Zdravím! Mám stejný problém se Spywarem System tools.Tady zasílám log soubor,který mi vytvořil ComboFix.Doufám že mi pomůžete.děkuji moc
ComboFix 10-12-21.01 - Blažek 22.12.2010 2:19.1.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.511.351 [GMT 1:00]
Spuštěný z: c:\documents and settings\Blažek\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 101221-1] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikací\eDpNk01804
c:\documents and settings\All Users\Data aplikací\eDpNk01804\eDpNk01804
c:\documents and settings\All Users\Data aplikací\eDpNk01804\eDpNk01804.exe
c:\documents and settings\Blažek\Data aplikací\.#
c:\documents and settings\Blažek\Data aplikací\.#\MBX@DE4@3A5C28.###
c:\documents and settings\Blažek\Data aplikací\.#\MBX@DE4@3A5D48.###
c:\documents and settings\Blažek\Data aplikací\ACD Systems\ACDSee\ImageDB.ddf
c:\documents and settings\Blažek\Data aplikací\PriceGong
c:\documents and settings\Blažek\Data aplikací\PriceGong\Data\1.xml
c:\documents and settings\Blažek\Data aplikací\PriceGong\Data\a.xml
c:\documents and settings\Blažek\Data aplikací\PriceGong\Data\b.xml
c:\documents and settings\Blažek\Data aplikací\PriceGong\Data\c.xml
c:\documents and settings\Blažek\Data aplikací\PriceGong\Data\d.xml
c:\documents and settings\Blažek\Data aplikací\PriceGong\Data\e.xml
c:\documents and settings\Blažek\Data aplikací\PriceGong\Data\f.xml
c:\documents and settings\Blažek\Data aplikací\PriceGong\Data\g.xml
c:\documents and settings\Blažek\Data aplikací\PriceGong\Data\h.xml
c:\documents and settings\Blažek\Data aplikací\PriceGong\Data\i.xml
c:\documents and settings\Blažek\Data aplikací\PriceGong\Data\J.xml
c:\documents and settings\Blažek\Data aplikací\PriceGong\Data\k.xml
c:\documents and settings\Blažek\Data aplikací\PriceGong\Data\l.xml
c:\documents and settings\Blažek\Data aplikací\PriceGong\Data\m.xml
c:\documents and settings\Blažek\Data aplikací\PriceGong\Data\mru.xml
c:\documents and settings\Blažek\Data aplikací\PriceGong\Data\n.xml
c:\documents and settings\Blažek\Data aplikací\PriceGong\Data\o.xml
c:\documents and settings\Blažek\Data aplikací\PriceGong\Data\p.xml
c:\documents and settings\Blažek\Data aplikací\PriceGong\Data\q.xml
c:\documents and settings\Blažek\Data aplikací\PriceGong\Data\r.xml
c:\documents and settings\Blažek\Data aplikací\PriceGong\Data\s.xml
c:\documents and settings\Blažek\Data aplikací\PriceGong\Data\t.xml
c:\documents and settings\Blažek\Data aplikací\PriceGong\Data\u.xml
c:\documents and settings\Blažek\Data aplikací\PriceGong\Data\v.xml
c:\documents and settings\Blažek\Data aplikací\PriceGong\Data\w.xml
c:\documents and settings\Blažek\Data aplikací\PriceGong\Data\x.xml
c:\documents and settings\Blažek\Data aplikací\PriceGong\Data\y.xml
c:\documents and settings\Blažek\Data aplikací\PriceGong\Data\z.xml
c:\documents and settings\Blažek\Nabídka Start\Programy\System Tool
c:\windows\system32\alleg41.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-22 do 2010-12-22 )))))))))))))))))))))))))))))))
.
2010-12-22 00:35 . 2010-12-22 00:35 -------- d-----w- c:\program files\SpywareBlaster
2010-12-22 00:33 . 2010-12-22 00:34 -------- d-----w- c:\program files\Crawler
2010-12-22 00:33 . 2010-12-22 00:33 141312 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-12-22 00:33 . 2010-12-22 00:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2010-12-22 00:33 . 2010-12-22 00:43 -------- d-----w- c:\documents and settings\Blažek\Data aplikací\Spyware Terminator
2010-12-22 00:33 . 2010-12-22 00:44 -------- d-----w- c:\program files\Spyware Terminator
2010-12-22 00:32 . 2008-06-10 20:22 81288 ----a-w- c:\windows\system32\drivers\iksyssec.sys
2010-12-22 00:32 . 2008-06-02 14:19 29576 ----a-w- c:\windows\system32\drivers\kcom.sys
2010-12-22 00:32 . 2008-06-02 14:19 66952 ----a-w- c:\windows\system32\drivers\iksysflt.sys
2010-12-22 00:32 . 2008-06-02 14:19 42376 ----a-w- c:\windows\system32\drivers\ikfilesec.sys
2010-12-22 00:32 . 2010-12-22 00:39 -------- d-----w- c:\program files\Spyware Doctor
2010-12-22 00:32 . 2010-12-22 00:32 -------- d-----w- c:\documents and settings\Blažek\Data aplikací\PC Tools
2010-12-22 00:27 . 2008-09-01 12:13 13307640 ----a-w- C:\sdstart.exe
2010-12-22 00:27 . 2008-09-01 09:36 2869536 ----a-w- C:\setup41.exe
2010-12-22 00:27 . 2008-09-01 08:27 8557184 ----a-w- C:\Setup.exe
2010-12-21 20:02 . 2010-12-21 21:58 -------- d-----w- C:\8d294b15b7f09df5112af9663ad4
2010-12-21 18:20 . 2010-12-21 18:20 -------- d-----w- c:\windows\Easy CD-DA Extractor 11.5.3
2010-12-21 18:20 . 2010-12-21 18:20 -------- d-----w- c:\program files\Easy CD-DA Extractor 11
2010-12-21 17:08 . 2010-12-21 17:08 -------- d-----w- c:\program files\Acclaim Entertainment
2010-12-21 16:31 . 2010-12-21 16:31 -------- d-----w- C:\cc3
2010-12-20 17:33 . 2008-10-10 03:52 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2010-12-20 17:33 . 2008-10-10 03:52 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2010-12-20 17:33 . 2008-10-10 03:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-12-20 17:33 . 2008-10-27 09:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2010-12-20 17:33 . 2008-10-27 09:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2010-12-20 17:33 . 2008-10-27 09:04 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
2010-12-20 17:32 . 2008-10-27 09:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2010-12-20 17:05 . 2010-12-20 17:06 -------- d-----w- c:\documents and settings\Blažek\Local Settings\Data aplikací\TheLostIncaProphecy
2010-12-19 21:02 . 2010-12-19 21:02 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Jugilus
2010-12-19 21:01 . 2010-12-19 21:01 -------- d-----w- c:\program files\Crystal Cave Classic
2010-12-19 20:59 . 2010-12-20 17:04 -------- d-----w- c:\program files\Oberon Media
2010-12-19 20:59 . 2010-12-20 17:04 -------- d-----w- c:\program files\MSN Games
2010-12-19 20:58 . 2010-12-19 20:58 -------- d-----w- c:\program files\Little Space Duo
2010-12-19 20:27 . 2010-12-21 18:02 -------- d-----w- c:\program files\AquariaDemo
2010-12-19 19:14 . 2010-12-19 19:14 -------- d-----w- c:\program files\1C
2010-12-19 18:53 . 2010-12-19 18:53 -------- d-----w- c:\program files\Cenega Czech
2010-12-19 18:45 . 2010-12-19 18:45 -------- d-----w- c:\program files\Cenega
2010-12-17 23:14 . 2010-12-17 23:14 -------- d-----w- c:\program files\SirTech
2010-12-16 09:06 . 2010-12-16 09:16 -------- d-----w- c:\program files\Jets'n'Guns Demo
2010-12-16 04:47 . 2007-01-17 11:57 528384 ----a-w- c:\windows\system32\Astro Gemini Screensaver Manager.scr
2010-12-16 04:47 . 2010-12-16 04:47 -------- d-----w- c:\program files\Astro Gemini Software
2010-12-16 04:47 . 2007-02-13 14:53 13619200 ----a-w- c:\windows\system32\Solar System 3D Screensaver.scr
2010-12-16 04:21 . 2010-12-16 04:21 -------- d-----w- c:\program files\MumboJumbo
2010-12-16 00:00 . 2010-12-16 00:00 97248 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-12-16 00:00 . 2010-12-16 00:00 -------- d-----w- c:\program files\Acronis
2010-12-16 00:00 . 2010-12-16 00:00 -------- d-----w- c:\program files\Common Files\Acronis
2010-12-11 22:38 . 2010-12-16 09:29 -------- d-----w- C:\Python22
2010-12-11 14:49 . 2010-12-11 14:49 -------- d-----w- c:\documents and settings\All Users\Data aplikacĂ
2010-12-06 14:18 . 2010-12-06 14:18 -------- d-----w- c:\documents and settings\Blažek\Local Settings\Data aplikací\ABF software
2010-12-06 14:18 . 2010-12-06 14:18 -------- d-----w- c:\program files\ABF software
2010-12-06 14:14 . 2008-07-25 08:31 28672 ----a-w- c:\program files\Mozilla Firefox\components\flashgetXpi.dll
2010-12-06 14:00 . 2010-12-06 14:00 -------- d-----w- c:\program files\Common Files\Drunken Clock
2010-12-06 14:00 . 2010-12-06 14:00 -------- d-----w- c:\program files\Drunken Clock
2010-12-06 04:57 . 2010-12-21 20:26 -------- d-----w- C:\Downloads
2010-12-06 03:45 . 2010-12-21 21:57 -------- d-----w- c:\documents and settings\Blažek\Data aplikací\BITS
2010-12-06 03:24 . 2010-12-06 03:24 -------- d-----w- C:\profiles
2010-12-06 02:23 . 2010-12-06 02:23 -------- d-----w- c:\program files\FlashGet Network
2010-12-06 02:09 . 2010-12-11 21:35 -------- d-----w- c:\program files\Startup Manager
2010-12-06 02:09 . 2010-12-06 02:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Startup Manager
2010-12-06 00:16 . 2010-12-21 21:58 -------- d-----w- c:\documents and settings\Bla×ek\Plocha
2010-12-05 23:18 . 2010-12-20 11:24 -------- d-----w- c:\documents and settings\Blažek\Data aplikací\Vista Start Menu
2010-12-05 23:17 . 2010-12-05 23:18 -------- d-----w- c:\program files\Vista Start Menu
2010-12-05 12:03 . 1996-02-14 13:01 92208 ----a-w- c:\windows\system32\WING.DLL
2010-12-05 11:41 . 2010-12-05 22:52 -------- d-----w- c:\documents and settings\Blažek\Data aplikací\GetRightToGo
2010-12-05 08:19 . 2010-12-05 08:19 -------- d-----w- c:\documents and settings\Blažek\Data aplikací\Malwarebytes
2010-12-05 08:19 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-05 08:19 . 2010-12-05 08:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-12-05 08:18 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-05 08:18 . 2010-12-05 08:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-05 07:55 . 2010-12-05 07:55 -------- d-----w- c:\documents and settings\Administrator.BLA-MV5AE1ST90J
2010-12-05 06:46 . 2010-12-05 06:46 248 ----a-w- c:\documents and settings\Blažek\Data aplikací\agtyjkj.bat
2010-12-04 20:06 . 2010-12-21 23:58 -------- d-----w- c:\documents and settings\Blažek\Local Settings\Data aplikací\AskToolbar
2010-12-04 20:06 . 2010-12-07 20:53 -------- d-----w- c:\documents and settings\Blažek\Local Settings\Data aplikací\WeLoveGames
2010-12-04 20:06 . 2010-12-04 20:06 -------- d-----w- c:\program files\WeLoveGames
2010-12-03 23:13 . 2010-12-03 23:13 -------- d-----w- c:\documents and settings\Blažek\Local Settings\Data aplikací\QuickStores
2010-12-03 23:13 . 2010-12-03 23:13 -------- d-----w- c:\program files\Ask.com
2010-12-03 23:12 . 2010-12-03 23:12 -------- d-----w- c:\program files\DsNET Corp
2010-12-03 18:38 . 2010-12-03 18:38 -------- d-----w- c:\documents and settings\Blažek\Data aplikací\FreshDiagnose
2010-12-03 18:35 . 2010-12-03 18:35 -------- d-----w- c:\program files\FreshDevices
2010-12-03 15:48 . 2010-12-03 15:48 -------- d-----w- c:\program files\Valve
2010-11-27 13:31 . 2010-11-27 13:32 -------- d-----w- C:\CANNON
2010-11-27 01:44 . 2010-11-27 01:44 -------- d-----w- c:\documents and settings\Blažek\Data aplikací\fltk.org
2010-11-27 01:34 . 2010-11-27 01:34 -------- d-----w- c:\program files\EKAf Incorporated
2010-11-26 21:45 . 2010-11-26 21:45 -------- d-----w- c:\program files\Street Bike Fury
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-10 23:39 . 2010-11-10 23:39 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-10-29 19:18 . 2010-10-28 18:35 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-10-29 19:18 . 2010-10-28 18:35 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-10-29 19:18 . 2010-10-28 18:35 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-10-29 18:24 . 2010-10-29 18:24 94208 ----a-w- c:\windows\DIIUnin.exe
2010-10-29 18:24 . 2010-10-29 18:24 2829 ----a-w- c:\windows\DIIUnin.pif
2010-10-16 10:38 . 2003-11-07 13:28 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2010-10-16 10:05 . 2006-05-26 07:39 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-09-28 18:16 . 2010-09-28 18:16 36734 ----a-w- c:\windows\system32\OggDSuninst.exe
2010-10-24 19:19 . 2010-10-24 19:22 252080 ----a-w- c:\program files\opera\program\plugins\dapop.dll
2008-07-25 08:31 . 2010-12-06 14:14 28672 ----a-w- c:\program files\mozilla firefox\components\flashgetXpi.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyA0.dll" [2010-10-18 3908192]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-10-18 3908192]
"{F4F10C1D-87C7-404A-B4B3-000000000000}"= "c:\progra~1\DAP\SBSearch.dll" [2010-10-24 39072]
"{2b9b4ad6-becb-4891-8d9d-6686487a0aa8}"= "c:\program files\WeLoveGames\tbWeLo.dll" [2010-11-29 3908192]
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CLASSES_ROOT\clsid\{f4f10c1d-87c7-404a-b4b3-000000000000}]
[HKEY_CLASSES_ROOT\SearchHook.SrchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}]
[HKEY_CLASSES_ROOT\SearchHook.SrchHook]
[HKEY_CLASSES_ROOT\clsid\{2b9b4ad6-becb-4891-8d9d-6686487a0aa8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2b9b4ad6-becb-4891-8d9d-6686487a0aa8}]
2010-11-29 14:26 3908192 ----a-w- c:\program files\WeLoveGames\tbWeLo.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
2010-10-24 19:18 2447360 ----a-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\MyAshampoo\tbMyA0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 14:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\BS_Player\tbBS_0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyA0.dll" [2010-10-18 3908192]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-10-18 3908192]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{2b9b4ad6-becb-4891-8d9d-6686487a0aa8}"= "c:\program files\WeLoveGames\tbWeLo.dll" [2010-11-29 3908192]
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CLASSES_ROOT\clsid\{2b9b4ad6-becb-4891-8d9d-6686487a0aa8}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\tbMyA0.dll" [2010-10-18 3908192]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-10-18 3908192]
"{2B9B4AD6-BECB-4891-8D9D-6686487A0AA8}"= "c:\program files\WeLoveGames\tbWeLo.dll" [2010-11-29 3908192]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CLASSES_ROOT\clsid\{2b9b4ad6-becb-4891-8d9d-6686487a0aa8}]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-29 171464]
"FlashGet"="c:\program files\FlashGet Network\FlashGet universal\flashget.exe" [2008-08-19 1795656]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2010-10-27 133432]
"SOUNDMAN"="c:\windows\SOUNDMAN.EXE" [2003-08-15 57344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 57344]
"Gainward"="c:\windows\TBPanel.exe" [2003-06-16 2031616]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360]
"nwiz"="nwiz.exe" [2005-12-10 1519616]
"AGRSMMSG"="AGRSMMSG.exe" [2002-09-25 87751]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2008-04-14 208896]
"NvMediaCenter"="NvMCTray.dll" [2005-12-10 86016]
"FlashGet"="c:\program files\FlashGet Network\FlashGet universal\flashget.exe" [2008-08-19 1795656]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2005-12-27 1544099]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-07-16 1166216]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
[HKLM\~\startupfolder\C:^Documents and Settings^Blažek^Nabídka Start^Programy^Po spuštění^PowerReg Scheduler.exe]
path=c:\documents and settings\Blažek\Nabídka Start\Programy\Po spuštění\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector Express\\PDX.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\MotoGP2\\motogp2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Mad Tracks Demo\\MadTracksDemo.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Stormregion\\S.W.I.N.E\\swine.exe"=
"c:\\Games\\Q3Ademo\\quake3.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"=
"c:\\Program Files\\FlashGet Network\\FlashGet universal\\flashget.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"3587:TCP"= 3587:TCP:Skupiny sítě Peer-to-Peer
"3540:UDP"= 3540:UDP:Protokol PNRP (Peer Name Resolution Protocol)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.1.2008 19:29 685816]
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [21.10.2008 19:35 149376]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11.11.2010 20:05 114768]
S1 prodrv04;Star Force copy protection driver v4;c:\windows\system32\drivers\prodrv04.sys [6.10.2009 17:10 114496]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11.11.2010 20:05 20560]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys --> c:\windows\system32\DRIVERS\adusbser.sys [?]
S3 MapMem;MapMem;\??\d:\mapmem.sys --> d:\mapmem.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [12.11.2010 18:22 9216]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [18.9.2010 13:24 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [18.9.2010 13:24 8320]
S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFTVFM\WFIOCTL.SYS --> c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Obsah adresáře 'Naplánované úlohy'
2010-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 13:42]
2010-12-22 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 14:23]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.speedbit.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Crawler Search - tbr:iemenu
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Link to &MidpX - c:\program files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Blažek\Data aplikací\Mozilla\Firefox\Profiles\tavgdav9.default\
FF - prefs.js: browser.search.selectedEngine - Google.com (in English)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: FastestFox: smarterwiki@wikiatic.com - %profile%\extensions\smarterwiki@wikiatic.com
FF - Ext: PermissionResearch: {32c1ae0f-a1ed-4128-b922-7e83a47d79b7} - %profile%\extensions\{32c1ae0f-a1ed-4128-b922-7e83a47d79b7}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
AddRemove-Defense Commander - c:\program files\Defense Commander\Uninst.isu
AddRemove-Downhill PAKOON! 2.Many Unlimited 2009 - c:\program files\metal oxide software\Downhill PAKOON! 2.Many Unlimited 2009\Uninst.isu
AddRemove-uflex2000 - c:\program files\Ultra FlexBall 2000\Uninst.isu
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-22 02:30
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(372)
c:\windows\system32\l3codecp.acm
c:\windows\system32\iac25_32.ax
c:\windows\system32\qmpeg.acm
.
Celkový čas: 2010-12-22 02:34:02
ComboFix-quarantined-files.txt 2010-12-22 01:33
Před spuštěním: 4 635 455 488
Po spuštění: 6 014 226 432
Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - F2F4D01EA36F5EE5A63FCFFB596BEC1F
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
System tools-trojan
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: System tools-trojan
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Collect::
C:\sdstart.exe
C:\setup41.exe
C:\Setup.exe
Folder::
c:\program files\Ask.com
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?