MWAV

Zpráva

mapo44 · #1 Příspěvek od **mapo44** » 08 led 2013 21:59

Prosím o kontrolu:
Object "Conducent FlexPak Spyware/Adware" found in File System! Action Taken: File Deleted.
Object "Backdoor (IRCBot) Trojans Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "AntiSpyware Pro XP Corrupted Adware/Spyware" found in File System! Action Taken: Entries Removed.
File C:\Documents and Settings\Mapo\Dokumenty\Downloads\iepv.exe infected by "Gen:Application.Heur.cmKfbWuUv3fO (DB)" Virus! Action Taken: File Renamed.

#2 Příspěvek od **vyosek** » 08 led 2013 22:07

Zdravim

MWAV je uz davno mrtvy

Dejte lo z RSIT http://forum.viry.cz/viewtopic.php?f=13&t=105895

mapo44 · #3 Příspěvek od **mapo44** » 09 led 2013 07:47

Nevedel som, tak tu je ten log.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Mapo at 2013-01-09 07:44:01
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (25%) free of 21 GB
Total RAM: 511 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:45:33, on 9. 1. 2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Documents and Settings\All Users\Data aplikací\Panda Security URL Filtering\Panda_URL_Filtering.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\Mapo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mapo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mapo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mapo\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Mapo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.sk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Panda Security URL Filtering] "C:\Documents and Settings\All Users\Data aplikací\Panda Security URL Filtering\Panda_URL_Filtering.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: GEARSecurity - GEAR Software Inc. - (no file)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe

--
End of file - 4176 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-01-08 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-01-08 170416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-03-04 88209]
"Panda Security URL Filtering"=C:\Documents and Settings\All Users\Data aplikací\Panda Security URL Filtering\Panda_URL_Filtering.exe [2012-03-19 217256]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2012-11-08 6756048]
"PSUAMain"=C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [2012-11-14 32032]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=475
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=475
"NoDrives"=0
"NoResolveSearch"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Documents and Settings\Mapo\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Mapo\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=C:\WINDOWS\system32\ir32_32.dll
"vidc.iv32"=C:\WINDOWS\system32\ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"midi"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\System32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======List of files/folders created in the last 1 month======

2013-01-09 07:44:01 ----D---- C:\rsit
2013-01-08 19:58:53 ----AD---- C:\WINDOWS\VDLL.DLL
2013-01-08 19:58:53 ----AD---- C:\WINDOWS\system32\runouce.exe
2013-01-08 19:58:53 ----AD---- C:\WINDOWS\rundll16.exe
2013-01-08 19:58:53 ----AD---- C:\WINDOWS\RUNDL132.EXE
2013-01-08 19:58:53 ----AD---- C:\WINDOWS\logo1_.exe
2013-01-08 19:58:53 ----AD---- C:\WINDOWS\logo_1.exe
2013-01-08 19:01:06 ----A---- C:\WINDOWS\system32\msvcr80.dll
2013-01-08 19:01:05 ----A---- C:\WINDOWS\system32\msvcp80.dll
2013-01-08 19:01:02 ----A---- C:\WINDOWS\system32\eEmpty.exe
2013-01-08 19:00:46 ----A---- C:\WINDOWS\system32\T.COM
2013-01-08 19:00:45 ----A---- C:\WINDOWS\system32\TASKMGR.COM
2013-01-08 19:00:45 ----A---- C:\WINDOWS\REGEDIT.COM
2013-01-08 19:00:45 ----A---- C:\WINDOWS\R.COM
2013-01-08 19:00:43 ----D---- C:\Program Files\Common Files\MicroWorld
2013-01-08 19:00:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2013-01-08 18:44:39 ----D---- C:\Program Files\Common Files\Java
2013-01-08 18:44:19 ----A---- C:\WINDOWS\system32\npDeployJava1.dll
2013-01-08 18:44:18 ----A---- C:\WINDOWS\system32\javaws.exe
2013-01-08 18:43:55 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-01-08 18:43:55 ----A---- C:\WINDOWS\system32\javaw.exe
2013-01-08 18:43:54 ----A---- C:\WINDOWS\system32\java.exe
2013-01-07 20:01:23 ----HD---- C:\Program Files\Uninstall Information
2013-01-07 19:13:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2467659$
2013-01-07 19:12:30 ----D---- C:\WINDOWS\ie8updates
2013-01-07 19:08:11 ----HDC---- C:\WINDOWS\ie8
2013-01-07 08:26:33 ----A---- C:\WINDOWS\system32\drivers\PSKMAD.sys
2013-01-04 15:04:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\Canneverbe Limited
2013-01-04 15:04:23 ----D---- C:\Documents and Settings\Mapo\Data aplikací\Canneverbe Limited
2013-01-04 15:03:49 ----A---- C:\WINDOWS\system32\drivers\StarOpen.sys
2013-01-04 15:03:34 ----D---- C:\Program Files\CDBurnerXP
2012-12-29 16:57:43 ----A---- C:\WINDOWS\system32\msvcr70.dll
2012-12-29 16:57:43 ----A---- C:\WINDOWS\system32\msvcp70.dll
2012-12-29 16:57:42 ----A---- C:\WINDOWS\system32\mfc70.dll
2012-12-29 16:57:39 ----D---- C:\Program Files\AML Products
2012-12-23 13:03:35 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-12-13 22:42:48 ----D---- C:\Program Files\HD Tune
2012-12-13 20:24:17 ----D---- C:\Program Files\CrystalDiskInfo
2012-12-10 13:23:43 ----D---- C:\Program Files\ToniArts
2012-12-10 12:59:46 ----SHD---- C:\RECYCLER
2012-12-10 08:55:24 ----D---- C:\WINDOWS\temp
2012-12-10 08:55:19 ----A---- C:\ComboFix.txt

======List of files/folders modified in the last 1 month======

2013-01-09 07:44:24 ----D---- C:\Program Files\trend micro
2013-01-09 07:36:39 ----D---- C:\WINDOWS\system32
2013-01-09 07:32:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\Panda Security URL Filtering
2013-01-09 07:32:10 ----D---- C:\WINDOWS
2013-01-09 07:31:58 ----D---- C:\WINDOWS\system32\drivers
2013-01-09 07:31:51 ----D---- C:\WINDOWS\system32\CatRoot2
2013-01-08 22:07:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-01-08 22:05:06 ----D---- C:\Documents and Settings\Mapo\Data aplikací\Download Manager
2013-01-08 20:11:42 ----D---- C:\WINDOWS\Prefetch
2013-01-08 19:04:17 ----A---- C:\WINDOWS\win.ini
2013-01-08 19:00:43 ----D---- C:\Program Files\Common Files
2013-01-08 18:44:59 ----SHD---- C:\WINDOWS\Installer
2013-01-08 18:44:59 ----D---- C:\Config.Msi
2013-01-08 18:42:55 ----A---- C:\WINDOWS\system32\deployJava1.dll
2013-01-08 18:42:45 ----D---- C:\Program Files\Java
2013-01-08 18:37:39 ----D---- C:\WINDOWS\Debug
2013-01-08 18:33:47 ----SHD---- C:\System Volume Information
2013-01-07 20:01:23 ----RD---- C:\Program Files
2013-01-07 20:01:04 ----D---- C:\WINDOWS\system32\cs-cz
2013-01-07 20:01:03 ----D---- C:\WINDOWS\Media
2013-01-07 20:01:03 ----D---- C:\Program Files\Internet Explorer
2013-01-07 20:01:02 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-01-07 20:01:02 ----HD---- C:\WINDOWS\inf
2013-01-07 20:01:02 ----D---- C:\WINDOWS\Help
2013-01-07 19:16:45 ----HD---- C:\WINDOWS\$hf_mig$
2013-01-07 19:11:50 ----D---- C:\WINDOWS\system32\CatRoot
2013-01-07 16:59:21 ----D---- C:\Documents and Settings\Mapo\Data aplikací\vlc
2013-01-07 10:32:42 ----A---- C:\WINDOWS\NeroDigital.ini
2013-01-06 09:57:39 ----A---- C:\WINDOWS\MyHeritage.INI
2013-01-05 02:17:40 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2013-01-04 08:24:47 ----A---- C:\boot.ini
2012-12-29 17:14:15 ----D---- C:\Program Files\goodsol2k
2012-12-27 14:17:22 ----A---- C:\WINDOWS\system.ini
2012-12-23 13:04:03 ----SD---- C:\WINDOWS\Tasks
2012-12-22 18:16:34 ----D---- C:\WINDOWS\system32\NtmsData
2012-12-22 18:10:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-12-13 20:24:18 ----D---- C:\Documents and Settings\Mapo\Data aplikací\OpenCandy
2012-12-13 16:17:40 ----D---- C:\Program Files\Microsoft Silverlight
2012-12-12 15:56:10 ----D---- C:\Program Files\Google
2012-12-12 13:21:53 ----D---- C:\Program Files\Outlook Express
2012-12-12 13:11:30 ----SD---- C:\Documents and Settings\Mapo\Data aplikací\Microsoft
2012-12-12 13:10:10 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2012-12-12 08:31:15 ----D---- C:\Programy
2012-12-12 08:18:09 ----D---- C:\Program Files\Speccy
2012-12-11 20:38:36 ----RSD---- C:\WINDOWS\Fonts
2012-12-10 15:35:35 ----D---- C:\Documents and Settings\Mapo\Data aplikací\Mozilla
2012-12-10 14:23:15 ----A---- C:\WINDOWS\CSTBox.INI
2012-12-10 14:21:50 ----D---- C:\Documents and Settings\Mapo\Data aplikací\Canon
2012-12-10 13:46:14 ----D---- C:\WINDOWS\system32\config
2012-12-10 13:23:27 ----HD---- C:\Program Files\InstallShield Installation Information
2012-12-10 08:55:22 ----D---- C:\Qoobox
2012-12-10 08:39:17 ----D---- C:\WINDOWS\AppPatch

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2012-11-08 99080]
R0 pavboot;pavboot; C:\WINDOWS\system32\drivers\pavboot.sys [2009-06-30 28552]
R0 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2012-11-08 497952]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2012-11-08 32640]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 NNSALPC;NNSAlpc; C:\WINDOWS\system32\DRIVERS\NNSAlpc.sys [2012-11-09 119208]
R1 NNSHTTP;NNSHttp; C:\WINDOWS\system32\DRIVERS\NNSHttp.sys [2012-11-09 139176]
R1 NNSIDS;NNSids; C:\WINDOWS\system32\DRIVERS\NNSIds.sys [2012-11-09 163112]
R1 NNSPICC;NNSPicc; C:\WINDOWS\system32\DRIVERS\NNSPicc.sys [2012-11-09 133544]
R1 NNSPOP3;NNSPop3; C:\WINDOWS\system32\DRIVERS\NNSPop3.sys [2012-11-09 125480]
R1 NNSPROT;NNSProt; C:\WINDOWS\system32\DRIVERS\NNSProt.sys [2012-11-09 370216]
R1 NNSPRV;NNSPrv; C:\WINDOWS\system32\DRIVERS\NNSPrv.sys [2012-11-09 191528]
R1 NNSSMTP;NNSSmtp; C:\WINDOWS\system32\DRIVERS\NNSSmtp.sys [2012-11-09 128040]
R1 NNSSTRM;NNSStrm; C:\WINDOWS\system32\DRIVERS\NNSStrm.sys [2012-11-09 276520]
R1 NNSTLSC;NNSTlsc; C:\WINDOWS\system32\DRIVERS\NNSTlsc.sys [2012-11-09 133928]
R1 PSINKNC;PSINKNC; C:\WINDOWS\system32\DRIVERS\psinknc.sys [2012-11-09 178728]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 HWiNFO32;HWiNFO32 Kernel Driver; \??\C:\Program Files\HWiNFO32\HWiNFO32.SYS []
R2 PSINAflt;PSINAflt; C:\WINDOWS\system32\DRIVERS\PSINAflt.sys [2012-11-09 149288]
R2 PSINFile;PSINFile; C:\WINDOWS\system32\DRIVERS\PSINFile.sys [2012-11-09 102184]
R2 PSINProc;PSINProc; C:\WINDOWS\system32\DRIVERS\PSINProc.sys [2012-11-09 114216]
R2 PSINProt;PSINProt; C:\WINDOWS\system32\DRIVERS\PSINProt.sys [2012-11-09 123560]
R2 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2012-06-03 5504]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2005-03-04 1066278]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 GEARAspiWDM;GearAspiWDM; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
R3 PSKMAD;PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [2012-11-07 46672]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 MpKsl049d4820;MpKsl049d4820; C:\WINDOWS\system32\drivers\MpKsl049d4820.sys []
S1 MpKsl1977ba93;MpKsl1977ba93; C:\WINDOWS\system32\drivers\MpKsl1977ba93.sys []
S1 MpKsl1a991bc2;MpKsl1a991bc2; C:\WINDOWS\system32\drivers\MpKsl1a991bc2.sys []
S1 MpKsl22f4dceb;MpKsl22f4dceb; C:\WINDOWS\system32\drivers\MpKsl22f4dceb.sys []
S1 MpKsl240c3bce;MpKsl240c3bce; C:\WINDOWS\system32\drivers\MpKsl240c3bce.sys []
S1 MpKsl261883b5;MpKsl261883b5; C:\WINDOWS\system32\drivers\MpKsl261883b5.sys []
S1 MpKsl330f7152;MpKsl330f7152; C:\WINDOWS\system32\drivers\MpKsl330f7152.sys []
S1 MpKsl41958e98;MpKsl41958e98; C:\WINDOWS\system32\drivers\MpKsl41958e98.sys []
S1 MpKsl437359df;MpKsl437359df; C:\WINDOWS\system32\drivers\MpKsl437359df.sys []
S1 MpKsl476496d0;MpKsl476496d0; C:\WINDOWS\system32\drivers\MpKsl476496d0.sys []
S1 MpKsl555a5d11;MpKsl555a5d11; C:\WINDOWS\system32\drivers\MpKsl555a5d11.sys []
S1 MpKsl5e4db50d;MpKsl5e4db50d; C:\WINDOWS\system32\drivers\MpKsl5e4db50d.sys []
S1 MpKsl7324ea1e;MpKsl7324ea1e; C:\WINDOWS\system32\drivers\MpKsl7324ea1e.sys []
S1 MpKsl75bf46d6;MpKsl75bf46d6; C:\WINDOWS\system32\drivers\MpKsl75bf46d6.sys []
S1 MpKsl776b55e7;MpKsl776b55e7; C:\WINDOWS\system32\drivers\MpKsl776b55e7.sys []
S1 MpKsl7801b3aa;MpKsl7801b3aa; C:\WINDOWS\system32\drivers\MpKsl7801b3aa.sys []
S1 MpKsl7d42354d;MpKsl7d42354d; C:\WINDOWS\system32\drivers\MpKsl7d42354d.sys []
S1 MpKsl81fc6221;MpKsl81fc6221; C:\WINDOWS\system32\drivers\MpKsl81fc6221.sys []
S1 MpKsla1fb5fb9;MpKsla1fb5fb9; C:\WINDOWS\system32\drivers\MpKsla1fb5fb9.sys []
S1 MpKslae039f7c;MpKslae039f7c; C:\WINDOWS\system32\drivers\MpKslae039f7c.sys []
S1 MpKslbb763bfb;MpKslbb763bfb; C:\WINDOWS\system32\drivers\MpKslbb763bfb.sys []
S1 MpKslcd596e06;MpKslcd596e06; C:\WINDOWS\system32\drivers\MpKslcd596e06.sys []
S1 MpKslcde2544f;MpKslcde2544f; C:\WINDOWS\system32\drivers\MpKslcde2544f.sys []
S1 MpKsldb09397b;MpKsldb09397b; C:\WINDOWS\system32\drivers\MpKsldb09397b.sys []
S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []
S3 catchme;catchme; C:\WINDOWS\system32\drivers\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NNSNAHS;Network Activity Hook Server Service; C:\WINDOWS\system32\DRIVERS\NNSNAHS.sys [2012-10-22 38824]
S3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [2001-08-17 731648]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS); C:\WINDOWS\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM); C:\WINDOWS\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
S3 s117bus;Sony Ericsson Device 117 driver (WDM); C:\WINDOWS\system32\DRIVERS\s117bus.sys [2007-06-25 82984]
S3 s117mdfl;Sony Ericsson Device 117 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s117mdfl.sys [2007-06-25 14888]
S3 s117mdm;Sony Ericsson Device 117 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s117mdm.sys [2007-06-25 108456]
S3 s117mgmt;Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s117mgmt.sys [2007-06-25 100264]
S3 s117nd5;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS); C:\WINDOWS\system32\DRIVERS\s117nd5.sys [2007-06-25 22952]
S3 s117obex;Sony Ericsson Device 117 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s117obex.sys [2007-06-25 98344]
S3 s117unic;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM); C:\WINDOWS\system32\DRIVERS\s117unic.sys [2007-06-25 98856]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 taphss;Anchorfree HSS Adapter; C:\WINDOWS\system32\DRIVERS\taphss.sys [2011-11-23 32768]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZSMC211;USB PC Camera (ZS0211); C:\WINDOWS\System32\Drivers\ZS211.sys [2006-08-08 391836]
S4 NNSPIHS;NNSPihs; C:\WINDOWS\system32\DRIVERS\NNSPihs.sys [2012-11-09 63400]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2012-11-08 1990464]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-01-08 170408]
R2 NanoServiceMain;Panda Cloud Antivirus Service; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2012-11-12 140064]
R2 PSUAService;Panda Product Service; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2012-11-14 36640]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#4 Příspěvek od **vyosek** » 09 led 2013 18:21

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

mapo44 · #5 Příspěvek od **mapo44** » 09 led 2013 21:04

Tak tu je:
ComboFix 13-01-08.01 - Mapo . 01. 2013 20:30:42.8.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.511.164 [GMT 1:00]
Running from: c:\documents and settings\Mapo\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
FW: Cloud Antivirus Firewall *Disabled* {1337562C-110A-4AF8-B12B-750C0B30E802}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: COMODO Defense+ *Disabled/Updated* {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDE}
SP: Panda Cloud Antivirus *Disabled/Updated* {3C6467D5-0CB7-4322-B2CA-E08614E5D9B5}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-12-09 to 2013-01-09 )))))))))))))))))))))))))))))))
.
.
2013-01-09 06:44 . 2013-01-09 06:45 -------- d-----w- C:\rsit
2013-01-08 18:58 . 2013-01-08 18:58 -------- d---a-w- c:\windows\VDLL.DLL
2013-01-08 18:58 . 2013-01-08 18:58 -------- d---a-w- c:\windows\system32\runouce.exe
2013-01-08 18:58 . 2013-01-08 18:58 -------- d---a-w- c:\windows\rundll16.exe
2013-01-08 18:58 . 2013-01-08 18:58 -------- d---a-w- c:\windows\RUNDL132.EXE
2013-01-08 18:58 . 2013-01-08 18:58 -------- d---a-w- c:\windows\logo1_.exe
2013-01-08 18:58 . 2013-01-08 18:58 -------- d---a-w- c:\windows\logo_1.exe
2013-01-08 18:01 . 2013-01-08 18:01 632064 ----a-w- c:\windows\system32\msvcr80.dll
2013-01-08 18:01 . 2013-01-08 18:01 554240 ----a-w- c:\windows\system32\msvcp80.dll
2013-01-08 18:01 . 2013-01-08 18:01 34048 ----a-w- c:\windows\system32\eEmpty.exe
2013-01-08 18:00 . 2008-04-14 03:22 137216 ----a-w- c:\windows\system32\T.COM
2013-01-08 18:00 . 2008-04-14 03:22 147968 ----a-w- c:\windows\R.COM
2013-01-08 18:00 . 2013-01-08 18:00 -------- d-----w- c:\program files\Common Files\MicroWorld
2013-01-08 18:00 . 2013-01-08 18:00 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MicroWorld
2013-01-08 17:45 . 2013-01-08 17:45 -------- d-----w- c:\documents and settings\Mapo\Local Settings\Data aplikací\Sun
2013-01-08 17:44 . 2013-01-08 17:44 -------- d-----w- c:\program files\Common Files\Java
2013-01-08 17:44 . 2013-01-08 17:42 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-08 17:43 . 2013-01-08 17:43 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-07 19:08 . 2013-01-07 19:08 -------- d-sh--w- c:\documents and settings\Mapo\IECompatCache
2013-01-07 19:05 . 2013-01-07 19:05 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2013-01-07 19:04 . 2013-01-07 19:04 -------- d-sh--w- c:\documents and settings\Mapo\PrivacIE
2013-01-07 19:02 . 2013-01-07 19:02 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2013-01-07 19:01 . 2013-01-07 19:01 -------- d-sh--w- c:\documents and settings\Mapo\IETldCache
2013-01-07 18:08 . 2013-01-07 18:11 -------- dc-h--w- c:\windows\ie8
2013-01-07 17:58 . 2012-11-01 12:12 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-01-07 17:57 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2013-01-07 17:56 . 2012-11-01 12:12 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2013-01-07 17:56 . 2012-11-01 12:12 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2013-01-07 17:56 . 2012-11-01 12:12 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2013-01-07 07:26 . 2012-11-07 08:00 46672 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2013-01-04 14:04 . 2013-01-04 14:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Canneverbe Limited
2013-01-04 14:04 . 2013-01-04 14:04 -------- d-----w- c:\documents and settings\Mapo\Data aplikací\Canneverbe Limited
2013-01-04 14:03 . 2012-06-03 08:45 5504 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2013-01-04 14:03 . 2013-01-06 08:49 -------- d-----w- c:\program files\CDBurnerXP
2012-12-29 15:57 . 2002-01-05 10:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2012-12-29 15:57 . 2002-01-05 04:40 487424 ----a-w- c:\windows\system32\msvcp70.dll
2012-12-29 15:57 . 2002-01-05 05:48 974848 ----a-w- c:\windows\system32\mfc70.dll
2012-12-29 15:57 . 2012-12-29 17:17 -------- d-----w- c:\program files\AML Products
2012-12-23 12:03 . 2012-12-23 12:03 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-13 21:42 . 2012-12-30 08:15 -------- d-----w- c:\program files\HD Tune
2012-12-13 19:24 . 2012-12-13 19:25 -------- d-----w- c:\program files\CrystalDiskInfo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-08 17:43 . 2012-03-01 14:14 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-01-08 17:42 . 2010-06-12 11:13 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-23 12:03 . 2011-06-20 13:12 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-09 18:01 . 2012-11-09 18:01 178728 ----a-w- c:\windows\system32\drivers\PSINKNC.sys
2012-11-09 18:01 . 2012-11-09 18:01 123560 ----a-w- c:\windows\system32\drivers\PSINProt.sys
2012-11-09 18:01 . 2012-11-09 18:01 114216 ----a-w- c:\windows\system32\drivers\PSINProc.sys
2012-11-09 18:01 . 2012-11-09 18:01 149288 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2012-11-09 18:01 . 2012-11-09 18:01 102184 ----a-w- c:\windows\system32\drivers\PSINFile.sys
2012-11-09 10:23 . 2012-11-09 10:23 276520 ----a-w- c:\windows\system32\drivers\NNSStrm.sys
2012-11-09 10:23 . 2012-11-09 10:23 133928 ----a-w- c:\windows\system32\drivers\NNStlsc.sys
2012-11-09 10:23 . 2012-11-09 10:23 370216 ----a-w- c:\windows\system32\drivers\NNSProt.sys
2012-11-09 10:23 . 2012-11-09 10:23 191528 ----a-w- c:\windows\system32\drivers\NNSPrv.sys
2012-11-09 10:23 . 2012-11-09 10:23 128040 ----a-w- c:\windows\system32\drivers\NNSSmtp.sys
2012-11-09 10:23 . 2012-11-09 10:23 63400 ----a-w- c:\windows\system32\drivers\NNSpihs.sys
2012-11-09 10:23 . 2012-11-09 10:23 125480 ----a-w- c:\windows\system32\drivers\NNSPop3.sys
2012-11-09 10:23 . 2012-11-09 10:23 163112 ----a-w- c:\windows\system32\drivers\NNSIds.sys
2012-11-09 10:23 . 2012-11-09 10:23 139176 ----a-w- c:\windows\system32\drivers\NNSHttp.sys
2012-11-09 10:23 . 2012-11-09 10:23 133544 ----a-w- c:\windows\system32\drivers\NNSpicc.sys
2012-11-09 10:23 . 2012-11-09 10:23 119208 ----a-w- c:\windows\system32\drivers\NNSAlpc.sys
2012-11-07 23:38 . 2011-12-19 17:59 99080 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-11-07 23:38 . 2011-12-19 17:59 32640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-11-07 23:38 . 2011-12-19 17:59 497952 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-11-07 23:38 . 2011-12-19 17:59 18096 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-11-07 23:37 . 2011-12-19 17:58 34024 ----a-w- c:\windows\system32\cmdcsr.dll
2012-11-07 23:37 . 2011-12-19 17:58 301264 ----a-w- c:\windows\system32\guard32.dll
2012-11-01 12:12 . 2001-10-25 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:12 . 2001-10-25 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:12 . 2001-10-25 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-08-17 22:44 385024 ------w- c:\windows\system32\html.iec
2012-10-22 11:08 . 2012-10-22 11:08 38824 ----a-w- c:\windows\system32\drivers\NNSNAHS.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209]
"Panda Security URL Filtering"="c:\documents and settings\All Users\Data aplikací\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-03-19 217256]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
"PSUAMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-11-14 32032]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ OODDRMBS\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
"ZSSnp211"=c:\windows\ZSSnp211.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Documents and Settings\\Mapo\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [31. 3. 2011 9:23 28552]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [19. 12. 2011 18:59 497952]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [19. 12. 2011 18:59 32640]
R1 NNSALPC;NNSAlpc;c:\windows\system32\drivers\NNSAlpc.sys [9. 11. 2012 11:23 119208]
R1 NNSHTTP;NNSHttp;c:\windows\system32\drivers\NNSHttp.sys [9. 11. 2012 11:23 139176]
R1 NNSIDS;NNSids;c:\windows\system32\drivers\NNSIds.sys [9. 11. 2012 11:23 163112]
R1 NNSPICC;NNSPicc;c:\windows\system32\drivers\NNSpicc.sys [9. 11. 2012 11:23 133544]
R1 NNSPOP3;NNSPop3;c:\windows\system32\drivers\NNSPop3.sys [9. 11. 2012 11:23 125480]
R1 NNSPROT;NNSProt;c:\windows\system32\drivers\NNSProt.sys [9. 11. 2012 11:23 370216]
R1 NNSPRV;NNSPrv;c:\windows\system32\drivers\NNSPrv.sys [9. 11. 2012 11:23 191528]
R1 NNSSMTP;NNSSmtp;c:\windows\system32\drivers\NNSSmtp.sys [9. 11. 2012 11:23 128040]
R1 NNSSTRM;NNSStrm;c:\windows\system32\drivers\NNSStrm.sys [9. 11. 2012 11:23 276520]
R1 NNSTLSC;NNSTlsc;c:\windows\system32\drivers\NNStlsc.sys [9. 11. 2012 11:23 133928]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [9. 11. 2012 19:01 178728]
R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [4. 1. 2010 11:42 8192]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [12. 11. 2012 14:45 140064]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [9. 11. 2012 19:01 149288]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [9. 11. 2012 19:01 102184]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [9. 11. 2012 19:01 114216]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [9. 11. 2012 19:01 123560]
R2 PSUAService;Panda Product Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [14. 11. 2012 22:04 36640]
R3 PSKMAD;PSKMAD;c:\windows\system32\drivers\PSKMAD.sys [7. 1. 2013 8:26 46672]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [9. 4. 2012 16:08 27632]
S1 MpKsl049d4820;MpKsl049d4820; [x]
S1 MpKsl1977ba93;MpKsl1977ba93; [x]
S1 MpKsl1a991bc2;MpKsl1a991bc2; [x]
S1 MpKsl22f4dceb;MpKsl22f4dceb; [x]
S1 MpKsl240c3bce;MpKsl240c3bce; [x]
S1 MpKsl261883b5;MpKsl261883b5; [x]
S1 MpKsl330f7152;MpKsl330f7152; [x]
S1 MpKsl41958e98;MpKsl41958e98; [x]
S1 MpKsl437359df;MpKsl437359df; [x]
S1 MpKsl476496d0;MpKsl476496d0; [x]
S1 MpKsl555a5d11;MpKsl555a5d11; [x]
S1 MpKsl5e4db50d;MpKsl5e4db50d; [x]
S1 MpKsl7324ea1e;MpKsl7324ea1e; [x]
S1 MpKsl75bf46d6;MpKsl75bf46d6; [x]
S1 MpKsl776b55e7;MpKsl776b55e7; [x]
S1 MpKsl7801b3aa;MpKsl7801b3aa; [x]
S1 MpKsl7d42354d;MpKsl7d42354d; [x]
S1 MpKsl81fc6221;MpKsl81fc6221; [x]
S1 MpKsla1fb5fb9;MpKsla1fb5fb9; [x]
S1 MpKslae039f7c;MpKslae039f7c; [x]
S1 MpKslbb763bfb;MpKslbb763bfb; [x]
S1 MpKslcd596e06;MpKslcd596e06; [x]
S1 MpKslcde2544f;MpKslcde2544f; [x]
S1 MpKsldb09397b;MpKsldb09397b; [x]
S3 NNSNAHS;Network Activity Hook Server Service;c:\windows\system32\drivers\NNSNAHS.sys [22. 10. 2012 12:08 38824]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [9. 4. 2012 16:24 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [9. 4. 2012 16:24 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [9. 4. 2012 16:24 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [9. 4. 2012 16:24 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [9. 4. 2012 16:24 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [9. 4. 2012 16:24 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [9. 4. 2012 16:24 109736]
S4 NNSPIHS;NNSPihs;c:\windows\system32\drivers\NNSpihs.sys [9. 11. 2012 11:23 63400]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - SASKUTIL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.sk/
IE: E&xportovať do programu Microsoft Excel
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-09 20:47
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1584)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(1640)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
.
- - - - - - - > 'csrss.exe'(1556)
c:\windows\system32\cmdcsr.dll
.
Completion time: 2013-01-09 20:53:08
ComboFix-quarantined-files.txt 2013-01-09 19:53
ComboFix2.txt 2012-12-10 07:55
ComboFix3.txt 2012-12-09 18:07
ComboFix4.txt 2012-12-09 11:52
ComboFix5.txt 2013-01-09 19:18
.
Pre-Run: 5 489 692 672
Post-Run: 5 872 414 720
.
- - End Of File - - 4B805E582C14A9CE1C73C0F987E446AD

#6 Příspěvek od **vyosek** » 10 led 2013 15:11

Tak jeste uklidime

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

mapo44 · #7 Příspěvek od **mapo44** » 10 led 2013 18:11

Ďakujem

#8 Příspěvek od **vyosek** » 11 led 2013 21:20

Nemate zac, rad jsem pomohl

Zase nekdy Obrázek

A na zaklade Pravidla o zamykani temat

VIRY.CZ

MWAV

MWAV

Re: MWAV

Re: MWAV

Re: MWAV

Re: MWAV

Re: MWAV

Re: MWAV

Re: MWAV