie, aj tak sa ti tam nanosia spyware, staci sem tam skontrolovat system programom Malwarebytes.
http://forum.viry.cz/viewtopic.php?f=29 ... 1#p1031821

calc.exe
Tu to mas, stiahni,,rozbal, a namontuj to do zlozky windows/system32, tak ako som napisal.
http://leteckaposta.cz/file/268679143.1 ... 53a24db817

potom spust klasicky combofix, a jeho log vloz sem.

Otestuj na www.virustotal.com
calc.exe stary
link vloz sem.

sprav s programom Malwarebytes Rychlu kontrolu, log vloz sem.

[Porqueroll]

Cestou k system32 jsem ve složce WINDOWS našel ještě jeden notepad.exe...vim, že se mám výslovně držet návodu, ale nedalo mi to a otestoval jsem ho na VirusTotal a jeden z testerů v něm našel vir, tak tady pro jistotu dávám:
https://www.virustotal.com/file/e82608e ... 355495132/