Kontrola logu

Zpráva

1danab · #61 Příspěvek od **1danab** » 01 kvě 2010 21:57

gmer je ok...zkusíme ještě Combofix, ale vzhledem k tomu, že se zřejmě jedná o poškození operačního systému, netuším jaký bude výsledný efekt
klidně stačí dát log zítra...dnes už bych na to asi moc neviděla

riffman píše:stahnete a ulozte nejlepe na plochu ComboFix

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano:

dale muze dojit k varovani ohledne rezidentniho stitu vaseho antiviru a upozorneni na nenainstalovanou konzoli pro zotaveni; tu zatim neinstalujte.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, deaktivujte jeho rezidentni stit, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim Combofixu s rezidentem antispyware

po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem

7654321 · #62 Příspěvek od **7654321** » 02 kvě 2010 08:27

tu je log:

ComboFix 10-05-01.04 - Administrator 02.05.2010 9:20.2.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2633 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ADMINI~1\LOCALS~1\Temp\decrypted.exe
c:\documents and settings\Administrator\Application Data\chrtmp
c:\documents and settings\Administrator\Start Menu\Programs\Startup\Bluetooth.lnk
c:\program files\WindowsUpdate
c:\windows\system32\Bifrost

.
((((((((((((((((((((((((( Files Created from 2010-04-02 to 2010-05-02 )))))))))))))))))))))))))))))))
.

2010-05-01 08:40 . 2010-05-01 08:41 3457 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2010-05-01 07:10 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-05-01 07:07 . 2010-05-01 07:07 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-30 19:14 . 2010-04-30 19:14 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-04-30 18:56 . 2010-04-30 18:56 -------- d-----w- c:\program files\MSXML 6.0
2010-04-30 18:48 . 2010-04-30 18:48 -------- d-----w- c:\program files\Windows Media Connect 2
2010-04-30 18:46 . 2010-04-30 18:47 -------- d-----w- C:\b0253fbec3872f87bc
2010-04-30 18:46 . 2010-04-30 18:46 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-04-30 18:44 . 2010-02-16 13:19 2181376 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-04-30 18:44 . 2010-02-16 13:17 2137088 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-04-30 18:44 . 2010-02-16 12:39 2016768 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-04-30 18:44 . 2010-02-16 12:39 2058368 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-04-30 18:44 . 2010-02-24 12:31 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-30 18:43 . 2010-02-25 06:24 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-04-30 18:43 . 2010-02-25 06:24 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-04-30 18:43 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-30 18:43 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-04-30 18:43 . 2010-02-25 06:24 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-04-30 18:18 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-04-30 17:54 . 2009-01-07 16:20 134144 -c----w- c:\windows\system32\dllcache\sqmapi.dll
2010-04-30 17:35 . 2010-04-30 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-04-30 17:00 . 2010-04-30 17:00 -------- d-----w- c:\windows\system32\config\systemprofile\Pracovná plocha
2010-04-30 16:52 . 2001-08-23 11:00 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2010-04-30 16:51 . 2004-08-03 20:31 480256 -c--a-w- c:\windows\system32\dllcache\cintsetp.exe
2010-04-30 16:49 . 2001-08-23 11:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-04-29 15:42 . 2010-04-29 15:42 -------- d-----w- C:\_OTM
2010-04-29 14:25 . 2010-05-01 09:24 -------- d-----w- c:\program files\trend micro
2010-04-29 14:25 . 2010-04-29 14:25 -------- d-----w- C:\rsit
2010-04-29 11:46 . 2010-04-29 11:46 160288 ----a-w- c:\windows\system32\drivers\afcdp.sys
2010-04-29 11:46 . 2010-04-29 11:46 911680 ----a-w- c:\windows\system32\drivers\tdrpm258.sys
2010-04-29 11:46 . 2010-04-29 11:46 581984 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-04-29 11:46 . 2010-04-29 11:46 158272 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-04-29 11:45 . 2010-04-29 11:46 -------- d-----w- c:\program files\Common Files\Acronis
2010-04-29 11:45 . 2010-04-29 19:42 -------- d-s---w- c:\program files\Acronis
2010-04-20 14:38 . 2010-04-20 14:38 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PowerCinema
2010-04-20 12:41 . 2010-04-20 12:41 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\PostBuild.exe
2010-04-14 19:42 . 2010-04-14 19:42 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SecuROM
2010-04-07 15:33 . 2010-04-26 13:50 228336 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-07 14:59 . 2010-04-07 14:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\NVIDIA
2010-04-03 17:23 . 2010-04-03 17:23 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-03 17:23 . 2010-04-03 17:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-03 17:23 . 2010-04-03 17:23 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-03 17:23 . 2010-04-03 17:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 17:23 . 2010-04-03 17:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-03 17:23 . 2010-04-03 17:23 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2010-04-03 17:23 . 2010-04-03 17:23 126976 ----a-w- c:\windows\system32\nvrszht.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-02 07:13 . 2009-07-20 15:13 -------- d-s---w- c:\program files\SpeedFan
2010-05-01 12:26 . 2010-01-03 16:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Download Manager
2010-05-01 12:17 . 2009-07-20 14:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\AIMP
2010-05-01 08:41 . 2009-07-20 12:02 65905 ----a-w- c:\windows\BricoPackUninst.cmd
2010-05-01 07:49 . 2009-07-21 07:13 -------- d-s---w- c:\program files\DAEMON Tools Lite
2010-05-01 07:47 . 2009-07-21 07:11 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-01 07:26 . 2009-07-20 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-01 07:05 . 2010-03-27 12:46 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-30 21:14 . 2009-08-03 09:08 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-30 19:06 . 2004-08-03 22:56 218624 ----a-w- c:\windows\system32\uxtheme.dll
2010-04-30 19:06 . 2009-07-18 05:45 81576 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-30 18:50 . 2009-07-20 19:46 -------- d-----w- c:\program files\Microsoft Works
2010-04-30 17:12 . 2009-08-03 09:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-04-30 16:48 . 2009-07-18 05:33 23348 ----a-w- c:\windows\system32\emptyregdb.dat
2010-04-29 13:54 . 2009-07-20 11:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2010-04-28 20:39 . 2009-07-21 09:34 -------- d-s---w- c:\program files\JDownloader
2010-04-28 17:46 . 2009-07-21 09:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\ICQ
2010-04-26 17:45 . 2009-07-21 10:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\MyPhoneExplorer
2010-04-24 11:50 . 2009-07-23 08:09 -------- d-s---w- c:\program files\Rockstar Games
2010-04-24 11:13 . 2009-07-18 06:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-24 10:57 . 2009-07-21 09:57 -------- d-s---w- c:\program files\SUPER
2010-04-24 10:02 . 2009-07-21 09:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Azureus
2010-04-20 14:39 . 2009-07-22 08:06 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-04-20 14:02 . 2009-07-22 08:12 -------- d-----w- c:\program files\Common Files\CyberLink
2010-04-20 14:02 . 2009-07-22 08:06 -------- d-s---w- c:\program files\CyberLink
2010-04-20 14:01 . 2009-07-22 08:11 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe
2010-04-20 13:46 . 2009-07-22 08:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\CyberLink
2010-04-20 12:41 . 2009-07-20 11:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-20 12:41 . 2009-07-22 08:11 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-04-20 12:37 . 2009-12-20 13:41 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{8C20787A-7402-4FA7-BF25-6E5750930FDC}\PostBuild.exe
2010-04-18 18:45 . 2009-12-21 12:41 -------- d-s---w- c:\program files\Google
2010-04-18 18:16 . 2009-07-21 09:57 -------- d-s---w- c:\program files\Azureus
2010-04-16 13:42 . 2009-07-23 08:12 -------- d-----r- c:\program files\Reference Assemblies
2010-04-15 19:48 . 2010-03-15 13:18 -------- d-s---w- c:\program files\ICQ7.0
2010-04-13 16:35 . 2009-07-29 18:00 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-06 17:30 . 2009-07-18 05:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-06 17:30 . 2009-07-18 06:08 -------- d-s---w- c:\program files\AGEIA Technologies
2010-04-03 17:22 . 2010-04-03 17:22 274432 ----a-w- c:\windows\system32\nvrspt.dll
2010-04-02 14:54 . 2009-07-18 05:52 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-04-01 08:38 . 2010-04-01 05:52 -------- d-s---w- c:\program files\Demolition Simulator
2010-03-31 17:19 . 2009-12-20 19:21 -------- d-s---w- c:\program files\TuneUp Utilities 2010
2010-03-29 13:34 . 2009-12-28 14:15 -------- d-s---w- c:\program files\Call of Duty Modern Warfare 2
2010-03-26 13:30 . 2009-07-20 14:36 -------- d-s---w- c:\program files\AIMP2
2010-03-23 21:24 . 2009-07-22 08:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\PowerCinema
2010-03-23 20:57 . 2009-07-22 08:33 36864 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\PostBuild.exe
2010-03-23 20:12 . 2009-07-22 08:06 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
2010-03-23 18:37 . 2010-03-23 18:37 36864 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{06D1932B-469C-42F9-B0B2-55B2F154D280}\PostBuild.exe
2010-03-23 12:30 . 2009-12-25 21:31 -------- d-s---w- c:\program files\True Transparency 1.3
2010-03-23 12:29 . 2010-03-23 12:27 -------- d-s---w- c:\program files\True Transparency 0.9.4
2010-03-19 13:02 . 2010-03-19 13:02 592 ----a-w- c:\windows\chgkey.vbs
2010-03-17 16:56 . 2009-07-21 10:16 -------- d-s---w- c:\program files\K-Lite Codec Pack
2010-03-17 15:33 . 2010-03-17 15:34 91176 ----a-w- c:\windows\system32\drivers\btwsecfl.sys
2010-03-16 20:46 . 2009-07-20 15:12 -------- d-s---w- c:\program files\ViOrb
2010-03-16 06:51 . 2010-04-06 17:29 6432128 ------w- c:\windows\system32\nv4_disp.dll
2010-03-16 06:51 . 2010-04-06 17:29 215656 ------w- c:\windows\system32\nvcod.dll
2010-03-16 06:51 . 2010-04-06 17:29 1097728 ------w- c:\windows\system32\nvapi.dll
2010-03-15 19:35 . 2009-07-22 15:57 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-15 19:34 . 2009-07-22 15:57 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-14 18:00 . 2010-03-17 16:56 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-03-10 06:15 . 2004-08-03 22:56 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-06 22:11 . 2010-03-06 20:01 -------- d-s---w- c:\program files\Mafia
2010-03-05 20:31 . 2009-10-29 16:59 138056 ----a-w- c:\documents and settings\Administrator\Application Data\PnkBstrK.sys
2010-03-05 20:31 . 2009-10-29 16:59 138056 ----a-w- c:\documents and settings\Administrator\Application Data\PnkBstrK.sys
2010-03-05 20:31 . 2009-07-22 15:57 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-03-05 20:31 . 2010-03-05 20:31 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-03-05 20:16 . 2009-07-22 12:35 -------- d-s---w- c:\program files\EA games
2010-02-25 06:24 . 2004-08-03 22:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 12:31 . 2004-08-03 21:15 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 13:17 . 2004-08-03 21:18 2137088 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39 . 2004-08-03 22:59 2016768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-16 15:59 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-12 04:47 . 2004-08-03 22:56 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2004-08-03 21:07 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-10 17:13 . 2010-03-17 16:56 165376 ----a-w- c:\windows\system32\unrar.dll
2010-02-06 22:12 . 2009-07-20 20:23 2285056 ----a-w- c:\windows\system32\TUKernel.exe
2009-11-10 10:50 . 2009-11-11 15:36 98304 ----a-w- c:\program files\Znow.exe
2007-12-12 23:02 . 2009-12-20 12:11 560640 ----a-w- c:\program files\Christmas.exe
2007-08-15 11:20 . 2010-01-03 12:31 78160 ----a-w- c:\program files\Autorun Fix.exe
2006-05-03 10:06 . 2009-07-21 09:59 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2010-02-01 21:41 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-02-01 21:41 216064 --sha-r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkinClock"="c:\program files\Clock Tray Skins\ClockTraySkins.exe" [2008-09-30 835072]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-07-28 1230848]
"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" [2005-04-18 73728]
"ViOrb"="c:\program files\ViOrb\ViOrb.exe" [2009-07-20 167936]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvIcon"="c:\program files\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]
"RivaTuner"="c:\program files\RivaTuner v2.24\RivaTuner.exe" [2009-08-22 2781184]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24\RivaTuner.exe" [2009-08-22 2781184]
"CHotkey"="mHotkey.exe" [2004-12-08 550912]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-16 153608]
"CLMLServer"="c:\program files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe" [2009-09-16 202024]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-03-13 75048]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-26 5129128]
"Služba Acronis Scheduler2"="c:\program files\Common Files\Acronis\Plán2\schedhlp.exe" [2009-11-26 361976]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
LaunchU3.exe.lnk - c:\windows\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2009-11-6 22486]
SpeedFan.lnk - c:\program files\SpeedFan\speedfan.exe [2009-11-25 4009592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe"
"ShockAero"=c:\program files\Shock aero\ShockAero.exe
"VisualTaskTips"=c:\program files\VisualTaskTips\VisualTaskTips.exe
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Alcmtr"=ALCMTR.EXE
"RTHDCPL"=RTHDCPL.EXE
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
"YouCam Mirror Tray icon"="c:\program files\CyberLink\YouCam\YouCamTray.exe" /s
"BDRegion"=c:\program files\Cyberlink\Shared Files\brs.exe
"InstantBurn"=c:\progra~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe"
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe"
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
"UpdatePDRShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
"LogitechVideo[inspector]"=c:\program files\Logitech\Video\InstallHelper.exe /inspect
"LogitechCameraAssistant"=c:\program files\Logitech\Video\CameraAssistant.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"PlayMovie"="c:\program files\CyberLink\PlayMovie\PMVService.exe"
"PCMAgent"="c:\program files\CyberLink\PowerCinema\PCMAgent.exe"
"TVEService"="c:\program files\CyberLink\TV Enhance\TVEService.exe"
"RemoteControl10"="c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\EA games\\Need for Speed Most Wanted\\speed.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\EA games\\Need for Speed Underground 2\\speed2.exe"=
"c:\\Program Files\\UAZ Racing 4x4\\uaz4x4.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Call of Duty Modern Warfare 2\\iw4mp.exe"=
"c:\\Program Files\\EA games\\Need for Speed Shift\\SHIFT.exe"=
"c:\\Program Files\\CyberLink\\TV Enhance\\TVEnhance.exe"=
"c:\\Program Files\\CyberLink\\TV Enhance\\TVEService.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD10\\PowerDVD10.exe"=
"c:\\Program Files\\Rockstar Games\\EFLC\\EFLC.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"38550:TCP"= 38550:TCP:azureus
"38550:UDP"= 38550:UDP:azureus

R0 pe3anrjb;HUMMER 4x4 Environment Driver (pe3anrjb);c:\windows\system32\drivers\pe3anrjb.sys [29.10.2007 14:28 64632]
R0 ps7anrjb;HUMMER 4x4 Synchronization Driver (ps7anrjb);c:\windows\system32\drivers\ps7anrjb.sys [29.10.2007 14:28 68224]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [29.4.2010 13:46 911680]
R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [22.7.2009 10:07 15784]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 108792]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/04/20 14:45];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [13.3.2010 12:58 87536]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/07/22 11:16];c:\program files\CyberLink\PowerDVD9\000.fcl [1.9.2009 16:59 87536]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [29.4.2010 13:46 2480048]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16.11.2009 10:04 735960]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [17.11.2009 11:15 1021256]
R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [23.3.2010 22:58 464224]
R2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [23.3.2010 22:58 189792]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [29.4.2010 13:46 160288]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [7.8.2003 17:42 6528]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 8:24 10064]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.7.2009 9:11 691696]
S2 CLBUDFbk;CyberLink InstantBurn UDF Filesystem; [x]
S2 pr2anrjb;HUMMER 4x4 Drivers Auto Removal (pr2anrjb);c:\windows\system32\pr2anrjb.exe svc --> c:\windows\system32\pr2anrjb.exe svc [?]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [21.7.2009 12:59 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [21.7.2009 13:00 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [21.7.2009 13:00 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [21.7.2009 13:00 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [21.7.2009 13:00 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [21.7.2009 13:00 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [21.7.2009 13:00 90800]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2007-07-28 13:53 1230848 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
Contents of the 'Scheduled Tasks' folder

2010-05-02 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-11-17 09:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
IE: E&xportovat do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Application Data\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Application Data\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Application Data\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Application Data\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Application Data\LangSoft\WebIE.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-02 09:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1409082233-1960408961-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,26,f3,9d,e2,b1,b2,d0,46,8e,2a,56,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,26,f3,9d,e2,b1,b2,d0,46,8e,2a,56,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,c9,ce,fd,7d,8c,d4,49,88,b2,f5,\

[HKEY_USERS\S-1-5-21-1409082233-1960408961-725345543-500\Software\SecuROM\License information*]
"datasecu"=hex:a9,b6,5a,4d,b6,0c,92,1b,e9,1d,eb,8c,67,00,ad,fc,de,fc,94,b4,c6,
7e,82,9d,02,bc,e8,6b,fa,d1,bd,a8,f5,1b,cf,2a,32,06,ab,34,e1,f5,b2,8e,81,14,\
"rkeysecu"=hex:cc,c4,1e,fc,93,6a,80,1d,9e,3f,5d,b0,a2,36,ae,5d

[HKEY_LOCAL_MACHINE\software\N*e*e*d* *F*o*r* *S*p*e*e*d* *W*o*r*l*d* *S*i*t*e*"!\NFS Most Wanted Dodge Charger RT 1969 Mod]
"Install Dir"="c:\\Documents and Settings\\Administrator\\Desktop"

[HKEY_LOCAL_MACHINE\software\N*e*e*d* *F*o*r* *S*p*e*e*d* *W*o*r*l*d* *S*i*t*e*"!\NFS Most Wanted Ferrari 360 Race Version Mod]
"Install Dir"="c:\\Documents and Settings\\Administrator\\Desktop"
.
Completion time: 2010-05-02 09:30:37
ComboFix-quarantined-files.txt 2010-05-02 07:30

Pre-Run: 76 989 280 256 bytes free
Post-Run: 78 157 856 768 bytes free

- - End Of File - - 7005729CC65CCE0A74599EC33D114383

1danab · #63 Příspěvek od **1danab** » 02 kvě 2010 08:47

c:\windows\system32\drivers\afcdp.sys

riffman píše:otestujte na VIRUSTOTALu

(navod prosty: po nacteni stranky kliknete na tlacitko Prochazet, najdete cestu k vyse zminenemu souboru a kliknete na tlacitko Odeslat soubor, ignorujte pripadne hlasky, ze soubor byl jiz testovan a provedte sken znova; dejte skenerum nejakych deset minut; vysledek sem vlozte at uz zkopirovanim textu, nebo pripadne vlozenim odkazu po ukonceni skenu)

polopaticky:

otevrete v prohlizeci stranku http://www.virustotal.com/cs/

kliknete na tlacitko Prochazet (je tam jenom jedno, nemuzete se splest)

v tabulce, co na vas vybafne, najdete mnou specifikovanou cestu k souboru, tj. a vpravo dole zvolte Otevrit

pote jiz jen kliknete na tlacitko Odeslat soubor a vyckejte konce testu

7654321 · #64 Příspěvek od **7654321** » 02 kvě 2010 12:09

tu je odkaz: http://www.virustotal.com/cs/analisis/d ... 1272798472

1danab · #65 Příspěvek od **1danab** » 02 kvě 2010 13:31

Combofix smazal nějaké svinstvo, jak se chová pc teď?

7654321 · #66 Příspěvek od **7654321** » 02 kvě 2010 18:10

presne rovnako, ziadna zmena, ziadny problem nevyrieseny

1danab · #67 Příspěvek od **1danab** » 02 kvě 2010 18:45

z hlediska virové infekce je vše ok...bohužel systém je poškozen, proto nevidím jiné řešení než přeinstalaci spojenou s formátem disku

pokud jste tak ještě neučinil, zazálohujte si důležitá data

7654321 · #68 Příspěvek od **7654321** » 02 kvě 2010 18:47

no tak to je smutne

a neexistuje daco take ze sa preinstaluje cely win aj s nastaveniami ale data nezmiznu?

1danab · #69 Příspěvek od **1danab** » 02 kvě 2010 18:55

jde o to jaká data máte na mysli?

7654321 · #70 Příspěvek od **7654321** » 02 kvě 2010 18:58

no proste dokumenty, hudbu, fotky a podobne, lebo mam na HDD zaplnene 160 GB a vsetko by sa mi to nechcelo zalohovat na druhy PC pomocou 2 GB USB kluca.

1danab · #71 Příspěvek od **1danab** » 02 kvě 2010 19:02

máte v současné chvíli 160GB volného místa na disku?

7654321 · #72 Příspěvek od **7654321** » 02 kvě 2010 19:17

praveze nie. 160 GB mam zaplnene a priblizne 73 GB volne.

1danab · #73 Příspěvek od **1danab** » 02 kvě 2010 19:19

potřebovala bych vědět kolik by měli ty data, které byste chtěl zachovat?

7654321 · #74 Příspěvek od **7654321** » 02 kvě 2010 19:45

no tak najdolezitejsi je priecinok Documents and settings, ktory zabera 39 GB, program files uz nie je taky dolezity (inak zabera 108 GB), a priecinok Windows samozrejme netreba. takze Documents and settings urcite a Program files mozno.

a mozem vediet preco vas to zaujima?

1danab · #75 Příspěvek od **1danab** » 02 kvě 2010 20:07

jsem zvědavá

ne, jde o to, že by pro Vás bylo lepší, kdybyste si to co chcete uchovat zazálohoval na několik dvd nebo si od někoho půjčil externí disk...nemám zkušenosti s vytvářením nového oddílu na živém systému...může dojít k pádu systému (třeba výpadek proudu)
tím, že data zazálohujete, máte jistotu

VIRY.CZ

Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu