Ahoj všem, prosím o pomoc, ComboFix píše:
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\desktop.ini
c:\documents and settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Best Spyware Scanner.lnk
c:\documents and settings\Administrator\Desktop\Best Spyware Scanner.lnk
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Start Menu\Programs\Best Spyware Scanner
c:\documents and settings\All Users\Start Menu\Programs\Best Spyware Scanner\Best Spyware Scanner on the Web.lnk
c:\documents and settings\All Users\Start Menu\Programs\Best Spyware Scanner\Best Spyware Scanner.lnk
c:\documents and settings\All Users\Start Menu\Programs\Best Spyware Scanner\Uninstall Best Spyware Scanner.lnk
c:\program files\Best Spyware Scanner
c:\program files\Best Spyware Scanner\AutoUpdate.exe
c:\program files\Best Spyware Scanner\BestSpywareScanner.exe
c:\program files\Best Spyware Scanner\BestSpywareScanner.url
c:\program files\Best Spyware Scanner\BSSHelper.exe
c:\program files\Best Spyware Scanner\fp.fpl
c:\program files\Best Spyware Scanner\hrdb.hrl
c:\program files\Best Spyware Scanner\md5.dll
c:\program files\Best Spyware Scanner\mtools.dll
c:\program files\Best Spyware Scanner\networkdll.dll
c:\program files\Best Spyware Scanner\opfile.dll
c:\program files\Best Spyware Scanner\QAreaDLL.dll
c:\program files\Best Spyware Scanner\sctdll.dll
c:\program files\Best Spyware Scanner\udefend.dll
c:\program files\Best Spyware Scanner\unins000.dat
c:\program files\Best Spyware Scanner\unins000.exe
c:\program files\Best Spyware Scanner\ussafe.dll
c:\program files\Best Spyware Scanner\zlib1.dll
C:\Thumbs.db
c:\windows\system32\WORK.DAT
----- BITS: Possible infected sites -----
hxxp://vbj3.net
c:\windows\system32\proquota.exe . . . is missing!!
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BNSERV4
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_bnserv4
-------\Service_MyWebSearchService
((((((((((((((((((((((((( Files Created from 2010-07-11 to 2010-08-11 )))))))))))))))))))))))))))))))
.
2010-08-11 08:36 . 2010-08-11 08:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Opera
2010-08-11 08:35 . 2010-08-11 08:35 -------- d-----w- c:\program files\Opera
2010-07-18 11:35 . 2010-07-18 11:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\AnvSoft
2010-07-18 11:34 . 2010-07-18 11:34 -------- d-----w- c:\program files\AnvSoft
2010-07-16 19:41 . 2010-07-16 19:41 -------- d-----w- c:\documents and settings\All Users\Application Data\1E35B
2010-07-16 19:37 . 2010-07-16 19:37 -------- d-----w- C:\My Downloads
2010-07-16 19:36 . 2010-07-31 19:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\imeshmediabartb
2010-07-16 19:33 . 2010-07-16 19:54 -------- d-----w- c:\program files\iMesh Applications
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-11 08:41 . 2010-02-27 14:37 -------- d-----w- c:\program files\SeaMonkey
2010-08-09 21:17 . 2010-08-09 21:17 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2c0f2ae2-n\msvcp71.dll
2010-08-09 21:17 . 2010-08-09 21:17 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2c0f2ae2-n\jmc.dll
2010-08-09 21:17 . 2010-08-09 21:17 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2c0f2ae2-n\msvcr71.dll
2010-08-09 21:17 . 2010-08-09 21:17 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5682b450-n\decora-d3d.dll
2010-08-09 21:17 . 2010-08-09 21:17 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5682b450-n\decora-sse.dll
2010-07-02 20:13 . 2006-05-31 16:06 -------- d-----w- c:\program files\LostInEU
2010-06-01 18:12 . 2010-06-01 18:12 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-596950c0-n\msvcp71.dll
2010-06-01 18:12 . 2010-06-01 18:12 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-596950c0-n\jmc.dll
2010-06-01 18:12 . 2010-06-01 18:12 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-596950c0-n\msvcr71.dll
2010-06-01 18:12 . 2010-06-01 18:12 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-51c39deb-n\decora-sse.dll
2010-06-01 18:12 . 2010-06-01 18:12 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-51c39deb-n\decora-d3d.dll
.
------- Sigcheck -------
[-] 2009-08-03 21:36 . 8F75F4E20F9C19F59509BCA8F6768538 . 12288 . . [------] . . c:\windows\system32\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\userinit.exe
[7] 2002-08-29 . E931E0A2B8BF0019DB902E98D03662CB . 22016 . . [5.1.2600.1106] . . c:\windows\system32\dllcache\userinit.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wscntfy.exe
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xmlprov.dll
[-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\d3d9.dll
[-] 2004-07-09 02:27 . 0E51BD586D186F61A9E4453DB8AEC774 . 1703936 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\system32\d3d9.dll
c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\xmlprov.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2010-03-24 09:36 392624 ----a-w- c:\program files\iMesh Applications\MediaBar\DataMngr\IEBHO.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}]
2009-11-20 17:34 87472 ----a-w- c:\program files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"= "c:\program files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll" [2009-11-20 87472]
[HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"SoundMan"="SOUNDMAN.EXE" [2003-07-16 55296]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-03-03 2904064]
"nwiz"="nwiz.exe" [2004-03-03 782336]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2004-03-03 46080]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2003-10-14 1224754]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"DataMngr"="c:\progra~1\IMESHA~1\MediaBar\DataMngr\DataMngrUI.exe" [2010-03-24 797104]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-08-29 13312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2001-08-23 51200]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Aktualizovat ESET licenci.lnk - c:\program files\ESET\MiNODLogin\MiNODLogin.exe [2009-10-3 125952]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 10:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-11-15 15:18 1670144 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-27 18:26 282624 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2008-07-02 15:16 393216 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PAVSRV"=2 (0x2)
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14. 5. 2009 16:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14. 5. 2009 16:49 94360]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14. 5. 2009 16:47 731840]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [11. 6. 2009 21:43 222968]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [24. 1. 2009 13:35 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [24. 1. 2009 13:35 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [24. 1. 2009 13:35 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [24. 1. 2009 13:35 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [24. 1. 2009 13:35 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [24. 1. 2009 13:35 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [24. 1. 2009 13:35 117672]
.
Contents of the 'Scheduled Tasks' folder
2005-06-07 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8103057663.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.imesh.com/
IE: Add to Google Photos Screensa&ver - c:\windows\System32\GPhotos.scr/200
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-APVXDWIN - c:\program files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE
HKLM-Run-WinampAgent - c:\program files\Winamp3\winampa.exe
HKLM-Run-pdfSaver3 - (no file)
HKLM-Run-BVRPLiveUpdate - c:\program files\Avanquest update\Engine\Setup.exe
HKLM-Run-TrustPortTray - c:\program files\Common Files\TrustPort\bin\tptray.exe
HKLM-Run-AntivirusCommunicatorAgent - c:\program files\TrustPort\Antivirus\bin\avcom.exe
Notify-WgaLogon - (no file)
AddRemove-Best Spyware Scanner_is1 - c:\program files\Best Spyware Scanner\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-11 13:18
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(548)
c:\windows\System32\ODBC32.dll
- - - - - - - > 'lsass.exe'(604)
c:\windows\System32\dssenh.dll
- - - - - - - > 'explorer.exe'(3732)
c:\windows\System32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\nvsvc32.exe
c:\windows\SOUNDMAN.EXE
c:\windows\System32\RunDll32.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Kryptik.AAL trojský koník v systému, NOD: "Nelze léčit"
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Kryptik.AAL trojský koník v systému, NOD: "Nelze léčit"
Jde o soubor userinit.exe ze složky system32. Jde o nejaký soubor používaný pri startu. Budu vdecny za jakoukoli radu!
Re: Kryptik.AAL trojský koník v systému, NOD: "Nelze léčit"
Dobrý večer 
Nejdřív Vás poprosím, aby jste odstranil ten nelegální NOd, je to proti pravidlům fora.
Dejte nějaký free antivir, Avast nebo Aviru a pak poprosím o log ze Rsitu, viz můj podpis.
A pak to opravíme
Nejdřív Vás poprosím, aby jste odstranil ten nelegální NOd, je to proti pravidlům fora.
Dejte nějaký free antivir, Avast nebo Aviru a pak poprosím o log ze Rsitu, viz můj podpis.
A pak to opravíme
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Přispějete na provoz fóra?