VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

PC-CLEANER (ROUGE SECURITY PROGRAM)

https://forum.viry.cz:443/viewtopic.php?t=102178

Stránka 1 z 2

PC-CLEANER (ROUGE SECURITY PROGRAM)

Napsal: 24 čer 2010 10:33
od rodger5
Spyware Terminator mi chytil uvedený vir, ale nedokáže ho nijak smazat a to ani v nouzovém režimu.Při pokusu o smazání mi píše něco v tom smyslu,že nelze najít. Když prohledávám místo, kde má být dle Terminátora uložen, tak tam nic není.
Zkoušel jsem snad všechny známé antiviry, ale ani jeden ho ani nenašel, natož smazal.
Moc tomu nerozumím, tak pomozte, pokud to lze. Dík.

Re: PC-CLEANER (ROUGE SECURITY PROGRAM)

Napsal: 24 čer 2010 10:48
od riffman
zdravim

stahnete a ulozte nejlepe na plochu ComboFix

pote spustte aplikaci pod uctem s administratorskym opravnenim (nikoli pod uctem s omezenym opravnenim)


v operacnich systemech Windows Vista a Windows 7 spoustejte aplikaci jako spravce (kliknutim pravym mysitkem na ikonu aplikace a volbou "Spustit jako spravce" :!:

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano:

Obrázek

dale muze dojit k varovani ohledne rezidentniho stitu vaseho antiviru a upozorneni na nenainstalovanou konzoli pro zotaveni; tu zatim neinstalujte.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, deaktivujte jeho rezidentni stit, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim Combofixu s rezidentem antispyware


po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem

Re: PC-CLEANER (ROUGE SECURITY PROGRAM)

Napsal: 25 čer 2010 09:55
od rodger5
ComboFix 10-06-23.05 - pc 24.06.2010 19:45:15.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1022.723 [GMT 2:00]
Spuštěný z: c:\documents and settings\pc\Dokumenty\Stažené soubory\ComboFix.exe
AV: Eset NOD32 Antivirus 2.51 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
c:\program files\Mozilla Firefox\Plugins\npqtplugin3.dll
c:\program files\Mozilla Firefox\Plugins\npqtplugin4.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
c:\windows\cookies.ini
c:\windows\system32\404Fix.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\clbinit.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\mcrh.tmp
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\win32.dll
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLBDRIVER
-------\Service_clbdriver


((((((((((((((((((((((((( Soubory vytvořené od 2010-05-24 do 2010-06-24 )))))))))))))))))))))))))))))))
.

2010-06-24 09:29 . 2010-06-24 09:29 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-06-24 08:19 . 2010-06-24 08:19 -------- d-----w- c:\windows\system32\NtmsData
2010-06-23 20:24 . 2010-06-24 08:28 -------- d-----w- c:\program files\Spyware Terminator
2010-06-23 19:25 . 2010-06-23 19:25 -------- d-----w- c:\program files\AVG
2010-06-23 18:23 . 2010-06-23 18:23 -------- d--h--w- c:\windows\PIF
2010-06-22 20:39 . 2010-06-22 20:39 -------- d-----w- c:\program files\Windows Sidebar
2010-06-22 11:23 . 2010-06-22 11:25 -------- d-----w- c:\program files\Wise Registry Cleaner antivir

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-24 17:17 . 2008-07-07 21:11 -------- d-----w- c:\program files\Crawler
2010-06-24 08:01 . 2008-03-16 09:06 -------- d-----w- c:\program files\Norton Security Scan
2010-06-23 20:52 . 2010-01-29 21:05 -------- d-----w- c:\program files\freevideomaster
2010-06-22 17:46 . 2008-07-07 12:24 -------- d-----w- c:\program files\Eset
2010-06-22 12:22 . 2007-11-13 11:31 -------- d-----w- c:\program files\OpenOffice.org 2.2
2010-06-22 12:22 . 2008-04-02 16:03 -------- d-----w- c:\program files\Rally Championship Xtreme
2010-06-22 12:22 . 2008-10-09 15:29 -------- d-----w- c:\program files\globetrans překladač slov
2010-06-22 12:22 . 2008-03-28 17:32 -------- d-----w- c:\program files\GameSpy Arcade
2010-06-22 12:22 . 2008-04-02 15:54 -------- d-----w- c:\program files\Ford Racing 3
2010-06-22 12:22 . 2009-10-30 09:01 -------- d-----w- c:\program files\FlatOut 1
2010-06-22 12:21 . 2010-04-02 11:48 -------- d-----w- c:\program files\Empire Interactive FLATOUT 2
2010-06-22 12:21 . 2010-02-11 06:52 -------- d-----w- c:\program files\DVDFab 6
2010-06-22 12:21 . 2010-05-04 13:59 -------- d-----w- c:\program files\Avidemux 2.5
2010-06-22 12:21 . 2008-09-27 13:27 -------- d-----w- c:\program files\DVDFab Platinum 3 dnes
2010-06-22 12:21 . 2008-08-20 16:32 -------- d-----w- c:\program files\ABC Dictionary překladač
2010-06-20 09:38 . 2001-10-25 12:00 68736 ----a-w- c:\windows\system32\perfc005.dat
2010-06-20 09:38 . 2001-10-25 12:00 389664 ----a-w- c:\windows\system32\perfh005.dat
2010-06-14 13:23 . 2008-10-16 19:15 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-13 08:28 . 2010-03-06 08:07 159297 ----a-w- c:\windows\hpoins14.dat
2010-05-04 13:58 . 2009-11-12 14:32 -------- d-----w- c:\program files\AviSynth 2.5
2010-05-03 12:33 . 2010-05-03 12:33 -------- d-----w- c:\program files\FormatFactory
2010-04-02 12:54 . 2010-03-22 10:12 19564 ----a-w- c:\windows\hpqins13.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01dfd24d-73eb-497f-8dfd-7ea79365af4a}]
2010-06-14 11:29 2515552 ----a-w- c:\program files\freevideomaster\tbfre0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{01dfd24d-73eb-497f-8dfd-7ea79365af4a}"= "c:\program files\freevideomaster\tbfre0.dll" [2010-06-14 2515552]

[HKEY_CLASSES_ROOT\clsid\{01dfd24d-73eb-497f-8dfd-7ea79365af4a}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{01DFD24D-73EB-497F-8DFD-7EA79365AF4A}"= "c:\program files\freevideomaster\tbfre0.dll" [2010-06-14 2515552]

[HKEY_CLASSES_ROOT\clsid\{01dfd24d-73eb-497f-8dfd-7ea79365af4a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2008-02-01 21898024]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-06-23 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-13 14679552]
"RemoteControl"="d:\dvd power 6.0\PDVDServ.exe" [2004-11-02 32768]
"QuickTime Task"="d:\dxxxx\qttask.exe" [2007-10-19 286720]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-06-19 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-05-12 831488]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-16 136600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-06-23 2176512]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\pc\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-6-8 393216]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Ford Racing 3\\fr3.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\EA Games\\Need For Speed Underground 2\\speed2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.3.2009 9:18 717296]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [24.6.2010 11:29 142592]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30.7.2008 7:51 277736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'

2010-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.forumswatcher.com/search.htm
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.forumswatcher.com/search.htm
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Crawler Search - tbr:iemenu
LSP: c:\windows\system32\imon.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\documents and settings\pc\Data aplikací\Mozilla\Firefox\Profiles\7hgfy3qg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=39&tp=ab&q=
FF - component: c:\program files\Crawler\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\firefox\components\xwsg.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\dxxxx\Plugins\npqtplugin.dll
FF - plugin: d:\dxxxx\Plugins\npqtplugin2.dll
FF - plugin: d:\dxxxx\Plugins\npqtplugin3.dll
FF - plugin: d:\dxxxx\Plugins\npqtplugin4.dll
FF - plugin: d:\dxxxx\Plugins\npqtplugin5.dll
FF - plugin: d:\dxxxx\Plugins\npqtplugin6.dll
FF - plugin: d:\dxxxx\Plugins\npqtplugin7.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{00247CC9-0546-4701-83A3-5B87DD7D4FDE} - c:\windows\system32\awtTNhfE.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Notify-ssqQjijk - ssqQjijk.dll
Notify-WgaLogon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-24 19:53
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x867681F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7654fc3
\Driver\ACPI -> ACPI.sys @ 0xf73cfcb8
\Driver\atapi -> 0x867681f8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
ParseProcedure -> ntkrnlpa.exe @ 0x8058155c
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
ParseProcedure -> ntkrnlpa.exe @ 0x8058155c
NDIS: Broadcom NetLink (TM) Gigabit Ethernet -> SendCompleteHandler -> NDIS.sys @ 0xf726dba0
PacketIndicateHandler -> NDIS.sys @ 0xf727ab21
SendHandler -> NDIS.sys @ 0xf725887b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1659004503-796845957-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{683D5F64-EA83-EFE9-EA5F-5E736B48C01F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iahhagmbknjmpjnhah"=hex:6b,61,61,69,6b,6e,61,69,6f,6c,6d,66,64,6e,6b,6f,6e,6e,
6a,6c,63,62,00,00
"jahaafhhkfnnfajlkinf"=hex:62,61,66,67,00,00
"jahaafhhkfnnfajlkibg"=hex:62,61,62,68,00,00
"hanhcibgnjejdccb"=hex:6b,61,61,69,6b,6e,61,69,6f,6c,6d,66,64,6e,6b,6f,6e,6e,
6a,6c,63,62,00,00
"halaifdjhaiephab"=hex:61,61,00,00
"jakajfjleemlplcoajif"=hex:61,61,00,00
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\WINSPOOL.DRV

- - - - - - - > 'lsass.exe'(780)
c:\windows\system32\imon.dll

- - - - - - - > 'explorer.exe'(2452)
c:\windows\System32\shdoclc.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\Skype\Phone\Skype.exe
c:\program files\OpenOffice.org 2.2\program\soffice.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\OpenOffice.org 2.2\program\soffice.BIN
c:\program files\Eset\nod32krn.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Celkový čas: 2010-06-24 19:56:02 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-24 17:56

Před spuštěním: Volných bajtů: 15 227 572 224
Po spuštění: Volných bajtů: 30 402 990 080

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 8963325E11AE8BB8DFC1618B1F329483

Re: PC-CLEANER (ROUGE SECURITY PROGRAM)

Napsal: 25 čer 2010 10:34
od riffman
stahnete MBR

presunte mbr.exe do adresare C:\Windows

dalsi postup jest nasledujici:

Start/Spustit a do chlivecku napiste cmd a stisk Enter.

vybafne na vas okenko prikazoveho radku; vy nadatlujte rucne prikaz:

mbr.exe -f

a stisknete Enter

Po provedeni operace restartujte a spustte mbr jeste jednou, jiz normalne a vlozte sem log

Re: PC-CLEANER (ROUGE SECURITY PROGRAM)

Napsal: 25 čer 2010 11:58
od rodger5
Po přesunu do složky Windows se mě zeptalo zda to přepsat, protože to tam už asi bylo. Přepsal jsem to spustil (cmd jsem nikde nepsal, nebylo kde) a pak tam vyskočil txt soubor. Po restartu jsem MBR spustil a výsledek je
__________________________________________________________________________________________________________

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Re: PC-CLEANER (ROUGE SECURITY PROGRAM)

Napsal: 25 čer 2010 12:32
od riffman
skvele :)

jeste po mne uklidime - http://sweb.cz/Marinus/T-Cleaner.exe

stahnout, spustit, v okne potvrdit klepnutim na klavesu A vykonani akce, nechat probehnout :)

Re: PC-CLEANER (ROUGE SECURITY PROGRAM)

Napsal: 25 čer 2010 15:12
od rodger5
Je tam pořád. :shock:

Re: PC-CLEANER (ROUGE SECURITY PROGRAM)

Napsal: 25 čer 2010 15:45
od riffman
:shock: v mem podpisu najdete odkaz SUPERAntispyware ; stahnete, nainstalujte jej a provedte kompletni sken dle navodu v odkazu

Re: PC-CLEANER (ROUGE SECURITY PROGRAM)

Napsal: 25 čer 2010 22:28
od rodger5
Ach jo, zase ten šmejd tam zůstal. Našlo to sice dost havěti :P , ale ten jeden tam je pořád :oops: . Zajímavé je, že ho chytne pouze Spyware Terminátor, ale bohužel nesmaže.

Re: PC-CLEANER (ROUGE SECURITY PROGRAM)

Napsal: 26 čer 2010 12:18
od rodger5
Rouge/Suspect Anti-Spyware Produkt Rouge/Suspect means that these products are of unknown, questionable, or dubious value as anti-spyware protection.

C:\Program Files\PC-Cleaner\com\pcsd.dll

Re: PC-CLEANER (ROUGE SECURITY PROGRAM)

Napsal: 26 čer 2010 18:57
od rodger5
ComboFix 10-06-25.04 - pc 26.06.2010 18:20:27.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1022.671 [GMT 2:00]
Spuštěný z: c:\documents and settings\pc\Dokumenty\Stažené soubory\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\pc\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.51 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-26 do 2010-06-26 )))))))))))))))))))))))))))))))
.

2010-06-26 07:44 . 2010-06-26 07:44 -------- d-----w- c:\windows\system32\KB905474
2010-06-26 07:00 . 2010-06-26 07:00 -------- d-----w- c:\program files\MSXML 4.0
2010-06-25 20:43 . 2010-06-25 20:43 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-25 14:23 . 2010-06-26 11:05 -------- d-----w- c:\program files\WinClamAVShield
2010-06-25 14:21 . 2010-06-25 14:21 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-06-25 14:21 . 2010-06-26 07:11 -------- d-----w- c:\program files\Spyware Terminator
2010-06-25 11:03 . 2009-11-21 16:46 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-06-25 11:02 . 2005-07-26 04:42 60416 -c----w- c:\windows\system32\dllcache\colbact.dll
2010-06-25 11:02 . 2009-03-06 14:47 283648 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-06-25 11:02 . 2009-02-09 10:22 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-06-25 11:02 . 2009-02-06 16:39 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-06-25 11:02 . 2009-02-09 10:22 399360 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-06-25 11:02 . 2009-02-09 10:22 683520 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-06-25 11:02 . 2009-02-09 10:11 111104 -c----w- c:\windows\system32\dllcache\services.exe
2010-06-25 11:02 . 2009-02-09 10:22 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-06-25 11:02 . 2009-02-09 10:22 709632 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-06-25 11:01 . 2009-06-21 22:07 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-06-25 11:01 . 2009-10-23 14:27 3555328 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-06-25 10:59 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-06-25 10:55 . 2009-06-05 07:46 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2010-06-25 10:54 . 2008-04-21 21:28 216576 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-06-25 10:51 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-06-25 10:51 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-06-24 08:19 . 2010-06-24 08:19 -------- d-----w- c:\windows\system32\NtmsData
2010-06-23 19:25 . 2010-06-23 19:25 -------- d-----w- c:\program files\AVG
2010-06-23 18:23 . 2010-06-23 18:23 -------- d--h--w- c:\windows\PIF
2010-06-22 20:39 . 2010-06-22 20:39 -------- d-----w- c:\program files\Windows Sidebar
2010-06-22 11:23 . 2010-06-22 11:25 -------- d-----w- c:\program files\Wise Registry Cleaner antivir

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-26 16:08 . 2008-07-07 21:11 -------- d-----w- c:\program files\Crawler
2010-06-26 11:04 . 2001-10-25 12:00 68916 ----a-w- c:\windows\system32\perfc005.dat
2010-06-26 11:04 . 2001-10-25 12:00 389938 ----a-w- c:\windows\system32\perfh005.dat
2010-06-24 08:01 . 2008-03-16 09:06 -------- d-----w- c:\program files\Norton Security Scan
2010-06-23 20:52 . 2010-01-29 21:05 -------- d-----w- c:\program files\freevideomaster
2010-06-22 17:46 . 2008-07-07 12:24 -------- d-----w- c:\program files\Eset
2010-06-22 12:22 . 2007-11-13 11:31 -------- d-----w- c:\program files\OpenOffice.org 2.2
2010-06-22 12:22 . 2008-04-02 16:03 -------- d-----w- c:\program files\Rally Championship Xtreme
2010-06-22 12:22 . 2008-10-09 15:29 -------- d-----w- c:\program files\globetrans překladač slov
2010-06-22 12:22 . 2008-03-28 17:32 -------- d-----w- c:\program files\GameSpy Arcade
2010-06-22 12:22 . 2008-04-02 15:54 -------- d-----w- c:\program files\Ford Racing 3
2010-06-22 12:22 . 2009-10-30 09:01 -------- d-----w- c:\program files\FlatOut 1
2010-06-22 12:21 . 2010-04-02 11:48 -------- d-----w- c:\program files\Empire Interactive FLATOUT 2
2010-06-22 12:21 . 2010-02-11 06:52 -------- d-----w- c:\program files\DVDFab 6
2010-06-22 12:21 . 2010-05-04 13:59 -------- d-----w- c:\program files\Avidemux 2.5
2010-06-22 12:21 . 2008-09-27 13:27 -------- d-----w- c:\program files\DVDFab Platinum 3 dnes
2010-06-22 12:21 . 2008-08-20 16:32 -------- d-----w- c:\program files\ABC Dictionary překladač
2010-06-14 13:23 . 2008-10-16 19:15 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-13 08:28 . 2010-03-06 08:07 159297 ----a-w- c:\windows\hpoins14.dat
2010-05-04 13:58 . 2009-11-12 14:32 -------- d-----w- c:\program files\AviSynth 2.5
2010-05-03 12:33 . 2010-05-03 12:33 -------- d-----w- c:\program files\FormatFactory
2010-05-02 08:27 . 2001-10-25 12:00 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:48 . 2001-10-25 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 15:38 . 2001-10-25 12:00 663040 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 15:38 . 2007-11-10 16:51 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-04-02 12:54 . 2010-03-22 10:12 19564 ----a-w- c:\windows\hpqins13.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01dfd24d-73eb-497f-8dfd-7ea79365af4a}]
2010-06-14 11:29 2515552 ----a-w- c:\program files\freevideomaster\tbfre0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{01dfd24d-73eb-497f-8dfd-7ea79365af4a}"= "c:\program files\freevideomaster\tbfre0.dll" [2010-06-14 2515552]

[HKEY_CLASSES_ROOT\clsid\{01dfd24d-73eb-497f-8dfd-7ea79365af4a}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{01DFD24D-73EB-497F-8DFD-7EA79365AF4A}"= "c:\program files\freevideomaster\tbfre0.dll" [2010-06-14 2515552]

[HKEY_CLASSES_ROOT\clsid\{01dfd24d-73eb-497f-8dfd-7ea79365af4a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2008-02-01 21898024]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-06-25 3037696]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-07 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-13 14679552]
"RemoteControl"="d:\dvd power 6.0\PDVDServ.exe" [2004-11-02 32768]
"QuickTime Task"="d:\dxxxx\qttask.exe" [2007-10-19 286720]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-06-19 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-05-12 831488]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-16 136600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-06-25 2176512]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\pc\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-6-8 393216]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Ford Racing 3\\fr3.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\EA Games\\Need For Speed Underground 2\\speed2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 20:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 20:41 67656]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [25.6.2010 16:21 142592]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30.7.2008 7:51 277736]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.3.2009 9:18 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'

2010-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2010-06-26 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-06-26 20:18]
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.forumswatcher.com/search.htm
IE: Crawler Search - tbr:iemenu
LSP: c:\windows\system32\imon.dll
TCP: {874925FB-D787-4D83-8310-FA94BA0F2D16} = 10.120.71.1,89.203.152.3
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\documents and settings\pc\Data aplikací\Mozilla\Firefox\Profiles\7hgfy3qg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=39&tp=ab&q=
FF - component: c:\program files\Crawler\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\firefox\components\xwsg.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\dxxxx\Plugins\npqtplugin.dll
FF - plugin: d:\dxxxx\Plugins\npqtplugin2.dll
FF - plugin: d:\dxxxx\Plugins\npqtplugin3.dll
FF - plugin: d:\dxxxx\Plugins\npqtplugin4.dll
FF - plugin: d:\dxxxx\Plugins\npqtplugin5.dll
FF - plugin: d:\dxxxx\Plugins\npqtplugin6.dll
FF - plugin: d:\dxxxx\Plugins\npqtplugin7.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-26 18:33
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1659004503-796845957-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{683D5F64-EA83-EFE9-EA5F-5E736B48C01F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iahhagmbknjmpjnhah"=hex:6b,61,61,69,6b,6e,61,69,6f,6c,6d,66,64,6e,6b,6f,6e,6e,
6a,6c,63,62,00,00
"jahaafhhkfnnfajlkinf"=hex:62,61,66,67,00,00
"jahaafhhkfnnfajlkibg"=hex:62,61,62,68,00,00
"hanhcibgnjejdccb"=hex:6b,61,61,69,6b,6e,61,69,6f,6c,6d,66,64,6e,6b,6f,6e,6e,
6a,6c,63,62,00,00
"halaifdjhaiephab"=hex:61,61,00,00
"jakajfjleemlplcoajif"=hex:61,61,00,00
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\documents and settings\pc\Data aplikací\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\pc\Data aplikací\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\pc\Data aplikací\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(768)
c:\windows\system32\imon.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Eset\nod32krn.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wdfmgr.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\Skype\Phone\Skype.exe
c:\program files\OpenOffice.org 2.2\program\soffice.exe
c:\program files\OpenOffice.org 2.2\program\soffice.BIN
c:\windows\system32\msiexec.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Celkový čas: 2010-06-26 18:34:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-26 16:34
ComboFix2.txt 2010-06-26 16:06

Před spuštěním: Volných bajtů: 33 130 795 008
Po spuštění: Volných bajtů: 33 121 906 688

- - End Of File - - 713037FB17691F266C8D0BD6425D7D15

Re: PC-CLEANER (ROUGE SECURITY PROGRAM)

Napsal: 27 čer 2010 10:14
od rodger5
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 11:11 on 27/06/2010 by pc (Administrator - Elevation successful)

========== filefind ==========

Searching for "PC-Cleaner.*"
No files found.

Searching for "pcsd.*"
No files found.

========== regfind ==========

Searching for "pcsd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\pcsd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AC28706-E316-4609-98CC-FC734E7E6064}]
@="pcsd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AC28706-E316-4609-98CC-FC734E7E6064}\InProcServer32]
@="C:\Program Files\PC-Cleaner\com\pcsd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AC28706-E316-4609-98CC-FC734E7E6064}\InProcServer32]
@="C:\Program Files\PC-Cleaner\com\pcsd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\pcsd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB85B0F7-8103-46CA-BA1B-4A00D6931E6F}]
@="pcsd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB85B0F7-8103-46CA-BA1B-4A00D6931E6F}\InProcServer32]
@="C:\Program Files\PC-Cleaner\com\pcsd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB85B0F7-8103-46CA-BA1B-4A00D6931E6F}\InProcServer32]
@="C:\Program Files\PC-Cleaner\com\pcsd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCCF7C7A-44FF-4480-B67B-5D55A371B48A}]
@="pcsd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCCF7C7A-44FF-4480-B67B-5D55A371B48A}\InProcServer32]
@="C:\Program Files\PC-Cleaner\com\pcsd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCCF7C7A-44FF-4480-B67B-5D55A371B48A}\InProcServer32]
@="C:\Program Files\PC-Cleaner\com\pcsd.dll"

Searching for "{82297D11-31C1-40B1-960A-BDF40B3B365F}"
No data found.

Searching for "PC-Cleaner"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AC28706-E316-4609-98CC-FC734E7E6064}\InProcServer32]
@="C:\Program Files\PC-Cleaner\com\pcsd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AC28706-E316-4609-98CC-FC734E7E6064}\InProcServer32]
@="C:\Program Files\PC-Cleaner\com\pcsd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB85B0F7-8103-46CA-BA1B-4A00D6931E6F}\InProcServer32]
@="C:\Program Files\PC-Cleaner\com\pcsd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB85B0F7-8103-46CA-BA1B-4A00D6931E6F}\InProcServer32]
@="C:\Program Files\PC-Cleaner\com\pcsd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCCF7C7A-44FF-4480-B67B-5D55A371B48A}\InProcServer32]
@="C:\Program Files\PC-Cleaner\com\pcsd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCCF7C7A-44FF-4480-B67B-5D55A371B48A}\InProcServer32]
@="C:\Program Files\PC-Cleaner\com\pcsd.dll"

-=End Of File=-

Re: PC-CLEANER (ROUGE SECURITY PROGRAM)

Napsal: 27 čer 2010 12:15
od rodger5
Čau, teď jsem v práci, pošlu ti to po 18:00 hod.

Re: PC-CLEANER (ROUGE SECURITY PROGRAM)

Napsal: 27 čer 2010 17:51
od rodger5
Při posílání obr.ST mi píše, že .doc nelze ..... (zkopíroval jsem to Ctrl+PrtScn do Wordu a .....)
Přo kliknutí na odkaz mi píše Firefox nemůže tuto adresu otevřít, neboť protokolu (hxxp) není přiřazen žádný program.
Určitě Ti to připadá směšné, ale nejsem moc zběhlý ....... . :oops:

Re: PC-CLEANER (ROUGE SECURITY PROGRAM)

Napsal: 27 čer 2010 18:17
od rodger5
Že by?
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz