problém XP Total Security 2011

[stell]

ak pojde v normalnom, tak spust, ak nie tak spust nudzovom rezime

[s22stadionek]

tak už log z combofixu:

ComboFix 11-05-01.04 - Admin 02.05.2011 19:15:41.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3327.2798 [GMT 2:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\léčení\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin\WINDOWS
c:\documents and settings\All Users\Data aplikací\hpe5F.dll
C:\Install.exe
c:\windows\VM305Cap.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ZWANGISRCH_SERVICE
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-02 do 2011-05-02 )))))))))))))))))))))))))))))))
.
.
2011-05-02 14:44 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-02 14:44 . 2011-05-02 14:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-02 14:44 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-02 14:41 . 2011-05-02 14:41 -------- d-----w- c:\documents and settings\Admin\Data aplikací\Malwarebytes
2011-05-02 14:41 . 2011-05-02 14:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-05-02 13:18 . 2011-05-02 13:18 -------- d-----w- c:\program files\trend micro
2011-05-02 13:18 . 2011-05-02 13:18 -------- d-----w- C:\rsit
2011-05-02 12:03 . 2011-05-02 12:03 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Threat Expert
2011-05-02 11:34 . 2011-05-02 11:34 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-05-02 10:16 . 2011-05-02 10:16 -------- d-----w- c:\documents and settings\LocalService\Plocha
2011-05-02 10:08 . 2011-05-02 10:08 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-05-02 09:34 . 2011-05-02 14:35 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2011-05-02 09:27 . 2011-05-02 14:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Tools
2011-04-13 22:41 . 2011-04-13 22:41 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2011-04-06 12:37 . 2011-04-06 12:45 -------- d-----w- c:\program files\ElastoMania111
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-14 08:16 . 2011-03-14 08:16 7056 ----a-w- c:\windows\CDILLA16.EXE
2011-03-14 08:16 . 2011-03-14 08:16 63344 ----a-w- c:\windows\CDILLA05.DLL
2011-03-14 08:16 . 2011-03-14 08:16 60416 ----a-w- c:\windows\CDILLA64.EXE
2011-03-14 08:16 . 2011-03-14 08:16 58160 ----a-w- c:\windows\system32\drivers\CDANT.SYS
2011-03-14 08:16 . 2011-03-14 08:16 55376 ----a-w- c:\windows\CDILLA40.DLL
2011-03-14 08:16 . 2011-03-14 08:16 46080 ----a-w- c:\windows\system32\drivers\CDANTSRV.EXE
2011-03-14 08:16 . 2011-03-14 08:16 44544 ----a-w- c:\windows\CDILLA13.DLL
2011-03-14 08:16 . 2011-03-14 08:16 260608 ----a-w- c:\windows\CDILLA32.DLL
2011-03-14 08:16 . 2011-03-14 08:16 23856 ----a-w- c:\windows\CDILLA10.EXE
2011-03-10 23:48 . 2011-03-10 23:48 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2011-03-10 23:48 . 2011-03-10 23:48 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2011-03-10 23:48 . 2011-03-10 23:48 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2011-03-07 05:33 . 2006-07-27 07:13 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2008-04-14 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2008-04-14 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:08 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2008-04-14 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2008-04-14 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2008-04-14 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2008-04-14 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2008-04-14 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58 . 2006-07-27 07:11 2067456 ----a-w- c:\windows\system32\mstscax.dll
2009-03-16 12:36 . 2009-03-16 12:36 1691464 ----a-w- c:\program files\dsetup32.dll
2009-03-16 12:35 . 2009-03-16 12:35 525128 ----a-w- c:\program files\DXSETUP.exe
2009-03-16 12:35 . 2009-03-16 12:35 94024 ----a-w- c:\program files\DSETUP.dll
2006-07-11 10:06 . 2006-08-01 08:53 3144800 ----a-w- c:\program files\ICQLite.exe
2006-05-07 16:28 . 2006-08-01 08:53 57451 ----a-w- c:\program files\ICQLiteShell.dll
2004-10-24 10:38 . 2006-08-01 08:53 389120 ----a-w- c:\program files\actskin4.ocx
1999-06-25 08:55 . 2006-08-01 08:53 152576 ----a-w- c:\program files\Unwise32.exe
.
.
------- Sigcheck -------
.
[-] 2009-04-20 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-18 44544]
.
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
FriendlyName= Super exkluzivně: Partyšová vystavila sexy dekolt: Má obrovské čtyřky! - Super.cz
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Admin\\Plocha\\Hry\\wormsarm\\wormsarm\\wa.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\EA Games\\Need for Speed Underground 2\\speed2.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed Carbon\\NFSC.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Admin\\Plocha\\Hry\\bulanci.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Aspyr\\Guitar Hero III\\GH3.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10044:TCP"= 10044:TCP:BitComet 10044 TCP
"10044:UDP"= 10044:UDP:BitComet 10044 UDP
"14752:TCP"= 14752:TCP:BitComet 14752 TCP
"14752:UDP"= 14752:UDP:BitComet 14752 UDP
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25.12.2007 20:18 691696]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [8.1.2011 15:54 218176]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [11.3.2011 9:31 90112]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [11.3.2011 0:56 27632]
S0 Gdts66;Gdts66; [x]
S2 gupdate1c98651318b067c;Google Update Service (gupdate1c98651318b067c);c:\program files\Google\Update\GoogleUpdate.exe [4.2.2009 0:46 133104]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe --> c:\program files\ICQ6Toolbar\ICQ Service.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11.2.2010 9:12 1684736]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [11.3.2011 1:48 13224]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4.2.2009 0:46 133104]
S3 naecd;naecd;\??\c:\docume~1\Admin\LOCALS~1\Temp\naecd.sys --> c:\docume~1\Admin\LOCALS~1\Temp\naecd.sys [?]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [11.3.2011 1:25 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [11.3.2011 1:25 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [11.3.2011 1:25 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [11.3.2011 1:25 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [11.3.2011 1:25 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [11.3.2011 1:25 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [11.3.2011 1:25 109736]
S3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\drivers\usbVM305.sys [10.2.2011 11:37 391099]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WUAUSERV
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 22:45]
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 22:45]
.
2011-05-01 c:\windows\Tasks\User_Feed_Synchronization-{EF3160F2-4743-4334-9C6A-DD86212958DC}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe
TCP: {AFC01348-66BA-48D3-A66A-FE208C70F5E9} = 10.254.254.254,10.254.254.253
DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} - file:///C:/Program%20Files/AutoCAD%202002%20Cz/InstFred.ocx
DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} - file:///C:/Program%20Files/AutoCAD%202002%20Cz/InstBanr.ocx
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\owz401do.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Notify-avgrsstarter - avgrsstx.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Guild Wars - c:\documents and settings\Admin\Plocha\jakoubek12\Guild Wars\Gw.exe
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
AddRemove-Unibet Poker - c:\microg~1\Poker\UNIBET~1\UNIBET~1\UNWISE.EXE
AddRemove-{76E41F43-59D2-4F30-BA42-9A762EE1E8DE} - c:\program files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-02 19:23
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3388)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Google\Update\1.3.21.53\GoogleCrashHandler.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\DRIVERS\CDANTSRV.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-05-02 19:30:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-05-02 17:30
ComboFix2.txt 2009-05-25 14:38
.
Před spuštěním: Volných bajtů: 30 031 314 944
Po spuštění: Volných bajtů: 30 270 640 128
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - AD170297D64007CE904B5314B9255AA1

[stell]

Toto poznas??
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
FriendlyName= Super exkluzivně: Partyšová vystavila sexy dekolt: Má obrovské čtyřky! - Super.cz

premenuj ikonu combofixu na uninstall
spust>.combofix sa odinstaluje.
Precisti pc CCleanerom
Nainstaluj Free Avast, alebo Free AVIRU[nekontroluje postu}
Nainstaluj Firewall
http://www.viry.cz/forum/viewtopic.php? ... 36#p868836

ak bude vsetko ok, to je vsetko.

[s22stadionek]

super. děkuju moc za pomoc, nainstaloval jsem mu Avast, Firewall a vyčistil CCleanerem.. doufám že už nebude mít problém. Na pc ani nelezu, sem furt na ntb a ten je ošetřenej.. A ten HKEY zajímavej

jinak obdivuju jak se v každym logu dokážeš vyznat..

tak ještě jednou děkuju

[stell]

No to je prax, toto v ziadnej skole neucia, ak chces viry bit musis s nimi zit.
Nemas zaco.