Win32:Jeefo - nakaženo mnoho souborů

[albert96]

ComboFix 09-12-11.01 - @lbert 11.12.2009 21:47:21.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1250.420.1029.18.2029.1209 [GMT 1:00]
Spuštěný z: c:\users\@lbert\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2791632885-263918442-1135036468-1004
c:\$recycle.bin\S-1-5-21-918056312-2952985149-2686913973-500
c:\program files\MyWebSearch
c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango
c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango\Reset Cursor.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango\Zango Customer Support Center.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango\Zango Games!.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango\Zango Library.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango\Zango Screensavers!.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango\Zango Videos!.lnk
c:\users\@lbert\AppData\Roaming\WeatherDPA
c:\users\@lbert\AppData\Roaming\WeatherDPA\Weather\WeatherStartup.xml
c:\users\@lbert\cc_20080409_1416.reg
c:\windows\config.ini
c:\windows\svchost.exe
c:\windows\system32\ealregsnapshot1.reg
c:\windows\winhelp.ini

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MyWebSearchService
-------\Service_PowerManager


((((((((((((((((((((((((( Soubory vytvořené od 2009-11-11 do 2009-12-11 )))))))))))))))))))))))))))))))
.

2009-12-11 20:59 . 2009-12-11 21:03 -------- d-----w- c:\users\@lbert\AppData\Local\temp
2009-12-11 20:59 . 2009-12-11 20:59 -------- d-----w- c:\users\hONZA\AppData\Local\temp
2009-12-11 13:36 . 2009-12-11 13:36 -------- d-----w- c:\program files\ConvertHelper
2009-12-11 13:24 . 2009-12-11 19:35 -------- d-----w- c:\users\@lbert\AppData\Roaming\AIMP
2009-12-10 13:46 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-10 13:46 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-10 13:46 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 13:16 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-07 13:59 . 2009-12-07 13:59 -------- d-----w- c:\programdata\Nokia
2009-11-26 14:03 . 2009-12-11 13:35 -------- d-----w- c:\users\@lbert\dwhelper
2009-11-25 19:07 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 13:27 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 13:27 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-20 13:37 . 2009-11-20 13:37 -------- d-----w- c:\program files\Infogrames
2009-11-20 06:55 . 2009-11-20 06:55 -------- d-----w- c:\users\@lbert\AppData\Roaming\Malwarebytes
2009-11-20 06:55 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-20 06:55 . 2009-11-20 06:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-20 06:55 . 2009-11-20 06:55 -------- d-----w- c:\programdata\Malwarebytes
2009-11-20 06:55 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-19 18:44 . 2009-11-19 18:44 -------- d-----w- c:\program files\Hasbro Interactive
2009-11-19 15:38 . 2009-12-09 13:27 -------- d-----w- c:\program files\trend micro
2009-11-19 15:38 . 2009-11-19 15:38 -------- d-----w- C:\rsit
2009-11-19 14:00 . 2009-11-19 14:00 -------- d-----w- c:\program files\Common Files\PCSuite
2009-11-19 13:58 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-11-19 13:58 . 2009-11-19 13:58 -------- d-----w- c:\program files\PC Connectivity Solution

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-11 21:02 . 2008-03-04 15:08 -------- d-----w- c:\program files\SpywareDetector
2009-12-11 13:24 . 2008-04-30 12:54 -------- d-----w- c:\program files\AIMP2
2009-12-10 13:49 . 2007-12-06 17:05 -------- d-----w- c:\programdata\Microsoft Help
2009-12-09 14:14 . 2008-01-25 12:27 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2009-12-09 14:14 . 2008-05-28 19:44 -------- d-----w- c:\program files\Advanced SMTP Server
2009-12-09 14:13 . 2008-08-19 16:22 -------- d-----w- c:\program files\Apple Software Update
2009-12-09 14:13 . 2008-04-08 16:47 -------- d-----w- c:\program files\2004
2009-12-09 14:13 . 2008-02-03 16:13 -------- d-----w- c:\program files\Age of Empires III
2009-12-09 14:13 . 2008-01-28 14:29 -------- d-----w- c:\program files\18 Wheels of Steel Haulin
2009-12-08 17:31 . 2009-06-30 09:58 -------- d-----w- c:\program files\AVS4YOU
2009-12-08 17:30 . 2008-12-03 17:34 -------- d-----w- c:\program files\Avimator
2009-12-08 16:51 . 2008-06-17 13:25 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-08 15:20 . 2009-12-08 15:20 49152 ----a-r- c:\users\@lbert\AppData\Roaming\Microsoft\Installer\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}\ARPPRODUCTICON.exe
2009-12-08 15:02 . 2009-12-08 15:02 -------- d-----w- c:\program files\Atari
2009-12-08 12:06 . 2007-12-11 19:06 -------- d-----w- c:\program files\Opera
2009-12-07 20:04 . 2008-11-24 16:51 -------- d-----w- c:\users\@lbert\AppData\Roaming\Skype
2009-12-07 15:06 . 2008-02-04 13:59 -------- d-----w- c:\users\@lbert\AppData\Roaming\skypePM
2009-12-07 13:56 . 2009-01-14 19:01 -------- d-----w- c:\programdata\Installations
2009-12-07 13:55 . 2008-01-14 18:15 -------- d-----w- c:\program files\Common Files\Nokia
2009-12-07 13:55 . 2007-12-11 11:14 -------- d-----w- c:\program files\Nokia
2009-12-07 13:54 . 2009-12-07 13:54 3351812 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
2009-12-07 13:54 . 2009-12-07 13:54 36864 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
2009-12-07 13:54 . 2009-12-07 13:54 3203453 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
2009-12-07 13:54 . 2009-12-07 13:55 24567912 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_cs.exe
2009-12-07 13:35 . 2007-01-08 21:12 610166 ----a-w- c:\windows\system32\perfh005.dat
2009-12-07 13:35 . 2007-01-08 21:12 120588 ----a-w- c:\windows\system32\perfc005.dat
2009-11-25 18:09 . 2008-01-25 12:27 -------- d-----w- c:\users\@lbert\AppData\Roaming\Audacity
2009-11-25 17:35 . 2008-11-19 14:41 -------- d-----w- c:\program files\Crawler
2009-11-24 23:54 . 2009-04-29 13:49 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:50 . 2009-04-29 13:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-04-29 13:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-04-29 13:49 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-11-24 23:49 . 2009-04-29 13:50 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-04-29 13:50 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-04-29 13:50 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-24 16:39 . 2009-12-11 13:31 1093064 ----a-w- c:\users\@lbert\AppData\Roaming\Mozilla\Firefox\Profiles\pqmgp838.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
2009-11-21 06:40 . 2009-12-09 13:17 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 13:17 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-09 13:17 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2009-12-09 13:17 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-20 13:37 . 2007-12-06 09:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-19 18:44 . 2008-02-29 18:58 227 ----a-w- c:\windows\PowerReg.dat
2009-11-19 13:52 . 2009-11-19 13:52 95232 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2009-11-19 13:52 . 2009-11-19 13:52 8192 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2009-11-19 13:52 . 2009-11-19 13:52 61440 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-11-19 13:52 . 2009-11-19 13:52 10240 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2009-11-19 13:51 . 2009-11-19 13:52 34698816 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_cze.exe
2009-11-18 15:29 . 2008-01-04 17:28 -------- d-----w- c:\program files\Java
2009-11-12 14:05 . 2009-10-26 13:14 -------- d-----w- c:\program files\Winstep
2009-11-11 18:06 . 2009-06-30 10:29 11192 ----a-w- c:\programdata\DVDXStudio\DVDXPlayer\DVDXPlayer.dll
2009-11-10 14:22 . 2009-11-10 14:22 -------- d-----w- c:\programdata\McAfee
2009-11-08 18:30 . 2009-11-08 14:22 -------- d-----w- c:\programdata\NOS
2009-11-08 14:22 . 2009-11-08 14:22 -------- d-----w- c:\programdata\McAfee Security Scan
2009-11-08 14:22 . 2009-11-08 14:22 -------- d-----w- c:\program files\McAfee Security Scan
2009-11-08 14:22 . 2009-11-08 14:22 -------- d-----w- c:\program files\NOS
2009-11-07 14:08 . 2009-11-07 14:08 -------- d-----w- c:\program files\BurnAware Free
2009-11-07 14:03 . 2009-11-07 14:03 -------- d-----w- c:\program files\Burn4Free Toolbar
2009-11-07 09:58 . 2009-11-07 09:57 -------- d-----w- c:\program files\Burn4Free
2009-11-05 15:52 . 2009-11-05 15:52 -------- d-----w- c:\programdata\Media Center Programs
2009-11-05 15:42 . 2008-02-01 15:08 -------- d-----w- c:\program files\Ubisoft
2009-11-05 14:28 . 2009-11-05 14:28 -------- d-----w- c:\program files\Stylish Profile
2009-11-02 19:42 . 2009-10-03 17:28 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 13:38 . 2008-09-30 13:03 -------- d-----w- c:\programdata\Electronic Arts
2009-11-02 13:36 . 2009-11-02 13:36 10134 ----a-r- c:\users\@lbert\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-11-02 13:36 . 2009-11-02 13:36 -------- d-----w- c:\program files\Microsoft WSE
2009-11-02 13:23 . 2007-12-10 16:07 -------- d-----w- c:\program files\Electronic Arts
2009-10-26 14:22 . 2007-12-09 16:46 118088 ----a-w- c:\users\@lbert\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-26 13:08 . 2009-10-26 13:08 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-10-26 13:06 . 2009-10-26 13:06 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-10-22 16:11 . 2009-01-14 19:09 -------- d-----w- c:\program files\DIFX
2009-10-17 11:43 . 2009-10-17 11:43 40960 ----a-r- c:\users\@lbert\AppData\Roaming\Microsoft\Installer\{70EEEAE5-FF92-45A7-B701-394473D19774}\_A87F9E80D148_4CC1_B04B_C03ECC759C7E.exe
2009-10-17 11:42 . 2009-10-17 11:42 -------- d-----w- c:\program files\IMSI
2009-10-14 14:51 . 2009-03-30 16:27 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-11 03:17 . 2009-03-30 16:15 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-06 10:56 . 2009-10-06 10:56 136704 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2009-10-06 10:56 . 2009-10-06 10:56 8320 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2009-10-06 10:55 . 2009-10-06 10:55 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2009-10-06 10:52 . 2009-10-06 10:52 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-10-06 10:52 . 2009-10-06 10:52 660480 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-10-06 10:52 . 2009-01-14 19:05 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-10-06 10:52 . 2009-10-06 10:52 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-10-06 10:52 . 2009-10-06 10:52 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2009-10-06 10:52 . 2009-10-06 10:52 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2009-09-23 15:37 . 2009-11-08 14:22 34112 ----a-w- c:\users\@lbert\AppData\Roaming\Mozilla\Firefox\Profiles\pqmgp838.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe
2009-09-23 15:37 . 2009-11-08 14:22 32448 ----a-w- c:\users\@lbert\AppData\Roaming\Mozilla\Firefox\Profiles\pqmgp838.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2009-09-23 15:37 . 2009-11-08 14:22 22352 ----a-w- c:\users\@lbert\AppData\Roaming\Mozilla\Firefox\Profiles\pqmgp838.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2009-09-21 16:21 . 2009-09-21 16:21 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-09-14 09:29 . 2009-10-14 12:16 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2008-01-01 16:31 . 2008-01-01 16:29 48 --sh--w- c:\windows\S1E790E75.tmp
2006-05-03 09:06 . 2008-09-09 17:42 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2008-09-09 17:42 31232 --sh--r- c:\windows\System32\msfDX.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2009-11-07 14:03 815104 ----a-w- c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll" [2009-11-07 815104]

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll" [2009-11-07 815104]

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 728008]
"NextSTART"="c:\program files\Winstep\nextstart.exe" [2009-05-22 5327414]
"Workshelf"="c:\program files\Winstep\workshelf.exe" [2009-05-22 10794038]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SigmatelSysTrayApp"="sttray.exe" [2007-06-08 303104]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\users\hONZA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDNotify]
2008-01-28 10:30 167936 ----a-w- c:\program files\SpywareDetector\SDNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=xgusb.cpl
"midi2"=xgusb.cpl
"midi3"=xgusb.cpl
"aux3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ SDEarlyDelete \??\c:\program files\SpywareDetector\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 02:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):28,1a,d1,fd,d5,24,ca,01

R0 ksbus;KernSafe Virtual System Bus;c:\windows\System32\drivers\KSBus.sys [23.6.2009 10:41 15872]
R0 KScsiPrt;KernSafe Miniport;c:\windows\System32\drivers\KScsiPrt.sys [23.6.2009 10:41 71680]
R0 OCDE;ZTekWare Original CD Emulator Service;c:\windows\System32\drivers\OCDE.sys [22.9.2004 14:10 29728]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [29.4.2009 14:50 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [29.4.2009 14:50 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [29.4.2009 14:49 53328]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [27.4.2009 13:16 222456]
R2 SDService;SDService;c:\program files\SpywareDetector\SDService.exe [4.3.2008 16:08 255440]
R2 SMTPMainService;SMTP Server Service;c:\program files\Advanced SMTP Server\SMTPListener.exe [28.5.2008 20:44 811008]
R2 Winstep Xtreme Service;Winstep Xtreme Service;c:\program files\Winstep\WsxService --> c:\program files\Winstep\WsxService [?]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\System32\drivers\athrusb.sys [29.7.2008 3:45 904192]
S2 frmMain;NCClientNT;c:\windows\NCClientNT.exe --> c:\windows\NCClientNT.exe [?]
S3 GTwinUSB;GTwinUSB;c:\windows\System32\drivers\GTwinUSB.sys [12.1.2008 21:39 71424]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [6.10.2009 11:56 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [6.10.2009 11:56 8320]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 ZY202_VS;ZyXEL 802.11g XG202 1211 Vista Driver;c:\windows\System32\drivers\WlanUZG.sys [19.2.2009 19:38 449536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
rsmsvcs REG_MULTI_SZ ntmssvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
------- Doplňkový sken -------
.
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Stylish Profile\ct.htm
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Eurotran XP\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Eurotran XP\etnxp.dll
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\users\@lbert\AppData\Roaming\Mozilla\Firefox\Profiles\pqmgp838.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search13.net/search.php?clid=486&q=
FF - prefs.js: browser.startup.homepage - hxxp://search13.net?clid=486
FF - prefs.js: keyword.URL - hxxp://search13.net/search.php?clid=486&q=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\users\@lbert\AppData\Roaming\Mozilla\Firefox\Profiles\pqmgp838.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Opera\program\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera\program\plugins\npigl.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\users\@lbert\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\@lbert\AppData\Roaming\Mozilla\Firefox\Profiles\pqmgp838.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
AddRemove-AVS DVD Player_is1 - c:\program files\AVS4YOU\AVSDVDPlayer\unins000.exe
AddRemove-NetBus Pro - c:\program files\NetBus Pro\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-11 22:02
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys prosync1.sys hal.dll iaStor.sys spau.sys >>UNKNOWN [0x857E1938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x82f9cd24
\Driver\ACPI -> acpi.sys @ 0x805c0d68
\Driver\atapi -> prosync1.sys @ 0x8838e6e1
\Driver\iaStor -> prosync1.sys @ 0x8838e6e1
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winstep Xtreme Service]
"ImagePath"="c:\program files\Winstep\WsxService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2791632885-263918442-1135036468-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:33,2a,01,a8,79,db,96,5a,2a,2d,46,5c,e1,b7,45,38,c1,d2,d8,eb,71,90,2e,
a8,90,7b,b2,8e,65,28,1f,4b,9a,c1,05,2f,39,46,44,96,29,cd,07,ee,71,10,f1,14,\
"??"=hex:b2,b7,4b,96,d1,40,44,31,a9,f3,b4,8b,e5,a6,a8,c8

[HKEY_USERS\S-1-5-21-2791632885-263918442-1135036468-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:00,cf,7c,d1,a2,2a,78,82,5b,42,a6,e4,53,c1,85,a9,25,d0,78,83,3b,
31,15,3e,42,1e,7c,38,1a,02,07,0e,22,82,dc,ed,cd,d8,45,41,13,dc,76,47,23,53,\
"rkeysecu"=hex:79,55,f6,e4,5b,1f,89,9a,2f,03,fa,2d,00,32,c9,f0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(8500)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\program files\Common Files\Nokia\Codecs\EmzMp4Source.dll
c:\program files\K-Lite Codec Pack\ffdshow\ffdshow.ax
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Winstep\WsxService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\WUDFHost.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2009-12-11 22:14:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-11 21:13

Před spuštěním: Volných bajtů: 152 651 890 688
Po spuštění: Volných bajtů: 153 865 203 712

- - End Of File - - FE695625D6C822ABC738D98DCD2918F8

[motji]

Pak napište, jak dopadli ty testy v nouzovém režimu

[albert96]

Musí to být v nouzovém režimu?

[motji]

Raději ano, proč se ptáte?

[albert96]

Takže průběh Sophosu:
Našlo to tyto ,,problémy"

WARNING
Warning: Failed to query live registry key \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\005. You may not have access rights to the whole registry.

Nesprávná funkce.

WARNING
Warning: Failed to query live registry key \HKEY_USERS. You may not have access rights to the whole registry.

Nesprávná funkce.

Hidden registry key
Area: Windows registry
Description: Hidden registry key
Location: \HKEY_USERS\.DEFAULT
Removable: No
Notes: (no more detail available)

UNKNOWN HIDDEN FILE
Area: Local hard drives
Description: Unknown hidden file
Location: C:\Windows\System32\config\RegBack\SAM.LOG1
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)

UNKNOWN HIDDEN FILE
Area: Local hard drives
Description: Unknown hidden file
Location: C:\Windows\System32\kdbcg.exe
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)

UNKNOWN HIDDEN FILE
Area: Local hard drives
Description: Unknown hidden file
Location: C:\Users\hONZA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RQ5DWNKM\hot-underwear-hotsexy-siyah-beyaz-blackwhite-%D1%8D%D1%80%D0%BE%D1%82%D0%B8%D0%BA%D0%B0-panties-nice-o-angie56-nude-about-me-Art-or-Porn-pams-Teds2_large[1].jpg
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)

UNKNOWN HIDDEN FILE
Area: Local hard drives
Description: Unknown hidden file
Location: C:\Windows\System32\drivers\sptd.sys
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)

UNKNOWN HIDDEN FILE
Area: Local hard drives
Description: Unknown hidden file
Location: C:\Users\@lbert\AppData\Roaming\SecuROM\UserData\ЃϵϳЅЂϿϽϯІχϯπρϴϱЄϱЃϵϳЅ
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)

UNKNOWN HIDDEN FILE
Area: Local hard drives
Description: Unknown hidden file
Location: C:\Users\@lbert\AppData\Roaming\SecuROM\UserData\ЃϵϳЅЂϿϽϯІχϯπρЂϻϵЉЃϵϳЅ
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)



Nic dalšího...



A potom, u BitDefenderu mi to po SYSTEM SCAN napsalo SYSTEM CLEANED

[motji]

Tento soubor otestujte na www.virustotal.com
C:\Windows\System32\kdbcg.exe

Jak to ted vypadá s počítačem?

[albert96]

Soubor již byl testován:
MD5: 4fcf65d3ad9691efc0f5963c0c85cc67
Poprvé zaslán: 2009.02.27 22:41:53 UTC
Datum: 2009.02.27 22:41:53 UTC [>289D]
Výsledky: 0/39
Stálý odkaz: analisis/93b750cdaba989a539174cb4412e859a62f568a8d1ea1c5c8f1a257d5981404c-1235774513

A s PC, nic se nedeje, melo by se neco dit?

[motji]

Já potřebuju aby jste dal znovu testovat - otestoval ten váš soubor

[albert96]

Jak to mam poslat? Při obyčejném vložení sem, by to ztratilo formátování

[motji]

jak budete mít před sebou stránku s výsledky, zkopírujte cestu s adresou ke stránce

[albert96]

no jo, omlouvám se, v tu chvíli mě to nenapadlo
http://www.virustotal.com/cs/analisis/9 ... 1260901342

[motji]

Ale stejně se mi ten soubor nelíbí, google ho nezná

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.

[albert96]

Ted se mi v prubehu scanu objevila modra obrazovka s testovanim nejake pameti (uz nevim jake ) muze to neco znamenat?
Bude ten scan trvat dlouho ? nechce se mi ho uz zacinat. ja ze bych to asi udelal az zitra

[motji]

Zkuste ho v nouzovém režimu spustit.
NO jak komu, někomu 10 minut, někomu 4 hodiny

[albert96]

takže tady je první log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-16 15:42:08
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\@lbert\AppData\Local\Temp\uwtyypob.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC7 0xEF 0x5B 0x3F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA3 0x63 0x1D 0xDA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x64 0x3B 0x20 0xE4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xD6 0x6B 0x65 0xA2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC7 0xEF 0x5B 0x3F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA3 0x63 0x1D 0xDA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x64 0x3B 0x20 0xE4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xD6 0x6B 0x65 0xA2 ...

---- EOF - GMER 1.0.15 ----