ComboFix 11-04-15.05 - Home . 04. 2011 12:38:42.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.1789.1355 [GMT 2:00]
Running from: c:\documents and settings\Home\Dokumenty\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
D:\install.exe
.
-- Previous Run --
.
c:\windows\system32\kernel32.dll . . . is infected!!
.
--------
.
.
((((((((((((((((((((((((( Files Created from 2011-03-16 to 2011-04-16 )))))))))))))))))))))))))))))))
.
.
2011-04-12 17:06 . 2011-04-12 17:06 -------- d-----w- c:\documents and settings\Home\Local Settings\Data aplikací\GamePlayLabs Plugin
2011-04-07 09:25 . 2011-04-07 09:32 -------- d-----w- c:\program files\Common Files\BioWare
2011-04-05 23:00 . 2011-04-05 23:00 312371 ----a-w- c:\windows\system32\binkw32.dll
2011-04-05 22:59 . 2011-04-05 22:58 53248 ----a-w- c:\windows\system32\ogg.dll
2011-04-05 22:57 . 2011-04-05 22:56 999424 ----a-w- c:\windows\system32\vorbisfile.dll
2011-04-05 22:34 . 2011-04-05 22:34 -------- d-----w- c:\documents and settings\All Users\Nabdka Start
2011-04-05 22:34 . 2011-04-05 22:34 -------- d-----w- c:\program files\Common Files\Steam
2011-04-04 19:56 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-29 18:53 . 2011-03-29 18:53 -------- d-----w- C:\AMD
2011-03-28 19:05 . 2011-03-28 19:08 -------- d-----w- c:\documents and settings\Home\-= Suicide Girls
2011-03-27 22:26 . 2011-03-27 22:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\EA Core
2011-03-27 10:52 . 2011-03-27 11:58 -------- d-----w- c:\documents and settings\Home\Local Settings\Data aplikací\ReaJPEG
2011-03-27 10:51 . 2011-03-27 10:51 -------- d-----w- c:\program files\ReaSoft
2011-03-27 10:51 . 2011-03-27 10:51 -------- d-----w- c:\documents and settings\Home\Data aplikací\ReaSoft
2011-03-18 09:04 . 2011-03-18 09:04 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-03-18 09:04 . 2011-03-18 09:04 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-03-18 09:04 . 2011-03-18 09:04 -------- d-----w- c:\documents and settings\Home\Data aplikací\PunkBuster
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-16 10:31 . 2010-11-27 15:59 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2011-03-28 18:05 . 2011-02-08 00:23 2828 --sha-w- c:\documents and settings\All Users\Data aplikací\KGyGaAvL.sys
2011-03-14 21:07 . 2011-03-14 21:07 2330880 ----a-w- c:\windows\system32\TUKernel.exe
2011-02-23 14:04 . 2010-07-29 01:09 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 14:04 . 2010-07-28 23:53 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 13:56 . 2010-07-28 23:53 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 13:55 . 2010-07-28 23:53 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 13:55 . 2010-07-28 23:53 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-23 13:55 . 2010-07-28 23:53 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-23 13:55 . 2010-07-28 23:53 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 13:54 . 2010-07-28 23:53 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-23 13:54 . 2010-07-28 23:53 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-18 12:29 . 2010-12-21 07:30 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-02-18 12:24 . 2011-03-02 11:49 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-02-15 00:41 . 2011-02-08 00:23 88 --sh--r- c:\documents and settings\All Users\Data aplikací\60F90C9A4B.sys
2011-02-09 08:44 . 2010-11-14 10:00 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-02-02 20:40 . 2011-03-15 12:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 18:19 . 2010-08-04 17:58 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-02-23 3451496]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-26 1043968]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-10-20 19:28 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-01-08 04:47 392424 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-06-17 10:13 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-11-11 13:11 287800 ----a-r- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2008-03-24 12:43 884736 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 10:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2009-12-14 22:43 515560 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
"Steam"="d:\program files\Steam\Steam.exe" -silent
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"d:\\program files\\StrongDC\\StrongDC.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe PCD\\cache\\cache.db"=
"c:\\Program Files\\Common Files\\Adobe\\dynamiclink\\CS5\\dynamiclinkmanager.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\program files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBSP.exe"=
"d:\\program files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBMP.exe"=
"d:\\program files\\Ubisoft\\Assassin's Creed Brotherhood\\AssassinsCreedBrotherhood.exe"=
"d:\\program files\\Ubisoft\\Assassin's Creed Brotherhood\\UPlayBrowser.exe"=
"d:\\program files\\Steam\\Steam.exe"=
"d:\\program files\\CAPCOM\\LOST PLANET 2\\LP2DX9.exe"=
"d:\\program files\\CAPCOM\\LOST PLANET 2\\LP2DX11.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [28.3.2008 11:14 24064]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.7.2010 2:59 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4.4.2011 21:56 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29.7.2010 1:53 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.7.2010 1:53 19544]
R2 Notebook Hardware Control Service;Notebook Hardware Control Service;c:\program files\Notebook Hardware Control\nhcservice.exe [27.11.2010 18:30 77824]
R2 RadeonPro Support Service;RadeonPro Support Service;c:\program files\RadeonPro\RadeonProSupport.exe [2.2.2011 17:25 12800]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [18.2.2011 14:27 1517376]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29.7.2010 1:53 136176]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [14.4.2008 8:52 14336]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [15.12.2009 0:43 515560]
S3 TF1D091010;TF1D091010;c:\windows\system32\drivers\TF1D091010.sys [1.2.2008 23:37 99968]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [29.11.2010 20:27 10064]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [15.2.2011 11:04 16240]
S4 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [15.2.2011 12:22 4869488]
S4 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [15.2.2011 12:22 416112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 23:53]
.
2011-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 23:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=GRfox000&ptb=.CbhC69GUmPN5syOmgtgYQ
uInternet Settings,ProxyServer = 210.193.178.187:80
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Home\Data aplikací\Mozilla\Firefox\Profiles\8zbisoz5.default\
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=GRfox000&ptb=.CbhC69GUmPN5syOmgtgYQ
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRfox000&ptb=.CbhC69GUmPN5syOmgtgYQ&psa=&ind=2010121913&ptnrS=GRfox000&si=&st=kwd&n=77d006b9&searchfor=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: GamePlayLabs Plugin: plugin2@gameplaylabs.com - %profile%\extensions\plugin2@gameplaylabs.com
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-16 12:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-725345543-630328440-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1EB5AADC-51A7-F9CF-0161-58F13607C63F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-725345543-630328440-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{92FDF409-EEE7-10C8-BA44-A79E405ABB26}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaplgjionoemilafmc"=hex:6a,61,6c,66,68,70,64,6e,67,62,69,64,6a,64,67,67,61,6c,
67,6c,00,00
"hanlakbkkfboedpg"=hex:6a,61,6c,66,68,70,64,6e,67,62,69,64,6a,64,67,67,61,6c,
67,6c,00,09
.
[HKEY_USERS\S-1-5-21-725345543-630328440-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:d4,bd,bd,06,65,88,dc,e4,72,f0,8e,85,11,b3,6d,fd,41,e5,d0,71,cb,00,fd,
f7,10,e1,65,c6,19,63,68,91,1b,43,9a,01,38,6a,55,5e,5a,62,f3,7f,26,a7,48,d9,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1112)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\WLDAP32.dll
.
- - - - - - - > 'explorer.exe'(16780)
c:\windows\system32\msi.dll
c:\progra~1\MICROS~2\OFFICE11\MCPS.DLL
.
Completion time: 2011-04-16 12:51:25
ComboFix-quarantined-files.txt 2011-04-16 10:51
.
Pre-Run: 6 064 558 080
Post-Run: 6 018 867 200
.
- - End Of File - - EDF415AD0201527DC2DFA4187F06F59F
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
poprosim kontrolu našla sa haveď
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: poprosim kontrolu našla sa haveď
Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.FCopy::
C:\WINDOWS\ServicePackFiles\i386\kernel32.dll | c:\windows\system32\kernel32.dll
Regnull::
[HKEY_USERS\S-1-5-21-725345543-630328440-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{92FDF409-EEE7-10C8-BA44-A79E405ABB26}*]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
KAUBOUN
- 5. stupeň - BAN
- Příspěvky: 156
- Registrován: 18 říj 2006 23:24
- Bydliště: Slovakia/Košice/terasa
- Kontaktovat uživatele:
Re: poprosim kontrolu našla sa haveď
ComboFix 11-04-15.05 - Home . 04. 2011 13:06:36.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.1789.1065 [GMT 2:00]
Running from: c:\documents and settings\Home\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\Home\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-16 to 2011-04-16 )))))))))))))))))))))))))))))))
.
.
2011-04-12 17:06 . 2011-04-12 17:06 -------- d-----w- c:\documents and settings\Home\Local Settings\Data aplikací\GamePlayLabs Plugin
2011-04-07 09:25 . 2011-04-07 09:32 -------- d-----w- c:\program files\Common Files\BioWare
2011-04-05 23:00 . 2011-04-05 23:00 312371 ----a-w- c:\windows\system32\binkw32.dll
2011-04-05 22:59 . 2011-04-05 22:58 53248 ----a-w- c:\windows\system32\ogg.dll
2011-04-05 22:57 . 2011-04-05 22:56 999424 ----a-w- c:\windows\system32\vorbisfile.dll
2011-04-05 22:34 . 2011-04-05 22:34 -------- d-----w- c:\documents and settings\All Users\Nabdka Start
2011-04-05 22:34 . 2011-04-05 22:34 -------- d-----w- c:\program files\Common Files\Steam
2011-04-04 19:56 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-29 18:53 . 2011-03-29 18:53 -------- d-----w- C:\AMD
2011-03-28 19:05 . 2011-03-28 19:08 -------- d-----w- c:\documents and settings\Home\-= Suicide Girls
2011-03-27 22:26 . 2011-03-27 22:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\EA Core
2011-03-27 10:52 . 2011-03-27 11:58 -------- d-----w- c:\documents and settings\Home\Local Settings\Data aplikací\ReaJPEG
2011-03-27 10:51 . 2011-03-27 10:51 -------- d-----w- c:\program files\ReaSoft
2011-03-27 10:51 . 2011-03-27 10:51 -------- d-----w- c:\documents and settings\Home\Data aplikací\ReaSoft
2011-03-18 09:04 . 2011-03-18 09:04 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-03-18 09:04 . 2011-03-18 09:04 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-03-18 09:04 . 2011-03-18 09:04 -------- d-----w- c:\documents and settings\Home\Data aplikací\PunkBuster
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-16 10:31 . 2010-11-27 15:59 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2011-03-28 18:05 . 2011-02-08 00:23 2828 --sha-w- c:\documents and settings\All Users\Data aplikací\KGyGaAvL.sys
2011-03-14 21:07 . 2011-03-14 21:07 2330880 ----a-w- c:\windows\system32\TUKernel.exe
2011-02-23 14:04 . 2010-07-29 01:09 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 14:04 . 2010-07-28 23:53 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 13:56 . 2010-07-28 23:53 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 13:55 . 2010-07-28 23:53 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 13:55 . 2010-07-28 23:53 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-23 13:55 . 2010-07-28 23:53 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-23 13:55 . 2010-07-28 23:53 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 13:54 . 2010-07-28 23:53 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-23 13:54 . 2010-07-28 23:53 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-18 12:29 . 2010-12-21 07:30 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-02-18 12:24 . 2011-03-02 11:49 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-02-15 00:41 . 2011-02-08 00:23 88 --sh--r- c:\documents and settings\All Users\Data aplikací\60F90C9A4B.sys
2011-02-09 08:44 . 2010-11-14 10:00 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-02-02 20:40 . 2011-03-15 12:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 18:19 . 2010-08-04 17:58 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-02-23 3451496]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-26 1043968]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-10-20 19:28 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-01-08 04:47 392424 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-06-17 10:13 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-11-11 13:11 287800 ----a-r- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2008-03-24 12:43 884736 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 10:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2009-12-14 22:43 515560 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
"Steam"="d:\program files\Steam\Steam.exe" -silent
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"d:\\program files\\StrongDC\\StrongDC.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe PCD\\cache\\cache.db"=
"c:\\Program Files\\Common Files\\Adobe\\dynamiclink\\CS5\\dynamiclinkmanager.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\program files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBSP.exe"=
"d:\\program files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBMP.exe"=
"d:\\program files\\Ubisoft\\Assassin's Creed Brotherhood\\AssassinsCreedBrotherhood.exe"=
"d:\\program files\\Ubisoft\\Assassin's Creed Brotherhood\\UPlayBrowser.exe"=
"d:\\program files\\Steam\\Steam.exe"=
"d:\\program files\\CAPCOM\\LOST PLANET 2\\LP2DX9.exe"=
"d:\\program files\\CAPCOM\\LOST PLANET 2\\LP2DX11.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [28.3.2008 11:14 24064]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.7.2010 2:59 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4.4.2011 21:56 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29.7.2010 1:53 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.7.2010 1:53 19544]
R2 Notebook Hardware Control Service;Notebook Hardware Control Service;c:\program files\Notebook Hardware Control\nhcservice.exe [27.11.2010 18:30 77824]
R2 RadeonPro Support Service;RadeonPro Support Service;c:\program files\RadeonPro\RadeonProSupport.exe [2.2.2011 17:25 12800]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [18.2.2011 14:27 1517376]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29.7.2010 1:53 136176]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [14.4.2008 8:52 14336]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [15.12.2009 0:43 515560]
S3 TF1D091010;TF1D091010;c:\windows\system32\drivers\TF1D091010.sys [1.2.2008 23:37 99968]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [29.11.2010 20:27 10064]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [15.2.2011 11:04 16240]
S4 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [15.2.2011 12:22 4869488]
S4 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [15.2.2011 12:22 416112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 23:53]
.
2011-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 23:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=GRfox000&ptb=.CbhC69GUmPN5syOmgtgYQ
uInternet Settings,ProxyServer = 210.193.178.187:80
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Home\Data aplikací\Mozilla\Firefox\Profiles\8zbisoz5.default\
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=GRfox000&ptb=.CbhC69GUmPN5syOmgtgYQ
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRfox000&ptb=.CbhC69GUmPN5syOmgtgYQ&psa=&ind=2010121913&ptnrS=GRfox000&si=&st=kwd&n=77d006b9&searchfor=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: GamePlayLabs Plugin: plugin2@gameplaylabs.com - %profile%\extensions\plugin2@gameplaylabs.com
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-16 13:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-725345543-630328440-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:d4,bd,bd,06,65,88,dc,e4,72,f0,8e,85,11,b3,6d,fd,41,e5,d0,71,cb,00,fd,
f7,10,e1,65,c6,19,63,68,91,1b,43,9a,01,38,6a,55,5e,5a,62,f3,7f,26,a7,48,d9,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1112)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\WLDAP32.dll
.
- - - - - - - > 'explorer.exe'(31132)
c:\windows\system32\msi.dll
.
Completion time: 2011-04-16 13:42:34
ComboFix-quarantined-files.txt 2011-04-16 11:42
ComboFix2.txt 2011-04-16 10:51
.
Pre-Run: 6 026 833 920
Post-Run: 6 006 661 120
.
- - End Of File - - 030851E37A29C580DD94F58DD5A0F210
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.1789.1065 [GMT 2:00]
Running from: c:\documents and settings\Home\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\Home\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-16 to 2011-04-16 )))))))))))))))))))))))))))))))
.
.
2011-04-12 17:06 . 2011-04-12 17:06 -------- d-----w- c:\documents and settings\Home\Local Settings\Data aplikací\GamePlayLabs Plugin
2011-04-07 09:25 . 2011-04-07 09:32 -------- d-----w- c:\program files\Common Files\BioWare
2011-04-05 23:00 . 2011-04-05 23:00 312371 ----a-w- c:\windows\system32\binkw32.dll
2011-04-05 22:59 . 2011-04-05 22:58 53248 ----a-w- c:\windows\system32\ogg.dll
2011-04-05 22:57 . 2011-04-05 22:56 999424 ----a-w- c:\windows\system32\vorbisfile.dll
2011-04-05 22:34 . 2011-04-05 22:34 -------- d-----w- c:\documents and settings\All Users\Nabdka Start
2011-04-05 22:34 . 2011-04-05 22:34 -------- d-----w- c:\program files\Common Files\Steam
2011-04-04 19:56 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-29 18:53 . 2011-03-29 18:53 -------- d-----w- C:\AMD
2011-03-28 19:05 . 2011-03-28 19:08 -------- d-----w- c:\documents and settings\Home\-= Suicide Girls
2011-03-27 22:26 . 2011-03-27 22:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\EA Core
2011-03-27 10:52 . 2011-03-27 11:58 -------- d-----w- c:\documents and settings\Home\Local Settings\Data aplikací\ReaJPEG
2011-03-27 10:51 . 2011-03-27 10:51 -------- d-----w- c:\program files\ReaSoft
2011-03-27 10:51 . 2011-03-27 10:51 -------- d-----w- c:\documents and settings\Home\Data aplikací\ReaSoft
2011-03-18 09:04 . 2011-03-18 09:04 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-03-18 09:04 . 2011-03-18 09:04 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-03-18 09:04 . 2011-03-18 09:04 -------- d-----w- c:\documents and settings\Home\Data aplikací\PunkBuster
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-16 10:31 . 2010-11-27 15:59 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2011-03-28 18:05 . 2011-02-08 00:23 2828 --sha-w- c:\documents and settings\All Users\Data aplikací\KGyGaAvL.sys
2011-03-14 21:07 . 2011-03-14 21:07 2330880 ----a-w- c:\windows\system32\TUKernel.exe
2011-02-23 14:04 . 2010-07-29 01:09 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 14:04 . 2010-07-28 23:53 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 13:56 . 2010-07-28 23:53 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 13:55 . 2010-07-28 23:53 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 13:55 . 2010-07-28 23:53 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-23 13:55 . 2010-07-28 23:53 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-23 13:55 . 2010-07-28 23:53 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 13:54 . 2010-07-28 23:53 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-23 13:54 . 2010-07-28 23:53 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-18 12:29 . 2010-12-21 07:30 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-02-18 12:24 . 2011-03-02 11:49 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-02-15 00:41 . 2011-02-08 00:23 88 --sh--r- c:\documents and settings\All Users\Data aplikací\60F90C9A4B.sys
2011-02-09 08:44 . 2010-11-14 10:00 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-02-02 20:40 . 2011-03-15 12:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 18:19 . 2010-08-04 17:58 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-02-23 3451496]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-26 1043968]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-10-20 19:28 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-01-08 04:47 392424 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-06-17 10:13 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-11-11 13:11 287800 ----a-r- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2008-03-24 12:43 884736 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 10:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2009-12-14 22:43 515560 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
"Steam"="d:\program files\Steam\Steam.exe" -silent
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"d:\\program files\\StrongDC\\StrongDC.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe PCD\\cache\\cache.db"=
"c:\\Program Files\\Common Files\\Adobe\\dynamiclink\\CS5\\dynamiclinkmanager.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\program files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBSP.exe"=
"d:\\program files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBMP.exe"=
"d:\\program files\\Ubisoft\\Assassin's Creed Brotherhood\\AssassinsCreedBrotherhood.exe"=
"d:\\program files\\Ubisoft\\Assassin's Creed Brotherhood\\UPlayBrowser.exe"=
"d:\\program files\\Steam\\Steam.exe"=
"d:\\program files\\CAPCOM\\LOST PLANET 2\\LP2DX9.exe"=
"d:\\program files\\CAPCOM\\LOST PLANET 2\\LP2DX11.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [28.3.2008 11:14 24064]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.7.2010 2:59 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4.4.2011 21:56 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29.7.2010 1:53 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.7.2010 1:53 19544]
R2 Notebook Hardware Control Service;Notebook Hardware Control Service;c:\program files\Notebook Hardware Control\nhcservice.exe [27.11.2010 18:30 77824]
R2 RadeonPro Support Service;RadeonPro Support Service;c:\program files\RadeonPro\RadeonProSupport.exe [2.2.2011 17:25 12800]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [18.2.2011 14:27 1517376]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29.7.2010 1:53 136176]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [14.4.2008 8:52 14336]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [15.12.2009 0:43 515560]
S3 TF1D091010;TF1D091010;c:\windows\system32\drivers\TF1D091010.sys [1.2.2008 23:37 99968]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [29.11.2010 20:27 10064]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [15.2.2011 11:04 16240]
S4 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [15.2.2011 12:22 4869488]
S4 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [15.2.2011 12:22 416112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 23:53]
.
2011-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 23:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=GRfox000&ptb=.CbhC69GUmPN5syOmgtgYQ
uInternet Settings,ProxyServer = 210.193.178.187:80
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Home\Data aplikací\Mozilla\Firefox\Profiles\8zbisoz5.default\
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=GRfox000&ptb=.CbhC69GUmPN5syOmgtgYQ
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRfox000&ptb=.CbhC69GUmPN5syOmgtgYQ&psa=&ind=2010121913&ptnrS=GRfox000&si=&st=kwd&n=77d006b9&searchfor=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: GamePlayLabs Plugin: plugin2@gameplaylabs.com - %profile%\extensions\plugin2@gameplaylabs.com
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-16 13:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-725345543-630328440-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:d4,bd,bd,06,65,88,dc,e4,72,f0,8e,85,11,b3,6d,fd,41,e5,d0,71,cb,00,fd,
f7,10,e1,65,c6,19,63,68,91,1b,43,9a,01,38,6a,55,5e,5a,62,f3,7f,26,a7,48,d9,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1112)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\WLDAP32.dll
.
- - - - - - - > 'explorer.exe'(31132)
c:\windows\system32\msi.dll
.
Completion time: 2011-04-16 13:42:34
ComboFix-quarantined-files.txt 2011-04-16 11:42
ComboFix2.txt 2011-04-16 10:51
.
Pre-Run: 6 026 833 920
Post-Run: 6 006 661 120
.
- - End Of File - - 030851E37A29C580DD94F58DD5A0F210
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: poprosim kontrolu našla sa haveď
1 soubor byl překopírován ze zálohy a byl odstraněn 1 klíč z registry. Zbytek logu už vypadá čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
KAUBOUN
- 5. stupeň - BAN
- Příspěvky: 156
- Registrován: 18 říj 2006 23:24
- Bydliště: Slovakia/Košice/terasa
- Kontaktovat uživatele:
Re: poprosim kontrolu našla sa haveď
jj pomohlo to ale ajtak to neni ono robim scan cez MBAM a zatial našlo nejakych 5 infikovanych suborov
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Verze databáze: 6373
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
16. 4. 2011 15:53:58
mbam-log-2011-04-16 (15-53-58).txt
Typ kontroly: Úplný test (C:\|D:\|)
Testované objekty: 176827
Uplynulý čas: 1 hodin, 37 minut, 36 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 5
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
c:\documents and settings\Home\dokumenty\downloads\desktop.exe (Joke.Stressreducer) -> Quarantined and deleted successfully.
c:\documents and settings\Home\dokumenty\downloads\mediapluginsetup (1).exe (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
c:\documents and settings\Home\dokumenty\downloads\mediapluginsetup.exe (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
c:\documents and settings\Home\local settings\data aplikací\gameplaylabs plugin\BHO.dll (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
c:\documents and settings\Home\Plocha\desktop.exe (Joke.Stressreducer) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Verze databáze: 6373
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
16. 4. 2011 15:53:58
mbam-log-2011-04-16 (15-53-58).txt
Typ kontroly: Úplný test (C:\|D:\|)
Testované objekty: 176827
Uplynulý čas: 1 hodin, 37 minut, 36 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 5
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
c:\documents and settings\Home\dokumenty\downloads\desktop.exe (Joke.Stressreducer) -> Quarantined and deleted successfully.
c:\documents and settings\Home\dokumenty\downloads\mediapluginsetup (1).exe (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
c:\documents and settings\Home\dokumenty\downloads\mediapluginsetup.exe (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
c:\documents and settings\Home\local settings\data aplikací\gameplaylabs plugin\BHO.dll (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
c:\documents and settings\Home\Plocha\desktop.exe (Joke.Stressreducer) -> Quarantined and deleted successfully.
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: poprosim kontrolu našla sa haveď
OK. Tyto soubory tam mohly být. CF vyhledá převážně ty spuštěné. Tyto patrně spuštěny nebyly. MBAM je smazal.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
KAUBOUN
- 5. stupeň - BAN
- Příspěvky: 156
- Registrován: 18 říj 2006 23:24
- Bydliště: Slovakia/Košice/terasa
- Kontaktovat uživatele:
Re: poprosim kontrolu našla sa haveď
hm len stale to neni ono ..občas mi zamrzne nejaka aplikacia a ešte aj ked chcem cez task manager ju dam zrušiť uplne tak zamrzne aj ten task manager...
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: poprosim kontrolu našla sa haveď
Zkuste obnovu systému ki datu, kdy korketně fungoval.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?