VIRY.CZ

Bordel odstraneny, problem pretrvava? Predpokladam, ze ano...

Veru ano stale to robi...cim to teda bude?

Toto vidim akor na problem s HW, pripadne nakopnutym systemom...ale za jeden dalsi scan nic nedame:

Stiahni ComboFix, najlepsie na plochu. Vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall. Spust program cez ucet s administratorskymi pravami a postupuj podla instrukcii. Cely sken bude trvat cca 10 minut. Pocas neho moze byt PC restartovane. Log, ktory ComboFix vytvori, najdes na adrese "C:\ComboFix.txt".
Ten vloz sem.

Pozor: Kym ComboFix nevytvori log, na nic neklikat, nic nestlacat !!

A co to znamena ten pripadny problem s nakopnutym systemom...?

ComboFix 10-02-07.05 - Freemen 07.02.2010 23:06:41.17.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.1023.519 [GMT 1:00]
Running from: c:\documents and settings\Freemen\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100207-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: VirusKeeper 2009 Pro antivirus *On-access scanning enabled* (Updated) {165EE528-D666-4745-B14E-AA998BBEC191}
FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\mazuki.dll
c:\windows\regedit.com
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\taskmgr.com
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
d:\program files\ICQ6.5\ICQLRun.exe
d:\program files\Internet Explorer\SET49.tmp
d:\program files\Internet Explorer\SET4D.tmp
d:\program files\Internet Explorer\SET4E.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-01-07 to 2010-02-07 )))))))))))))))))))))))))))))))
.

2010-02-07 10:25 . 2010-02-07 10:28 -------- d-----w- d:\program files\AxBx
2010-02-05 12:42 . 2010-02-05 12:42 -------- d-----w- C:\_OTL
2010-02-03 09:10 . 2010-02-03 09:10 74703 ----a-w- c:\windows\system32\mfc45.dll
2010-02-02 20:38 . 2010-02-02 20:55 -------- d-----w- d:\program files\Norton Utilities 14
2010-01-24 09:46 . 2010-01-24 09:47 -------- d-----w- d:\program files\RarmaRadio
2010-01-18 13:59 . 2010-01-23 14:45 -------- d-----w- C:\tmpDownload
2010-01-18 12:30 . 2010-01-18 12:30 -------- d-----w- C:\tmp
2010-01-17 22:28 . 2009-12-17 23:14 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-01-17 22:28 . 2009-12-17 23:08 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-01-17 22:27 . 2010-01-17 22:28 -------- d-----w- d:\program files\TuneUp Utilities 2010
2010-01-17 18:37 . 2010-01-29 18:53 -------- d-----w- C:\Demo-2010

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-07 22:15 . 2009-11-09 13:04 -------- d-----w- c:\program files\Common Files\Akamai
2010-02-07 22:12 . 2009-07-15 09:06 -------- d-----w- d:\program files\ICQ6.5
2010-02-05 12:43 . 2009-08-30 09:30 -------- d-----w- d:\program files\SweetIM
2010-02-04 22:09 . 2008-12-16 17:39 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2010-02-03 07:57 . 2008-05-09 06:22 -------- d-----w- d:\program files\GoQ - NetRadio
2010-02-03 07:52 . 2009-12-27 22:55 -------- d-----w- d:\program files\E.M. Youtube Video Download Tool
2010-02-03 07:47 . 2008-08-09 13:05 -------- d-----w- d:\program files\Perfect Uninstaller
2010-01-26 23:08 . 2008-12-20 08:28 -------- d-----w- d:\program files\Crawler
2010-01-20 16:13 . 2008-10-21 10:01 -------- d-----w- d:\program files\Microsoft Silverlight
2010-01-19 11:55 . 2009-11-10 12:37 -------- d-----w- d:\program files\AutoCAD Civil 3D 2010
2010-01-14 11:19 . 2010-01-03 15:23 921632 ----a-w- C:\PA7302.DAT
2010-01-11 12:00 . 2008-12-19 13:22 -------- d-----w- d:\program files\Spyware Terminator
2010-01-09 14:04 . 2008-10-01 19:49 -------- d-----w- d:\program files\QIP
2010-01-07 19:27 . 2008-07-11 10:03 2169256 ----a-w- c:\windows\system32\Incinerator.dll
2010-01-07 15:07 . 2008-12-16 17:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2008-12-16 17:39 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-04 14:24 . 2010-01-04 14:24 -------- d-----w- d:\program files\Elcom
2010-01-04 14:22 . 2008-05-15 16:37 51072 ----a-w- c:\windows\system32\drivers\ANGELNT.SYS
2010-01-04 14:22 . 2008-05-15 16:37 405 ----a-w- c:\windows\system32\ANGELDOS.SYS
2010-01-04 14:22 . 2008-05-15 16:37 11520 ----a-w- c:\windows\system32\drivers\angelusb.sys
2010-01-04 14:22 . 2003-07-28 08:07 20480 ----a-w- c:\windows\system32\ANGELVDD.DLL
2010-01-03 14:51 . 2010-01-03 14:51 -------- d-----w- c:\program files\Common Files\PAC7302
2010-01-03 14:51 . 2010-01-03 14:51 -------- d-----w- d:\program files\ANC
2010-01-03 14:51 . 2008-06-02 10:39 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-12-27 23:03 . 2009-12-27 23:03 0 ----a-w- c:\windows\system32\Infob.dat
2009-12-27 23:03 . 2009-12-27 23:03 0 ----a-w- c:\windows\system32\Infoa.dat
2009-12-27 22:57 . 2009-12-27 22:57 305 ----a-w- c:\windows\system32\treeinfo.dat
2009-12-27 22:35 . 2009-12-27 22:35 -------- d-----w- c:\program files\Common Files\xing shared
2009-12-27 22:35 . 2009-08-20 10:51 -------- d-----w- c:\program files\Common Files\Real
2009-12-27 22:34 . 2003-02-21 01:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-12-27 22:21 . 2009-12-27 22:21 -------- d-----w- d:\program files\Real
2009-12-27 22:09 . 2009-12-27 22:02 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-12-27 22:02 . 2009-12-27 22:02 -------- d-----w- d:\program files\DVDVideoSoft
2009-12-27 14:43 . 2009-12-27 14:43 -------- d-----w- d:\program files\ConvertHelper
2009-12-27 11:48 . 2009-12-27 11:48 -------- d-----w- d:\program files\Avidemux 2.4
2009-12-23 14:46 . 2009-12-23 14:45 -------- d-----w- d:\program files\DivX
2009-12-23 14:45 . 2009-12-23 14:45 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-23 14:44 . 2009-12-23 14:43 -------- d-----w- d:\program files\K-Lite Codec Pack
2009-12-23 14:42 . 2009-02-02 09:30 -------- d-----w- d:\program files\Codec Pack - All In 1
2009-12-23 12:24 . 2009-12-23 12:24 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-23 12:24 . 2009-12-23 12:24 -------- d-----w- d:\program files\Java
2009-12-21 19:08 . 2007-11-18 18:54 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 13:07 . 2009-08-05 09:57 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-12-17 13:07 . 2009-12-17 13:07 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-12-17 13:06 . 2008-11-22 13:26 -------- d-----w- d:\program files\TuneUp Utilities 2009
2009-12-11 18:00 . 2009-02-04 12:58 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-26 11:28 . 2009-11-26 11:28 1024 ----a-w- c:\windows\system32\pwdremover.dat
2009-11-24 23:54 . 2008-12-19 13:35 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-12-19 13:35 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2008-12-19 13:35 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-12-19 13:35 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-12-19 13:35 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-12-19 13:36 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-12-19 13:36 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-12-19 13:36 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-12-19 13:35 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 16:03 . 2004-08-17 13:49 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-14 00:49 . 2009-12-23 14:46 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-11-14 00:49 . 2009-12-23 14:46 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-11-14 00:49 . 2008-08-13 11:35 129784 ------w- c:\windows\system32\pxafs.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2006-05-03 10:06 . 2009-02-04 13:32 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2009-02-04 13:32 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-02-04 13:32 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-14 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"nwiz"="nwiz.exe" [2007-12-04 1626112]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 77824]
"SpywareTerminator"="d:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-12-19 2267136]
"avast!"="d:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SweetIM"="d:\program files\SweetIM\Messenger\SweetIM.exe" [2009-05-20 111928]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-12-23 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-27 198160]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-12-10 323584]
"VirusKeeper"="d:\program files\AxBx\VirusKeeper 2009 Pro Trial\VirusKeeper.exe" [2009-07-01 3748728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "d:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BitTorrent DNA"="d:\program files\DNA\btdna.exe"
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"swg"=d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"MsnMsgr"="d:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background
"MSMSGS"="d:\program files\Messenger\msmsgs.exe" /background
"OEXPRESS"=c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe"
"Sony Ericsson PC Suite"="d:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"pdfFactory Pro Dispatcher v3"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"Adobe Acrobat Speed Launcher"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\CNAB4RPK.EXE"=
"c:\\Program Files\\DNA\\btdna.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"d:\\Program Files\\DNA\\btdna.exe"=
"d:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"d:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"d:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"d:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"d:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
"d:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"d:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\Documents and Settings\\Freemen\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Freemen\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"d:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5190:TCP"= 5190:TCP:icq
"5190:UDP"= 5190:UDP:icq2

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.03.2008 11:33 717296]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [19.12.2008 14:35 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [19.12.2008 14:22 142592]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [17.08.2004 14:49 14336]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [15.05.2008 17:37 51072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19.12.2008 14:35 20560]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R2 HDDlife HDD Access service;HDDlife HDD Access service;c:\program files\Common Files\BinarySense\hldasvc.exe [15.02.2008 13:17 832760]
R2 LF30FS;LF30FS;d:\program files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [19.11.2004 18:07 101488]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;d:\program files\McAfee\SiteAdvisor\McSACore.exe [11.08.2009 10:13 93320]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [18.12.2009 0:12 1044808]
R2 Uniblue DiskRescue;Uniblue DiskRescue;d:\program files\Uniblue\DiskRescue\UBDiskRescueSrv.exe [10.09.2008 16:22 229648]
R2 vkservice;VirusKeeper antivirus/antispyware;d:\program files\AxBx\VirusKeeper 2009 Pro Trial\vk_service.exe [26.09.2008 10:10 1119584]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [15.11.2008 13:04 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [15.11.2008 13:06 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [15.11.2008 13:06 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [15.11.2008 13:06 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [15.11.2008 13:06 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [15.11.2008 13:06 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [15.11.2008 13:06 90800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-02-07 c:\windows\Tasks\Automatic troubleshooting.job
- d:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-12-17 23:18]

2008-12-23 c:\windows\Tasks\Uniblue DiskRescue 2009.job
- d:\program files\Uniblue\DiskRescue\UBDiskRescue.exe [2008-09-10 15:22]

2008-12-23 c:\windows\Tasks\Uniblue SpyEraser.job
- d:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-12-23 14:44]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: Crawler Search - tbr:iemenu
IE: E&xportovať do programu Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Previesť cieľ odkazu do formátu Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Previesť do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Pridať cieľ odkazu do existujúceho súboru PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Pridať do existujúceho súboru PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - c:\program files\Common Files\BinarySense\hlAPP.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - d:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\documents and settings\Freemen\Data aplikací\Mozilla\Firefox\Profiles\37awxsm7.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - component: d:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: d:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: d:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: d:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npdrmv2.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npdsplay.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npMaeC3D.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npwmsdrm.dll
FF - plugin: d:\program files\Opera\program\plugins\npMaeC3D.dll
FF - plugin: d:\program files\Opera\program\plugins\nppdf32.dll
FF - plugin: d:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: d:\program files\Opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-07 23:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spbv.sys >>UNKNOWN [0x86F7D938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74abf28
\Driver\ACPI -> ACPI.sys @ 0xf7246cb8
\Driver\atapi -> atapi.sys @ 0xf71cab40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf70c0bb0
PacketIndicateHandler -> NDIS.sys @ 0xf70cda21
SendHandler -> NDIS.sys @ 0xf70ab87b
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="0DB229D02B9FA1F540479130479C26984E2AF79B331C613CFA1915A609DF56D75AED15180F32D60CD21C2D2B08799D49B17542978931013E48C3A271EB242F2627B348523C04FAD3598832DB5044C09BB82A487BD8CA4D095378D50E117660DC58F68BC878E5BB67204519F81E21BD2B3CE4D20B758515511A5768ECC706FBEDB4FD29B72D3D8616D85B5FAA93CC04C07517307C5B10690001D51AF105975381696372CFE582126498AC0411761449DF0384B1FB2B2CA034CF3E2CF5DF847DF00896B9365443D489D8EC8DBD3059083BE6462D282532563EB02FE644153856CA035A57844C220B71F6A204B64F927CBC87C97C93320E6623B499931D83B3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A9C6AECB7A5D1407A6171C11EC38DE3DF8C1B4069ADEE7FDE6BD038E7034047EF79C59C0129925146DAB15AED5E4C302F6FD195E881892EE63D8F9E023C66828DC01A5BB0D4236343AC82EA4798F192D58F5170346BBEE7A0DF7BBD078F0814728EC3D3CC16B44DAF7F08AA2912F1CB6714AECD94594BA825D5730C9552988D38FD751CF215C9E393E7C427D4474D59F5D50BB9BFBE159FD0AE9A2089E5D58580E7275D9244C3B0F6AF6D3DCB785F300F7108B556258517A1454C29FBF6BEF76E39DA21346E9B1B01B1F1FBB99FCC781E14546E5F71DCD94BDEFA3F3282875E214F035038754BF88B6E86BEB1C6948628162B8053D4C9D818CC9BCBE49DCAF6565B76E89EAA34793E2FCE08E71CB0F75FE0918393873B48749256A8F99C38A5963EEF05A775DCA630D358C9D541BD99F491578607217280105F5E9C6940D16B05C4AC57B3B01741C6521616300C08ADC8E90D5AAF9AEB3DF8F66601C395D856E64AE5AC844FD12F86005B300351A27B9463D8D9CE0A3B62580D4551709CCB2ABD2387D6FA53A92C534D83DE8B9F9DAD9290FE190BBD5B26930D0B2168B671714C13565F1F70F0CE3DF471BE25527F0F1B4AFF9B1A497D057BE21C9CACAAC53671027A82956483849A1B0CE0C545A5CCE28F960013931592E0D40CC3C56112C7C63C5453FE028F2FDFD273FD388C1B44C8B7F82541BDBBDC0C1D952C2C0FC89389F7B9AB1BB633C213E74B27DC58031DEA50434D36F490E78C6CFD78C1F4C7519F2E56D540DA23B62EB91D821E4AB320A05012A7BE09984CD4AB83B9B0DCDA2AECA5865CD020337875A304329C14D37EA79A27F9D9D66F951BF5DC046AAC6621ED9D8101949959D6A9A326557BEE3682E98C8345D55B86DA6DABA0FB597EE2E9D18A25D0417DFFE7808AF1BBEBF618D163D89A7B43F110204170332E6FDF222FAC123A133235A11B03CF41FC6ACAA967903AB237093E1FE36349C192C0571FC97D3FE"
"OODEFRAG11.00.00.01WORKSTATION"="D870521345A56F99DB8CB08D100E62B74CDEB255A70AEF810586054C1CC1B5FBFA99FA34F533D66016A90A3C7C7E9F3AD3D20DB03A407897BEE45F295F7C2346AC90C4D6699A4DA35B2B2552A26A6FF9CC018F0A6D45FD6E023995B2E1B5EA03FCC8735439AFF41F96EE8BD8895F47B21E5027B9D4816D65D415983363CB8E512F999D07F0EC03D167B596DDA990B266E50B1520F5FDC39D71E930F617C3A014B8C1ACCF92EC418022A5F76FF1514EDA7360ED1DCC6B97FDC40F745425C5CAF144DF611213738B34CDC73225C49DCD974CE09A16489B8DAF6F415320A91C49D831F7CCB45BE3D3B8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407C038D530D6EB3452FEBC9E127BECC74CDED0C8B8E33443E0F72D84AAC73C3D1F19AFE4FC792FD7E715393BD4B0E014444AD6EC70EA28FC63A8AD992ED995FA2F078613A1984376E745D7A9BCC0A7C2D4C1ED3D844188E3801F9B30D38BEC1B08577B963913B04AFB1FC44358941725481F2A1F62B9F82C3BF152D21C0001040F7CD4BD73756F918794CDBE28C6FDECA46F03CCFD1E431F5CEA14E00B4B30B4EB9F3C2D06C1189E37C82724AFE5CF62B473D3D3CD2952176D88030D28F501BD8A9B3EDBA86EE857759466CF7CF4225F0622DA94CB8A3506BD7D285CFE7E9BC31B7F4B9519E543B6F48585F21A6A30D5EAA4BCC7F5E62171E03171AB1FD4CD02918F3BF918852E4A2AD9E3919AB25A46F85701F3D1D6ED6EAD3DAC291CDD87C32642C57EE82053344E09C28692ABA1C90B4D91F8E1E4162ABF7011578E73DEEA55C48968547A7F2BDD3949FB9CA82E8ABF4C4087B4133AE6F54DB48D11620BED5FF4875528CF25F91B4802745771C949F74BBEA6D6539EF7738A9575C3EA6AD348E724B4354EDAFD8A465A4463BFE4D6DA7AA3AEDA8E2C442012938F4A43FC3CD7E3294ACE1659A9F6F6A6946543919DD23A6CCED7226C49A582722D4B9368D69A64C4AC4E3F80046AD41BE0889F85160DA07787695B119774AFDA75F3F87569601A88C911D34FA6380BD2FA7A6B9D51FAF60830AC806CD13F9ED962728590CDBDE7E75F764F6EC07579CD88EBB058F1D43A46F0C5C9F8B2FC8BDFC4FBBC4B708AE43F8263A6A6927AB6EB80926FD7AE149CBC4859E050846863C0BDC618D952E2DDC89AC03F6474E48975AFA91B6354F582DA87146733280248B5C51005150BA7D0A8E2FB713C4F96EE1439EB996640FD0774D4237185920C12D9A496647AC0FBF1E16C840DE2A2B218550F9E476E6770F7C0AA3A87CD4B0E4B2EFB9D0BAAB2C8A9609950533280A4E8AD7B0571AF50D9555C5610A43A6FD2B196BD6D436A30B912EF23D57BA78D1879721BE8DC819507D4C4785EB81AADE8"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3280)
d:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
d:\program files\Alwil Software\Avast4\aswUpdSv.exe
d:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe
d:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\CNAB4RPK.EXE
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\oodag.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
d:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\windows\System32\TUProgSt.exe
d:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
d:\program files\Alwil Software\Avast4\ashMaiSv.exe
d:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe
.
**************************************************************************
.
Completion time: 2010-02-07 23:21:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-07 22:21

Pre-Run: 6 164 881 408
Post-Run: 6 053 384 192

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 5C65C42A842B5C41FCEC674DE59F3FF3

No moze to byt poskodena urcite cast systemu, vyriesit by to mohla opravna instalacia.

Stiahni SecurityCheck. Spust ho a postupuj podla instrukcii. Nakoniec vyhodi log, ktory skopiruj sem.

Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
avast! Antivirus
Multi Virus Cleaner 2009
VirusKeeper 2009 Pro Trial
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
Spyware Terminator
McAfee SiteAdvisor
HijackThis 2.0.2
TuneUp Utilities
TuneUp Utilities 2009
TuneUp Utilities
TuneUp Utilities Language Pack (en-US)
CCleaner (remove only)
Multi Virus Cleaner 2009
RamCleaner
Java(TM) 6 Update 17
Java(TM) 6 Update 5
Out of date Java installed!
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast4 aswUpdSv.exe
Alwil Software Avast4 ashServ.exe
Alwil Software Avast4 ashDisp.exe
Alwil Software Avast4 ashMaiSv.exe
Alwil Software Avast4 ashWebSv.exe
AxBx VirusKeeper 2009 Pro Trial vk_service.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Hezké odpoledne
Záskok za kolegu

Jak to ted vypadá s počítačem?
odinstalujte
Multi Virus Cleaner 2009
VirusKeeper 2009 Pro Trial

Ale ono mi to robilo este pred tym (to ze mi niekedy vyplo a niekedy zase nevyplo pocitac) ako som tam mal tieto programy...
Multi Virus Cleaner 2009
VirusKeeper 2009 Pro Trial

Ale hodně anitivrů na jednom systému - se můžou být. Stačí vám jeden

Ja Vám rozumiem - to mám len dočasne - chcel som vyskúšať kontrolu disku iným antivirákom - to onedlho odinštalujem...

Lepší než do systému instalovat další antivir s rezidentním štítem, je vyzkoušet nějaký online skener http://www.viry.cz/forum/viewtopic.php?f=29&t=10908
Nemá rezidentní štít, pouze zkontroluje disk na viry .

Jak to ted vypadá s počítačem?

Problem mam asi stale ....tazko povedat - niekedy sa mi vypne pocitac v pohode a niekedy zase nie....

Akamai používáte?
odinstalujte ty ostatní antiviry, co jsem psala, může to být i nimi.
kontroloval jste paměti?

Ani neviem co to ten Akamai je....
Odinstalujem ich, ale tymi antivirakmi (Multi Virus Cleaner 2009, VirusKeeper 2009 Pro Trial) to nebude, lebo to robilo este ked som ich nemal.
Ako myslite to ci som "kontroloval jste paměti?"....

Jestli to dobře chápu, Vámnejde vypnout počítač? A odkdy je tento problém? Instaloval jste něco, než problém vznikl?

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci


doporučuji odinstalovat c:\\Program Files\\DNA\\btdna.exe