MALWARE

Zpráva

self_defense · #16 Příspěvek od **self_defense** » 06 bře 2010 23:21

self_defense · #17 Příspěvek od **self_defense** » 07 bře 2010 00:44

tohle je log?asi jo ----->http://img25.imageshack.us/img25/6852/mbamj.jpg

self_defense · #18 Příspěvek od **self_defense** » 07 bře 2010 00:53

aha tohle je ono
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3830
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

7.3.2010 0:41:45
mbam-log-2010-03-07 (00-41-41).txt

Typ kontroly: Kompletní kontrola (C:\|)
Zkontrolované objekty: 342930
Uplynulý čas: 1 hour(s), 52 minute(s), 8 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 23
Infikované hodnoty registru: 4
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 12

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CLASSES_ROOT\aimactivexdll.aimhelper (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\aimactivexdll.aimhelper.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\oeactivexdll.desktopbuttonhandler (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\oeactivexdll.desktopbuttonhandler.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\oeactivexdll.desktopoeaddin1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\oeactivexdll.desktopoeaddin1.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3fb17508-0bf4-4fde-845a-323a1052957c} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{42c23154-00fa-4a93-9de9-3eb523cffff6} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{803e73fe-cb73-4d49-8aff-653fd6f44171} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{57aba38e-6535-48f3-99fd-efdc62137c78} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{0514c9b0-e4c6-4d6b-a3a6-b38bc280b115} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d335d84d-61d8-4b5f-9c4e-067dc8b27ed5} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\AppID\AIMActiveXDLL.dll (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Addins\OEActiveXDLL.DesktopOEAddin1 (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Funband Serach (Adware.DoubleD) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Funband Serach (Adware.DoubleD) -> No action taken.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{872a1c39-df0b-4c8b-ad84-12ba24a3b781} (Adware.DoubleD) -> No action taken.

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\System Volume Information\_restore{AF7B75AB-933E-473A-8A84-3F2587C2BBBB}\RP215\A0078423.exe (Trojan.Armin) -> No action taken.
C:\System Volume Information\_restore{AF7B75AB-933E-473A-8A84-3F2587C2BBBB}\RP222\A0082304.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{AF7B75AB-933E-473A-8A84-3F2587C2BBBB}\RP256\A0156509.exe (Rogue.Security.Tool) -> No action taken.
C:\System Volume Information\_restore{AF7B75AB-933E-473A-8A84-3F2587C2BBBB}\RP256\A0156510.exe (Rogue.Security.Tool) -> No action taken.
C:\WINDOWS\system32\F7334D\cnvpe.fne (Worm.Autorun) -> No action taken.
C:\WINDOWS\system32\F7334D\dp1.fne (Worm.Autorun) -> No action taken.
C:\WINDOWS\system32\F7334D\eAPI.fne (Worm.Autorun) -> No action taken.
C:\WINDOWS\system32\F7334D\HtmlView.fne (HackTool.Patcher) -> No action taken.
C:\WINDOWS\system32\F7334D\internet.fne (HackTool.Patcher) -> No action taken.
C:\WINDOWS\system32\F7334D\krnln.fnr (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\F7334D\RegEx.fnr (Worm.AutoRun) -> No action taken.
C:\Documents and Settings\jj\Nabídka Start\Programy\Security Tool.LNK (Rogue.SecurityTool) -> No action taken.

#19 Příspěvek od **motji** » 07 bře 2010 01:14

Všechno smažte

Můžete se podívat do počítače na tuto složku?
C:\WINDOWS\system32\F7334D

self_defense · #20 Příspěvek od **self_defense** » 07 bře 2010 09:53

prosim jak to mam smazat aby sem neco nezkazil?

a co ma být zajimave v té zložce.?

#21 Příspěvek od **motji** » 07 bře 2010 11:30

V mbamu dáte prostě volbu smazat

.

Tu složku zatím nechte. Až to smažete, dejte vědět co počítač.

self_defense · #22 Příspěvek od **self_defense** » 07 bře 2010 11:59

to musim zase udelat kompletni sken aby sem to mohl smazat?

#23 Příspěvek od **motji** » 07 bře 2010 18:29

Co mám s Vámi dělat

, smažu to pak přes combofix

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

self_defense · #24 Příspěvek od **self_defense** » 07 bře 2010 20:38

ComboFix 10-03-07.02 - jj 07.03.2010 20:29:32.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.3327.2818 [GMT 1:00]
Running from: c:\documents and settings\jj\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2010-02-07 to 2010-03-07 )))))))))))))))))))))))))))))))
.

2010-03-07 14:51 . 2010-03-07 14:51 -------- d-----w- c:\program files\PokerTH
2010-03-06 21:40 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-06 21:40 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-06 11:42 . 2010-03-06 11:43 -------- d-----w- c:\program files\Hamachi
2010-02-26 20:17 . 2010-02-26 20:17 -------- d-----w- c:\program files\EA Sports
2010-02-15 17:54 . 2010-02-15 17:54 -------- d-----w- c:\program files\Common Files\Skype
2010-02-15 17:54 . 2010-02-15 17:55 -------- d-----r- c:\program files\Skype
2010-02-15 17:48 . 2010-02-19 18:47 -------- d-----w- c:\program files\ICQ7.0
2010-02-15 17:14 . 2010-02-15 17:14 -------- d-----w- c:\program files\FileHippo.com
2010-02-15 17:05 . 2010-02-15 17:05 -------- d-----w- c:\program files\CCleaner
2010-02-14 15:39 . 2010-03-06 23:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-14 13:32 . 2010-02-25 20:41 -------- d-----w- c:\program files\trend micro
2010-02-13 01:52 . 2010-02-13 01:52 -------- d-----w- c:\program files\Common Files\Thraex Software
2010-02-12 14:35 . 2010-02-12 14:35 -------- d-----w- c:\program files\TeamSpeak 3 Client

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-07 13:34 . 2009-06-22 20:39 -------- d-----w- c:\program files\Steam
2010-03-06 11:42 . 2010-01-11 11:38 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-02-15 17:49 . 2009-06-16 22:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-14 19:14 . 2001-10-25 14:00 60918 ----a-w- c:\windows\system32\perfc005.dat
2010-02-14 19:14 . 2001-10-25 14:00 393528 ----a-w- c:\windows\system32\perfh005.dat
2010-02-14 17:23 . 2009-11-07 12:08 -------- d-----w- c:\program files\Winamp Toolbar
2010-02-12 20:23 . 2009-09-05 16:02 -------- d-----w- c:\program files\TeamViewer
2010-02-10 13:35 . 2009-06-17 12:52 -------- d-----w- c:\program files\Valve
2010-02-09 19:45 . 2009-12-27 11:34 -------- d-----w- c:\program files\AV Vcs 5.0 DIAMOND
2010-02-02 00:14 . 2010-01-28 13:36 -------- d-----w- c:\program files\Kalypso
2010-02-02 00:12 . 2010-02-02 00:12 223128 ----a-w- c:\windows\system32\drivers\vaxscsi.sys
2010-02-02 00:12 . 2010-02-02 00:12 -------- d-----w- c:\program files\Alcohol Soft
2010-01-28 14:03 . 2009-07-17 23:49 -------- d-----w- c:\program files\Teamspeak2_RC2
2010-01-28 14:03 . 2009-07-29 12:14 -------- d-----w- c:\program files\Winamp
2010-01-28 14:02 . 2009-08-18 08:14 -------- d-----w- c:\program files\Lineage II
2010-01-28 14:00 . 2009-11-28 16:23 -------- d-----w- c:\program files\Common Files\GTK
2010-01-28 13:55 . 2009-12-04 22:28 -------- d-----w- c:\program files\EAGLE-4.16r2
2010-01-28 13:31 . 2009-06-18 11:35 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-27 17:09 . 2010-01-27 17:09 -------- d-----w- c:\program files\Common Files\Java
2010-01-27 17:09 . 2010-01-27 17:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-27 17:09 . 2010-01-27 17:09 -------- d-----w- c:\program files\Java
2010-01-20 18:13 . 2009-12-29 23:51 -------- d-----w- c:\program files\Counter-Strike 1.6
2010-01-19 18:08 . 2009-12-19 15:39 -------- d-----w- c:\program files\Mumble
2010-01-13 15:57 . 2010-01-11 16:47 -------- d-----w- c:\program files\X-ray Anti-Cheat
2010-01-12 14:53 . 2010-01-12 14:47 -------- d-----w- c:\program files\OSCAR Editor
2010-01-12 14:47 . 2010-01-12 14:47 -------- d-----w- c:\program files\A4TECH
2010-01-08 00:25 . 2009-09-15 18:55 -------- d-----w- c:\program files\XTB-Trader
2010-01-08 00:24 . 2009-10-18 14:28 -------- d-----w- c:\program files\city buss simulator
2010-01-08 00:17 . 2009-12-16 18:02 -------- d-----w- c:\program files\Screenshot Utility
2010-01-08 00:16 . 2009-12-30 18:26 -------- d-----w- c:\program files\Full Tilt Poker
2010-01-08 00:14 . 2010-01-04 22:36 -------- d-----w- c:\program files\QIP Infium
2010-01-07 14:45 . 2010-01-07 14:19 -------- d-----w- c:\program files\Trillian
2010-01-06 16:06 . 2009-11-04 16:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-19 13:27 . 2009-12-19 13:27 58 ----a-w- c:\windows\system32\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2009-12-09 20:38 . 2009-09-19 20:13 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-08 18:09 . 2009-12-08 18:09 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-08 18:09 . 2009-12-08 18:09 109144 ----a-w- c:\windows\system32\OpenAL32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"Steam"="c:\program files\steam\steam.exe" [2010-02-20 1217872]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"OscarEditor"="c:\program files\OSCAR Editor\OscarEditor.exe" [2009-06-16 3331584]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-02-11 133368]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-21 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-09 18063872]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"ZSSnp211"="c:\windows\ZSSnp211.exe" [2006-08-19 49152]
"Domino"="c:\windows\Domino.exe" [2006-08-18 49152]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\documents and settings\jj\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Capcom\\MotoGP 08\\Launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\fish tycoon demo\\FishTycoon.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\JetAudio\\jetChat.exe"=
"c:\\Program Files\\JetAudio\\JcServer.exe"=
"c:\\Program Files\\Codemasters\\OF Dragon Rising\\OFDR.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Codemasters\\DiRT2\\dirt2_game.exe"=
"c:\\Program Files\\Steam\\steamapps\\self_defense\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\6daw6\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\jnk94\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\nba 2k9 demo\\nba2k9demo.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Steam\\steamapps\\self_defense\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\self_defense\\insurgency\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\america's army 3\\Binaries\\AA3Game.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\shattered_horizon\\client_exe\\shattered_horizon.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\EA Sports\\NHL 09\\nhl2009.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [19.9.2009 21:13 108289]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.6.2009 12:35 691696]
S2 gupdate1ca3e1914b8f290;Služba Google Update (gupdate1ca3e1914b8f290);c:\program files\Google\Update\GoogleUpdate.exe [25.9.2009 20:47 133104]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys --> c:\windows\system32\Drivers\gHidPnp.Sys [?]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\DRIVERS\gMouPS2.sys --> c:\windows\system32\DRIVERS\gMouPS2.sys [?]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb.sys --> c:\windows\system32\DRIVERS\gMouUsb.sys [?]
S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\drivers\k600bus.sys [30.7.2009 14:28 52384]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;c:\windows\system32\drivers\k600mdfl.sys [30.7.2009 14:29 6096]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;c:\windows\system32\drivers\k600mdm.sys [30.7.2009 14:29 87456]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;c:\windows\system32\drivers\k600mgmt.sys [30.7.2009 14:29 79248]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\k600obex.sys [30.7.2009 14:29 77072]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [30.7.2009 15:02 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [30.7.2009 15:02 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [30.7.2009 15:02 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [30.7.2009 15:03 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [30.7.2009 15:02 98568]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2.2.2010 1:12 223128]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-25 19:47]

2010-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-25 19:47]
.
.
------- Supplementary Scan -------
.
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PCTRAN~1\webie.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-07 20:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1960408961-764733703-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:59,b4,d3,75,f7,d3,13,da,3f,69,1f,53,c8,33,bf,7f,03,e6,42,e5,ce,
cf,be,c9,dc,aa,00,1a,47,c5,08,74,7e,2c,88,3e,c6,a1,3d,6e,ae,22,95,58,78,06,\
"rkeysecu"=hex:f5,f7,01,64,a5,d3,eb,6f,6c,07,f5,9c,3f,c3,5f,c3
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-03-07 20:37:21
ComboFix-quarantined-files.txt 2010-03-07 19:37

Pre-Run: Volných bajtů: 138 605 699 072
Post-Run: Volných bajtů: 138 573 557 760

- - End Of File - - 59C1BEF34F748138616255999935C7AE

#25 Příspěvek od **motji** » 07 bře 2010 20:59

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Folder::
C:\WINDOWS\system32\F7334D
Collect::
C:\Documents and Settings\jj\Nabídka Start\Programy\Security Tool.LNK
Registry::
[-HKEY_CLASSES_ROOT\aimactivexdll.aimhelper] 
[-HKEY_CLASSES_ROOT\aimactivexdll.aimhelper.1] 
[-HKEY_CLASSES_ROOT\oeactivexdll.desktopbuttonhandler] 
[-HKEY_CLASSES_ROOT\oeactivexdll.desktopbuttonhandler.1]  
[-HKEY_CLASSES_ROOT\oeactivexdll.desktopoeaddin1] 
[-HKEY_CLASSES_ROOT\oeactivexdll.desktopoeaddin1.1]  
[-HKEY_CLASSES_ROOT\Interface\{3fb17508-0bf4-4fde-845a-323a1052957c}]  
[-HKEY_CLASSES_ROOT\Interface\{42c23154-00fa-4a93-9de9-3eb523cffff6}]  
[-HKEY_CLASSES_ROOT\Interface\{803e73fe-cb73-4d49-8aff-653fd6f44171}]  
[-HKEY_CLASSES_ROOT\AppID\{57aba38e-6535-48f3-99fd-efdc62137c78}] 
[-HKEY_CLASSES_ROOT\CLSID\{5617eca9-488d-4ba2-8562-9710b9ab78d2}]  
[-HKEY_CLASSES_ROOT\Typelib\{0514c9b0-e4c6-4d6b-a3a6-b38bc280b115}]  
[-HKEY_CLASSES_ROOT\Typelib\{d335d84d-61d8-4b5f-9c4e-067dc8b27ed5}]  
[-HKEY_CLASSES_ROOT\AppID\AIMActiveXDLL.dll] 
[-HKEY_CURRENT_USER\SOFTWARE\DoubleD] 
[-HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer]  
[-HKEY_CURRENT_USER\SOFTWARE\Media Access Startup] 
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Addins\OEActiveXDLL.DesktopOEAddin1] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer]  
[-HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup] 
[-HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Funband Serach] 
[-HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Funband]  
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser] 
"{5617eca9-488d-4ba2-8562-9710b9ab78d2}"=-

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

self_defense · #26 Příspěvek od **self_defense** » 07 bře 2010 21:50

ComboFix 10-03-07.02 - jj 07.03.2010 21:42:47.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.3327.2882 [GMT 1:00]
Running from: c:\documents and settings\jj\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\jj\Plocha\CFScript.txt.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

file zipped: c:\documents and settings\jj\Nabídka Start\Programy\Security Tool.LNK
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\jj\Nabídka Start\Programy\Security Tool.LNK
c:\windows\system32\F7334D
c:\windows\system32\F7334D\a5.ini
c:\windows\system32\F7334D\cnvpe.fne
c:\windows\system32\F7334D\dp1.fne
c:\windows\system32\F7334D\eAPI.fne
c:\windows\system32\F7334D\HtmlView.fne
c:\windows\system32\F7334D\internet.fne
c:\windows\system32\F7334D\krnln.fnr
c:\windows\system32\F7334D\RegEx.fnr
c:\windows\system32\F7334D\shell.fne
c:\windows\system32\F7334D\u-3v.txt

.
((((((((((((((((((((((((( Files Created from 2010-02-07 to 2010-03-07 )))))))))))))))))))))))))))))))
.

2010-03-06 21:40 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-06 21:40 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-06 11:42 . 2010-03-06 11:43 -------- d-----w- c:\program files\Hamachi
2010-02-26 20:17 . 2010-02-26 20:17 -------- d-----w- c:\program files\EA Sports
2010-02-15 17:54 . 2010-02-15 17:54 -------- d-----w- c:\program files\Common Files\Skype
2010-02-15 17:54 . 2010-02-15 17:55 -------- d-----r- c:\program files\Skype
2010-02-15 17:48 . 2010-02-19 18:47 -------- d-----w- c:\program files\ICQ7.0
2010-02-15 17:14 . 2010-02-15 17:14 -------- d-----w- c:\program files\FileHippo.com
2010-02-15 17:05 . 2010-02-15 17:05 -------- d-----w- c:\program files\CCleaner
2010-02-14 15:39 . 2010-03-06 23:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-14 13:32 . 2010-02-25 20:41 -------- d-----w- c:\program files\trend micro
2010-02-13 01:52 . 2010-02-13 01:52 -------- d-----w- c:\program files\Common Files\Thraex Software
2010-02-12 14:35 . 2010-02-12 14:35 -------- d-----w- c:\program files\TeamSpeak 3 Client

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-07 20:19 . 2009-06-22 20:39 -------- d-----w- c:\program files\Steam
2010-03-07 14:51 . 2010-03-07 14:51 -------- d-----w- c:\program files\PokerTH
2010-03-06 11:42 . 2010-01-11 11:38 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-02-15 17:49 . 2009-06-16 22:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-14 19:14 . 2001-10-25 14:00 60918 ----a-w- c:\windows\system32\perfc005.dat
2010-02-14 19:14 . 2001-10-25 14:00 393528 ----a-w- c:\windows\system32\perfh005.dat
2010-02-14 17:23 . 2009-11-07 12:08 -------- d-----w- c:\program files\Winamp Toolbar
2010-02-12 20:23 . 2009-09-05 16:02 -------- d-----w- c:\program files\TeamViewer
2010-02-10 13:35 . 2009-06-17 12:52 -------- d-----w- c:\program files\Valve
2010-02-09 19:45 . 2009-12-27 11:34 -------- d-----w- c:\program files\AV Vcs 5.0 DIAMOND
2010-02-02 00:14 . 2010-01-28 13:36 -------- d-----w- c:\program files\Kalypso
2010-02-02 00:12 . 2010-02-02 00:12 223128 ----a-w- c:\windows\system32\drivers\vaxscsi.sys
2010-02-02 00:12 . 2010-02-02 00:12 -------- d-----w- c:\program files\Alcohol Soft
2010-01-28 14:03 . 2009-07-17 23:49 -------- d-----w- c:\program files\Teamspeak2_RC2
2010-01-28 14:03 . 2009-07-29 12:14 -------- d-----w- c:\program files\Winamp
2010-01-28 14:02 . 2009-08-18 08:14 -------- d-----w- c:\program files\Lineage II
2010-01-28 14:00 . 2009-11-28 16:23 -------- d-----w- c:\program files\Common Files\GTK
2010-01-28 13:55 . 2009-12-04 22:28 -------- d-----w- c:\program files\EAGLE-4.16r2
2010-01-28 13:31 . 2009-06-18 11:35 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-27 17:09 . 2010-01-27 17:09 -------- d-----w- c:\program files\Common Files\Java
2010-01-27 17:09 . 2010-01-27 17:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-27 17:09 . 2010-01-27 17:09 -------- d-----w- c:\program files\Java
2010-01-20 18:13 . 2009-12-29 23:51 -------- d-----w- c:\program files\Counter-Strike 1.6
2010-01-19 18:08 . 2009-12-19 15:39 -------- d-----w- c:\program files\Mumble
2010-01-13 15:57 . 2010-01-11 16:47 -------- d-----w- c:\program files\X-ray Anti-Cheat
2010-01-12 14:53 . 2010-01-12 14:47 -------- d-----w- c:\program files\OSCAR Editor
2010-01-12 14:47 . 2010-01-12 14:47 -------- d-----w- c:\program files\A4TECH
2010-01-08 00:25 . 2009-09-15 18:55 -------- d-----w- c:\program files\XTB-Trader
2010-01-08 00:24 . 2009-10-18 14:28 -------- d-----w- c:\program files\city buss simulator
2010-01-08 00:17 . 2009-12-16 18:02 -------- d-----w- c:\program files\Screenshot Utility
2010-01-08 00:16 . 2009-12-30 18:26 -------- d-----w- c:\program files\Full Tilt Poker
2010-01-08 00:14 . 2010-01-04 22:36 -------- d-----w- c:\program files\QIP Infium
2010-01-07 14:45 . 2010-01-07 14:19 -------- d-----w- c:\program files\Trillian
2010-01-06 16:06 . 2009-11-04 16:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-19 13:27 . 2009-12-19 13:27 58 ----a-w- c:\windows\system32\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2009-12-09 20:38 . 2009-09-19 20:13 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-08 18:09 . 2009-12-08 18:09 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-08 18:09 . 2009-12-08 18:09 109144 ----a-w- c:\windows\system32\OpenAL32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"Steam"="c:\program files\steam\steam.exe" [2010-02-20 1217872]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"OscarEditor"="c:\program files\OSCAR Editor\OscarEditor.exe" [2009-06-16 3331584]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-02-11 133368]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-21 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-09 18063872]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"ZSSnp211"="c:\windows\ZSSnp211.exe" [2006-08-19 49152]
"Domino"="c:\windows\Domino.exe" [2006-08-18 49152]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\documents and settings\jj\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Capcom\\MotoGP 08\\Launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\fish tycoon demo\\FishTycoon.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\JetAudio\\jetChat.exe"=
"c:\\Program Files\\JetAudio\\JcServer.exe"=
"c:\\Program Files\\Codemasters\\OF Dragon Rising\\OFDR.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Codemasters\\DiRT2\\dirt2_game.exe"=
"c:\\Program Files\\Steam\\steamapps\\self_defense\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\6daw6\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\jnk94\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\nba 2k9 demo\\nba2k9demo.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Steam\\steamapps\\self_defense\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\self_defense\\insurgency\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\america's army 3\\Binaries\\AA3Game.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\shattered_horizon\\client_exe\\shattered_horizon.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\EA Sports\\NHL 09\\nhl2009.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [19.9.2009 21:13 108289]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.6.2009 12:35 691696]
S2 gupdate1ca3e1914b8f290;Služba Google Update (gupdate1ca3e1914b8f290);c:\program files\Google\Update\GoogleUpdate.exe [25.9.2009 20:47 133104]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys --> c:\windows\system32\Drivers\gHidPnp.Sys [?]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\DRIVERS\gMouPS2.sys --> c:\windows\system32\DRIVERS\gMouPS2.sys [?]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb.sys --> c:\windows\system32\DRIVERS\gMouUsb.sys [?]
S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\drivers\k600bus.sys [30.7.2009 14:28 52384]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;c:\windows\system32\drivers\k600mdfl.sys [30.7.2009 14:29 6096]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;c:\windows\system32\drivers\k600mdm.sys [30.7.2009 14:29 87456]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;c:\windows\system32\drivers\k600mgmt.sys [30.7.2009 14:29 79248]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\k600obex.sys [30.7.2009 14:29 77072]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [30.7.2009 15:02 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [30.7.2009 15:02 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [30.7.2009 15:02 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [30.7.2009 15:03 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [30.7.2009 15:02 98568]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2.2.2010 1:12 223128]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-25 19:47]

2010-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-25 19:47]
.
.
------- Supplementary Scan -------
.
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PCTRAN~1\webie.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-07 21:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1960408961-764733703-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:59,b4,d3,75,f7,d3,13,da,3f,69,1f,53,c8,33,bf,7f,03,e6,42,e5,ce,
cf,be,c9,dc,aa,00,1a,47,c5,08,74,7e,2c,88,3e,c6,a1,3d,6e,ae,22,95,58,78,06,\
"rkeysecu"=hex:f5,f7,01,64,a5,d3,eb,6f,6c,07,f5,9c,3f,c3,5f,c3
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-03-07 21:48:58
ComboFix-quarantined-files.txt 2010-03-07 20:48
ComboFix2.txt 2010-03-07 19:37

Pre-Run: Volných bajtů: 138 550 878 208
Post-Run: Volných bajtů: 138 536 284 160

- - End Of File - - BD4D058B77D839BC54A4E0A193DF8B9E
Upload was successful

#27 Příspěvek od **motji** » 07 bře 2010 22:25

Jak to ted vypadá s počítačem?

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.

***********

Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir

***********

Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

Obrázek

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

Obrázek

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy

ok

zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.

***********

Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech

***********

Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?

VIRY.CZ

MALWARE

Re: MALWARE

Re: MALWARE

Re: MALWARE

Re: MALWARE

Re: MALWARE

Re: MALWARE

Re: MALWARE

Re: MALWARE

Re: MALWARE

Re: MALWARE

Re: MALWARE

Re: MALWARE