Dárek k narozeninám - XP Total Security Infection

[LDs]

Dostal jsem opravdu hezký dárek k dnešním narozením. Volám o pomoc. Děkuju

Logfile of random's system information tool 1.08 (written by random/random)
Run by Megabook at 2011-04-02 06:43:29
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (16%) free of 15 GB
Total RAM: 959 MB (37% free)


======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngin0.dll [2011-01-01 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-06-28 2411584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-09-01 842296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTo1.dll [2011-01-01 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-06-28 2411584]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTo1.dll [2011-01-01 3911776]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngin0.dll [2011-01-01 3911776]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-06-15 7573504]
"nwiz"=nwiz.exe /install []
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-12-05 16061440]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
""= []
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"LiveMonitor"=C:\Program Files\MSI\Live Update 3\LMonitor.exe [2007-01-17 496640]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2007-05-15 35328]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"iPPCamScan"=C:\WINDOWS\iPScan.exe [2008-01-23 86016]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-13 68856]
"mxClock"=C:\Documents and Settings\Megabook\Plocha\mxClock.exe [2006-10-12 720482]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-09-29 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-12-08 30208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\scheduler_monitor]
C:\Program Files\ReaConverter 5.5 Pro\init_scheduler.exe [2007-06-15 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\µTorrent]
C:\Program Files\uTorrent\utorrent.exe [2010-12-13 395640]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 200064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-04-19 52224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Totalcmd6.01\TOTALCMD.EXE"="C:\Program Files\Totalcmd6.01\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\StrongDC 203\StrongDC.exe"="C:\Program Files\StrongDC 203\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\Mv2Player\Mv2PlayerPlus.exe"="C:\Program Files\Mv2Player\Mv2PlayerPlus.exe:*:Enabled:Mv2PlayerPlus"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe"="C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

======File associations======

.exe - open - "C:\Documents and Settings\Megabook\Local Settings\Data aplikací\vpy.exe" -a "%1" %*
.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2011-04-02 06:43:35 ----D---- C:\Program Files\trend micro
2011-04-02 06:43:29 ----D---- C:\rsit
2011-03-26 09:31:42 ----D---- C:\Program Files\QuickTime
2011-03-16 09:46:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\McAfee

======List of files/folders modified in the last 1 months======

2011-04-02 06:43:35 ----RD---- C:\Program Files
2011-04-02 06:43:26 ----D---- C:\WINDOWS\Prefetch
2011-04-02 06:32:38 ----A---- C:\WINDOWS\wincmd.ini
2011-04-02 04:02:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-04-02 02:46:31 ----D---- C:\WINDOWS\Temp
2011-04-01 18:33:45 ----D---- C:\WINDOWS
2011-04-01 18:33:43 ----D---- C:\WINDOWS\system32\CatRoot2
2011-03-31 23:08:03 ----D---- C:\Temp
2011-03-30 21:04:38 ----D---- C:\Documents and Settings\Megabook\Data aplikací\PriceGong
2011-03-30 10:20:59 ----SD---- C:\WINDOWS\Tasks
2011-03-29 09:23:35 ----D---- C:\WINDOWS\system32
2011-03-29 09:23:35 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-03-29 03:45:55 ----D---- C:\Documents and Settings\Megabook\Data aplikací\RCP 5
2011-03-26 09:34:11 ----SHD---- C:\WINDOWS\Installer
2011-03-26 09:31:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2011-03-25 04:18:12 ----D---- C:\Program Files\Mozilla Firefox
2011-03-23 23:40:16 ----D---- C:\Documents and Settings\Megabook\Data aplikací\Skype
2011-03-23 20:12:30 ----D---- C:\Documents and Settings\Megabook\Data aplikací\skypePM
2011-03-22 09:01:15 ----D---- C:\Documents and Settings\Megabook\Data aplikací\Google
2011-03-22 08:58:10 ----D---- C:\Program Files\Google
2011-03-16 09:46:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2011-03-04 05:15:35 ----D---- C:\Documents and Settings\Megabook\Data aplikací\uTorrent

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2010-06-30 64288]
R0 O2MDRDR;O2MDRDR; C:\WINDOWS\system32\DRIVERS\o2media.sys [2006-02-27 34880]
R0 O2SDRDR;O2SDRDR; C:\WINDOWS\system32\DRIVERS\o2sd.sys [2006-02-20 29056]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2007-08-21 611064]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 ISODrive;ISO CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-05-13 20747]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-06-29 1160320]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-12-18 4407808]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-06-15 3660672]
R3 RT61;Ralink RT61 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2006-01-19 363008]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-05-31 96896]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-04 48128]
S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600]
S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-04 38912]
S3 Bridge;Most MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2004-08-03 71552]
S3 BridgeMP;Miniport mostu MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2004-08-03 71552]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 DCamUSBTP10;StarCam mini+; C:\WINDOWS\System32\Drivers\iP293x.sys [2008-01-28 241920]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-06-03 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-06-03 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-06-03 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-06-03 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-06-03 79488]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-04 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
S3 sdbus;sdbus; C:\WINDOWS\System32\DRIVERS\sdbus.sys [2004-08-03 67584]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys [2007-08-21 223128]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-06-15 143427]
R2 O2Flash;O2Micro Flash Memory; C:\WINDOWS\system32\o2flash.exe [2005-01-27 36864]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2005-08-08 167936]
R2 UxTuneUp;TuneUp Design Expansion; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-22 136176]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-28 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-06-30 1352832]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 rcp_service;ReaConverter scheduler service; C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe [2007-11-30 558592]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-04-19 823808]

-----------------EOF-----------------

[cernohous13]

Zdravím,

XP Total Security Infection - od čeho je ta hláška?

Stáhni a nainstaluj MBAM zde http://www.download.com/Malwarebytes-An ... tag=button
Spustit > na 3.záložce "Aktualizace" > Kontrola aktualizací
následně na 1.záložce "Kontrolor" -> Rychlá kontrola -> Prohledat
po dokončení scanu vyskočí okno Notepad s výsledkem - obsah zkopíruj do své odpovědi
zatím nic nemazat - počkej na posouzení

[LDs]

tak ta hláška xp total security je moje, takhle se mi neustále otevírají okna s tímhle názvem na ploše

bohužel jsem ztratil kontrolu nad počítačem, nešly instalovat programy ani se připojit k internetu. naštěstí jako jediný odolal spybot, takže jsem ho před chvílí spustil, stáhnul si dokonce aktualizace a provedl test...

výsledkem 45 opravených problémů, ale hlavně znovu přístup na internet, tak jsem tu.

soft nainstalován, kontrola provedena, tady výsledek

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 6244

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

2.4.2011 8:53:05
mbam-log-2011-04-02 (08-52-59).txt

Typ kontroly: Rychlý test
Testované objekty: 156732
Uplynulý čas: 3 minut, 25 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 1
Infikované datové položky v registru: 3
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> No action taken.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\documents and settings\Megabook\data aplikací\avdrn.dat (Malware.Trace) -> No action taken.

[vyosek]

Zdravim a pekny den preji

Omlouvam se kolegovi za vstup - viz PMku

Nalezy MBAMu smazte

Prihlaste se do nouzoveho rezimu (restart PC, mackat F8, zvolit stav nouze s praci v siti)

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill SCR:
  http://download.bleepingcomputer.com/grinler/rkill.scr
  
  Rkill PIF:
  http://download.bleepingcomputer.com/grinler/rkill.pif

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[LDs]

bohužel v nouzovem režimu s prací v síti mi nefunguje internet, zkoušel jsem se hrabat v nastavení sítě, wifi atd. ale bohužel nespolupracuje

co mám dělat, mám programy stáhnout v normálním režimu a pak spustit v nouzovem?



... no nic, zkusím se přihlásit později

[motji]

Hezké dopoledne, záskok za kolegu.
Ano, zkuste

[LDs]

ComboFix 11-04-01.01 - Megabook 02.04.2011 19:25:06.1.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.959.767 [GMT 2:00]
Spuštěný z: c:\documents and settings\Megabook\Dokumenty\Stažené soubory\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 110402-1] *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Megabook\Data aplikací\PriceGong
c:\documents and settings\Megabook\Data aplikací\PriceGong\Data\1.xml
c:\documents and settings\Megabook\Data aplikací\PriceGong\Data\a.xml
c:\documents and settings\Megabook\Data aplikací\PriceGong\Data\b.xml
c:\documents and settings\Megabook\Data aplikací\PriceGong\Data\c.xml
c:\documents and settings\Megabook\Data aplikací\PriceGong\Data\d.xml
c:\documents and settings\Megabook\Data aplikací\PriceGong\Data\e.xml
c:\documents and settings\Megabook\Data aplikací\PriceGong\Data\f.xml
c:\documents and settings\Megabook\Data aplikací\PriceGong\Data\g.xml
c:\documents and settings\Megabook\Data aplikací\PriceGong\Data\h.xml
c:\documents and settings\Megabook\Data aplikací\PriceGong\Data\i.xml
c:\documents and settings\Megabook\Data aplikací\PriceGong\Data\J.xml
c:\documents and settings\Megabook\Data aplikací\PriceGong\Data\k.xml
c:\documents and settings\Megabook\Data aplikací\PriceGong\Data\l.xml
c:\documents and settings\Megabook\Data aplikací\PriceGong\Data\m.xml
c:\documents and settings\Megabook\Data aplikací\PriceGong\Data\mru.xml
c:\documents and settings\Megabook\Data aplikací\PriceGong\Data\n.xml
c:\documents and settings\Megabook\Data aplikací\PriceGong\Data\o.xml
c:\documents and settings\Megabook\Data aplikací\PriceGong\Data\p.xml
c:\documents and settings\Megabook\Data aplikací\PriceGong\Data\q.xml
c:\documents and settings\Megabook\Data aplikací\PriceGong\Data\r.xml
c:\documents and settings\Megabook\Data aplikací\PriceGong\Data\s.xml
c:\documents and settings\Megabook\Data aplikací\PriceGong\Data\t.xml
c:\documents and settings\Megabook\Data aplikací\PriceGong\Data\u.xml
c:\documents and settings\Megabook\Data aplikací\PriceGong\Data\v.xml
c:\documents and settings\Megabook\Data aplikací\PriceGong\Data\w.xml
c:\documents and settings\Megabook\Data aplikací\PriceGong\Data\x.xml
c:\documents and settings\Megabook\Data aplikací\PriceGong\Data\y.xml
c:\documents and settings\Megabook\Data aplikací\PriceGong\Data\z.xml
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-02 do 2011-04-02 )))))))))))))))))))))))))))))))
.
.
2011-04-02 07:33 . 2011-04-02 07:33 -------- d-----w- c:\documents and settings\Administrator
2011-04-02 06:46 . 2011-04-02 06:46 -------- d-----w- c:\documents and settings\Megabook\Data aplikací\Malwarebytes
2011-04-02 06:46 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-02 06:46 . 2011-04-02 06:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-04-02 06:46 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-02 06:46 . 2011-04-02 06:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-02 04:43 . 2011-04-02 05:59 -------- d-----w- c:\program files\trend micro
2011-04-02 04:43 . 2011-04-02 04:43 -------- d-----w- C:\rsit
2011-04-02 04:15 . 2011-04-02 04:15 335872 --sha-w- c:\documents and settings\Megabook\Local Settings\Data aplikací\vpy.exe
2011-03-22 07:00 . 2011-03-22 07:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2011-03-16 07:46 . 2011-03-16 07:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\McAfee
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2011-01-01 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-01 06:17 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngin0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-01-01 06:17 3911776 ----a-w- c:\program files\uTorrentBar\tbuTo1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2011-01-01 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2011-01-01 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2011-01-01 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-13 68856]
"mxClock"="c:\documents and settings\Megabook\Plocha\mxClock.exe" [2006-10-12 720482]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-15 7573504]
"nwiz"="nwiz.exe" [2006-06-15 1519616]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-05 16061440]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LiveMonitor"="c:\program files\MSI\Live Update 3\LMonitor.exe" [2007-01-17 496640]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"NvMediaCenter"="NvMCTray.dll" [2006-06-15 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"iPPCamScan"="c:\windows\iPScan.exe" [2008-01-23 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-6-17 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2007-5-13 589824]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-09-29 21:58 49152 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-12-07 22:57 30208 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\scheduler_monitor]
2007-06-15 08:17 27136 ----a-w- c:\program files\ReaConverter 5.5 Pro\init_scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2005-10-26 14:17 159744 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\µTorrent]
2010-12-13 09:12 395640 ----a-w- c:\program files\uTorrent\utorrent.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Totalcmd6.01\\TOTALCMD.EXE"=
"c:\\Program Files\\StrongDC 203\\StrongDC.exe"=
"c:\\Program Files\\Mv2Player\\Mv2PlayerPlus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [30.6.2010 18:22 64288]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [27.2.2006 15:00 34880]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [20.2.2006 16:01 29056]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.8.2007 19:17 611064]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [14.8.2008 14:37 114768]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.8.2008 14:37 20560]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [22.3.2011 8:57 136176]
S3 DCamUSBTP10;StarCam mini+;c:\windows\system32\drivers\iP293x.SYS [28.5.2010 15:59 241920]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4.2.2010 17:52 1352832]
S3 rcp_service;ReaConverter scheduler service;c:\program files\ReaConverter 5.5 Pro\rcp_scheduler.exe [30.11.2007 11:27 558592]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [21.8.2007 19:19 223128]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-25 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 13:13]
.
2011-03-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 16:20]
.
2011-04-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-22 06:56]
.
2011-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-22 06:56]
.
.
------- Doplňkový sken -------
.
uStart Page = About:Blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Megabook\Data aplikací\Mozilla\Firefox\Profiles\jjtzb0ui.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-02 19:29
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1409082233-1482476501-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2ABB7FC2-1870-9F2C-C344-3A3463F92868}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"eamheeghkc"=hex:66,61,6f,67,62,69,67,68,64,68,70,62,00,31
"daphplok"=hex:64,62,61,67,68,63,6a,61,6d,6b,62,64,6c,61,61,6a,6d,6a,6c,66,62,
68,61,66,63,68,67,63,69,64,6b,61,68,6c,6f,61,68,69,64,65,00,00
"iaefdbfgacceadbhid"=hex:6a,61,69,63,6a,6f,6f,6b,63,65,6c,6d,68,6b,68,64,6d,63,
64,6d,00,00
"hagghcbllcmbblbh"=hex:6a,61,69,63,6a,6f,6f,6b,63,65,6c,6d,68,6b,68,64,6d,63,
64,6d,00,00
.
[HKEY_USERS\S-1-5-21-1409082233-1482476501-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4B9A706A-CE6D-A1C1-47BA-DD9FC7AC5AB1}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaenalcndacbiainpb"=hex:6a,61,69,70,62,63,6f,68,68,6f,61,64,63,62,6b,6a,69,6a,
68,65,00,06
"hagpgmocehhfpgda"=hex:6a,61,69,70,6c,63,65,68,69,65,62,61,6e,61,6e,6c,67,66,
64,70,00,00
"eamnacebek"=hex:69,61,6f,6e,6b,65,63,6d,70,64,64,6a,61,6b,6c,64,65,6d,00,ff
"dablnihf"=hex:64,62,65,6e,68,67,70,6f,65,63,62,6b,6e,66,6e,69,68,67,63,62,6b,
61,68,62,68,66,6b,6e,62,65,6d,6c,69,70,6e,67,61,65,70,70,00,3d
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2ABB7FC2-1870-9F2C-C344-3A3463F92868}\InProcServer32*]
"facfgbpdlhnn"=hex:64,61,68,65,62,66,61,6a,00,04
"eacfdbapje"=hex:64,62,65,66,63,64,62,69,6b,6d,66,6d,68,6a,64,64,70,65,6c,6a,
61,67,6b,69,66,65,67,63,6b,62,62,6c,69,6a,6f,67,62,6b,69,67,00,3d
"gacfgbpdlhnnbo"=hex:64,61,68,65,62,66,61,6a,00,04
"facfdbapjedl"=hex:64,62,65,66,63,64,62,69,6b,6d,66,6d,68,6a,64,64,70,65,6c,6a,
61,67,6b,69,66,65,67,63,6b,62,62,6c,69,6a,6f,67,62,6b,69,67,00,3d
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4B9A706A-CE6D-A1C1-47BA-DD9FC7AC5AB1}\InProcServer32*]
"facnejcfhemn"=hex:69,61,6f,6e,6b,65,63,6d,70,64,64,6a,61,6b,6c,64,65,6d,00,ff
"eacnpibjmp"=hex:64,62,65,6e,68,67,70,6f,65,63,62,6b,6e,66,6e,69,68,67,63,62,
6b,61,68,62,68,66,6b,6e,62,65,6d,6c,69,70,6e,67,61,65,70,70,00,3d
"gacnejcfhemnne"=hex:69,61,6f,6e,6b,65,63,6d,70,64,64,6a,61,6b,6c,64,65,6d,00,
ff
"facnpibjmplb"=hex:64,62,65,6e,68,67,70,6f,65,63,62,6b,6e,66,6e,69,68,67,63,62,
6b,61,68,62,68,66,6b,6e,62,65,6d,6c,69,70,6e,67,61,65,70,70,00,3d
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2011-04-02 19:31:16
ComboFix-quarantined-files.txt 2011-04-02 17:31
.
Před spuštěním: 2 380 357 632
Po spuštění: 3 681 550 336
.
- - End Of File - - 9C51F77A0047CB2C6121FCF58DC20492

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  File::
  c:\documents and settings\Megabook\Local Settings\Data aplikací\vpy.exe
  
  Folder::
  c:\program files\uTorrentBar
  
  Registry::
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
  "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
  [-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "NeroFilterCheck"=-
  "WinampAgent"=-
  "SunJavaUpdateSched"=-
  "QuickTime Task"=-
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\scheduler_monitor]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\µTorrent]
  
  Driver::
  gupdate
  
  DDS::
  uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
  mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/cust ... _side.html
  uInternet Settings,ProxyOverride = 127.0.0.1
  uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
  
  RegLock::
  [HKEY_USERS\S-1-5-21-1409082233-1482476501-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2ABB7FC2-1870-9F2C-C344-3A3463F92868}*]
  [HKEY_USERS\S-1-5-21-1409082233-1482476501-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4B9A706A-CE6D-A1C1-47BA-DD9FC7AC5AB1}*]
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2ABB7FC2-1870-9F2C-C344-3A3463F92868}\InProcServer32*]
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4B9A706A-CE6D-A1C1-47BA-DD9FC7AC5AB1}\InProcServer32*]
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
  
  RegNull::
  [HKEY_USERS\S-1-5-21-1409082233-1482476501-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2ABB7FC2-1870-9F2C-C344-3A3463F92868}*]
  [HKEY_USERS\S-1-5-21-1409082233-1482476501-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4B9A706A-CE6D-A1C1-47BA-DD9FC7AC5AB1}*]
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2ABB7FC2-1870-9F2C-C344-3A3463F92868}\InProcServer32*]
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4B9A706A-CE6D-A1C1-47BA-DD9FC7AC5AB1}\InProcServer32*]
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[LDs]

ComboFix 11-04-01.01 - Megabook 02.04.2011 21:36:37.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.959.617 [GMT 2:00]
Spuštěný z: c:\documents and settings\Megabook\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Megabook\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 110402-1] *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\documents and settings\Megabook\Local Settings\Data aplikací\vpy.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\uTorrentBar
c:\program files\uTorrentBar\GottenAppsContextMenu.xml
c:\program files\uTorrentBar\INSTALL.LOG
c:\program files\uTorrentBar\OtherAppsContextMenu.xml
c:\program files\uTorrentBar\SharedAppsContextMenu.xml
c:\program files\uTorrentBar\tbuTo1.dll
c:\program files\uTorrentBar\tbuTor.dll
c:\program files\uTorrentBar\toolbar.cfg
c:\program files\uTorrentBar\ToolbarContextMenu.xml
c:\program files\uTorrentBar\UNWISE.EXE
c:\program files\uTorrentBar\uTorrentBarToolbarHelper.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Service_gupdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-02 do 2011-04-02 )))))))))))))))))))))))))))))))
.
.
2011-04-02 07:33 . 2011-04-02 07:33 -------- d-----w- c:\documents and settings\Administrator
2011-04-02 06:46 . 2011-04-02 06:46 -------- d-----w- c:\documents and settings\Megabook\Data aplikací\Malwarebytes
2011-04-02 06:46 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-02 06:46 . 2011-04-02 06:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-04-02 06:46 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-02 06:46 . 2011-04-02 06:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-02 04:43 . 2011-04-02 05:59 -------- d-----w- c:\program files\trend micro
2011-04-02 04:43 . 2011-04-02 04:43 -------- d-----w- C:\rsit
2011-04-02 04:15 . 2011-04-02 04:15 335872 --sha-w- c:\documents and settings\Megabook\Local Settings\Data aplikací\vpy.exe
2011-03-22 07:00 . 2011-03-22 07:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2011-03-16 07:46 . 2011-03-16 07:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\McAfee
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-02_17.29.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-02 19:41 . 2011-04-02 19:41 16384 c:\windows\temp\Perflib_Perfdata_764.dat
+ 2011-04-02 19:41 . 2011-04-02 19:41 16384 c:\windows\temp\Perflib_Perfdata_588.dat
+ 2011-04-02 17:33 . 2011-04-02 17:33 16384 c:\windows\temp\Perflib_Perfdata_57c.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-01 06:17 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngin0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2011-01-01 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-13 68856]
"mxClock"="c:\documents and settings\Megabook\Plocha\mxClock.exe" [2006-10-12 720482]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-15 7573504]
"nwiz"="nwiz.exe" [2006-06-15 1519616]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-05 16061440]
"LiveMonitor"="c:\program files\MSI\Live Update 3\LMonitor.exe" [2007-01-17 496640]
"NvMediaCenter"="NvMCTray.dll" [2006-06-15 86016]
"iPPCamScan"="c:\windows\iPScan.exe" [2008-01-23 86016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-6-17 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2007-5-13 589824]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-09-29 21:58 49152 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Totalcmd6.01\\TOTALCMD.EXE"=
"c:\\Program Files\\StrongDC 203\\StrongDC.exe"=
"c:\\Program Files\\Mv2Player\\Mv2PlayerPlus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [30.6.2010 18:22 64288]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [27.2.2006 15:00 34880]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [20.2.2006 16:01 29056]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.8.2007 19:17 611064]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [14.8.2008 14:37 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.8.2008 14:37 20560]
S3 DCamUSBTP10;StarCam mini+;c:\windows\system32\drivers\iP293x.SYS [28.5.2010 15:59 241920]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4.2.2010 17:52 1352832]
S3 rcp_service;ReaConverter scheduler service;c:\program files\ReaConverter 5.5 Pro\rcp_scheduler.exe [30.11.2007 11:27 558592]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [21.8.2007 19:19 223128]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-25 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 13:13]
.
2011-03-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 16:20]
.
2011-04-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-22 06:56]
.
2011-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-22 06:56]
.
.
------- Doplňkový sken -------
.
uStart Page = About:Blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Megabook\Data aplikací\Mozilla\Firefox\Profiles\jjtzb0ui.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-uTorrentBar Toolbar - c:\progra~1\UTORRE~1\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-02 21:43
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3964)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\o2flash.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Celkový čas: 2011-04-02 21:46:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-04-02 19:46
ComboFix2.txt 2011-04-02 17:31
.
Před spuštěním: 3 641 950 208
Po spuštění: 3 541 438 464
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer
[spybotsd]
timeout.old=30
.
- - End Of File - - 0A6E186E30F1CD01D0E57E2E05477F4C

[cernohous13]

Ahoj, tak to vypadá, že ComboFix hlavního škůdce neodstranil - zkusíme přitvrdit.

Stahni Avenger zde:
http://swandog46.geekstogo.com/avenger.exe
Spusť a všude souhlas „Yes“
Hlavní okno

dole dej fajfku do obou čtverečků

Do pole „Input script here“ zkopíruj zelený text scriptu -> „Execute“ -> „Yes“
Bude restart a je potřeba vyčkat na otevření Notepadu a jeho obsah sem vložit. (C:\avenger.txt)

Script

Kód: Vybrat vše

Files to delete:
c:\documents and settings\Megabook\Local Settings\Data aplikací\vpy.exe

dáš log a popíšeš problémy

a s ohledem na časový posun nemůžeš spát do oběda a věřit, že tu ještě jsme - pomalu jdeme spát

[LDs]

děkuju, ale v léčení budem pokračovat až zítra. právě totiž odcházím do práce na odpolední. i tak zatím děkuju všem za pomoc...

jinak avenger můžu spustit normoš ve win, nebo opět nouzový režim a před tím ukončit všechny procesy pomocí té utilitky jejíž jméno si zrovna nevybavuju...

[cernohous13]

jinak avenger můžu spustit normoš ve win...

Ano, Avenger si to zařídí sám

[LDs]

tak avenger nainstalován, script vložen, notebook po restartu, žádné problémy... tady je výstup:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\documents and settings\Megabook\Local Settings\Data aplikací\vpy.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[cernohous13]

Tak se zadařilo

Máš ještě nějaké problémy s PC? nebo už můžu po sobě uklízet?

[LDs]

nene, problémy nejsou, takže úklid