Zdravim chytil som nejaku haved pri surfovani po webe mi zrazu vyhodilo neaky vir v mojej avire aj pc firewall tools nieco hlasil tak som vsetko blokol a zmazal ale nepomohlo.... po restarte pc som mal v pc nieco podobne ako security tool. Pise mi ze my pc is infected, nejde spusti ziaden program atd. Som v nudzovom rezime, comp som prehliadol ccleanerom a malwarebytes antimalware kde nic nenaslo.
LOG Z RSIT:
Logfile of random's system information tool 1.08 (written by random/random)
Run by tam at 2011-02-12 14:29:41
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 41 GB (43%) free of 95 GB
Total RAM: 991 MB (61% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:29:50, on 12. 2. 2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\tam\Plocha\RSIT.exe
C:\Program Files\trend micro\tam.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=14780&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo0.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo0.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\tam\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\tam\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10" -"http://www8.agame.com/games/shockwave/t ... me_com.htm"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Unibet - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\unibetpokerMPP\MPPoker.exe (file missing) (HKCU)
O9 - Extra button: Absolute Poker - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Documents and Settings\tam\Nabídka Start\Programy\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Documents and Settings\tam\Nabídka Start\Programy\Absolute Poker\Absolute Poker.lnk (HKCU)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O16 - DPF: {2827941E-F3B4-11D1-870D-00006E30EA7D} (Signing Control) - http://ebanka.tuke.sk/Ib/sk/objects/SigningProj.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4530466046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6611146953
O16 - DPF: {A4735C9C-6626-4386-9B93-2D9B79047AB8} (MediaPlugin Control) - http://televizia.joj.sk/fileadmin/joj_p ... Player.cab
O16 - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} (CCTVUpdateInstall) - http://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.com/download/vexcast.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - browseui.dll (file missing)
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - browseui.dll (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1c99694d879faee) (gupdate1c99694d879faee) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 10258 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-764733703-1177238915-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-764733703-1177238915-1003UA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-329068152-764733703-1177238915-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-764733703-1177238915-1003.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-05-26 341600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngin0.dll [2011-01-06 3911776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll [2009-07-16 664888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTo0.dll [2011-01-06 3911776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-10 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-10 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTo0.dll [2011-01-06 3911776]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngin0.dll [2011-01-06 3911776]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-11-22 16858112]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-03-17 421888]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-05-26 202256]
"00PCTFW"=C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe [2010-01-12 3168216]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-01 1164584]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-11-02 281768]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-10-08 110696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-10-08 13851752]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-08-25 1753192]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=c:\program files\steam\steam.exe [2010-11-17 1242448]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]
"Octoshape Streaming Services"=C:\Documents and Settings\tam\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [2009-01-08 70936]
"Google Update"=C:\Documents and Settings\tam\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE [2008-11-24 460216]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HLSW\hlsw.exe"="C:\Program Files\HLSW\hlsw.exe:*:Enabled:HLSW Application"
"C:\Program Files\Counter-Strike 1.6\hltv.exe"="C:\Program Files\Counter-Strike 1.6\hltv.exe:*:Enabled:HLTV Launcher"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\Steam\steamapps\phioneer\dedicated server\hltv.exe"="C:\Program Files\Steam\steamapps\phioneer\dedicated server\hltv.exe:*:Enabled:HLTV Launcher"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Counter-Strike 1.6\hl.exe"="C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\lukesin15\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\lukesin15\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steam.exe"="C:\Program Files\Steam\steam.exe:*:Enabled:Steam"
"C:\Documents and Settings\tam\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe"="C:\Documents and Settings\tam\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:OctoshapeClient.exe"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Teamspeak2_RC2\server_windows.exe"="C:\Program Files\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Documents and Settings\tam\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe"="C:\Documents and Settings\tam\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Steam\steamapps\phioneer\dedicated server\hlds.exe"="C:\Program Files\Steam\steamapps\phioneer\dedicated server\hlds.exe:*:Enabled:Dedicated Server"
"C:\Documents and Settings\tam\Plocha\NOVE MOVIE\genArts sapphire plugins\GENARTS_SAPPHIRE\rlm.exe"="C:\Documents and Settings\tam\Plocha\NOVE MOVIE\genArts sapphire plugins\GENARTS_SAPPHIRE\rlm.exe:*:Enabled:rlm"
"C:\Program Files\GenArts\rlm\rlm.exe"="C:\Program Files\GenArts\rlm\rlm.exe:*:Enabled:rlm"
"C:\Program Files\Adobe\Adobe After Effects CS4\Support Files\AfterFX.exe"="C:\Program Files\Adobe\Adobe After Effects CS4\Support Files\AfterFX.exe:*:Enabled:Adobe After Effects CS4"
"C:\WINDOWS\system32\winver.exe"="C:\WINDOWS\system32\winver.exe:*:Enabled:winver"
"C:\Program Files\RayV\RayV\RayV.exe"="C:\Program Files\RayV\RayV\RayV.exe:*:Enabled:RayV"
"C:\Program Files\RayV\RayV\RayV.dll"="C:\Program Files\RayV\RayV\RayV.dll:*:Enabled:RayV"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\EslWire\wire.exe"="C:\Program Files\EslWire\wire.exe:*:Enabled:ESL Wire Client"
"C:\Program Files\Steam\steamapps\phioneer\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\phioneer\counter-strike\hl.exe:*:Enabled:Counter-Strike"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
======List of files/folders created in the last 1 months======
2011-02-12 14:29:41 ----D---- C:\rsit
2011-02-12 14:04:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\dFgIgOk14700
2011-02-09 20:23:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$
2011-02-09 20:23:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2485376$
2011-02-09 20:22:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2479628$
2011-02-09 20:22:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$
2011-02-09 20:19:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2476687$
2011-02-09 20:19:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$
2011-02-09 20:19:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$
2011-02-03 16:53:37 ----D---- C:\Program Files\Maxis
2011-01-24 15:04:50 ----D---- C:\Program Files\CCleaner
2011-01-24 14:57:37 ----D---- C:\Program Files\Zrychlenie PC
2011-01-23 00:36:04 ----N---- C:\WINDOWS\Setup1.exe
2011-01-23 00:36:03 ----A---- C:\WINDOWS\ST6UNST.EXE
2011-01-22 23:53:41 ----D---- C:\Program Files\Lavalys
2011-01-22 15:39:44 ----D---- C:\Program Files\WinPcap
2011-01-22 15:39:40 ----A---- C:\Program Files\Common Files\AskToolbarInstaller.exe
2011-01-22 15:39:36 ----D---- C:\Documents and Settings\tam\Data aplikací\OpenCandy
2011-01-22 15:39:33 ----D---- C:\Program Files\VDownloader
======List of files/folders modified in the last 1 months======
2011-02-12 14:29:48 ----D---- C:\Program Files\trend micro
2011-02-12 14:19:58 ----D---- C:\WINDOWS\temp
2011-02-12 14:19:58 ----D---- C:\WINDOWS\Minidump
2011-02-12 14:19:58 ----D---- C:\WINDOWS\Debug
2011-02-12 14:19:58 ----D---- C:\WINDOWS
2011-02-12 14:16:27 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2011-02-12 14:16:24 ----D---- C:\Program Files\Steam
2011-02-12 14:07:22 ----SD---- C:\WINDOWS\Tasks
2011-02-12 14:04:35 ----D---- C:\WINDOWS\Prefetch
2011-02-12 13:59:17 ----D---- C:\WINDOWS\system32\CatRoot2
2011-02-11 21:24:31 ----D---- C:\WINDOWS\system32\drivers
2011-02-11 21:23:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2011-02-11 12:49:00 ----D---- C:\Shoty
2011-02-09 20:24:40 ----D---- C:\WINDOWS\system32
2011-02-09 20:23:11 ----HD---- C:\WINDOWS\inf
2011-02-09 20:23:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-02-09 20:19:59 ----A---- C:\WINDOWS\system32\MRT.exe
2011-02-09 20:19:49 ----D---- C:\Program Files\Internet Explorer
2011-02-09 20:19:39 ----D---- C:\WINDOWS\ie8updates
2011-02-09 20:19:35 ----HD---- C:\WINDOWS\$hf_mig$
2011-02-09 18:20:12 ----D---- C:\Documents and Settings\tam\Data aplikací\ICQ
2011-02-09 14:25:00 ----D---- C:\Program Files\Counter-Strike 1.6
2011-02-06 23:32:06 ----D---- C:\Documents and Settings\tam\Data aplikací\PriceGong
2011-02-06 14:38:51 ----D---- C:\Program Files\Absolute Poker
2011-02-03 18:17:57 ----D---- C:\Program Files\BitComet
2011-02-03 16:53:37 ----RD---- C:\Program Files
2011-02-03 15:30:48 ----D---- C:\Downloads
2011-02-03 15:25:27 ----D---- C:\Documents and Settings\tam\Data aplikací\uTorrent
2011-02-03 00:48:08 ----A---- C:\WINDOWS\NeroDigital.ini
2011-01-26 19:01:11 ----SHD---- C:\WINDOWS\Installer
2011-01-26 19:01:11 ----SD---- C:\Documents and Settings\tam\Data aplikací\Microsoft
2011-01-26 19:01:11 ----D---- C:\Config.Msi
2011-01-22 20:51:31 ----D---- C:\Program Files\Google
2011-01-22 20:22:17 ----D---- C:\WINDOWS\system32\NtmsData
2011-01-22 20:21:41 ----SHD---- C:\System Volume Information
2011-01-22 20:10:43 ----D---- C:\Documents and Settings\tam\Data aplikací\Media Player Classic
2011-01-22 20:10:12 ----D---- C:\Documents and Settings\tam\Data aplikací\Azureus
2011-01-22 19:53:41 ----D---- C:\Program Files\LooksBuilder
2011-01-22 19:53:37 ----D---- C:\Program Files\Magic Bullet Quick Looks Vegas
2011-01-22 19:46:16 ----D---- C:\WINDOWS\Registration
2011-01-22 19:35:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-01-22 18:46:28 ----D---- C:\Program Files\Common Files
2011-01-21 15:44:07 ----A---- C:\WINDOWS\system32\shimgvw.dll
2011-01-21 15:44:07 ----A---- C:\WINDOWS\system32\shell32.dll
2011-01-16 21:40:50 ----D---- C:\FILMY
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-11-14 43528]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 pctgntdi;pctgntdi; \??\C:\WINDOWS\system32\drivers\pctgntdi.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R3 ESLvnic1;ESLvnic Virtual Network 32 Bit; C:\WINDOWS\system32\DRIVERS\ESLvnic.sys [2010-11-26 24504]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-03-06 58752]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-03-06 19968]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2007-02-16 12032]
R3 pctNDIS;PC Tools Driver; C:\WINDOWS\system32\DRIVERS\pctNdis.sys [2010-01-07 58816]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-06-16 691696]
S1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
S1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
S1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-12-20 135096]
S1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
S2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-11-23 61960]
S2 ESLWireAC;ESLWireAC; \??\C:\WINDOWS\system32\drivers\ESLWireACD.sys []
S2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
S2 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2010-01-27 50704]
S2 PCTAppEvent;PCTAppEvent Driver; \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys []
S3 dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Ovladač třídy skeneru standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 dot4usb;Filtr Dot4USB Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-07-01 25280]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-11-27 4630016]
S3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
S3 Ndisprot;ArcNet NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\Ndisprot.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-10-08 9587776]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver; \??\C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys []
S3 pctplfw;pctplfw; \??\C:\WINDOWS\system32\drivers\pctplfw.sys []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-12-09 267944]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-11-02 135336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate1c99694d879faee;Služba Google Update (gupdate1c99694d879faee); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-24 133104]
S2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2009-08-17 14336]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-10 153376]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-10-08 156776]
S2 PCToolsFirewallPlus;PC Tools Firewall Plus; C:\Program Files\PC Tools Firewall Plus\FWService.exe [2009-11-09 818432]
S2 vvdsvc;VJVodClientServices; C:\WINDOWS\System32\svchost.exe [2009-08-17 14336]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-07-21 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Virus security alebo system tool..
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Virus security alebo system tool..
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Virus security alebo system tool..
Takze log z combofixu:
ComboFix 11-02-11.02 - tam . 02. 2011 14:48:04.5.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.991.691 [GMT 1:00]
Running from: c:\documents and settings\tam\Plocha\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: PC Tools Firewall Plus *Enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikací\dFgIgOk14700
c:\documents and settings\All Users\Data aplikací\dFgIgOk14700\dFgIgOk14700
c:\documents and settings\All Users\Data aplikací\dFgIgOk14700\dFgIgOk14700.exe
c:\documents and settings\tam\Data aplikací\Desktopicon
c:\documents and settings\tam\Data aplikací\Desktopicon\eBayShortcuts.exe
c:\documents and settings\tam\Data aplikací\PriceGong
c:\documents and settings\tam\Data aplikací\PriceGong\Data\1.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\a.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\b.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\c.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\d.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\e.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\f.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\g.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\h.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\i.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\J.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\k.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\l.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\m.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\mru.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\n.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\o.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\p.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\q.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\r.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\s.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\t.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\u.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\v.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\w.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\x.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\y.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\z.xml
c:\documents and settings\tam\Dokumenty\cc_20110122_200250.reg
c:\windows\system32\Ijl11.dll
c:\windows\system32\vbpng1.dll
.
((((((((((((((((((((((((( Files Created from 2011-01-12 to 2011-02-12 )))))))))))))))))))))))))))))))
.
2011-02-12 13:29 . 2011-02-12 13:29 -------- d-----w- C:\rsit
2011-02-03 15:53 . 2011-02-03 15:53 -------- d-----w- c:\program files\Maxis
2011-01-26 18:01 . 2011-01-26 18:01 5120 ----a-r- c:\documents and settings\tam\Data aplikací\Microsoft\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
2011-01-24 14:04 . 2011-01-24 14:04 -------- d-----w- c:\program files\CCleaner
2011-01-24 13:57 . 2011-01-24 14:03 -------- d-----w- c:\program files\Zrychlenie PC
2011-01-22 23:36 . 2011-01-22 23:36 249856 ------w- c:\windows\Setup1.exe
2011-01-22 23:36 . 2011-01-22 23:36 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-01-22 22:53 . 2011-01-22 22:53 -------- d-----w- c:\program files\Lavalys
2011-01-22 14:39 . 2011-01-22 14:39 -------- d-----w- c:\program files\WinPcap
2011-01-22 14:39 . 2010-10-16 23:50 3056008 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
2011-01-22 14:39 . 2011-01-22 14:40 -------- d-----w- c:\documents and settings\tam\Local Settings\Data aplikací\OpenCandy
2011-01-22 14:39 . 2011-01-22 14:39 -------- d-----w- c:\documents and settings\tam\Data aplikací\OpenCandy
2011-01-22 14:39 . 2011-01-22 17:46 -------- d-----w- c:\program files\VDownloader
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2008-04-14 06:51 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2008-04-14 06:37 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2008-04-14 05:45 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2008-04-14 06:51 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2008-04-14 06:52 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2008-04-14 06:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:52 . 2008-04-14 06:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 17:25 . 2008-04-14 06:51 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 17:09 . 2010-08-24 11:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-08-24 11:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 12:55 . 2008-04-14 05:50 385024 ----a-w- c:\windows\system32\html.iec
2010-12-20 10:44 . 2010-09-25 12:34 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-14 19:51 . 2010-12-14 19:51 1742 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2010-12-11 12:33 . 2010-12-11 12:33 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-12-09 15:15 . 2008-04-14 06:51 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2008-04-14 08:06 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 15:14 . 2008-04-14 06:06 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 14:30 . 2008-04-14 06:51 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-11-26 09:10 . 2010-12-05 14:24 841912 ----a-w- c:\windows\system32\drivers\ESLWireACD.sys
2010-11-26 09:10 . 2010-12-05 14:24 24504 ----a-w- c:\windows\system32\drivers\ESLvnic.sys
2010-11-22 23:00 . 2010-09-25 12:34 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-18 18:15 . 2008-05-14 13:08 81920 ----a-w- c:\windows\system32\isign32.dll
2010-08-03 10:53 . 2010-08-03 10:53 36868 ----a-w- c:\program files\uninst-Particular.exe
2010-08-03 10:51 . 2010-08-03 10:51 36868 ----a-w- c:\program files\uninst-Lux.exe
2010-08-03 10:49 . 2010-08-03 10:47 36868 ----a-w- c:\program files\uninst-Echospace.exe
2007-07-17 11:13 . 2007-07-12 09:51 61440 ----a-w- c:\program files\RGSGrowBounds.aex
2007-05-03 15:32 . 2007-05-03 15:32 434 ----a-w- c:\program files\setup_bs.exe
2001-09-25 20:05 . 2009-02-28 22:13 1707856 ----a-w- c:\program files\InstMsiA.Exe
2001-09-11 23:04 . 2009-02-28 22:13 1821008 ----a-w- c:\program files\InstMsiW.Exe
.
------- Sigcheck -------
[-] 2008-05-07 . F587B0981034E79FF9C447C16CB66380 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo0.dll" [2011-01-06 3911776]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-06 13:05 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngin0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-01-06 13:05 3911776 ----a-w- c:\program files\uTorrentBar\tbuTo0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo0.dll" [2011-01-06 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2011-01-06 3911776]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTo0.dll" [2011-01-06 3911776]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2010-11-17 1242448]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"Octoshape Streaming Services"="c:\documents and settings\tam\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"Google Update"="c:\documents and settings\tam\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-22 16858112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-26 202256]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-08 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-08 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hltv.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Steam\\steamapps\\phioneer\\dedicated server\\hltv.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\lukesin15\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Documents and Settings\\tam\\Data aplikací\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\tam\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Steam\\steamapps\\phioneer\\dedicated server\\hlds.exe"=
"c:\\Documents and Settings\\tam\\Plocha\\NOVE MOVIE\\genArts sapphire plugins\\GENARTS_SAPPHIRE\\rlm.exe"=
"c:\\Program Files\\Adobe\\Adobe After Effects CS4\\Support Files\\AfterFX.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\EslWire\\wire.exe"=
"c:\\Program Files\\Steam\\steamapps\\phioneer\\counter-strike\\hl.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12817:TCP"= 12817:TCP:BitComet 12817 TCP
"12817:UDP"= 12817:UDP:BitComet 12817 UDP
"14457:TCP"= 14457:TCP:BitComet 14457 TCP
"14457:UDP"= 14457:UDP:BitComet 14457 UDP
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [24. 8. 2010 20:11 233136]
R3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [5. 12. 2010 15:24 24504]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [24. 8. 2010 20:10 58816]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21. 5. 2008 21:04 691696]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [25. 9. 2010 13:34 135336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18. 3. 2010 12:16 130384]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [5. 12. 2010 15:24 841912]
S2 gupdate1c99694d879faee;Služba Google Update (gupdate1c99694d879faee);c:\program files\Google\Update\GoogleUpdate.exe [24. 2. 2009 16:30 133104]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27. 1. 2010 3:09 50704]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [24. 8. 2010 20:11 88040]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [25. 11. 2008 19:42 27904]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [24. 8. 2010 20:10 70664]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [24. 8. 2010 20:10 115216]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18. 3. 2010 12:16 753504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder
2011-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 15:30]
2011-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 15:30]
2011-02-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-764733703-1177238915-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
2011-02-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-764733703-1177238915-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://eu.ask.com?o=14780&l=dis
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
DPF: {2827941E-F3B4-11D1-870D-00006E30EA7D} - hxxp://ebanka.tuke.sk/Ib/sk/objects/SigningProj.cab
DPF: {A4735C9C-6626-4386-9B93-2D9B79047AB8} - hxxp://televizia.joj.sk/fileadmin/joj_player/JOJ_Explorer_Player.cab
DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} - hxxp://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
FF - ProfilePath - c:\documents and settings\tam\Data aplikací\Mozilla\Firefox\Profiles\p79xkhnr.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-12 14:53
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-329068152-764733703-1177238915-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:6d,4e,ec,71,67,9b,e6,a3,97,38,64,42,ea,66,3b,bb,27,7d,75,f5,12,32,38,
09,1d,e7,ce,e6,cf,f4,9c,f3,d3,87,c3,b7,3c,ec,71,9a,ca,c3,9e,35,36,37,b5,f9,\
"??"=hex:24,87,4a,ae,2e,96,d4,2c,9e,c5,0a,7e,0a,a2,54,3e
[HKEY_USERS\S-1-5-21-329068152-764733703-1177238915-1003\Software\SecuROM\License information*]
"datasecu"=hex:a8,54,bc,21,be,e4,ee,9c,b9,6e,d9,29,25,7a,20,c9,03,69,b0,e1,e0,
02,47,b9,00,b5,35,a8,40,7d,23,0d,d8,90,db,6f,04,42,40,66,84,04,3a,d5,3a,ad,\
"rkeysecu"=hex:c9,cf,ca,23,e6,27,fa,31,26,64,84,09,80,f6,2f,25
.
Completion time: 2011-02-12 14:54:48
ComboFix-quarantined-files.txt 2011-02-12 13:54
Pre-Run: Volných bajtů: 42 603 618 304
Post-Run: Volných bajtů: 42 778 365 952
- - End Of File - - 08950D251EEE196EB810F039E980F74C
ComboFix 11-02-11.02 - tam . 02. 2011 14:48:04.5.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.991.691 [GMT 1:00]
Running from: c:\documents and settings\tam\Plocha\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: PC Tools Firewall Plus *Enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikací\dFgIgOk14700
c:\documents and settings\All Users\Data aplikací\dFgIgOk14700\dFgIgOk14700
c:\documents and settings\All Users\Data aplikací\dFgIgOk14700\dFgIgOk14700.exe
c:\documents and settings\tam\Data aplikací\Desktopicon
c:\documents and settings\tam\Data aplikací\Desktopicon\eBayShortcuts.exe
c:\documents and settings\tam\Data aplikací\PriceGong
c:\documents and settings\tam\Data aplikací\PriceGong\Data\1.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\a.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\b.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\c.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\d.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\e.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\f.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\g.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\h.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\i.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\J.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\k.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\l.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\m.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\mru.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\n.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\o.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\p.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\q.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\r.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\s.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\t.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\u.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\v.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\w.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\x.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\y.xml
c:\documents and settings\tam\Data aplikací\PriceGong\Data\z.xml
c:\documents and settings\tam\Dokumenty\cc_20110122_200250.reg
c:\windows\system32\Ijl11.dll
c:\windows\system32\vbpng1.dll
.
((((((((((((((((((((((((( Files Created from 2011-01-12 to 2011-02-12 )))))))))))))))))))))))))))))))
.
2011-02-12 13:29 . 2011-02-12 13:29 -------- d-----w- C:\rsit
2011-02-03 15:53 . 2011-02-03 15:53 -------- d-----w- c:\program files\Maxis
2011-01-26 18:01 . 2011-01-26 18:01 5120 ----a-r- c:\documents and settings\tam\Data aplikací\Microsoft\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
2011-01-24 14:04 . 2011-01-24 14:04 -------- d-----w- c:\program files\CCleaner
2011-01-24 13:57 . 2011-01-24 14:03 -------- d-----w- c:\program files\Zrychlenie PC
2011-01-22 23:36 . 2011-01-22 23:36 249856 ------w- c:\windows\Setup1.exe
2011-01-22 23:36 . 2011-01-22 23:36 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-01-22 22:53 . 2011-01-22 22:53 -------- d-----w- c:\program files\Lavalys
2011-01-22 14:39 . 2011-01-22 14:39 -------- d-----w- c:\program files\WinPcap
2011-01-22 14:39 . 2010-10-16 23:50 3056008 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
2011-01-22 14:39 . 2011-01-22 14:40 -------- d-----w- c:\documents and settings\tam\Local Settings\Data aplikací\OpenCandy
2011-01-22 14:39 . 2011-01-22 14:39 -------- d-----w- c:\documents and settings\tam\Data aplikací\OpenCandy
2011-01-22 14:39 . 2011-01-22 17:46 -------- d-----w- c:\program files\VDownloader
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2008-04-14 06:51 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2008-04-14 06:37 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2008-04-14 05:45 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2008-04-14 06:51 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2008-04-14 06:52 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2008-04-14 06:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:52 . 2008-04-14 06:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 17:25 . 2008-04-14 06:51 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 17:09 . 2010-08-24 11:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-08-24 11:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 12:55 . 2008-04-14 05:50 385024 ----a-w- c:\windows\system32\html.iec
2010-12-20 10:44 . 2010-09-25 12:34 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-14 19:51 . 2010-12-14 19:51 1742 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2010-12-11 12:33 . 2010-12-11 12:33 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-12-09 15:15 . 2008-04-14 06:51 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2008-04-14 08:06 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 15:14 . 2008-04-14 06:06 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 14:30 . 2008-04-14 06:51 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-11-26 09:10 . 2010-12-05 14:24 841912 ----a-w- c:\windows\system32\drivers\ESLWireACD.sys
2010-11-26 09:10 . 2010-12-05 14:24 24504 ----a-w- c:\windows\system32\drivers\ESLvnic.sys
2010-11-22 23:00 . 2010-09-25 12:34 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-18 18:15 . 2008-05-14 13:08 81920 ----a-w- c:\windows\system32\isign32.dll
2010-08-03 10:53 . 2010-08-03 10:53 36868 ----a-w- c:\program files\uninst-Particular.exe
2010-08-03 10:51 . 2010-08-03 10:51 36868 ----a-w- c:\program files\uninst-Lux.exe
2010-08-03 10:49 . 2010-08-03 10:47 36868 ----a-w- c:\program files\uninst-Echospace.exe
2007-07-17 11:13 . 2007-07-12 09:51 61440 ----a-w- c:\program files\RGSGrowBounds.aex
2007-05-03 15:32 . 2007-05-03 15:32 434 ----a-w- c:\program files\setup_bs.exe
2001-09-25 20:05 . 2009-02-28 22:13 1707856 ----a-w- c:\program files\InstMsiA.Exe
2001-09-11 23:04 . 2009-02-28 22:13 1821008 ----a-w- c:\program files\InstMsiW.Exe
.
------- Sigcheck -------
[-] 2008-05-07 . F587B0981034E79FF9C447C16CB66380 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo0.dll" [2011-01-06 3911776]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-06 13:05 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngin0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-01-06 13:05 3911776 ----a-w- c:\program files\uTorrentBar\tbuTo0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo0.dll" [2011-01-06 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2011-01-06 3911776]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTo0.dll" [2011-01-06 3911776]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2010-11-17 1242448]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"Octoshape Streaming Services"="c:\documents and settings\tam\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"Google Update"="c:\documents and settings\tam\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-22 16858112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-26 202256]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-08 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-08 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hltv.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Steam\\steamapps\\phioneer\\dedicated server\\hltv.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\lukesin15\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Documents and Settings\\tam\\Data aplikací\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\tam\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Steam\\steamapps\\phioneer\\dedicated server\\hlds.exe"=
"c:\\Documents and Settings\\tam\\Plocha\\NOVE MOVIE\\genArts sapphire plugins\\GENARTS_SAPPHIRE\\rlm.exe"=
"c:\\Program Files\\Adobe\\Adobe After Effects CS4\\Support Files\\AfterFX.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\EslWire\\wire.exe"=
"c:\\Program Files\\Steam\\steamapps\\phioneer\\counter-strike\\hl.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12817:TCP"= 12817:TCP:BitComet 12817 TCP
"12817:UDP"= 12817:UDP:BitComet 12817 UDP
"14457:TCP"= 14457:TCP:BitComet 14457 TCP
"14457:UDP"= 14457:UDP:BitComet 14457 UDP
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [24. 8. 2010 20:11 233136]
R3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [5. 12. 2010 15:24 24504]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [24. 8. 2010 20:10 58816]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21. 5. 2008 21:04 691696]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [25. 9. 2010 13:34 135336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18. 3. 2010 12:16 130384]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [5. 12. 2010 15:24 841912]
S2 gupdate1c99694d879faee;Služba Google Update (gupdate1c99694d879faee);c:\program files\Google\Update\GoogleUpdate.exe [24. 2. 2009 16:30 133104]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27. 1. 2010 3:09 50704]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [24. 8. 2010 20:11 88040]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [25. 11. 2008 19:42 27904]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [24. 8. 2010 20:10 70664]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [24. 8. 2010 20:10 115216]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18. 3. 2010 12:16 753504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder
2011-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 15:30]
2011-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 15:30]
2011-02-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-764733703-1177238915-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
2011-02-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-764733703-1177238915-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://eu.ask.com?o=14780&l=dis
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
DPF: {2827941E-F3B4-11D1-870D-00006E30EA7D} - hxxp://ebanka.tuke.sk/Ib/sk/objects/SigningProj.cab
DPF: {A4735C9C-6626-4386-9B93-2D9B79047AB8} - hxxp://televizia.joj.sk/fileadmin/joj_player/JOJ_Explorer_Player.cab
DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} - hxxp://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
FF - ProfilePath - c:\documents and settings\tam\Data aplikací\Mozilla\Firefox\Profiles\p79xkhnr.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-12 14:53
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-329068152-764733703-1177238915-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:6d,4e,ec,71,67,9b,e6,a3,97,38,64,42,ea,66,3b,bb,27,7d,75,f5,12,32,38,
09,1d,e7,ce,e6,cf,f4,9c,f3,d3,87,c3,b7,3c,ec,71,9a,ca,c3,9e,35,36,37,b5,f9,\
"??"=hex:24,87,4a,ae,2e,96,d4,2c,9e,c5,0a,7e,0a,a2,54,3e
[HKEY_USERS\S-1-5-21-329068152-764733703-1177238915-1003\Software\SecuROM\License information*]
"datasecu"=hex:a8,54,bc,21,be,e4,ee,9c,b9,6e,d9,29,25,7a,20,c9,03,69,b0,e1,e0,
02,47,b9,00,b5,35,a8,40,7d,23,0d,d8,90,db,6f,04,42,40,66,84,04,3a,d5,3a,ad,\
"rkeysecu"=hex:c9,cf,ca,23,e6,27,fa,31,26,64,84,09,80,f6,2f,25
.
Completion time: 2011-02-12 14:54:48
ComboFix-quarantined-files.txt 2011-02-12 13:54
Pre-Run: Volných bajtů: 42 603 618 304
Post-Run: Volných bajtů: 42 778 365 952
- - End Of File - - 08950D251EEE196EB810F039E980F74C
Re: Virus security alebo system tool..
mimochodom stale som pre istotu v nudzovom rezime... Myslite ze uz mozem ist spat do normalneho? Ci este radsej ostat v nudzovom?
Re: Virus security alebo system tool..
Rudy omluva za vstup, byla jsem požádana po sz o záskok 
Můžete už klidně do běžného režimu, pokud funguje.
Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Můžete už klidně do běžného režimu, pokud funguje.
Stahněte MBAM z mého podpisu-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Virus security alebo system tool..
LOG Z Malwarebytes (uplny scan):
Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org
Verze databáze: 5748
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
12. 2. 2011 17:59:44
mbam-log-2011-02-12 (17-59-33).txt
Typ kontroly: Úplný test (C:\|S:\|)
Testované objekty: 285309
Uplynulý čas: 34 minut, 5 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 4
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
c:\Qoobox\quarantine\C\documents and settings\tam\data aplikací\desktopicon\ebayshortcuts.exe.vir (Adware.ADON) -> No action taken.
c:\system volume information\_restore{f7606d8f-6897-41e3-9385-4ce95805dd82}\RP91\A0054651.exe (Adware.ADON) -> No action taken.
c:\system volume information\_restore{f7606d8f-6897-41e3-9385-4ce95805dd82}\RP95\A0066226.exe (Adware.ADON) -> No action taken.
s:\ASUS_MT\j.river media center 12\Patch\j.river.mc.12.0.x.[2007.06.07]-patch.exe (Malware.Packer.Gen) -> No action taken.
Mozem zmazat? a co ten combofix log? vyzera byt uz ok?
Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org
Verze databáze: 5748
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
12. 2. 2011 17:59:44
mbam-log-2011-02-12 (17-59-33).txt
Typ kontroly: Úplný test (C:\|S:\|)
Testované objekty: 285309
Uplynulý čas: 34 minut, 5 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 4
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
c:\Qoobox\quarantine\C\documents and settings\tam\data aplikací\desktopicon\ebayshortcuts.exe.vir (Adware.ADON) -> No action taken.
c:\system volume information\_restore{f7606d8f-6897-41e3-9385-4ce95805dd82}\RP91\A0054651.exe (Adware.ADON) -> No action taken.
c:\system volume information\_restore{f7606d8f-6897-41e3-9385-4ce95805dd82}\RP95\A0066226.exe (Adware.ADON) -> No action taken.
s:\ASUS_MT\j.river media center 12\Patch\j.river.mc.12.0.x.[2007.06.07]-patch.exe (Malware.Packer.Gen) -> No action taken.
Mozem zmazat? a co ten combofix log? vyzera byt uz ok?
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Virus security alebo system tool..
Smažte vše, co MBAM nalezl a ještě c:\program files\Common Files\AskToolbarInstaller.exe . CF smazal několik infikovaných položek. Zbytek vypadá čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Virus security alebo system tool..
OK zmazane po restartovani vyzera byt uz PC v poriadku...
Takze ziadne dalsie cistenie nieje nutne? presiel som to este ccleanerom a rychlim scanom Malwarebytes a nic nenaslo. Vdaka za pomoc.
Inak nechapem ako sa takto rychlo dokaze PC nainfikovat. Po spusteni asi 5 minut a prezeral som len stranky slovenskych dennikov...samozrejme mam antivirus (aviru) a pc tools firewall plus. Nepomohlo
po restartovani vyzera byt uz PC v poriadku...Takze ziadne dalsie cistenie nieje nutne? presiel som to este ccleanerom a rychlim scanom Malwarebytes a nic nenaslo. Vdaka za pomoc.
Inak nechapem ako sa takto rychlo dokaze PC nainfikovat. Po spusteni asi 5 minut a prezeral som len stranky slovenskych dennikov...samozrejme mam antivirus (aviru) a pc tools firewall plus. Nepomohlo
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Virus security alebo system tool..
Pokud se PC chová korektně, není nic dalšího třeba. Infikování PC je někdy rychlůejší, než si umíte představit. 
Nemáte zač!
Nemáte zač!Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?