MBAM - Hijack.WindowsUpdates

Zpráva

Kallerno · #1 Příspěvek od **Kallerno** » 07 kvě 2011 13:35

Dobrý den, stručně popíšu můj problém.Software Malwarebyte's mi ukazuje, že našel pod diskem C 2x Hijack.WindowsUpdates i když to odstraním do karantény a smažu, tak po dalším testu zjistím, že je to tam zase.Co s tím?

Kallerno · #2 Příspěvek od **Kallerno** » 07 kvě 2011 13:55

Výpis logu z RSIT:

Logfile of random's system information tool 1.08 (written by random/random)
Run by pepa at 2011-05-07 14:52:04
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 944 MB (15%) free of 6 GB
Total RAM: 1023 MB (63% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-573735546-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-573735546-839522115-1003UA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-05-12 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25cee8ec-5730-41bc-8b58-22ddc8ab8c20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A}]
CentrumczToolbar BHO - C:\Program Files\CentrumczToolbar\IEToolbar.dll [2010-03-26 1286448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2008-09-16 501384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
myBabylon English Toolbar - C:\Program Files\myBabylon_English\tbmyBa.dll [2009-12-31 2349080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d3f4b70a-92e0-4393-a0f3-976d03b1ebf5}]
Hunt TB Toolbar - C:\Program Files\Hunt_TB\tbHunt.dll [2010-06-03 2736736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-05-26 1385864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888]
{d3f4b70a-92e0-4393-a0f3-976d03b1ebf5} - Hunt TB Toolbar - C:\Program Files\Hunt_TB\tbHunt.dll [2010-06-03 2736736]
{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - myBabylon English Toolbar - C:\Program Files\myBabylon_English\tbmyBa.dll [2009-12-31 2349080]
{D5D47440-0750-463D-BAEF-A47D02414806} - Lišta Centrum.cz Toolbar - C:\Program Files\CentrumczToolbar\IEToolbar.dll [2010-03-26 1286448]
{D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-05-26 1385864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CorelDRAW Graphics Suite 11b"=C:\Program Files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe /title=CorelDRAW Graphics Suite 12 /date=111808 serial=DR12CEZ-0305483-UKD lang=CZ []
"QuickTime Task"=E:\QuickTime-7_13\qttask.exe [2008-02-01 385024]
"iTunesHelper"=J:\iTunes + QuickTime\iTunesHelper.exe [2008-02-19 267048]
"DAEMON Tools"=C:\Program Files\DAEMON Tools-4_08\daemon.exe [2006-11-12 157592]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2011-04-18 3460784]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-03-28 281768]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0\bin\jusched.exe [2008-09-16 77824]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
"nwiz"=nwiz.exe /install []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-11-11 90112]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]
"ICQ"=E:\ICQ7.4\ICQ.exe [2011-04-03 119608]
"Google Update"=C:\Documents and Settings\pepa\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe /c []
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-11-07 323392]
"doubleTwist"=C:\Program Files\doubleTwist 2.0\DoubleTwist.DeviceHelper.exe []
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0x91000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\hry\Call of Duty 2\CoD2MP_s.exe"="D:\hry\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\ICQ-2003b\Icq.exe"="C:\Program Files\ICQ-2003b\Icq.exe:*:Enabled:ICQ"
"E:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe"="E:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"E:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe"="E:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"C:\BearShare-5-20x\BearShare.exe"="C:\BearShare-5-20x\BearShare.exe:*:Enabled:BearShare"
"D:\PROGRAMY\ArchiCAD 10\ArchiCAD.exe"="D:\PROGRAMY\ArchiCAD 10\ArchiCAD.exe:*:Enabled:ArchiCAD 10.0.0 Component"
"J:\HRY\WARCRAFT\Warcraft III.exe"="J:\HRY\WARCRAFT\Warcraft III.exe:*:Enabled:Warcraft III"
"E:\CS Source\Counter-Strike Source\hl2.exe"="E:\CS Source\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"I:\Wolfenstein - Enemy Territory\ET.exe"="I:\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"J:\S.T.A.L.K.E.R\bin\XR_3DA.exe"="J:\S.T.A.L.K.E.R\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"J:\S.T.A.L.K.E.R\bin\dedicated\XR_3DA.exe"="J:\S.T.A.L.K.E.R\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"D:\Call of duty\CoDMP.exe"="D:\Call of duty\CoDMP.exe:*:Enabled:CoDMP"
"J:\Source\Counter-Strike Source\hl2.exe"="J:\Source\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"J:\iTunes + QuickTime\iTunes.exe"="J:\iTunes + QuickTime\iTunes.exe:*:Enabled:iTunes"
"E:\Star Wars3\GameData\jamp.exe"="E:\Star Wars3\GameData\jamp.exe:*:Enabled:Jedi Academy MultiPlayer"
"E:\icq\ICQ6.5\ICQ.exe"="E:\icq\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"E:\Valve CS 1.6\hl.exe"="E:\Valve CS 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"F:\Valve\Condition Zero\czero.exe"="F:\Valve\Condition Zero\czero.exe:*:Enabled:Condition Zero Launcher"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"E:\BitTorrent\bittorrent.exe"="E:\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"D:\Half-Life 2\hl2.exe"="D:\Half-Life 2\hl2.exe:*:Enabled:hl2"
"I:\World of Warcraft\Launcher.exe"="I:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"I:\World of Warcraft\Repair.exe"="I:\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility"
"E:\Hamachi\hamachi.exe"="E:\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"E:\Opera\opera.exe"="E:\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"J:\ Left 4 Dead\left4dead.exe"="J:\ Left 4 Dead\left4dead.exe:*:Enabled:left4dead"
"C:\Documents and Settings\pepa\Dokumenty\Stažené soubory\FLVPlayer_Setup.exe"="C:\Documents and Settings\pepa\Dokumenty\Stažené soubory\FLVPlayer_Setup.exe:*:Enabled:Flash FLV Player"
"I:\SweetImSetup.exe"="I:\SweetImSetup.exe:*:Enabled:SweetIM Installer"
"E:\ICQ7.4\ICQ.exe"="E:\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\ICQ7.4\ICQ.exe"="E:\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"

======File associations======

.scr - open -
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2011-05-07 14:52:04 ----DC---- C:\rsit
2011-05-07 14:52:04 ----D---- C:\Program Files\trend micro
2011-05-07 13:29:22 ----D---- C:\Documents and Settings\pepa\Data aplikací\Malwarebytes
2011-05-07 13:29:09 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-05-07 13:29:07 ----DC---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-05-07 13:29:02 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-05-07 11:02:32 ----D---- C:\Documents and Settings\pepa\Data aplikací\Avira
2011-05-07 11:00:52 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys
2011-05-07 11:00:51 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2011-05-07 11:00:51 ----A---- C:\WINDOWS\system32\drivers\avgntmgr.sys
2011-05-07 11:00:51 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
2011-05-07 11:00:51 ----A---- C:\WINDOWS\system32\drivers\avgntdd.sys
2011-05-07 11:00:50 ----DC---- C:\Documents and Settings\All Users\Data aplikací\Avira
2011-05-07 11:00:50 ----D---- C:\Program Files\Avira
2011-05-07 10:54:59 ----A---- C:\WINDOWS\system32\drivers\avgtdix.sys
2011-05-07 10:54:59 ----A---- C:\WINDOWS\system32\drivers\avgmfx86.sys
2011-05-07 10:54:59 ----A---- C:\WINDOWS\system32\drivers\AVGIDSShim.sys
2011-05-07 10:54:59 ----A---- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys
2011-05-07 10:54:59 ----A---- C:\WINDOWS\system32\drivers\AVGIDSEH.sys
2011-05-07 10:54:59 ----A---- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys
2011-05-07 10:54:57 ----A---- C:\WINDOWS\system32\drivers\avgrkx86.sys
2011-05-07 10:54:57 ----A---- C:\WINDOWS\system32\drivers\avgldx86.sys
2011-05-07 10:48:24 ----DC---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2011-05-05 17:57:46 ----D---- C:\WINDOWS\pss
2011-05-04 16:51:57 ----A---- C:\WINDOWS\system32\drivers\DrvAgent32.sys
2011-05-03 19:14:34 ----A---- C:\WINDOWS\Left 4 Dead Uninstall Log.txt
2011-04-24 11:45:28 ----D---- C:\Documents and Settings\pepa\Data aplikací\Miranda

======List of files/folders modified in the last 1 months======

2011-05-07 14:52:04 ----D---- C:\Program Files
2011-05-07 14:47:27 ----D---- C:\Documents and Settings\pepa\Data aplikací\ICQ
2011-05-07 14:47:16 ----D---- C:\WINDOWS\Temp
2011-05-07 14:47:15 ----D---- C:\Documents and Settings\pepa\Data aplikací\Skype
2011-05-07 14:46:11 ----D---- C:\Program Files\DNA
2011-05-07 14:46:11 ----D---- C:\Documents and Settings\pepa\Data aplikací\DNA
2011-05-07 14:45:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-05-07 14:11:22 ----D---- C:\WINDOWS\system32\drivers
2011-05-07 14:05:01 ----SHD---- C:\WINDOWS\system32
2011-05-07 13:53:27 ----AC---- C:\WINDOWS\ntbtlog.txt
2011-05-07 13:53:16 ----SHD---- C:\WINDOWS\CSC
2011-05-07 13:21:44 ----SHC---- C:\boot.ini
2011-05-07 13:21:44 ----A---- C:\WINDOWS\win.ini
2011-05-07 13:21:44 ----A---- C:\WINDOWS\system.ini
2011-05-07 13:18:52 ----D---- C:\WINDOWS
2011-05-07 12:45:09 ----SHD---- C:\WINDOWS\Installer
2011-05-07 12:44:35 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2011-05-07 12:03:25 ----HD---- C:\WINDOWS\inf
2011-05-07 11:56:25 ----D---- C:\WINDOWS\Registration
2011-05-07 10:55:16 ----SHDC---- C:\Config.Msi
2011-05-07 10:54:32 ----D---- C:\WINDOWS\Prefetch
2011-05-07 10:52:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-05-07 10:52:37 ----D---- C:\WINDOWS\system32\CatRoot2
2011-05-05 17:35:41 ----SHD---- C:\Program Files\outlook
2011-05-05 15:36:05 ----D---- C:\WINDOWS\Debug
2011-05-03 19:34:43 ----D---- C:\Program Files\Common Files\Designer
2011-05-03 19:34:43 ----D---- C:\Program Files\Common Files\Autodesk Shared
2011-05-03 19:34:40 ----D---- C:\Program Files\Common Files
2011-05-03 19:14:15 ----D---- C:\Documents and Settings\pepa\Data aplikací\Hamachi
2011-05-03 14:33:45 ----AC---- C:\WINDOWS\NeroDigital.ini
2011-04-18 19:25:10 ----A---- C:\WINDOWS\system32\aswBoot.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
R0 pxhelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2005-08-10 19968]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2007-04-02 639224]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-04-18 30680]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-04-18 25432]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-04-18 441176]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-04-18 307288]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-04-18 49240]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 SSHDRV85;SSHDRV85; \??\C:\WINDOWS\system32\drivers\SSHDRV85.sys []
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-04-18 19544]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-04-18 102488]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R2 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2009-11-16 50704]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-11-22 3804416]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 2bea50ff;2bea50ff; C:\WINDOWS\System32\drivers\2bea50ff.sys []
S3 a65xr5hu;a65xr5hu; C:\WINDOWS\system32\drivers\a65xr5hu.sys []
S3 aaudstum;aaudstum; \??\C:\DOCUME~1\pepa\LOCALS~1\Temp\aaudstum.sys []
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2004-10-15 15295]
S3 C-Dilla;C-Dilla; \??\C:\WINDOWS\system32\drivers\CDANT.SYS []
S3 CrystalSysInfo;CrystalSysInfo; \??\E:\MediaCoder 0.7.0.4399\SysInfo.sys []
S3 DrvAgent32;DrvAgent32; \??\C:\WINDOWS\system32\Drivers\DrvAgent32.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS []
S3 garenapengine;GarenaPEngine; \??\C:\DOCUME~1\pepa\LOCALS~1\Temp\FNR3EC.tmp []
S3 GPU-Z;GPU-Z; \??\C:\DOCUME~1\pepa\LOCALS~1\Temp\GPU-Z.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-05-12 25280]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-04-18 42184]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-12 57344]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-12-28 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-12-28 107832]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]

-----------------EOF-----------------

#3 Příspěvek od **motji** » 07 kvě 2011 18:13

Dobrý večer

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix

Kallerno · #4 Příspěvek od **Kallerno** » 07 kvě 2011 20:12

Výpis logu z ComboFixu:

ComboFix 11-05-06.05 - pepa 07.05.2011 21:03:49.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.745 [GMT 2:00]
Spuštěný z: c:\documents and settings\pepa\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\pepa\WINDOWS
c:\program files\INSTALL.LOG
c:\program files\outlook
c:\windows\system32\cmd.com
c:\windows\system32\netstat.com
c:\windows\system32\ping.com
c:\windows\system32\regedit.com
c:\windows\system32\tasklist.com
c:\windows\system32\tracert.com
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-07 do 2011-05-07 )))))))))))))))))))))))))))))))
.
.
2011-05-07 12:52 . 2011-05-07 12:52 -------- dc----w- C:\rsit
2011-05-07 12:52 . 2011-05-07 12:52 -------- d-----w- c:\program files\trend micro
2011-05-07 11:29 . 2011-05-07 11:29 -------- d-----w- c:\documents and settings\pepa\Data aplikací\Malwarebytes
2011-05-07 11:29 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-07 11:29 . 2011-05-07 11:29 -------- dc----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-05-07 11:29 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-07 08:54 . 2011-03-30 15:17 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-05-07 08:54 . 2011-03-01 12:25 34896 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-05-07 08:54 . 2011-02-22 06:13 22992 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-05-07 08:54 . 2011-02-10 05:54 296400 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-05-07 08:54 . 2011-02-10 05:53 27216 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-05-07 08:54 . 2011-02-10 05:53 24144 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2011-05-07 08:54 . 2011-01-19 02:32 32464 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-05-07 08:54 . 2011-01-07 04:41 248656 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-05-07 08:48 . 2011-05-07 08:55 -------- dc----w- c:\documents and settings\All Users\Data aplikací\MFAData
2011-05-04 14:51 . 2011-05-04 14:51 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2011-04-24 09:45 . 2011-04-24 09:45 -------- d-----w- c:\documents and settings\pepa\Data aplikací\Miranda
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
"{d3f4b70a-92e0-4393-a0f3-976d03b1ebf5}"= "c:\program files\Hunt_TB\tbHunt.dll" [2010-06-03 2736736]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
.
[HKEY_CLASSES_ROOT\clsid\{d3f4b70a-92e0-4393-a0f3-976d03b1ebf5}]
.
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2009-12-31 09:53 2349080 ----a-w- c:\program files\myBabylon_English\tbmyBa.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d3f4b70a-92e0-4393-a0f3-976d03b1ebf5}]
2010-06-03 16:24 2736736 ----a-w- c:\program files\Hunt_TB\tbHunt.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{d3f4b70a-92e0-4393-a0f3-976d03b1ebf5}"= "c:\program files\Hunt_TB\tbHunt.dll" [2010-06-03 2736736]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2009-12-31 2349080]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d3f4b70a-92e0-4393-a0f3-976d03b1ebf5}]
.
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{D3F4B70A-92E0-4393-A0F3-976D03B1EBF5}"= "c:\program files\Hunt_TB\tbHunt.dll" [2010-06-03 2736736]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{d3f4b70a-92e0-4393-a0f3-976d03b1ebf5}]
.
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"ICQ"="e:\icq7.4\ICQ.exe" [2011-04-03 119608]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-07 323392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="e:\quicktime-7_13\qttask.exe" [2008-01-31 385024]
"iTunesHelper"="j:\itunes + quicktime\iTunesHelper.exe" [2008-02-19 267048]
"DAEMON Tools"="c:\program files\DAEMON Tools-4_08\daemon.exe" [2006-11-12 157592]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2008-09-16 77824]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 86016]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"SoundMan"="SOUNDMAN.EXE" [2005-11-11 90112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"j:\\iTunes + QuickTime\\iTunes.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"i:\\World of Warcraft\\Launcher.exe"=
"i:\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"e:\\ICQ7.4\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2.4.2007 23:28 639224]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [16.11.2008 21:20 78848]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 18:33 50704]
S1 2bea50ff;2bea50ff;c:\windows\system32\drivers\2bea50ff.sys [9.6.2009 14:01 0]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [17.11.2010 0:31 247096]
S3 aaudstum;aaudstum;\??\c:\docume~1\pepa\LOCALS~1\Temp\aaudstum.sys --> c:\docume~1\pepa\LOCALS~1\Temp\aaudstum.sys [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [4.5.2011 16:51 23456]
S3 garenapengine;GarenaPEngine;\??\c:\docume~1\pepa\LOCALS~1\Temp\FNR3EC.tmp --> c:\docume~1\pepa\LOCALS~1\Temp\FNR3EC.tmp [?]
S3 GPU-Z;GPU-Z;\??\c:\docume~1\pepa\LOCALS~1\Temp\GPU-Z.sys --> c:\docume~1\pepa\LOCALS~1\Temp\GPU-Z.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
2011-05-07 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 13:23]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:18497
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &winamp search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - e:\icq7.4\ICQ.exe
Handler: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} - c:\program files\CentrumczToolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\pepa\Data aplikací\Mozilla\Firefox\Profiles\q3cpqyua.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.centrum.cz/index.php?toolbar=centrum-1.0.0&q=
FF - prefs.js: network.proxy.type - 2
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-doubleTwist - c:\program files\doubleTwist 2.0\DoubleTwist.DeviceHelper.exe
HKLM-Run-CorelDRAW Graphics Suite 11b - c:\program files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe
AddRemove-IL Download Manager - c:\program files\Image-Line\Downloader\uninstall.exe
AddRemove-Windows TaskAd - c:\program files\Windows TaskAd\WinTaskAd.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-07 21:08
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet014\Services\garenapengine]
"ImagePath"="\??\c:\docume~1\pepa\LOCALS~1\Temp\FNR3EC.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1417001333-573735546-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:0c,39,84,e8,09,0d,50,f2,ec,55,f9,9c,ba,01,7e,cd,3f,df,d4,63,0d,
e2,14,87,27,12,db,3c,a8,ec,5c,51,b6,95,4f,7b,af,d3,e6,5b,f2,2a,7f,94,fb,b6,\
"rkeysecu"=hex:39,8e,b4,03,43,b1,cb,7f,cd,57,48,f4,e3,f0,30,67
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
@="Uniscribe"
"ComponentID"="USP10"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="1,397,2406,1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
@="Vylepšené vytváření obsahu"
"ComponentID"="AdvAuth"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="6,0,2900,2180"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"Version"="6,0,2900,2180"
@="Microsoft Outlook Express 6"
"IsInstalled"=dword:00000001
"Locale"="cs"
"ComponentID"="MailNews"
"CloneUser"=dword:00000001
"StubPath"=expand:"\"%ProgramFiles%\\Outlook Express\\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"IsInstalled"=hex:01,00,00,00
"Version"="4,4,0,3400"
"Locale"="CS"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\msnetmtg.inf,NetMtg.Install.PerUser.NT"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
@="DirectShow"
"ComponentID"="activemovie"
"IsInstalled"=dword:00000001
"DontAsk"=dword:00000002
"Locale"="CS"
"Version"="11,0,5721,5145"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
@="DirectDrawEx"
"ComponentID"="DirectDrawEx"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,71,1113,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
@="Nápověda aplikace Internet Explorer"
"ComponentID"="HelpCont"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="6,0,2900,2180"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
@="Třídy DirectAnimation jazyka Java"
"ComponentID"="DAJava"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="6,00,01,0223"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"
"IsInstalled"=dword:00000001
"Locale"="CS"
"Version"="5,6,0,8820"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}]
@="Aktualizace zabezpečení systému Windows XP (KB923789)"
"IsInstalled"=dword:00000001
"Version"="6,0,88,0"
"ComponentID"="KB923789"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"KeyFileName"="c:\\Program Files\\Messenger\\msmsgs.exe"
@="Windows Messenger 4.7"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\msmsgs.inf,BLC.QuietInstall.PerUser"
"Locale"="CS"
"Version"="4,7,0,3000"
"IsInstalled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="5,00,2918,1900"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5F2F8173-BA5C-839E-7BA5-5DB559C4CC58}]
@="Microsoft Windows Media Player 6.4"
"ComponentID"="Microsoft Windows Media Player"
"IsInstalled"=dword:00000001
"Local"="EN"
"Version"="10,0,0,3646"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
@="Instalační nástroje aplikace Internet Explorer"
"ComponentID"="GenSetup"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="5,0,0,1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"Version"="6,0,2900,2180"
@="Vylepšení procházení"
"ComponentID"="ExtraPack"
"IsInstalled"=dword:00000001
"Locale"="*"
"KeyFileName"="c:\\WINDOWS\\system32\\msieftp.dll"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"DontAsk"=dword:00000002
"Locale"="CSY"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\wmp11.inf,PerUserStub"
"IsInstalled"=dword:00000001
"Version"="11,0,5721,5145"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{6E77F6EA-1D51-4DA4-04E5-0E28CFA2EA69}]
@="Datové vazby jazyka DHTML pro jazyk Java"
"ComponentID"="TridataJava"
"IsInstalled"=dword:00000001
"Local"="EN"
"Version"="4,7,0,0320"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
@="Přístup ke službě MSN"
"ComponentID"="MSN_Auth"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,9,9,2"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
"ComponentID"=".NETFramework"
@=".NET Framework"
"Locale"=""
"Version"="2,0,50727,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
"Version"="10,0,0,1"
@="Web Folders"
"Locale"="*"
"IsInstalled"=dword:00000001
"ComponentID"="WebFolders"
"StubPath"=""
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"Version"="6,0,2600,0000"
@="Adresář 6"
"IsInstalled"=dword:00000001
"Locale"="cs"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\\Outlook Express\\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{7F947BFE-C2DF-4779-9909-5BEE746BD0C4}]
"ComponentID"=".NETFramework"
"Locale"=""
"Version"="2,0,50727,1"
@=".NET Framework"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{8056AC9E-49C5-4375-9ADE-B2F862C9DF51}]
"IsInstalled"=dword:00000001
"ComponentID"="KB928365"
"Version"="2,0,50727"
@="Security Update for Microsoft .NET Framework 2.0 (KB928365)"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"Version"="6,0,2900,2180"
@="Aktualizace plochy systému Windows"
"ComponentID"="IE4Shell_NT"
"IsInstalled"=dword:00000001
"Locale"="cs"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"Version"="6,0,2900,2180"
@="Internet Explorer 6"
"ComponentID"="BASEIE40_W2K"
"IsInstalled"=dword:00000001
"Locale"="cs"
"StubPath"=expand:"%SystemRoot%\\system32\\ie4uinit.exe"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"DontAsk"=dword:00000002
"StubPath"="c:\\WINDOWS\\system32\\Rundll32.exe c:\\WINDOWS\\system32\\mscories.dll,Install"
"IsInstalled"=dword:00000001
"ComponentID"="DOTNETFRAMEWORKS"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
@="Datové vazby jazyka DHTML"
"ComponentID"="Tridata"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="5,5000,3130,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{967B098A-042D-4367-BAC9-8BC11684174F}]
"Locale"="*"
"IsInstalled"=dword:00000001
@="Security Update for Microsoft .NET Framework 2.0 (KB917283)"
"Version"="2,0,50727"
"ComponentID"="KB917283"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]
"Version"="6,0,2800,2180"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
@="Hlavní písma aplikace Internet Explorer"
"ComponentID"="Fontcore"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="1,00,0000,6"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
@="Plánovač úloh"
"ComponentID"="MSTASK"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,71,1968,1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"
"IsInstalled"=hex:01,00,00,00
"Version"="2,1,4026,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@="Adobe Flash Player"
"ComponentID"="Flash"
"IsInstalled"=hex:01,00,00,00
"Version"="10.0.12.36"
"Locale"="EN"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
@="Nápověda HTML"
"ComponentID"="HTMLHelp"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,74,9273,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
@="Active Directory Service Interface"
"ComponentID"="ADSI"
"IsInstalled"=hex:01,00,00,00
"Locale"="EN"
"Version"="5,0,00,0"
.
Celkový čas: 2011-05-07 21:10:14
ComboFix-quarantined-files.txt 2011-05-07 19:10
.
Před spuštěním: 1 184 632 832
Po spuštění: 1 359 130 624
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
Current=14 Default=14 Failed=13 LastKnownGood=15 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15
- - End Of File - - 8CD1F647D6BC7DB158D15E33F0BA7931

Kallerno · #5 Příspěvek od **Kallerno** » 08 kvě 2011 08:23

Problém furt přetrvává, nevím co s tím, přikládám 2 screeny.

http://imageshack.us/photo/my-images/810/screen1dy.png/

http://imageshack.us/photo/my-images/847/screen2es.png/

#6 Příspěvek od **motji** » 08 kvě 2011 09:39

To opravíme ručně, máte pozměněnou cestu k aktualizacím

.

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Folder::
c:\program files\Ask.com

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"=-
"{d3f4b70a-92e0-4393-a0f3-976d03b1ebf5}"=-
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[-HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[-HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[-HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[-HKEY_CLASSES_ROOT\clsid\{d3f4b70a-92e0-4393-a0f3-976d03b1ebf5}]
[-HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d3f4b70a-92e0-4393-a0f3-976d03b1ebf5}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{d3f4b70a-92e0-4393-a0f3-976d03b1ebf5}"=-
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"=-
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d3f4b70a-92e0-4393-a0f3-976d03b1ebf5}]
[-HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
"{D3F4B70A-92E0-4393-A0F3-976D03B1EBF5}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_CLASSES_ROOT\clsid\{d3f4b70a-92e0-4393-a0f3-976d03b1ebf5}]
[-HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"=-
"SunJavaUpdateSched"=-
"ISUSScheduler"=-
"ISUSPM Startup"=-

Driver::
2bea50ff
aaudstum

File::
c:\docume~1\pepa\LOCALS~1\Temp\aaudstum.sys
c:\windows\system32\drivers\2bea50ff.sys
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

DDS::
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://home.sweetim.com

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Kallerno · #7 Příspěvek od **Kallerno** » 08 kvě 2011 12:31

Výpis logu z ComboFixu II:

ComboFix 11-05-06.05 - pepa 08.05.2011 13:22:21.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.733 [GMT 2:00]
Spuštěný z: c:\documents and settings\pepa\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\pepa\Plocha\CFScript.txt
.
FILE ::
"c:\docume~1\pepa\LOCALS~1\Temp\aaudstum.sys"
"c:\windows\system32\drivers\2bea50ff.sys"
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_75.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\windows\system32\drivers\2bea50ff.sys
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AAUDSTUM
-------\Service_2bea50ff
-------\Service_aaudstum
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-08 do 2011-05-08 )))))))))))))))))))))))))))))))
.
.
2011-05-07 12:52 . 2011-05-07 12:52 -------- dc----w- C:\rsit
2011-05-07 12:52 . 2011-05-07 12:52 -------- d-----w- c:\program files\trend micro
2011-05-07 11:29 . 2011-05-07 11:29 -------- d-----w- c:\documents and settings\pepa\Data aplikací\Malwarebytes
2011-05-07 11:29 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-07 11:29 . 2011-05-07 11:29 -------- dc----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-05-07 11:29 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-07 08:54 . 2011-03-30 15:17 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-05-07 08:54 . 2011-03-01 12:25 34896 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-05-07 08:54 . 2011-02-22 06:13 22992 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-05-07 08:54 . 2011-02-10 05:54 296400 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-05-07 08:54 . 2011-02-10 05:53 27216 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-05-07 08:54 . 2011-02-10 05:53 24144 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2011-05-07 08:54 . 2011-01-19 02:32 32464 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-05-07 08:54 . 2011-01-07 04:41 248656 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-05-04 14:51 . 2011-05-04 14:51 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2011-04-24 09:45 . 2011-04-24 09:45 -------- d-----w- c:\documents and settings\pepa\Data aplikací\Miranda
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-07_19.08.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-30 14:45 . 2008-09-30 14:45 91656 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2005-05-26 02:16 . 2009-08-06 17:24 44768 c:\windows\system32\wups2.dll
+ 2007-04-02 16:29 . 2009-08-06 17:24 35552 c:\windows\system32\wups.dll
+ 2007-04-02 16:29 . 2009-08-06 17:24 53472 c:\windows\system32\wuauclt.exe
+ 2009-06-02 12:44 . 2007-07-27 07:41 16760 c:\windows\system32\spmsg.dll
+ 2011-05-08 06:55 . 2009-08-06 17:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2011-05-08 06:55 . 2009-08-06 17:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2007-04-02 16:29 . 2009-08-06 17:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2007-04-02 16:29 . 2009-08-06 17:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-17 13:49 . 2009-08-06 17:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2004-08-17 13:49 . 2009-08-06 17:24 96480 c:\windows\system32\cdm.dll
+ 2011-05-08 06:59 . 2011-05-08 06:59 32768 c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2007-01-04 11:52 . 2008-02-17 02:33 358912 c:\windows\system32\xpsp3res.dll
+ 2007-04-02 16:29 . 2009-08-06 17:24 209632 c:\windows\system32\wuweb.dll
+ 2007-04-02 16:29 . 2009-08-06 17:24 327896 c:\windows\system32\wucltui.dll
+ 2007-04-02 16:29 . 2009-08-06 17:23 575704 c:\windows\system32\wuapi.dll
+ 2006-10-18 19:47 . 2008-06-24 16:12 295936 c:\windows\system32\wmpeffects.dll
- 2006-10-18 19:47 . 2006-10-18 19:47 295936 c:\windows\system32\wmpeffects.dll
+ 2004-08-17 13:49 . 2008-06-18 03:03 938496 c:\windows\system32\WMNetmgr.dll
- 2004-08-17 13:49 . 2006-10-18 18:03 100864 c:\windows\system32\logagent.exe
+ 2004-08-17 13:49 . 2008-06-17 23:09 100864 c:\windows\system32\logagent.exe
+ 2007-04-02 16:29 . 2009-08-06 17:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2007-04-02 16:29 . 2009-08-06 17:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2007-04-02 16:29 . 2009-08-06 17:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2007-04-02 16:27 . 2008-04-21 21:28 216576 c:\windows\system32\dllcache\wordpad.exe
+ 2004-08-17 13:49 . 2008-06-18 03:03 938496 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2004-08-17 13:49 . 2007-06-27 13:31 317952 c:\windows\system32\dllcache\unregmp2.exe
+ 2004-08-17 13:49 . 2008-06-17 23:09 100864 c:\windows\system32\dllcache\logagent.exe
- 2004-08-17 13:49 . 2006-10-18 18:03 100864 c:\windows\system32\dllcache\logagent.exe
+ 2011-05-08 06:59 . 2011-05-08 06:59 432640 c:\windows\Installer\685f6.msi
+ 2004-08-17 13:49 . 2007-06-27 13:31 317952 c:\windows\inf\unregmp2.exe
+ 2008-09-30 14:42 . 2008-09-30 14:42 1286152 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2007-04-02 16:29 . 2009-08-06 17:23 1929952 c:\windows\system32\wuaueng.dll
+ 2004-08-17 13:49 . 2008-06-18 03:03 2458112 c:\windows\system32\WMVCore.dll
+ 2008-09-30 14:43 . 2008-09-30 14:43 1286152 c:\windows\system32\msxml4.dll
+ 2007-04-02 16:29 . 2009-08-06 17:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2004-08-17 13:49 . 2008-06-18 03:03 2458112 c:\windows\system32\dllcache\WMVCore.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="e:\quicktime-7_13\qttask.exe" [2008-01-31 385024]
"DAEMON Tools"="c:\program files\DAEMON Tools-4_08\daemon.exe" [2006-11-12 157592]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 86016]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"SoundMan"="SOUNDMAN.EXE" [2005-11-11 90112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"j:\\iTunes + QuickTime\\iTunes.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"i:\\World of Warcraft\\Launcher.exe"=
"i:\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"e:\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2.4.2007 23:28 639224]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [16.11.2008 21:20 78848]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [17.11.2010 0:31 247608]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 18:33 50704]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [4.5.2011 16:51 23456]
S3 garenapengine;GarenaPEngine;\??\c:\docume~1\pepa\LOCALS~1\Temp\FNR3EC.tmp --> c:\docume~1\pepa\LOCALS~1\Temp\FNR3EC.tmp [?]
S3 GPU-Z;GPU-Z;\??\c:\docume~1\pepa\LOCALS~1\Temp\GPU-Z.sys --> c:\docume~1\pepa\LOCALS~1\Temp\GPU-Z.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:18497
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &winamp search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - e:\icq7.5\ICQ.exe
Handler: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} - c:\program files\CentrumczToolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\pepa\Data aplikací\Mozilla\Firefox\Profiles\q3cpqyua.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF - prefs.js: network.proxy.type - 2
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-ICQ - e:\icq7.4\ICQ.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-08 13:28
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet014\Services\garenapengine]
"ImagePath"="\??\c:\docume~1\pepa\LOCALS~1\Temp\FNR3EC.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1417001333-573735546-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:0c,39,84,e8,09,0d,50,f2,ec,55,f9,9c,ba,01,7e,cd,3f,df,d4,63,0d,
e2,14,87,27,12,db,3c,a8,ec,5c,51,b6,95,4f,7b,af,d3,e6,5b,f2,2a,7f,94,fb,b6,\
"rkeysecu"=hex:39,8e,b4,03,43,b1,cb,7f,cd,57,48,f4,e3,f0,30,67
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3100)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-05-08 13:30:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-05-08 11:30
ComboFix2.txt 2011-05-07 19:10
.
Před spuštěním: 1 162 682 368
Po spuštění: 1 102 442 496
.
Current=14 Default=14 Failed=13 LastKnownGood=15 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15
- - End Of File - - 26A6980E57BEF060F3DE94F9C598B07F

#8 Příspěvek od **motji** » 08 kvě 2011 13:42

Fajn, jak to vypadá s počítačem?

Start - spustit - do okénka napište
regedit
enter

Najďěte složky BITS a wuauserv (u všech klíčů), klikněte na ně pravým tlačítkem myši, vyberte možnost "Oprávnění". Dejte povolit u všeho .

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services (BITS and Wuauserv)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services (BITS and Wuauserv)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services (BITS and Wuauserv)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services (BITS and Wuauserv)

Zkuste u těchto klíčů přepsat hodnotu ImagePathz fystemroot na %SystemRoot%
-pak zkuste zda fungují aktualizace

Kallerno · #9 Příspěvek od **Kallerno** » 08 kvě 2011 18:07

Zasekávání přetrvává, ale né tolik jako předtím.

ok, jdu na to...zatím přikládám další ComboFix log:

ComboFix 11-05-06.05 - pepa 08.05.2011 18:45:05.3.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.839 [GMT 2:00]
Spuštěný z: c:\documents and settings\pepa\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-08 do 2011-05-08 )))))))))))))))))))))))))))))))
.
.
2011-05-08 16:02 . 2008-08-19 00:18 77824 ----a-w- c:\windows\system32\fmcodec.DLL
2011-05-07 12:52 . 2011-05-07 12:52 -------- d-----w- c:\program files\trend micro
2011-05-07 11:29 . 2011-05-07 11:29 -------- d-----w- c:\documents and settings\pepa\Data aplikací\Malwarebytes
2011-05-07 11:29 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-07 11:29 . 2011-05-07 11:29 -------- dc----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-05-07 11:29 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-07 08:54 . 2011-03-30 15:17 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-05-07 08:54 . 2011-03-01 12:25 34896 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-05-07 08:54 . 2011-02-22 06:13 22992 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-05-07 08:54 . 2011-02-10 05:54 296400 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-05-07 08:54 . 2011-02-10 05:53 27216 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-05-07 08:54 . 2011-02-10 05:53 24144 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2011-05-07 08:54 . 2011-01-19 02:32 32464 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-05-07 08:54 . 2011-01-07 04:41 248656 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-05-04 14:51 . 2011-05-04 14:51 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2011-04-24 09:45 . 2011-04-24 09:45 -------- d-----w- c:\documents and settings\pepa\Data aplikací\Miranda
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-07_19.08.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-30 14:45 . 2008-09-30 14:45 91656 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2005-05-26 02:16 . 2009-08-06 17:24 44768 c:\windows\system32\wups2.dll
+ 2007-04-02 16:29 . 2009-08-06 17:24 35552 c:\windows\system32\wups.dll
+ 2007-04-02 16:29 . 2009-08-06 17:24 53472 c:\windows\system32\wuauclt.exe
+ 2009-06-02 12:44 . 2007-07-27 07:41 16760 c:\windows\system32\spmsg.dll
+ 2011-05-08 06:55 . 2009-08-06 17:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2011-05-08 06:55 . 2009-08-06 17:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2007-04-02 16:29 . 2009-08-06 17:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2007-04-02 16:29 . 2009-08-06 17:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-17 13:49 . 2009-08-06 17:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2004-08-17 13:49 . 2009-08-06 17:24 96480 c:\windows\system32\cdm.dll
+ 2011-05-08 06:59 . 2011-05-08 06:59 32768 c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2007-01-04 11:52 . 2008-02-17 02:33 358912 c:\windows\system32\xpsp3res.dll
+ 2007-04-02 16:29 . 2009-08-06 17:24 209632 c:\windows\system32\wuweb.dll
+ 2007-04-02 16:29 . 2009-08-06 17:24 327896 c:\windows\system32\wucltui.dll
+ 2007-04-02 16:29 . 2009-08-06 17:23 575704 c:\windows\system32\wuapi.dll
+ 2006-10-18 19:47 . 2008-06-24 16:12 295936 c:\windows\system32\wmpeffects.dll
- 2006-10-18 19:47 . 2006-10-18 19:47 295936 c:\windows\system32\wmpeffects.dll
+ 2004-08-17 13:49 . 2008-06-18 03:03 938496 c:\windows\system32\WMNetmgr.dll
- 2004-08-17 13:49 . 2006-10-18 18:03 100864 c:\windows\system32\logagent.exe
+ 2004-08-17 13:49 . 2008-06-17 23:09 100864 c:\windows\system32\logagent.exe
+ 2007-04-02 16:29 . 2009-08-06 17:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2007-04-02 16:29 . 2009-08-06 17:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2007-04-02 16:29 . 2009-08-06 17:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2007-04-02 16:27 . 2008-04-21 21:28 216576 c:\windows\system32\dllcache\wordpad.exe
+ 2004-08-17 13:49 . 2008-06-18 03:03 938496 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2004-08-17 13:49 . 2007-06-27 13:31 317952 c:\windows\system32\dllcache\unregmp2.exe
+ 2004-08-17 13:49 . 2008-06-17 23:09 100864 c:\windows\system32\dllcache\logagent.exe
- 2004-08-17 13:49 . 2006-10-18 18:03 100864 c:\windows\system32\dllcache\logagent.exe
+ 2011-05-08 06:59 . 2011-05-08 06:59 432640 c:\windows\Installer\685f6.msi
+ 2004-08-17 13:49 . 2007-06-27 13:31 317952 c:\windows\inf\unregmp2.exe
+ 2008-09-30 14:42 . 2008-09-30 14:42 1286152 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2007-04-02 16:29 . 2009-08-06 17:23 1929952 c:\windows\system32\wuaueng.dll
+ 2004-08-17 13:49 . 2008-06-18 03:03 2458112 c:\windows\system32\WMVCore.dll
+ 2008-09-30 14:43 . 2008-09-30 14:43 1286152 c:\windows\system32\msxml4.dll
+ 2007-04-02 16:29 . 2009-08-06 17:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2004-08-17 13:49 . 2008-06-18 03:03 2458112 c:\windows\system32\dllcache\WMVCore.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="e:\quicktime-7_13\qttask.exe" [2008-01-31 385024]
"DAEMON Tools"="c:\program files\DAEMON Tools-4_08\daemon.exe" [2006-11-12 157592]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 86016]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"SoundMan"="SOUNDMAN.EXE" [2005-11-11 90112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"j:\\iTunes + QuickTime\\iTunes.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"i:\\World of Warcraft\\Launcher.exe"=
"i:\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"e:\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2.4.2007 23:28 639224]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [16.11.2008 21:20 78848]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [17.11.2010 0:31 247608]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 18:33 50704]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [4.5.2011 16:51 23456]
S3 garenapengine;GarenaPEngine;\??\c:\docume~1\pepa\LOCALS~1\Temp\FNR3EC.tmp --> c:\docume~1\pepa\LOCALS~1\Temp\FNR3EC.tmp [?]
S3 GPU-Z;GPU-Z;\??\c:\docume~1\pepa\LOCALS~1\Temp\GPU-Z.sys --> c:\docume~1\pepa\LOCALS~1\Temp\GPU-Z.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7.5.2011 13:29 38224]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com?o=102352&l=dis
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &winamp search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - e:\icq7.5\ICQ.exe
Handler: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} - c:\program files\CentrumczToolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\pepa\Data aplikací\Mozilla\Firefox\Profiles\q3cpqyua.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF - prefs.js: network.proxy.type - 2
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-08 18:58
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet019\Services\garenapengine]
"ImagePath"="\??\c:\docume~1\pepa\LOCALS~1\Temp\FNR3EC.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1417001333-573735546-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:0c,39,84,e8,09,0d,50,f2,ec,55,f9,9c,ba,01,7e,cd,3f,df,d4,63,0d,
e2,14,87,27,12,db,3c,a8,ec,5c,51,b6,95,4f,7b,af,d3,e6,5b,f2,2a,7f,94,fb,b6,\
"rkeysecu"=hex:39,8e,b4,03,43,b1,cb,7f,cd,57,48,f4,e3,f0,30,67
.
Celkový čas: 2011-05-08 19:00:19
ComboFix-quarantined-files.txt 2011-05-08 17:00
ComboFix2.txt 2011-05-07 19:10
.
Před spuštěním: 1 171 169 280
Po spuštění: 1 170 599 936
.
- - End Of File - - 670C9B5D66631A9316FF05CD40A1BB29

Kallerno · #10 Příspěvek od **Kallerno** » 08 kvě 2011 18:18

Nevím proč, ale ani jedna z těch hodnot nelze přepsat.''Při zápisu obsahu hodnoty došlo k chybě''.

Kallerno · #11 Příspěvek od **Kallerno** » 08 kvě 2011 18:25

Bingo! Už mě to jde přepisovat.Btw - automatické aktualizace se mě stahují, takže se zdá, že to šlape jak má

#12 Příspěvek od **motji** » 08 kvě 2011 18:40

A co to zasekávání?

Kallerno · #13 Příspěvek od **Kallerno** » 08 kvě 2011 18:42

Jakmile dostahuju aktualizace, tak projedu celý PC programem ''Malwarebytes' Anti-Malware'' a pročistím to pomocí něj, možná v PC je ještě nějakej zbytek viru a ten jednou za čas sekne PC.

#14 Příspěvek od **motji** » 08 kvě 2011 18:47

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.

***********

Stáhněte T-Cleaner
http://tharifas.sweb.cz/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir

***********

Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

Obrázek

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

Obrázek

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy

ok

zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.

***********

Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech

***********

Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?

Kallerno · #15 Příspěvek od **Kallerno** » 08 kvě 2011 19:47

Log z RSIT:

Logfile of random's system information tool 1.08 (written by random/random)
Run by pepa at 2011-05-08 20:44:55
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 1 GB (22%) free of 6 GB
Total RAM: 1023 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:45:01, on 8.5.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\KB905474\wgasetup.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\KB905474\wgasetup.exe
E:\QuickTime-7_13\qttask.exe
C:\Program Files\DAEMON Tools-4_08\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Mozilla Firefox\firefox.exe
D:\Mozilla Firefox\plugin-container.exe
E:\RSIT.exe
C:\Program Files\trend micro\pepa.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=102352&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: CentrumczToolbar BHO - {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: CentrumczToolbar BHO - {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Lišta Centrum.cz Toolbar - {D5D47440-0750-463D-BAEF-A47D02414806} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "E:\QuickTime-7_13\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools-4_08\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &winamp search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - E:\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - E:\ICQ7.5\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) - Unknown owner - C:\WINDOWS
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS

--
End of file - 6552 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-05-12 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25cee8ec-5730-41bc-8b58-22ddc8ab8c20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A}]
CentrumczToolbar BHO - C:\Program Files\CentrumczToolbar\IEToolbar.dll [2010-03-26 1286448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2008-09-16 501384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-11-21 1054520]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888]
{D5D47440-0750-463D-BAEF-A47D02414806} - Lišta Centrum.cz Toolbar - C:\Program Files\CentrumczToolbar\IEToolbar.dll [2010-03-26 1286448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=E:\QuickTime-7_13\qttask.exe [2008-02-01 385024]
"DAEMON Tools"=C:\Program Files\DAEMON Tools-4_08\daemon.exe [2006-11-12 157592]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
"nwiz"=nwiz.exe /install []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-11-11 90112]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"J:\iTunes + QuickTime\iTunes.exe"="J:\iTunes + QuickTime\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"I:\World of Warcraft\Launcher.exe"="I:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"I:\World of Warcraft\Repair.exe"="I:\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"E:\ICQ7.5\ICQ.exe"="E:\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\ICQ7.5\ICQ.exe"="E:\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"

======File associations======

.scr - open -
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2011-05-08 20:44:56 ----D---- C:\Program Files\trend micro
2011-05-08 20:44:55 ----DC---- C:\rsit
2011-05-08 19:53:22 ----SHDC---- C:\RECYCLER
2011-05-08 19:48:36 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2011-05-08 19:48:29 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2011-05-08 19:48:23 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2011-05-08 19:48:17 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2011-05-08 19:48:01 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2011-05-08 19:47:54 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2011-05-08 19:47:48 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2011-05-08 19:47:44 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2011-05-08 19:47:38 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2011-05-08 19:47:32 ----HDC---- C:\WINDOWS\$NtUninstallKB981350$
2011-05-08 19:47:25 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2011-05-08 19:47:22 ----D---- C:\WINDOWS\system32\KB905474
2011-05-08 19:47:09 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2011-05-08 19:47:03 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2011-05-08 19:46:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2011-05-08 19:45:32 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2011-05-08 19:45:27 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2011-05-08 19:45:21 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2011-05-08 19:45:15 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2011-05-08 19:45:08 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2011-05-08 19:45:02 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2011-05-08 19:44:56 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2011-05-08 19:44:50 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2011-05-08 19:44:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2011-05-08 19:44:23 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2011-05-08 19:44:18 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2011-05-08 19:44:08 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2011-05-08 19:44:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2011-05-08 19:43:56 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2011-05-08 19:43:45 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2011-05-08 19:43:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2011-05-08 19:43:30 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2011-05-08 19:43:24 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2011-05-08 19:43:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2011-05-08 19:43:11 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2011-05-08 19:43:05 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2011-05-08 19:39:49 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2011-05-08 19:39:45 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2011-05-08 19:39:39 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2011-05-08 19:39:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2011-05-08 19:39:18 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2011-05-08 19:39:11 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2011-05-08 19:38:52 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2011-05-08 19:38:44 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2011-05-08 19:38:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2011-05-08 19:38:30 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2011-05-08 19:38:24 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2011-05-08 19:38:19 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2011-05-08 19:38:14 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2011-05-08 19:38:10 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2011-05-08 19:38:05 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2011-05-08 19:37:58 ----D---- C:\WINDOWS\ServicePackFiles
2011-05-08 19:37:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2011-05-08 19:37:51 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2011-05-08 19:37:46 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2011-05-08 19:37:40 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2011-05-08 19:37:31 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2011-05-08 19:37:25 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2011-05-08 19:37:20 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2011-05-08 19:37:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2011-05-08 19:36:57 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$
2011-05-08 19:36:44 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2011-05-08 19:36:36 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2011-05-08 19:00:21 ----D---- C:\WINDOWS\temp
2011-05-08 18:02:51 ----A---- C:\WINDOWS\system32\fmcodec.DLL
2011-05-08 09:05:08 ----N---- C:\WINDOWS\system32\browserchoice.exe
2011-05-08 09:00:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2011-05-08 09:00:23 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2011-05-08 08:59:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2011-05-08 08:58:36 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2011-05-07 21:03:02 ----AC---- C:\Boot.bak
2011-05-07 21:02:59 ----RASHDC---- C:\cmdcons
2011-05-07 13:29:22 ----D---- C:\Documents and Settings\pepa\Data aplikací\Malwarebytes
2011-05-07 13:29:09 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-05-07 13:29:07 ----DC---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-05-07 13:29:02 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-05-07 10:54:59 ----A---- C:\WINDOWS\system32\drivers\avgtdix.sys
2011-05-07 10:54:59 ----A---- C:\WINDOWS\system32\drivers\avgmfx86.sys
2011-05-07 10:54:59 ----A---- C:\WINDOWS\system32\drivers\AVGIDSShim.sys
2011-05-07 10:54:59 ----A---- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys
2011-05-07 10:54:59 ----A---- C:\WINDOWS\system32\drivers\AVGIDSEH.sys
2011-05-07 10:54:59 ----A---- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys
2011-05-07 10:54:57 ----A---- C:\WINDOWS\system32\drivers\avgrkx86.sys
2011-05-07 10:54:57 ----A---- C:\WINDOWS\system32\drivers\avgldx86.sys
2011-05-05 17:57:46 ----D---- C:\WINDOWS\pss
2011-05-04 16:51:57 ----A---- C:\WINDOWS\system32\drivers\DrvAgent32.sys
2011-04-24 11:45:28 ----D---- C:\Documents and Settings\pepa\Data aplikací\Miranda

======List of files/folders modified in the last 1 months======

2011-05-08 20:44:56 ----D---- C:\Program Files
2011-05-08 20:44:26 ----D---- C:\WINDOWS\Prefetch
2011-05-08 20:43:04 ----D---- C:\Documents and Settings\pepa\Data aplikací\Skype
2011-05-08 20:42:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-05-08 20:40:10 ----D---- C:\WINDOWS
2011-05-08 20:37:20 ----SHD---- C:\WINDOWS\system32
2011-05-08 20:37:19 ----SHD---- C:\WINDOWS\Installer
2011-05-08 20:35:17 ----D---- C:\Documents and Settings\pepa\Data aplikací\Winamp
2011-05-08 20:34:58 ----D---- C:\WINDOWS\Debug
2011-05-08 20:30:14 ----SHD---- C:\System Volume Information
2011-05-08 20:30:14 ----D---- C:\WINDOWS\system32\Restore
2011-05-08 20:28:44 ----D---- C:\WINDOWS\system32\drivers
2011-05-08 19:57:15 ----D---- C:\Documents and Settings\pepa\Data aplikací\TS3Client
2011-05-08 19:54:08 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-05-08 19:49:36 ----D---- C:\WINDOWS\system32\wbem
2011-05-08 19:49:36 ----D---- C:\WINDOWS\AppPatch
2011-05-08 19:49:35 ----D---- C:\WINDOWS\system32\Setup
2011-05-08 19:48:38 ----HD---- C:\WINDOWS\inf
2011-05-08 19:48:37 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-05-08 19:48:22 ----D---- C:\WINDOWS\system32\CatRoot2
2011-05-08 19:48:17 ----HD---- C:\WINDOWS\$hf_mig$
2011-05-08 19:47:54 ----D---- C:\WINDOWS\WinSxS
2011-05-08 19:47:22 ----SD---- C:\WINDOWS\Tasks
2011-05-08 19:44:10 ----D---- C:\Program Files\Movie Maker
2011-05-08 19:38:32 ----D---- C:\Program Files\Outlook Express
2011-05-08 19:37:04 ----D---- C:\Program Files\Internet Explorer
2011-05-08 19:32:00 ----D---- C:\WINDOWS\SoftwareDistribution
2011-05-08 18:58:11 ----AC---- C:\WINDOWS\system.ini
2011-05-08 18:54:44 ----D---- C:\Program Files\Common Files
2011-05-08 18:27:17 ----SHD---- C:\WINDOWS\CSC
2011-05-08 14:31:51 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-05-08 13:59:37 ----D---- C:\Documents and Settings\pepa\Data aplikací\ICQ
2011-05-08 13:27:40 ----D---- C:\WINDOWS\system32\drivers\etc
2011-05-08 13:27:23 ----D---- C:\Program Files\ICQ6Toolbar
2011-05-08 13:26:44 ----D---- C:\Documents and Settings\pepa\Data aplikací\DNA
2011-05-08 13:26:38 ----D---- C:\WINDOWS\system32\config
2011-05-08 09:09:42 ----HD---- C:\Program Files\InstallShield Installation Information
2011-05-08 09:09:39 ----DC---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2011-05-08 09:06:57 ----D---- C:\Program Files\DNA
2011-05-08 08:55:08 ----D---- C:\WINDOWS\Help
2011-05-07 21:03:02 ----RASHC---- C:\boot.ini
2011-05-07 14:11:22 ----HDC---- C:\WINDOWS\$NtUninstallKB937143$
2011-05-07 13:21:44 ----A---- C:\WINDOWS\win.ini
2011-05-07 12:44:35 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2011-05-07 11:56:25 ----D---- C:\WINDOWS\Registration
2011-05-03 19:34:43 ----D---- C:\Program Files\Common Files\Designer
2011-05-03 19:34:43 ----D---- C:\Program Files\Common Files\Autodesk Shared
2011-05-03 19:14:15 ----D---- C:\Documents and Settings\pepa\Data aplikací\Hamachi
2011-05-03 14:33:45 ----AC---- C:\WINDOWS\NeroDigital.ini
2011-04-18 15:46:44 ----AC---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
R0 pxhelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2005-08-10 19968]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2007-04-02 639224]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 SSHDRV85;SSHDRV85; \??\C:\WINDOWS\system32\drivers\SSHDRV85.sys []
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R2 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2009-11-16 50704]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-11-22 3804416]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 algtpcr6;algtpcr6; C:\WINDOWS\system32\drivers\algtpcr6.sys []
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2004-10-15 15295]
S3 C-Dilla;C-Dilla; \??\C:\WINDOWS\system32\drivers\CDANT.SYS []
S3 CrystalSysInfo;CrystalSysInfo; \??\E:\MediaCoder 0.7.0.4399\SysInfo.sys []
S3 DrvAgent32;DrvAgent32; \??\C:\WINDOWS\system32\Drivers\DrvAgent32.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS []
S3 garenapengine;GarenaPEngine; \??\C:\DOCUME~1\pepa\LOCALS~1\Temp\FNR3EC.tmp []
S3 GPU-Z;GPU-Z; \??\C:\DOCUME~1\pepa\LOCALS~1\Temp\GPU-Z.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-05-12 25280]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-12 57344]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-12-28 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-12-28 107832]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]

-----------------EOF-----------------

Zdá se, že je už vše v pořádku.Jen při každém vypnutí a zapnutí popř.restartu se mě ukáže tabulka ''Windows Genuine Advantage Notifications - Průvodce instalací'' Jak jí zakážu, aby se mě nezobrazovala?

VIRY.CZ

MBAM - Hijack.WindowsUpdates

MBAM - Hijack.WindowsUpdates

Re: MBAM - Hijack.WindowsUpdates

Re: MBAM - Hijack.WindowsUpdates

Re: MBAM - Hijack.WindowsUpdates

Re: MBAM - Hijack.WindowsUpdates

Re: MBAM - Hijack.WindowsUpdates

Re: MBAM - Hijack.WindowsUpdates

Re: MBAM - Hijack.WindowsUpdates

Re: MBAM - Hijack.WindowsUpdates

Re: MBAM - Hijack.WindowsUpdates

Re: MBAM - Hijack.WindowsUpdates

Re: MBAM - Hijack.WindowsUpdates

Re: MBAM - Hijack.WindowsUpdates

Re: MBAM - Hijack.WindowsUpdates

Re: MBAM - Hijack.WindowsUpdates