Po aktualizaci a restartu se nespouští rezidentní ochrana

Zpráva

jenr · #1 Příspěvek od **jenr** » 16 čer 2011 21:33

Ahoj, dnes se mi ukázal na obrazovce dialog s požadavkem na restart, po kterém by se měli projevit změny vyvolané aktualizací, která se tvářila tak, že pochází od MS, ale já mám dojem, že od MS není, protože po restartu se mi už nespouští rezidentní ochrana antiviru. Můžete mi prosím kouknout na log a pomoct vyřešit tenhle problém? Děkuji

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:32:55, on 16.6.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\WINDOWS\system32\bcd2kcpan.exe
D:\Program Files\Eset\nod32kui.exe
D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
D:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
D:\Program Files\Logitech\Vid HD\Vid.exe
D:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
D:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
D:\Program Files\SEC\Natural Color Pro\NCProTray.exe
D:\Program Files\MagicTune Premium\GammaTray.exe
D:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
D:\Program Files\ICQ6Toolbar\ICQ Service.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
D:\Program Files\mediaUMercury\mediaUService.exe
D:\Program Files\MagicTune Premium\MagicTuneEngine.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\System32\svchost.exe
D:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\MagicTune Premium\MagicTune.exe
D:\Documents and Settings\JENR\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\JENR\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\JENR\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\JENR\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Program Files\FreeCommander\FreeCommander.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] D:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [BCD2000] %SystemRoot%\system32\bcd2kcpan.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NVMixerTray] "D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [UpdateReminder] D:\Program Files\Eset\UpdateReminder.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LWS] D:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\JENR\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Logitech Vid] "D:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = D:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
O4 - Global Startup: NCProTray.lnk = ?
O4 - Global Startup: GammaTray.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/conte ... ite_EN.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ ... 2964698125
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2961764250
O16 - DPF: {813A45F9-744F-435F-A815-19E2DF35A9D8} (O2C-Player - area constructor view (ELECO Software GmbH)) - http://www.o2c.de/download/o2cplayerac.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D6526FE0-E651-11CF-99CB-00C04FD64497} (Microsoft MSChat Control Object) - http://fdl.msn.com/public/oc/mschatocx.cab
O16 - DPF: {F680B28A-3AEE-4C88-93ED-45AE9215C128} (CryptSignX Control) - http://adisepo.mfcr.cz/adistc/adis/idpr ... x_1015.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05C0FDF5-7721-480D-B402-5BF677F7A268}: NameServer = 66.92.159.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{42916D92-E6AB-4F21-9A06-5B47493B9506}: NameServer = 66.92.159.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{46A39827-FA09-4C43-A008-0A7DB3C11CEE}: NameServer = 66.92.159.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D50BA16-8F73-49C5-AF88-BA85BC6E9E42}: NameServer = 66.92.159.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{97E30DC2-49BB-47ED-8674-4648B72EB350}: NameServer = 66.92.159.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA11AE53-CC07-4122-A1F4-318CD4412A2D}: NameServer = 66.92.159.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{D16E09A8-5F7A-437A-BBDB-A62727EC5BE0}: NameServer = 66.92.159.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{F747B1DD-000A-4D9D-961A-6C5DD88351E1}: NameServer = 66.92.159.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{05C0FDF5-7721-480D-B402-5BF677F7A268}: NameServer = 66.92.159.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - D:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - D:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: magicService - Unknown owner - D:\Program Files\mediaUMercury\mediaUService.exe
O23 - Service: MagicTuneEngine - Unknown owner - D:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O24 - Desktop Component 0: (no name) - http://www.cykloshop.cz/nikita2/img/200 ... /maxis.jpg

--
End of file - 12078 bytes

chodnik74 · #2 Příspěvek od **chodnik74** » 16 čer 2011 21:40

Dobrý den

a divíte se? když máte nelegální ESET?

jenr · #3 Příspěvek od **jenr** » 17 čer 2011 07:22

To ale neřeší můj problém s virem, který se mi usadil v OS a dost možná to nemá ani souvislost, když nainstaluji AVG free nebo Avast free, dopadnu zřejmě obdobně.

chodnik74 · #4 Příspěvek od **chodnik74** » 17 čer 2011 07:23

Přečtěte si pravidla fora v mém podpisu

tuvok07 · #5 Příspěvek od **tuvok07** » 17 čer 2011 13:06

Když nainstalujete Avast nebo Aviru, podobně NEDOPADNETE, protože cinknutý NOD je daleko zranitelnější, než legální.

jenr · #6 Příspěvek od **jenr** » 17 čer 2011 17:43

Myslel sem to spíš tak, že když už mám infekci, která vyřadí antivir, nainstalovanou, tak je dost možný, že nepůjde instalovat ani jiný antivirový software a tím pádem budu stejně bez rezidentní ochrany.
Ale už se mi povedlo nainstalovat Avast, takže to po kontrole (našel a odstranil 2 nakažené soubory) vypadá myslím dobře, ale úplně jistý si nejsem, takže jestli by jste mě mohli opravit, pokud se mýlím. Díky.

Tady je nový log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:44:56, on 17.6.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\AVAST Software\Avast\AvastSvc.exe
D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\WINDOWS\system32\bcd2kcpan.exe
D:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
D:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
D:\Program Files\AVAST Software\Avast\avastUI.exe
D:\Program Files\Logitech\Vid HD\Vid.exe
D:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
D:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
D:\Program Files\SEC\Natural Color Pro\NCProTray.exe
D:\Program Files\MagicTune Premium\GammaTray.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
D:\Program Files\ICQ6Toolbar\ICQ Service.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
D:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
D:\Program Files\mediaUMercury\mediaUService.exe
D:\Program Files\MagicTune Premium\MagicTuneEngine.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\MagicTune Premium\MagicTune.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Documents and Settings\JENR\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\JENR\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\JENR\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\JENR\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\JENR\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] D:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [BCD2000] %SystemRoot%\system32\bcd2kcpan.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NVMixerTray] "D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LWS] D:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast] "D:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Logitech Vid] "D:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = D:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
O4 - Global Startup: NCProTray.lnk = ?
O4 - Global Startup: GammaTray.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/conte ... ite_EN.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ ... 2964698125
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2961764250
O16 - DPF: {813A45F9-744F-435F-A815-19E2DF35A9D8} (O2C-Player - area constructor view (ELECO Software GmbH)) - http://www.o2c.de/download/o2cplayerac.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D6526FE0-E651-11CF-99CB-00C04FD64497} (Microsoft MSChat Control Object) - http://fdl.msn.com/public/oc/mschatocx.cab
O16 - DPF: {F680B28A-3AEE-4C88-93ED-45AE9215C128} (CryptSignX Control) - http://adisepo.mfcr.cz/adistc/adis/idpr ... x_1015.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05C0FDF5-7721-480D-B402-5BF677F7A268}: NameServer = 66.92.159.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{42916D92-E6AB-4F21-9A06-5B47493B9506}: NameServer = 66.92.159.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{46A39827-FA09-4C43-A008-0A7DB3C11CEE}: NameServer = 66.92.159.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D50BA16-8F73-49C5-AF88-BA85BC6E9E42}: NameServer = 66.92.159.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{97E30DC2-49BB-47ED-8674-4648B72EB350}: NameServer = 66.92.159.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA11AE53-CC07-4122-A1F4-318CD4412A2D}: NameServer = 66.92.159.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{D16E09A8-5F7A-437A-BBDB-A62727EC5BE0}: NameServer = 66.92.159.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{F747B1DD-000A-4D9D-961A-6C5DD88351E1}: NameServer = 66.92.159.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{05C0FDF5-7721-480D-B402-5BF677F7A268}: NameServer = 66.92.159.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - D:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - D:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - D:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: magicService - Unknown owner - D:\Program Files\mediaUMercury\mediaUService.exe
O23 - Service: MagicTuneEngine - Unknown owner - D:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O24 - Desktop Component 0: (no name) - http://www.cykloshop.cz/nikita2/img/200 ... /maxis.jpg

--
End of file - 12027 bytes

chodnik74 · #7 Příspěvek od **chodnik74** » 17 čer 2011 20:08

Odinstalujte všechny toolbary co nepotřebujete

znáte tuhle ip adresu? 66.92.159.2

Odinstalujte Spybot-S&D,později nahradíme něčím lepším

Až budete mít hotovo,tak restartujte pc..poté...

Program nepoužívejte bez doporučení Rádce a pozorně se řiďte následujících pokynu,protože program netoleruje chyby a může dojít k úplnému poškození systému!!

Stáhneme si Combofix
Program uložíme nejlépe na Plochu
Vypneme všechny rezidentní štíty.Jak antiviru,tak antispywaru a firewallu
Vypneme všechny běžící aplikace (ICQ,prohlížeč,programy) a necháme pouze Combofix
Spustíme Combofix.exe s administrátorským oprávněním
U Windows XP se přihlásíme pod účtem správce
Ve Windows 7 a Vista klikněte pravým tlačítkem myši na Combofix.exe a dejte ,,Spustit jako správce,,)
Hned po startu programu na vás vyskočí licenční podmínky,tak potvrdíme tlačítkemANO
Pokud vám Combofix nabídne instalaci Konzoly pro zotavení,tak souhlaste a nechte nainstalovat(zde je potřeba aktivní připojení na internet)
Pokračujte dle pokynů programu a během skenování na nic neklikejte,na pc nepracujte(ICQ,jiné aplikace,internet..).Nechte počítač v klidu.
Celý sken tvá mezi 5-15 min,ale pokud je v PC hodně havěti,tak se čas může lišit.
Po skončení skenování(případném restartu počítače) se vám zobrazí log z Combofixu,který mi vložte sem(Kdyby se log nezobrazil,tak jej najdete zde: C:\ComboFix.txt
(Pokud si nevíte rady s kterýmkoliv z výše uvedených kroků,tak se ptejte nebo mrkněte na detailnější návod včetně obrázků http://www.bleepingcomputer.com/combofi ... t-combofix )

jenr · #8 Příspěvek od **jenr** » 19 čer 2011 18:27

Omlouvám se, že reaguji až dnes. ICQ Toolbar a Spybot jsem odstranil. Adresa 66.92.159.2 mi neříká nic a docela by mě zajímalo, k čemu konkrétně ji systém využívá.

Výpis z Combofixu:

ComboFix 11-06-17.04 - JENR 19.06.2011 18:59:56.10.1 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.557 [GMT 2:00]
Spuštěný z: d:\documents and settings\JENR\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-19 do 2011-06-19 )))))))))))))))))))))))))))))))
.
.
2011-06-17 14:15 . 2011-05-10 11:59 19544 ----a-w- d:\windows\system32\drivers\aswFsBlk.sys
2011-06-17 14:15 . 2011-05-10 12:03 307928 ----a-w- d:\windows\system32\drivers\aswSP.sys
2011-06-17 14:15 . 2011-05-10 12:02 49240 ----a-w- d:\windows\system32\drivers\aswTdi.sys
2011-06-17 14:15 . 2011-05-10 11:59 25432 ----a-w- d:\windows\system32\drivers\aswRdr.sys
2011-06-17 14:15 . 2011-05-10 12:03 441176 ----a-w- d:\windows\system32\drivers\aswSnx.sys
2011-06-17 14:15 . 2011-05-10 12:02 102616 ----a-w- d:\windows\system32\drivers\aswmon2.sys
2011-06-17 14:15 . 2011-05-10 12:02 96344 ----a-w- d:\windows\system32\drivers\aswmon.sys
2011-06-17 14:15 . 2011-05-10 11:59 30808 ----a-w- d:\windows\system32\drivers\aavmker4.sys
2011-06-17 14:14 . 2011-05-10 12:11 40112 ----a-w- d:\windows\avastSS.scr
2011-06-17 14:14 . 2011-05-10 12:10 199304 ----a-w- d:\windows\system32\aswBoot.exe
2011-06-17 14:14 . 2011-06-17 14:14 -------- d-----w- d:\program files\AVAST Software
2011-06-17 14:14 . 2011-06-17 14:14 -------- d-----w- d:\documents and settings\All Users\Data aplikací\AVAST Software
2011-06-16 05:21 . 2011-04-21 13:37 105472 ------w- d:\windows\system32\dllcache\mup.sys
2011-06-11 17:22 . 2011-06-11 17:22 -------- d-----w- d:\program files\ICQ7.5
2011-06-07 10:35 . 2011-06-07 10:35 103864 ----a-w- d:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-06-06 20:01 . 2011-06-06 20:01 404640 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-02 15:32 . 2005-01-02 17:19 692736 ----a-w- d:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2001-10-25 10:00 456320 ----a-w- d:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:06 . 2001-10-25 10:00 916480 ----a-w- d:\windows\system32\wininet.dll
2011-04-25 16:06 . 2001-10-25 10:00 43520 ----a-w- d:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2001-10-25 10:00 1469440 ------w- d:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2005-01-02 18:14 385024 ----a-w- d:\windows\system32\html.iec
2011-04-21 13:37 . 2001-10-25 10:00 105472 ----a-w- d:\windows\system32\drivers\mup.sys
2002-12-14 18:19 . 2006-12-27 17:55 1421 ----a-w- d:\program files\lame4dos.bat
2002-12-14 18:19 . 2006-12-27 17:55 1146 ----a-w- d:\program files\lame.bat
2002-02-16 16:19 . 2006-12-27 17:55 331 ----a-w- d:\program files\makedistwin.bat
2001-08-27 16:41 . 2006-12-27 17:55 4926 ----a-w- d:\program files\Lame.vbs
2001-10-25 10:00 94784 --sh--w- d:\windows\twain.dll
2008-04-14 02:22 50688 --sh--w- d:\windows\twain_32.dll
2010-12-20 17:32 551936 --sh--w- d:\windows\system32\oleaut32.dll
2011-02-08 13:33 978944 --sha-w- d:\windows\system32\mfc42.dll
2008-04-14 02:22 12288 --sh--w- d:\windows\system32\regsvr32.exe
2008-04-14 02:21 413696 --sha-w- d:\windows\system32\msvcp60.dll
2008-04-14 02:21 57344 --sh--w- d:\windows\system32\msvcirt.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- d:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="d:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"nwiz"="nwiz.exe" [2002-07-30 372736]
"Share-to-Web Namespace Daemon"="d:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"ATIPTA"="d:\program files\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE" [2004-11-24 344064]
"CloneCDElbyCDFL"="d:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 45056]
"ATICCC"="d:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"BCD2000"="d:\windows\system32\bcd2kcpan.exe" [2006-05-21 532480]
"NeroFilterCheck"="d:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NVMixerTray"="d:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Malwarebytes Anti-Malware (reboot)"="d:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"LWS"="d:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"HP Software Update"="d:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"avast"="d:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
d:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HPAiODevice(hp officejet d series) - 1.lnk - d:\program files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe [2002-3-5 491582]
NCProTray.lnk - d:\program files\SEC\Natural Color Pro\NCProTray.exe [2010-5-27 49220]
GammaTray.lnk - d:\program files\MagicTune Premium\GammaTray.exe [2010-5-27 36864]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Program Files\\ASUS\\AsusUpdate\\Update.exe"=
"d:\\Program Files\\X-Lite\\X-Lite.exe"=
"d:\\WINDOWS\\System32\\PnkBstrA.exe"=
"d:\\WINDOWS\\System32\\PnkBstrB.exe"=
"d:\\WINDOWS\\system32\\Ati2evxx.exe"=
"d:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"d:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"d:\\Program Files\\MagicTune Premium\\MagicTune.exe"=
"d:\\Program Files\\Xming\\Xming.exe"=
"d:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"e:\\HRY\\Quake III Arena full\\quake3 +set fs_game osp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\ICQ7.5\\ICQ.exe"=
"d:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"d:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;d:\windows\system32\drivers\SI3112r.sys [27.3.2006 18:36 89749]
R0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [18.12.2010 13:51 717296]
R0 Vax347b;Vax347b;d:\windows\system32\drivers\Vax347b.sys [4.1.2006 17:05 159616]
R0 Vax347s;Vax347s;d:\windows\system32\drivers\Vax347s.sys [4.1.2006 17:05 5248]
R1 aswSnx;aswSnx;d:\windows\system32\drivers\aswSnx.sys [17.6.2011 16:15 441176]
R1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [17.6.2011 16:15 307928]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [17.6.2011 16:15 19544]
R2 DLPortIO;DriverLINX Port I/O Driver;d:\windows\system32\drivers\DLPortIO.sys [30.1.2005 18:31 3584]
R3 SAA7146n;TT DVB-PCI driver (SAA7146n);d:\windows\system32\drivers\saa7146n.sys [2.1.2005 20:23 65856]
R3 TTLOOPHE;Virtual DVB-S/-C/-T Network Adapter Driver;d:\windows\system32\drivers\ttloophe.sys [2.1.2005 20:23 39984]
S2 gupdate;Google Update Service (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [31.10.2010 12:19 136176]
S2 magicService;magicService;d:\program files\mediaUMercury\mediaUService.exe [10.2.2010 23:02 1021040]
S2 RadPciNT;RadPciNT;d:\windows\system32\drivers\RadPciNT.sys [24.4.2000 17:26 9417]
S3 BCD2000;Behringer BCD2000 V1.1.1.0;d:\windows\system32\drivers\BCD2000.SYS [16.5.2006 12:50 42400]
S3 BCD2000WDM;Behringer BCD2000WDM V1.1.1.0;d:\windows\system32\drivers\BCD2000WDM.SYS [16.5.2006 12:50 21632]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;d:\windows\system32\DRIVERS\CnxEtP.sys --> d:\windows\system32\DRIVERS\CnxEtP.sys [?]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;d:\windows\system32\DRIVERS\CnxEtU.sys --> d:\windows\system32\DRIVERS\CnxEtU.sys [?]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;d:\windows\system32\DRIVERS\CnxTgNP.sys --> d:\windows\system32\DRIVERS\CnxTgNP.sys [?]
S3 CnxTgNW;Conexant AccessRunner ADSL WAN PPPoA Adapter Driver;d:\windows\system32\DRIVERS\CnxTgNW.sys --> d:\windows\system32\DRIVERS\CnxTgNW.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);d:\program files\Google\Update\GoogleUpdate.exe [31.10.2010 12:19 136176]
S3 kvpndev;Kerio VPN adapter;d:\windows\system32\drivers\kvpndrv.sys [3.2.2006 17:18 66048]
S3 MotDev;Motorola Inc. USB Device;d:\windows\system32\DRIVERS\motodrv.sys --> d:\windows\system32\DRIVERS\motodrv.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;d:\windows\system32\drivers\nmwcdnsu.sys [28.12.2010 17:00 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;d:\windows\system32\drivers\nmwcdnsuc.sys [28.12.2010 17:01 8320]
S3 pctvvbi;PCTVVBI;d:\windows\system32\drivers\pctvvbi.sys [30.1.2005 18:26 6369]
S3 RT2400;ASUS Wireless Driver;d:\windows\system32\drivers\RT2400.sys [19.2.2011 12:37 51584]
S3 VirtualDK;VirtualDK;\??\c:\make-bootable-usb\vdk.sys --> c:\make-bootable-usb\vdk.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-19 d:\windows\Tasks\User_Feed_Synchronization-{B9B6598E-5D5A-47EB-9705-CB3422C9BFDB}.job
- d:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
2011-06-19 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-10-31 10:19]
.
2011-06-19 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-10-31 10:19]
.
2011-05-28 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - d:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{05C0FDF5-7721-480D-B402-5BF677F7A268}: NameServer = 66.92.159.2
TCP: Interfaces\{42916D92-E6AB-4F21-9A06-5B47493B9506}: NameServer = 66.92.159.2
TCP: Interfaces\{46A39827-FA09-4C43-A008-0A7DB3C11CEE}: NameServer = 66.92.159.2
TCP: Interfaces\{7D50BA16-8F73-49C5-AF88-BA85BC6E9E42}: NameServer = 66.92.159.2
TCP: Interfaces\{97E30DC2-49BB-47ED-8674-4648B72EB350}: NameServer = 66.92.159.2
TCP: Interfaces\{AA11AE53-CC07-4122-A1F4-318CD4412A2D}: NameServer = 66.92.159.2
TCP: Interfaces\{D16E09A8-5F7A-437A-BBDB-A62727EC5BE0}: NameServer = 66.92.159.2
TCP: Interfaces\{F747B1DD-000A-4D9D-961A-6C5DD88351E1}: NameServer = 66.92.159.2
DPF: {813A45F9-744F-435F-A815-19E2DF35A9D8} - hxxp://www.o2c.de/download/o2cplayerac.cab
DPF: {F680B28A-3AEE-4C88-93ED-45AE9215C128} - hxxp://adisepo.mfcr.cz/adistc/adis/idpr_pub/xspa/bin/cryptsignx_1015.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-19 19:12
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\System\MountedDevices]
@Denied: (Read) (Administrators)
"\\??\\Volume{270e1b90-5cf1-11d9-b322-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
00,46,00,44,00,43,00,23,00,47,00,45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,\
"\\??\\Volume{270e1b91-5cf1-11d9-b322-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
00,49,00,44,00,45,00,23,00,43,00,64,00,52,00,6f,00,6d,00,54,00,45,00,41,00,\
"\\??\\Volume{270e1b92-5cf1-11d9-b322-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
00,49,00,44,00,45,00,23,00,43,00,64,00,52,00,6f,00,6d,00,54,00,45,00,41,00,\
"\\??\\Volume{270e1b93-5cf1-11d9-b322-806d6172696f}"=hex:bb,98,ca,41,00,7e,00,
00,00,00,00,00
"\\??\\Volume{270e1b94-5cf1-11d9-b322-806d6172696f}"=hex:bb,98,ca,41,00,76,12,
f4,01,00,00,00
"\\??\\Volume{270e1b95-5cf1-11d9-b322-806d6172696f}"=hex:bb,98,ca,41,00,ec,28,
65,04,00,00,00
"\\DosDevices\\C:"=hex:bb,98,ca,41,00,7e,00,00,00,00,00,00
"\\DosDevices\\D:"=hex:bb,98,ca,41,00,76,12,f4,01,00,00,00
"\\DosDevices\\E:"=hex:bb,98,ca,41,00,88,ad,42,06,00,00,00
"\\DosDevices\\A:"=hex:5c,00,3f,00,3f,00,5c,00,46,00,44,00,43,00,23,00,47,00,
45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,46,00,4c,00,4f,00,50,00,50,00,59,\
"\\DosDevices\\F:"=hex:bb,98,ca,41,00,0c,7d,d2,22,00,00,00
"\\DosDevices\\G:"=hex:5c,00,3f,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00,
64,00,52,00,6f,00,6d,00,54,00,45,00,41,00,43,00,5f,00,43,00,44,00,2d,00,35,\
"\\??\\Volume{270e1b97-5cf1-11d9-b322-806d6172696f}"=hex:bb,98,ca,41,00,34,7e,
ac,1f,00,00,00
"\\DosDevices\\H:"=hex:5c,00,3f,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00,
64,00,52,00,6f,00,6d,00,54,00,45,00,41,00,43,00,5f,00,44,00,56,00,2d,00,57,\
"\\??\\Volume{270e1b98-5cf1-11d9-b322-806d6172696f}"=hex:bb,98,ca,41,00,b8,d9,
cc,1f,00,00,00
"\\DosDevices\\I:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,43,00,53,00,49,00,23,00,
43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,65,00,6e,00,5f,00,53,00,43,00,53,\
"\\??\\Volume{2823abd8-5cf3-11d9-bc3e-806d6172696f}"=hex:bb,98,ca,41,00,0c,7d,
d2,22,00,00,00
"\\??\\Volume{5ddd38ac-63f1-11d9-bc4a-00d05c0250e8}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{ddd31082-6cb0-11d9-bc59-00d05c0250e8}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\DosDevices\\J:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,43,00,53,00,49,00,23,00,
43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,65,00,6e,00,5f,00,47,00,65,00,6e,\
"\\??\\Volume{96770b7c-6cb4-11d9-bc5a-00d05c0250e8}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{f6f51762-116b-11da-bdb2-00d05c0250e8}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{fb08221d-4312-11da-af2c-0013641d59f9}"=hex:d9,82,d9,82,00,7e,00,
00,00,00,00,00
"\\DosDevices\\K:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,
47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\
"\\??\\Volume{fb08221e-4312-11da-af2c-0013641d59f9}"=hex:d9,82,d9,82,00,3c,82,
bc,03,00,00,00
"\\DosDevices\\L:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,
47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\
"\\??\\Volume{293fbcf4-5eab-11da-af47-00d05c0250e8}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{2e50b888-733c-11da-af51-00d05c0250e8}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{c1a23a7e-79dd-11da-af58-00d05c0250e8}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{c85320be-7a22-11da-b116-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{68cd7ba8-7d3d-11da-b11d-00d05c0250e8}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{4d5f6d8a-8fef-11da-b132-00d05c0250e8}"=hex:c8,99,a7,e3,00,7e,00,
00,00,00,00,00
"\\??\\Volume{4d5f6d8b-8fef-11da-b132-00d05c0250e8}"=hex:c8,99,a7,e3,00,f4,16,
71,02,00,00,00
"\\??\\Volume{adc85a10-c6e5-11da-b15f-00d05c0250e8}"=hex:e2,08,e3,08,00,7e,00,
00,00,00,00,00
"\\??\\Volume{941a19aa-c7f8-11da-b161-00d05c0250e8}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{ce79592c-c996-11da-b0d6-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
00,49,00,44,00,45,00,23,00,43,00,64,00,52,00,6f,00,6d,00,54,00,45,00,41,00,\
"\\??\\Volume{ce79592d-c996-11da-b0d6-00d05c0250e8}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{ce79592e-c996-11da-b0d6-00d05c0250e8}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{ce79592f-c996-11da-b0d6-00d05c0250e8}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\DosDevices\\M:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,
47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\
"\\??\\Volume{ce795930-c996-11da-b0d6-00d05c0250e8}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\DosDevices\\N:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,
47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\
"\\??\\Volume{94d742ea-d912-11da-b0e2-00d05c000000}"=hex:17,79,0d,55,00,00,7e,
00,00,00,00,00
"\\??\\Volume{4a961adc-fafb-11da-b0f9-00d05c000000}"=hex:0b,d5,0b,d5,00,7e,00,
00,00,00,00,00
"\\??\\Volume{4a961add-fafb-11da-b0f9-00d05c000000}"=hex:0b,d5,0b,d5,00,10,76,
f5,02,00,00,00
"\\??\\Volume{ed6acc1c-4245-11db-81e0-806d6172696f}"=hex:bb,98,ca,41,00,7e,00,
00,00,00,00,00
"\\??\\Volume{ed6acc1d-4245-11db-81e0-806d6172696f}"=hex:bb,98,ca,41,00,76,12,
f4,01,00,00,00
"\\??\\Volume{ed6acc1e-4245-11db-81e0-806d6172696f}"=hex:bb,98,ca,41,00,ec,28,
65,04,00,00,00
"\\??\\Volume{ed6acc1f-4245-11db-81e0-806d6172696f}"=hex:bb,98,ca,41,00,0c,7d,
d2,22,00,00,00
"\\??\\Volume{ed6acc20-4245-11db-81e0-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
00,49,00,44,00,45,00,23,00,43,00,64,00,52,00,6f,00,6d,00,54,00,45,00,41,00,\
"\\??\\Volume{ed6acc21-4245-11db-81e0-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
00,49,00,44,00,45,00,23,00,43,00,64,00,52,00,6f,00,6d,00,54,00,45,00,41,00,\
"\\??\\Volume{ed6acc22-4245-11db-81e0-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{ed6acc23-4245-11db-81e0-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{ed6acc24-4245-11db-81e0-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
00,46,00,44,00,43,00,23,00,47,00,45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,\
"\\??\\Volume{ed6acc25-4245-11db-81e0-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{ed6acc26-4245-11db-81e0-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{ed6acc27-4245-11db-81e0-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{ed6acc28-4245-11db-81e0-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{cd91d31c-425a-11db-8cee-806d6172696f}"=hex:bb,98,ca,41,00,88,ad,
42,06,00,00,00
"\\DosDevices\\O:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,
47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\
"\\??\\Volume{8f4f8f4c-4aeb-11db-8cf7-00d05c000000}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{3adc7596-91e6-11db-8d1c-00d05c000000}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{b3cfb7a2-93a2-11db-8d1e-00d05c000000}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{b3cfb7a3-93a2-11db-8d1e-00d05c000000}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{b3cfb7a4-93a2-11db-8d1e-00d05c000000}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{b3cfb7a5-93a2-11db-8d1e-00d05c000000}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{b3cfb7a6-93a2-11db-8d1e-00d05c000000}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{b3cfb7a7-93a2-11db-8d1e-00d05c000000}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{a9fc092a-bab1-11db-8d3c-00d05c0250e8}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{ece0fc1c-be9b-11db-8d44-0013641d59f9}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{8533fb58-0556-11dc-8d7a-00d05c000000}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{a5cb9ee2-6d99-11dc-8da5-00d05c000000}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{b9d7c03e-993e-11dc-8db8-00d05c000000}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{6f8eee72-99a6-11dc-8dba-00d05c000000}"=hex:5f,00,3f,00,3f,00,5f,
00,55,00,53,00,42,00,53,00,54,00,4f,00,52,00,23,00,44,00,69,00,73,00,6b,00,\
"\\??\\Volume{069e312e-afdc-11dc-8dc7-00d05c000000}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{31f0c3e4-b2ef-11dc-8dcb-00d05c000000}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{884a7908-33e4-11dd-8e06-00d05c0250e8}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{884a7909-33e4-11dd-8e06-00d05c0250e8}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\DosDevices\\P:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,
47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\
"\\??\\Volume{f41f642e-4783-11dd-944f-806d6172696f}"=hex:34,32,35,32,00,7e,00,
00,00,00,00,00
"\\??\\Volume{f41f642f-4783-11dd-944f-806d6172696f}"=hex:34,32,35,32,00,d4,dc,
c3,09,00,00,00
"\\??\\Volume{0eee7a70-4e90-11dd-9456-00d05c0250e8}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{c1a109ba-9159-11dd-9475-00d05c0250e8}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{67889504-e020-11dd-82ce-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
00,49,00,44,00,45,00,23,00,43,00,64,00,52,00,6f,00,6d,00,54,00,45,00,41,00,\
"\\??\\Volume{3c99d944-0b17-11de-82da-00d05c0250e8}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{3c99d945-0b17-11de-82da-00d05c0250e8}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{3efb6ce8-0bcb-11de-82dc-00d05c0250e8}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{7bc3fc1c-5365-11de-82ed-000ea6c7cda5}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{4396aa94-64ca-11de-82f7-0003c930280d}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{669cc71a-6ef9-11de-b0c2-806d6172696f}"=hex:87,0f,88,0f,00,82,15,
43,25,00,00,00
"\\??\\Volume{669cc71b-6ef9-11de-b0c2-806d6172696f}"=hex:87,0f,88,0f,00,00,7e,
00,00,00,00,00
"\\??\\Volume{57a70484-783e-11de-b0c3-00d05c0250e8}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{2c939d52-994f-11de-b0c7-00d05c0250e8}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{2c939d53-994f-11de-b0c7-00d05c0250e8}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{5eba47e0-0452-11df-b0f8-00d05c0250e8}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{d237d0c5-2b90-11df-b104-00d05c0250e8}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{2dac221a-2c41-11df-b105-00d05c0250e8}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{4b29b625-5506-11df-b115-00d05c0250e8}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{52371a3b-74c6-11df-b11e-00d05c0250e8}"=hex:5c,00,3f,00,3f,00,5c,
00,55,00,53,00,42,00,53,00,54,00,4f,00,52,00,23,00,43,00,64,00,52,00,6f,00,\
"\\??\\Volume{f1ef44f0-c33f-11df-b130-00d05c0250e8}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{c36aa7a8-fd7f-11df-9b5d-806d6172696f}"=hex:ee,f3,d2,80,00,7e,00,
00,00,00,00,00
"\\??\\Volume{c36aa7a9-fd7f-11df-9b5d-806d6172696f}"=hex:ee,f3,d2,80,00,00,80,
b8,37,00,00,00
"\\??\\Volume{c36aa7aa-fd7f-11df-9b5d-806d6172696f}"=hex:ee,f3,d2,80,00,e0,92,
f8,37,00,00,00
"\\DosDevices\\Q:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,
47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\
"\\??\\Volume{d2fbc427-0b77-11e0-bd22-806d6172696f}"=hex:8d,9f,f2,c1,00,7e,00,
00,00,00,00,00
"\\??\\Volume{d2fbc428-0b77-11e0-bd22-806d6172696f}"=hex:8d,9f,f2,c1,00,c0,af,
f6,17,00,00,00
"\\??\\Volume{dad1020e-368f-11e0-bd3b-00d05c0250e8}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{a8d0f10c-5ac5-11e0-bd46-00d05c0250e8}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{a8d0f10d-5ac5-11e0-bd46-00d05c0250e8}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{a8d0f10e-5ac5-11e0-bd46-00d05c0250e8}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{6911597d-7350-11e0-bd4b-00d05c0250e8}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(904)
d:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3172)
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-06-19 19:17:03
ComboFix-quarantined-files.txt 2011-06-19 17:17
ComboFix2.txt 2011-06-17 13:58
ComboFix3.txt 2010-12-05 14:50
ComboFix4.txt 2009-06-08 19:42
ComboFix5.txt 2011-06-19 16:58
.
Před spuštěním: 329 515 008
Po spuštění: 329 760 768
.
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - AEB78C4D7AB8EA884DB9AEA5A3B9BE8C

chodnik74 · #9 Příspěvek od **chodnik74** » 19 čer 2011 19:25

Otevřeme si Poznámkový blok Obrázek

(stiskneme klávesovou kombinaci WIN+R a napíšeme ,,notepad,, bez úvozovek a dáme enter)

Vložíme do něj následující script:

Kód: Vybrat vše

KillAll::

RegLock::
[HKEY_LOCAL_MACHINE\System\MountedDevices]

RegNull::
[HKEY_LOCAL_MACHINE\System\MountedDevices]

DDS::
uStart Page = hxxp://start.icq.com/
TCP: Interfaces\{05C0FDF5-7721-480D-B402-5BF677F7A268}: NameServer = 66.92.159.2
TCP: Interfaces\{42916D92-E6AB-4F21-9A06-5B47493B9506}: NameServer = 66.92.159.2
TCP: Interfaces\{46A39827-FA09-4C43-A008-0A7DB3C11CEE}: NameServer = 66.92.159.2
TCP: Interfaces\{7D50BA16-8F73-49C5-AF88-BA85BC6E9E42}: NameServer = 66.92.159.2
TCP: Interfaces\{97E30DC2-49BB-47ED-8674-4648B72EB350}: NameServer = 66.92.159.2
TCP: Interfaces\{AA11AE53-CC07-4122-A1F4-318CD4412A2D}: NameServer = 66.92.159.2
TCP: Interfaces\{D16E09A8-5F7A-437A-BBDB-A62727EC5BE0}: NameServer = 66.92.159.2
TCP: Interfaces\{F747B1DD-000A-4D9D-961A-6C5DD88351E1}: NameServer = 66.92.159.2
DPF: {813A45F9-744F-435F-A815-19E2DF35A9D8} - hxxp://www.o2c.de/download/o2cplayerac.cab
DPF: {F680B28A-3AEE-4C88-93ED-45AE9215C128} - hxxp://adisepo.mfcr.cz/adistc/adis/idpr ... x_1015.cab

Driver::
gupdatem
gupdate

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=-
"ATIPTA"=-
"ATICCC"=-
"NeroFilterCheck"=-
"QuickTime Task"=-
"Malwarebytes Anti-Malware (reboot)"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-

Reboot::

Soubor uložíme na Plochu jako CFScript.txt
Poté tento soubor uchopíme levým tlačítkem myši a přetáhneme na ikonu Combofixu a upustíme
Poté Combofix provede všechny operace a udělá nový log,který sem vložte

jenr · #10 Příspěvek od **jenr** » 21 čer 2011 07:14

Takže jsem včera spustil Combofix pomocí CFScriptu a ve chvíli, kdy uplynula víc jak hodina od fáze, kdy Combofix vytváří log, jsem čekání vzdal.
Takže pokud mi dnes naběhne systém, pokusím se toto provést ještě jednou ....
Jinak i přeto, že jsem pozastavil Avast, bylo mi v průběhu skenu nabízeno, jestli se mají soubory spouštět v sandboxu.To je v pořádku nebo ne?Vždy jsem zvolil možnost spustit normálně.

chodnik74 · #11 Příspěvek od **chodnik74** » 21 čer 2011 07:30

U Avastu lze sandbox vypnout,tak tak učiňte..a spustíme tentokrát Combofix v nouzovém režimu..Při startu mačkejte F8

poté proveďte pokyny znovu

chodnik74 · #12 Příspěvek od **chodnik74** » 21 čer 2011 07:31

U Avastu lze sandbox vypnout,tak tak učiňte..a spustíme tentokrát Combofix v nouzovém režimu..Při startu mačkejte F8

poté proveďte pokyny znovu

jenr · #13 Příspěvek od **jenr** » 21 čer 2011 21:58

Tak tady to je:

ComboFix 11-06-17.04 - JENR 21.06.2011 14:41:26.12.1 - FAT32x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.785 [GMT 2:00]
Spuštěný z: d:\documents and settings\JENR\Plocha\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\JENR\Plocha\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-21 do 2011-06-21 )))))))))))))))))))))))))))))))
.
.
2011-06-21 12:20 . 2011-06-21 12:20 -------- d-sh--w- d:\documents and settings\Administrator\IETldCache
2011-06-20 20:02 . 2011-06-20 20:02 -------- d-----w- D:\## aswSnx private storage
2011-06-17 14:15 . 2011-05-10 11:59 19544 ----a-w- d:\windows\system32\drivers\aswFsBlk.sys
2011-06-17 14:15 . 2011-05-10 12:03 307928 ----a-w- d:\windows\system32\drivers\aswSP.sys
2011-06-17 14:15 . 2011-05-10 12:02 49240 ----a-w- d:\windows\system32\drivers\aswTdi.sys
2011-06-17 14:15 . 2011-05-10 11:59 25432 ----a-w- d:\windows\system32\drivers\aswRdr.sys
2011-06-17 14:15 . 2011-05-10 12:03 441176 ----a-w- d:\windows\system32\drivers\aswSnx.sys
2011-06-17 14:15 . 2011-05-10 12:02 102616 ----a-w- d:\windows\system32\drivers\aswmon2.sys
2011-06-17 14:15 . 2011-05-10 12:02 96344 ----a-w- d:\windows\system32\drivers\aswmon.sys
2011-06-17 14:15 . 2011-05-10 11:59 30808 ----a-w- d:\windows\system32\drivers\aavmker4.sys
2011-06-17 14:14 . 2011-05-10 12:11 40112 ----a-w- d:\windows\avastSS.scr
2011-06-17 14:14 . 2011-05-10 12:10 199304 ----a-w- d:\windows\system32\aswBoot.exe
2011-06-17 14:14 . 2011-06-17 14:14 -------- d-----w- d:\program files\AVAST Software
2011-06-17 14:14 . 2011-06-17 14:14 -------- d-----w- d:\documents and settings\All Users\Data aplikací\AVAST Software
2011-06-16 05:21 . 2011-04-21 13:37 105472 ------w- d:\windows\system32\dllcache\mup.sys
2011-06-11 17:22 . 2011-06-11 17:22 -------- d-----w- d:\program files\ICQ7.5
2011-06-07 10:35 . 2011-06-07 10:35 103864 ----a-w- d:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-06-06 20:01 . 2011-06-06 20:01 404640 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-02 15:32 . 2005-01-02 17:19 692736 ----a-w- d:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2001-10-25 10:00 456320 ----a-w- d:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:06 . 2001-10-25 10:00 916480 ----a-w- d:\windows\system32\wininet.dll
2011-04-25 16:06 . 2001-10-25 10:00 43520 ----a-w- d:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2001-10-25 10:00 1469440 ------w- d:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2005-01-02 18:14 385024 ----a-w- d:\windows\system32\html.iec
2011-04-21 13:37 . 2001-10-25 10:00 105472 ----a-w- d:\windows\system32\drivers\mup.sys
2002-12-14 18:19 . 2006-12-27 17:55 1421 ----a-w- d:\program files\lame4dos.bat
2002-12-14 18:19 . 2006-12-27 17:55 1146 ----a-w- d:\program files\lame.bat
2002-02-16 16:19 . 2006-12-27 17:55 331 ----a-w- d:\program files\makedistwin.bat
2001-08-27 16:41 . 2006-12-27 17:55 4926 ----a-w- d:\program files\Lame.vbs
2001-10-25 10:00 94784 --sh--w- d:\windows\twain.dll
2008-04-14 02:22 50688 --sh--w- d:\windows\twain_32.dll
2010-12-20 17:32 551936 --sh--w- d:\windows\system32\oleaut32.dll
2011-02-08 13:33 978944 --sha-w- d:\windows\system32\mfc42.dll
2008-04-14 02:22 12288 --sh--w- d:\windows\system32\regsvr32.exe
2008-04-14 02:21 413696 --sha-w- d:\windows\system32\msvcp60.dll
2008-04-14 02:21 57344 --sh--w- d:\windows\system32\msvcirt.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-06-17_13.53.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 22:02 . 2009-07-11 22:02 51008 d:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2010-02-24 16:57 . 2011-06-21 12:33 6432 d:\windows\system32\drivers\fidbox2.dat
- 2010-02-24 16:57 . 2011-06-17 13:51 6432 d:\windows\system32\drivers\fidbox2.dat
+ 2010-02-24 16:57 . 2011-06-21 12:33 270336 d:\windows\system32\drivers\fidbox.dat
- 2010-02-24 16:57 . 2011-06-17 13:51 270336 d:\windows\system32\drivers\fidbox.dat
+ 2011-06-17 14:14 . 2011-06-17 14:15 219648 d:\windows\Installer\15581b.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- d:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="d:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"Share-to-Web Namespace Daemon"="d:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"CloneCDElbyCDFL"="d:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 45056]
"BCD2000"="d:\windows\system32\bcd2kcpan.exe" [2006-05-21 532480]
"NVMixerTray"="d:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"LWS"="d:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"HP Software Update"="d:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"avast"="d:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
d:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HPAiODevice(hp officejet d series) - 1.lnk - d:\program files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe [2002-3-5 491582]
NCProTray.lnk - d:\program files\SEC\Natural Color Pro\NCProTray.exe [2010-5-27 49220]
GammaTray.lnk - d:\program files\MagicTune Premium\GammaTray.exe [2010-5-27 36864]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Program Files\\ASUS\\AsusUpdate\\Update.exe"=
"d:\\Program Files\\X-Lite\\X-Lite.exe"=
"d:\\WINDOWS\\System32\\PnkBstrA.exe"=
"d:\\WINDOWS\\System32\\PnkBstrB.exe"=
"d:\\WINDOWS\\system32\\Ati2evxx.exe"=
"d:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"d:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"d:\\Program Files\\MagicTune Premium\\MagicTune.exe"=
"d:\\Program Files\\Xming\\Xming.exe"=
"d:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"e:\\HRY\\Quake III Arena full\\quake3 +set fs_game osp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\ICQ7.5\\ICQ.exe"=
"d:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"d:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;d:\windows\system32\drivers\SI3112r.sys [27.3.2006 18:36 89749]
R0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [18.12.2010 13:51 717296]
R0 Vax347b;Vax347b;d:\windows\system32\drivers\Vax347b.sys [4.1.2006 17:05 159616]
R0 Vax347s;Vax347s;d:\windows\system32\drivers\Vax347s.sys [4.1.2006 17:05 5248]
S1 aswSnx;aswSnx;d:\windows\system32\drivers\aswSnx.sys [17.6.2011 16:15 441176]
S1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [17.6.2011 16:15 307928]
S2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [17.6.2011 16:15 19544]
S2 DLPortIO;DriverLINX Port I/O Driver;d:\windows\system32\drivers\DLPortIO.sys [30.1.2005 18:31 3584]
S2 magicService;magicService;d:\program files\mediaUMercury\mediaUService.exe [10.2.2010 23:02 1021040]
S2 RadPciNT;RadPciNT;d:\windows\system32\drivers\RadPciNT.sys [24.4.2000 17:26 9417]
S3 BCD2000;Behringer BCD2000 V1.1.1.0;d:\windows\system32\drivers\BCD2000.SYS [16.5.2006 12:50 42400]
S3 BCD2000WDM;Behringer BCD2000WDM V1.1.1.0;d:\windows\system32\drivers\BCD2000WDM.SYS [16.5.2006 12:50 21632]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;d:\windows\system32\DRIVERS\CnxEtP.sys --> d:\windows\system32\DRIVERS\CnxEtP.sys [?]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;d:\windows\system32\DRIVERS\CnxEtU.sys --> d:\windows\system32\DRIVERS\CnxEtU.sys [?]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;d:\windows\system32\DRIVERS\CnxTgNP.sys --> d:\windows\system32\DRIVERS\CnxTgNP.sys [?]
S3 CnxTgNW;Conexant AccessRunner ADSL WAN PPPoA Adapter Driver;d:\windows\system32\DRIVERS\CnxTgNW.sys --> d:\windows\system32\DRIVERS\CnxTgNW.sys [?]
S3 kvpndev;Kerio VPN adapter;d:\windows\system32\drivers\kvpndrv.sys [3.2.2006 17:18 66048]
S3 MotDev;Motorola Inc. USB Device;d:\windows\system32\DRIVERS\motodrv.sys --> d:\windows\system32\DRIVERS\motodrv.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;d:\windows\system32\drivers\nmwcdnsu.sys [28.12.2010 17:00 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;d:\windows\system32\drivers\nmwcdnsuc.sys [28.12.2010 17:01 8320]
S3 pctvvbi;PCTVVBI;d:\windows\system32\drivers\pctvvbi.sys [30.1.2005 18:26 6369]
S3 RT2400;ASUS Wireless Driver;d:\windows\system32\drivers\RT2400.sys [19.2.2011 12:37 51584]
S3 SAA7146n;TT DVB-PCI driver (SAA7146n);d:\windows\system32\drivers\saa7146n.sys [2.1.2005 20:23 65856]
S3 TTLOOPHE;Virtual DVB-S/-C/-T Network Adapter Driver;d:\windows\system32\drivers\ttloophe.sys [2.1.2005 20:23 39984]
S3 VirtualDK;VirtualDK;\??\c:\make-bootable-usb\vdk.sys --> c:\make-bootable-usb\vdk.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-20 d:\windows\Tasks\User_Feed_Synchronization-{B9B6598E-5D5A-47EB-9705-CB3422C9BFDB}.job
- d:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
2011-06-21 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-10-31 10:19]
.
2011-06-19 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-10-31 10:19]
.
2011-05-28 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - d:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{05C0FDF5-7721-480D-B402-5BF677F7A268}: NameServer = 66.92.159.2
TCP: Interfaces\{42916D92-E6AB-4F21-9A06-5B47493B9506}: NameServer = 66.92.159.2
TCP: Interfaces\{46A39827-FA09-4C43-A008-0A7DB3C11CEE}: NameServer = 66.92.159.2
TCP: Interfaces\{7D50BA16-8F73-49C5-AF88-BA85BC6E9E42}: NameServer = 66.92.159.2
TCP: Interfaces\{97E30DC2-49BB-47ED-8674-4648B72EB350}: NameServer = 66.92.159.2
TCP: Interfaces\{AA11AE53-CC07-4122-A1F4-318CD4412A2D}: NameServer = 66.92.159.2
TCP: Interfaces\{D16E09A8-5F7A-437A-BBDB-A62727EC5BE0}: NameServer = 66.92.159.2
TCP: Interfaces\{F747B1DD-000A-4D9D-961A-6C5DD88351E1}: NameServer = 66.92.159.2
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-21 14:51
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(268)
d:\windows\system32\Ati2evxx.dll
d:\windows\system32\LameACM.acm
d:\windows\system32\ac3filter.acm
.
Celkový čas: 2011-06-21 14:57:07 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-06-21 12:57
ComboFix2.txt 2011-06-19 17:17
ComboFix3.txt 2011-06-17 13:58
ComboFix4.txt 2010-12-05 14:50
ComboFix5.txt 2011-06-20 20:04
.
Před spuštěním: 1 222 467 584
Po spuštění: 1 196 220 416
.
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 54119373C191B291494FD40BB6B8E938

jenr · #14 Příspěvek od **jenr** » 21 čer 2011 21:58

Tak tady to je:

ComboFix 11-06-17.04 - JENR 21.06.2011 14:41:26.12.1 - FAT32x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.785 [GMT 2:00]
Spuštěný z: d:\documents and settings\JENR\Plocha\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\JENR\Plocha\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-21 do 2011-06-21 )))))))))))))))))))))))))))))))
.
.
2011-06-21 12:20 . 2011-06-21 12:20 -------- d-sh--w- d:\documents and settings\Administrator\IETldCache
2011-06-20 20:02 . 2011-06-20 20:02 -------- d-----w- D:\## aswSnx private storage
2011-06-17 14:15 . 2011-05-10 11:59 19544 ----a-w- d:\windows\system32\drivers\aswFsBlk.sys
2011-06-17 14:15 . 2011-05-10 12:03 307928 ----a-w- d:\windows\system32\drivers\aswSP.sys
2011-06-17 14:15 . 2011-05-10 12:02 49240 ----a-w- d:\windows\system32\drivers\aswTdi.sys
2011-06-17 14:15 . 2011-05-10 11:59 25432 ----a-w- d:\windows\system32\drivers\aswRdr.sys
2011-06-17 14:15 . 2011-05-10 12:03 441176 ----a-w- d:\windows\system32\drivers\aswSnx.sys
2011-06-17 14:15 . 2011-05-10 12:02 102616 ----a-w- d:\windows\system32\drivers\aswmon2.sys
2011-06-17 14:15 . 2011-05-10 12:02 96344 ----a-w- d:\windows\system32\drivers\aswmon.sys
2011-06-17 14:15 . 2011-05-10 11:59 30808 ----a-w- d:\windows\system32\drivers\aavmker4.sys
2011-06-17 14:14 . 2011-05-10 12:11 40112 ----a-w- d:\windows\avastSS.scr
2011-06-17 14:14 . 2011-05-10 12:10 199304 ----a-w- d:\windows\system32\aswBoot.exe
2011-06-17 14:14 . 2011-06-17 14:14 -------- d-----w- d:\program files\AVAST Software
2011-06-17 14:14 . 2011-06-17 14:14 -------- d-----w- d:\documents and settings\All Users\Data aplikací\AVAST Software
2011-06-16 05:21 . 2011-04-21 13:37 105472 ------w- d:\windows\system32\dllcache\mup.sys
2011-06-11 17:22 . 2011-06-11 17:22 -------- d-----w- d:\program files\ICQ7.5
2011-06-07 10:35 . 2011-06-07 10:35 103864 ----a-w- d:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-06-06 20:01 . 2011-06-06 20:01 404640 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-02 15:32 . 2005-01-02 17:19 692736 ----a-w- d:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2001-10-25 10:00 456320 ----a-w- d:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:06 . 2001-10-25 10:00 916480 ----a-w- d:\windows\system32\wininet.dll
2011-04-25 16:06 . 2001-10-25 10:00 43520 ----a-w- d:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2001-10-25 10:00 1469440 ------w- d:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2005-01-02 18:14 385024 ----a-w- d:\windows\system32\html.iec
2011-04-21 13:37 . 2001-10-25 10:00 105472 ----a-w- d:\windows\system32\drivers\mup.sys
2002-12-14 18:19 . 2006-12-27 17:55 1421 ----a-w- d:\program files\lame4dos.bat
2002-12-14 18:19 . 2006-12-27 17:55 1146 ----a-w- d:\program files\lame.bat
2002-02-16 16:19 . 2006-12-27 17:55 331 ----a-w- d:\program files\makedistwin.bat
2001-08-27 16:41 . 2006-12-27 17:55 4926 ----a-w- d:\program files\Lame.vbs
2001-10-25 10:00 94784 --sh--w- d:\windows\twain.dll
2008-04-14 02:22 50688 --sh--w- d:\windows\twain_32.dll
2010-12-20 17:32 551936 --sh--w- d:\windows\system32\oleaut32.dll
2011-02-08 13:33 978944 --sha-w- d:\windows\system32\mfc42.dll
2008-04-14 02:22 12288 --sh--w- d:\windows\system32\regsvr32.exe
2008-04-14 02:21 413696 --sha-w- d:\windows\system32\msvcp60.dll
2008-04-14 02:21 57344 --sh--w- d:\windows\system32\msvcirt.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-06-17_13.53.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 22:02 . 2009-07-11 22:02 51008 d:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2010-02-24 16:57 . 2011-06-21 12:33 6432 d:\windows\system32\drivers\fidbox2.dat
- 2010-02-24 16:57 . 2011-06-17 13:51 6432 d:\windows\system32\drivers\fidbox2.dat
+ 2010-02-24 16:57 . 2011-06-21 12:33 270336 d:\windows\system32\drivers\fidbox.dat
- 2010-02-24 16:57 . 2011-06-17 13:51 270336 d:\windows\system32\drivers\fidbox.dat
+ 2011-06-17 14:14 . 2011-06-17 14:15 219648 d:\windows\Installer\15581b.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- d:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="d:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"Share-to-Web Namespace Daemon"="d:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"CloneCDElbyCDFL"="d:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 45056]
"BCD2000"="d:\windows\system32\bcd2kcpan.exe" [2006-05-21 532480]
"NVMixerTray"="d:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"LWS"="d:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"HP Software Update"="d:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"avast"="d:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
d:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HPAiODevice(hp officejet d series) - 1.lnk - d:\program files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe [2002-3-5 491582]
NCProTray.lnk - d:\program files\SEC\Natural Color Pro\NCProTray.exe [2010-5-27 49220]
GammaTray.lnk - d:\program files\MagicTune Premium\GammaTray.exe [2010-5-27 36864]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Program Files\\ASUS\\AsusUpdate\\Update.exe"=
"d:\\Program Files\\X-Lite\\X-Lite.exe"=
"d:\\WINDOWS\\System32\\PnkBstrA.exe"=
"d:\\WINDOWS\\System32\\PnkBstrB.exe"=
"d:\\WINDOWS\\system32\\Ati2evxx.exe"=
"d:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"d:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"d:\\Program Files\\MagicTune Premium\\MagicTune.exe"=
"d:\\Program Files\\Xming\\Xming.exe"=
"d:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"e:\\HRY\\Quake III Arena full\\quake3 +set fs_game osp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\ICQ7.5\\ICQ.exe"=
"d:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"d:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;d:\windows\system32\drivers\SI3112r.sys [27.3.2006 18:36 89749]
R0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [18.12.2010 13:51 717296]
R0 Vax347b;Vax347b;d:\windows\system32\drivers\Vax347b.sys [4.1.2006 17:05 159616]
R0 Vax347s;Vax347s;d:\windows\system32\drivers\Vax347s.sys [4.1.2006 17:05 5248]
S1 aswSnx;aswSnx;d:\windows\system32\drivers\aswSnx.sys [17.6.2011 16:15 441176]
S1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [17.6.2011 16:15 307928]
S2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [17.6.2011 16:15 19544]
S2 DLPortIO;DriverLINX Port I/O Driver;d:\windows\system32\drivers\DLPortIO.sys [30.1.2005 18:31 3584]
S2 magicService;magicService;d:\program files\mediaUMercury\mediaUService.exe [10.2.2010 23:02 1021040]
S2 RadPciNT;RadPciNT;d:\windows\system32\drivers\RadPciNT.sys [24.4.2000 17:26 9417]
S3 BCD2000;Behringer BCD2000 V1.1.1.0;d:\windows\system32\drivers\BCD2000.SYS [16.5.2006 12:50 42400]
S3 BCD2000WDM;Behringer BCD2000WDM V1.1.1.0;d:\windows\system32\drivers\BCD2000WDM.SYS [16.5.2006 12:50 21632]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;d:\windows\system32\DRIVERS\CnxEtP.sys --> d:\windows\system32\DRIVERS\CnxEtP.sys [?]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;d:\windows\system32\DRIVERS\CnxEtU.sys --> d:\windows\system32\DRIVERS\CnxEtU.sys [?]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;d:\windows\system32\DRIVERS\CnxTgNP.sys --> d:\windows\system32\DRIVERS\CnxTgNP.sys [?]
S3 CnxTgNW;Conexant AccessRunner ADSL WAN PPPoA Adapter Driver;d:\windows\system32\DRIVERS\CnxTgNW.sys --> d:\windows\system32\DRIVERS\CnxTgNW.sys [?]
S3 kvpndev;Kerio VPN adapter;d:\windows\system32\drivers\kvpndrv.sys [3.2.2006 17:18 66048]
S3 MotDev;Motorola Inc. USB Device;d:\windows\system32\DRIVERS\motodrv.sys --> d:\windows\system32\DRIVERS\motodrv.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;d:\windows\system32\drivers\nmwcdnsu.sys [28.12.2010 17:00 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;d:\windows\system32\drivers\nmwcdnsuc.sys [28.12.2010 17:01 8320]
S3 pctvvbi;PCTVVBI;d:\windows\system32\drivers\pctvvbi.sys [30.1.2005 18:26 6369]
S3 RT2400;ASUS Wireless Driver;d:\windows\system32\drivers\RT2400.sys [19.2.2011 12:37 51584]
S3 SAA7146n;TT DVB-PCI driver (SAA7146n);d:\windows\system32\drivers\saa7146n.sys [2.1.2005 20:23 65856]
S3 TTLOOPHE;Virtual DVB-S/-C/-T Network Adapter Driver;d:\windows\system32\drivers\ttloophe.sys [2.1.2005 20:23 39984]
S3 VirtualDK;VirtualDK;\??\c:\make-bootable-usb\vdk.sys --> c:\make-bootable-usb\vdk.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-20 d:\windows\Tasks\User_Feed_Synchronization-{B9B6598E-5D5A-47EB-9705-CB3422C9BFDB}.job
- d:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
2011-06-21 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-10-31 10:19]
.
2011-06-19 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-10-31 10:19]
.
2011-05-28 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - d:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{05C0FDF5-7721-480D-B402-5BF677F7A268}: NameServer = 66.92.159.2
TCP: Interfaces\{42916D92-E6AB-4F21-9A06-5B47493B9506}: NameServer = 66.92.159.2
TCP: Interfaces\{46A39827-FA09-4C43-A008-0A7DB3C11CEE}: NameServer = 66.92.159.2
TCP: Interfaces\{7D50BA16-8F73-49C5-AF88-BA85BC6E9E42}: NameServer = 66.92.159.2
TCP: Interfaces\{97E30DC2-49BB-47ED-8674-4648B72EB350}: NameServer = 66.92.159.2
TCP: Interfaces\{AA11AE53-CC07-4122-A1F4-318CD4412A2D}: NameServer = 66.92.159.2
TCP: Interfaces\{D16E09A8-5F7A-437A-BBDB-A62727EC5BE0}: NameServer = 66.92.159.2
TCP: Interfaces\{F747B1DD-000A-4D9D-961A-6C5DD88351E1}: NameServer = 66.92.159.2
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-21 14:51
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(268)
d:\windows\system32\Ati2evxx.dll
d:\windows\system32\LameACM.acm
d:\windows\system32\ac3filter.acm
.
Celkový čas: 2011-06-21 14:57:07 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-06-21 12:57
ComboFix2.txt 2011-06-19 17:17
ComboFix3.txt 2011-06-17 13:58
ComboFix4.txt 2010-12-05 14:50
ComboFix5.txt 2011-06-20 20:04
.
Před spuštěním: 1 222 467 584
Po spuštění: 1 196 220 416
.
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 54119373C191B291494FD40BB6B8E938

chodnik74 · #15 Příspěvek od **chodnik74** » 21 čer 2011 22:03

Otevřeme si Poznámkový blok Obrázek

(stiskneme klávesovou kombinaci WIN+R a napíšeme ,,notepad,, bez úvozovek a dáme enter)

Vložíme do něj následující script:

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{05C0FDF5-7721-480D-B402-5BF677F7A268}]
"nameserver"=""
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{42916D92-E6AB-4F21-9A06-5B47493B9506}]
"nameserver"=""
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{46A39827-FA09-4C43-A008-0A7DB3C11CEE}]
"nameserver"=""
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{7D50BA16-8F73-49C5-AF88-BA85BC6E9E42}]
"nameserver"=""
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{97E30DC2-49BB-47ED-8674-4648B72EB350}]
"nameserver"=""
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{AA11AE53-CC07-4122-A1F4-318CD4412A2D}]
"nameserver"=""
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D16E09A8-5F7A-437A-BBDB-A62727EC5BE0}]
"nameserver"=""
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F747B1DD-000A-4D9D-961A-6C5DD88351E1}]
"nameserver"=""
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\tcpip\parameters\interfaces\{05C0FDF5-7721-480D-B402-5BF677F7A268}]
"nameserver"=""

Soubor uložíme jako oprava.reg (při ukládání nastavte Uložit jako typ:Všechny soubory)
Poté tento soubor spustíme a potvrdíme

TFC

Stáhneme a spustíme program
Klikneme na Start a potvrdíme OK
Program začne uklízet,poté restartuje pc
po použití program smažte

Jak se chová PC?

VIRY.CZ

Po aktualizaci a restartu se nespouští rezidentní ochrana

Po aktualizaci a restartu se nespouští rezidentní ochrana

Re: Po aktualizaci a restartu se nespouští rezidentní ochran

Re: Po aktualizaci a restartu se nespouští rezidentní ochran

Re: Po aktualizaci a restartu se nespouští rezidentní ochran

Re: Po aktualizaci a restartu se nespouští rezidentní ochran

Re: Po aktualizaci a restartu se nespouští rezidentní ochran

Re: Po aktualizaci a restartu se nespouští rezidentní ochran

Re: Po aktualizaci a restartu se nespouští rezidentní ochran

Re: Po aktualizaci a restartu se nespouští rezidentní ochran

Re: Po aktualizaci a restartu se nespouští rezidentní ochran

Re: Po aktualizaci a restartu se nespouští rezidentní ochran

Re: Po aktualizaci a restartu se nespouští rezidentní ochran

Re: Po aktualizaci a restartu se nespouští rezidentní ochran

Re: Po aktualizaci a restartu se nespouští rezidentní ochran

Re: Po aktualizaci a restartu se nespouští rezidentní ochran