VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

po precisteni od system tool

https://forum.viry.cz:443/viewtopic.php?t=109581

Stránka 1 z 1

po precisteni od system tool

Napsal: 17 úno 2011 17:54
od oso
poprosim o preventivku po precisteni od system tool trojana, pouzil som combofix, potom mse full scan a mbam tiez full oba ok aplikacia sa uz nespusta zda mi to v poriadku dikes



Logfile of random's system information tool 1.08 (written by random/random)
Run by zurbej at 2011-02-17 17:41:23
Microsoft® Windows Vista™ Business Service Pack 2
System drive C: has 66 GB (55%) free of 119 GB
Total RAM: 1912 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:41:54, on 17. 2. 2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
C:\Program Files\TrueSuite Access Manager\usbnotify.exe
C:\Program Files\TrueSuite Access Manager\PwdBank.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\3GUty\tw3gctrl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Users\zurbej\Downloads\RSIT.exe
C:\Program Files\trend micro\zurbej.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [FingerPrintNotifer] "C:\Program Files\TrueSuite Access Manager\FpNotifier.exe"
O4 - HKLM\..\Run: [UsbMonitor] "C:\Program Files\TrueSuite Access Manager\usbnotify.exe"
O4 - HKLM\..\Run: [PwdBank] "C:\Program Files\TrueSuite Access Manager\PwdBank.exe"
O4 - HKLM\..\Run: [ThpSrv] C:\Windows\system32\thpsrv /logon
O4 - HKLM\..\Run: [TOSHIBA_3G_UTY] C:\Program Files\Toshiba\3GUty\TW3GCTRL.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?SK (file missing)
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/red ... &site=home (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = olympic.local
O17 - HKLM\Software\..\Telephony: DomainName = olympic.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = olympic.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = olympic.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Authentec memory manager service (Authentec memory manager) - AuthenTec Inc. - C:\Windows\system32\TAMSvr.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Správca pre program Google Desktop 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
O23 - Service: Ochrana HDD TOSHIBA (Thpsrv) - TOSHIBA Corporation - C:\Windows\system32\ThpSrv.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: 3G RF Power Control Utility (TW3GSVC) - TOSHIBA CORPORATION - C:\Program Files\Toshiba\3GUty\tw3gsvc.exe

--
End of file - 8166 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pre aplikáciu Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-26 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-04 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-08-26 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-26 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2008-09-16 188416]
"NDSTray.exe"=NDSTray.exe []
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-06-27 6295552]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"topi"=C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [2007-07-10 581632]
"Toshiba TEMPO"=C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe [2008-08-26 103824]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-07-30 150040]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-07-30 170520]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-07-30 145944]
"FingerPrintNotifer"=C:\Program Files\TrueSuite Access Manager\FpNotifier.exe [2008-09-03 712704]
"UsbMonitor"=C:\Program Files\TrueSuite Access Manager\usbnotify.exe [2008-07-25 94208]
"PwdBank"=C:\Program Files\TrueSuite Access Manager\PwdBank.exe [2008-09-03 3152384]
"ThpSrv"=C:\Windows\system32\thpsrv /logon []
"TOSHIBA_3G_UTY"=C:\Program Files\Toshiba\3GUty\TW3GCTRL.exe [2008-07-18 1581056]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2010-11-30 997408]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-10 1233920]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [2008-07-04 430080]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-09-09 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2008-07-31 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-02 30192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe [2008-05-28 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosAutLk]
C:\Program Files\TOSHIBA\WirelessKeyLogon\TosAutLk.exe [2008-04-02 116040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [2008-01-11 574864]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Users\zurbej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
TRDCReminder.lnk - C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-07-11 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"DisableCAD"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2011-02-17 17:41:23 ----D---- C:\rsit
2011-02-17 17:41:23 ----D---- C:\Program Files\trend micro
2011-02-17 17:36:14 ----D---- C:\ProgramData\IsolatedStorage
2011-02-17 17:17:14 ----A---- C:\Windows\system32\wups2.dll
2011-02-17 17:17:14 ----A---- C:\Windows\system32\wuauclt.exe
2011-02-17 17:17:13 ----A---- C:\Windows\system32\wucltux.dll
2011-02-17 17:17:13 ----A---- C:\Windows\system32\wuaueng.dll
2011-02-17 17:16:44 ----A---- C:\Windows\system32\wups.dll
2011-02-17 17:16:44 ----A---- C:\Windows\system32\wudriver.dll
2011-02-17 17:16:43 ----A---- C:\Windows\system32\wuapi.dll
2011-02-17 17:16:34 ----A---- C:\Windows\system32\wuwebv.dll
2011-02-17 17:16:34 ----A---- C:\Windows\system32\wuapp.exe
2011-02-17 17:15:32 ----D---- C:\Program Files\MyDefrag v4.3.1
2011-02-17 17:14:18 ----D---- C:\Users\zurbej\AppData\Roaming\Macromedia
2011-02-17 17:06:02 ----D---- C:\Users\zurbej\AppData\Roaming\Adobe
2011-02-17 17:05:03 ----D---- C:\Users\zurbej\AppData\Roaming\Google
2011-02-17 10:09:29 ----D---- C:\Program Files\Microsoft Security Client
2011-02-17 10:08:54 ----A---- C:\Windows\system32\drivers\netio.sys
2011-02-17 10:01:49 ----D---- C:\Windows\system32\appmgmt
2011-02-17 09:55:58 ----SHD---- C:\$RECYCLE.BIN
2011-02-17 09:55:54 ----D---- C:\Windows\temp
2011-02-17 09:55:53 ----A---- C:\ComboFix.txt
2011-02-17 09:33:49 ----D---- C:\Windows\ERDNT
2011-02-17 09:11:10 ----D---- C:\Users\zurbej\AppData\Roaming\Malwarebytes
2011-02-17 09:10:31 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-02-17 09:10:29 ----D---- C:\ProgramData\Malwarebytes
2011-02-17 09:10:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-02-17 09:10:25 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-02-17 08:51:57 ----D---- C:\Users\zurbej\AppData\Roaming\Identities
2011-02-17 08:51:44 ----SD---- C:\Users\zurbej\AppData\Roaming\Microsoft
2011-02-12 20:31:47 ----ASH---- C:\hiberfil.sys
2011-02-12 20:07:27 ----A---- C:\Windows\ntbtlog.txt
2011-01-26 21:32:13 ----A---- C:\Windows\system32\occache.dll
2011-01-26 21:32:13 ----A---- C:\Windows\system32\mstime.dll
2011-01-26 21:32:12 ----A---- C:\Windows\system32\jsproxy.dll
2011-01-26 21:32:12 ----A---- C:\Windows\system32\iepeers.dll
2011-01-26 21:32:11 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-01-26 21:32:11 ----A---- C:\Windows\system32\msfeeds.dll
2011-01-26 21:32:11 ----A---- C:\Windows\system32\ieui.dll
2011-01-26 21:32:11 ----A---- C:\Windows\system32\iesetup.dll
2011-01-26 21:32:10 ----A---- C:\Windows\system32\wininet.dll
2011-01-26 21:32:10 ----A---- C:\Windows\system32\iernonce.dll
2011-01-26 21:32:09 ----A---- C:\Windows\system32\msfeedssync.exe
2011-01-26 21:32:09 ----A---- C:\Windows\system32\iertutil.dll
2011-01-26 21:32:09 ----A---- C:\Windows\system32\iedkcs32.dll
2011-01-26 21:32:09 ----A---- C:\Windows\system32\ie4uinit.exe
2011-01-26 21:32:08 ----A---- C:\Windows\system32\ieUnatt.exe
2011-01-26 21:32:08 ----A---- C:\Windows\system32\iesysprep.dll
2011-01-26 21:32:07 ----A---- C:\Windows\system32\urlmon.dll
2011-01-26 21:32:06 ----A---- C:\Windows\system32\ieframe.dll
2011-01-26 21:32:04 ----A---- C:\Windows\system32\mshtml.dll
2011-01-26 21:31:47 ----A---- C:\Windows\system32\iccvid.dll
2011-01-26 21:31:31 ----A---- C:\Windows\system32\schannel.dll
2011-01-26 21:30:52 ----A---- C:\Windows\system32\win32k.sys
2011-01-26 21:30:35 ----A---- C:\Windows\system32\rtutils.dll
2011-01-26 21:29:13 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-01-26 21:29:12 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-01-26 21:28:56 ----A---- C:\Windows\system32\msxml3.dll
2011-01-26 21:28:41 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-01-26 21:28:41 ----A---- C:\Windows\system32\drivers\srv.sys
2011-01-26 21:27:57 ----A---- C:\Windows\system32\shell32.dll
2011-01-26 21:27:27 ----A---- C:\Windows\system32\drivers\tcpipreg.sys
2011-01-26 21:27:26 ----A---- C:\Windows\system32\drivers\tcpip.sys

======List of files/folders modified in the last 1 months======

2011-02-17 17:41:42 ----D---- C:\Windows\Prefetch
2011-02-17 17:41:23 ----RD---- C:\Program Files
2011-02-17 17:39:34 ----D---- C:\Windows
2011-02-17 17:38:24 ----D---- C:\Windows\system32\drivers
2011-02-17 17:37:44 ----D---- C:\Windows\inf
2011-02-17 17:37:44 ----AD---- C:\Windows\System32
2011-02-17 17:37:44 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-02-17 17:36:14 ----D---- C:\ProgramData
2011-02-17 17:31:22 ----D---- C:\Windows\system32\sk-SK
2011-02-17 17:29:52 ----D---- C:\Windows\winsxs
2011-02-17 17:21:51 ----SHD---- C:\System Volume Information
2011-02-17 17:18:03 ----D---- C:\Windows\PolicyDefinitions
2011-02-17 17:17:40 ----D---- C:\Windows\system32\catroot
2011-02-17 17:17:04 ----D---- C:\Windows\system32\catroot2
2011-02-17 17:15:37 ----D---- C:\Windows\system32\Tasks
2011-02-17 10:10:11 ----SHD---- C:\Windows\Installer
2011-02-17 10:10:11 ----D---- C:\Config.Msi
2011-02-17 10:09:58 ----SD---- C:\ProgramData\Microsoft
2011-02-17 10:07:52 ----D---- C:\Windows\SoftwareDistribution
2011-02-17 09:53:22 ----A---- C:\Windows\system.ini
2011-02-17 09:53:09 ----D---- C:\Windows\system32\drivers\etc
2011-02-17 09:47:31 ----D---- C:\Windows\AppPatch
2011-02-17 09:47:29 ----D---- C:\Program Files\Common Files
2011-02-17 08:51:44 ----RD---- C:\Users
2011-02-12 20:01:08 ----D---- C:\TEMP
2011-01-28 10:14:43 ----D---- C:\Windows\system32\drivers\UMDF
2011-01-28 09:13:10 ----D---- C:\Windows\Microsoft.NET
2011-01-28 09:13:01 ----RSD---- C:\Windows\assembly
2011-01-27 18:41:39 ----D---- C:\Windows\system32\migration
2011-01-27 18:41:39 ----D---- C:\Program Files\Internet Explorer
2011-01-27 18:41:37 ----D---- C:\Program Files\Movie Maker
2011-01-26 21:30:28 ----D---- C:\ProgramData\Microsoft Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AlfaFF;AlfaFF mini-filter driver; C:\Windows\system32\Drivers\AlfaFF.sys [2008-07-25 42608]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2008-07-20 324120]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2008-02-23 43872]
R0 Thpdrv;TOSHIBA HDD Protection Driver; C:\Windows\system32\DRIVERS\thpdrv.sys [2008-07-09 28024]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver; C:\Windows\system32\DRIVERS\Thpevm.SYS [2007-09-04 13336]
R0 tos_sps32;TOSHIBA tos_sps32 Service; C:\Windows\system32\DRIVERS\tos_sps32.sys [2008-08-12 279376]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ.SYS [2007-11-09 23640]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-10-24 165264]
R1 MpKsl25036f52;MpKsl25036f52; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1A09F805-44BA-46A1-9166-6D43C9FA639B}\MpKsl25036f52.sys [2011-02-17 28752]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\Windows\system32\DRIVERS\TVALZFL.sys [2008-04-30 6144]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2008-03-15 169008]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2008-08-14 146944]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver; C:\Windows\system32\DRIVERS\e1y6032.sys [2008-06-14 225920]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-07-11 2381312]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-02 2151064]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-10 89088]
R3 Sony_EricssonWWSC;Toshiba F3507g Mobile Broadband USIM Port; C:\Windows\system32\DRIVERS\toshscard.sys [2008-08-07 24232]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2007-12-14 24200]
R3 toshbus;Toshiba F3507g Mobile Broadband Device driver (WDM); C:\Windows\system32\DRIVERS\toshbus.sys [2008-09-10 276352]
R3 toshcard;Toshiba F3507g Mobile Broadband Device Management; C:\Windows\system32\DRIVERS\toshcard.sys [2008-09-10 351616]
R3 toshgps;Toshiba F3507g Mobile Broadband GPS Port; C:\Windows\system32\DRIVERS\toshgps.sys [2008-09-11 76840]
R3 toshmdfl;Toshiba F3507g Mobile Broadband Modem Filter; C:\Windows\system32\DRIVERS\toshmdfl.sys [2008-09-10 14976]
R3 toshmdfl2;Toshiba F3507g Mobile Broadband Data Modem Filter; C:\Windows\system32\DRIVERS\toshmdfl2.sys [2008-09-10 14976]
R3 toshmdm;Toshiba F3507g Mobile Broadband Modem Driver; C:\Windows\system32\DRIVERS\toshmdm.sys [2008-09-10 360192]
R3 toshmdm2;Toshiba F3507g Mobile Broadband Data Modem Driver; C:\Windows\system32\DRIVERS\toshmdm2.sys [2008-09-10 404864]
R3 toshnd5;Toshiba F3507g Mobile Broadband Network Adapter (NDIS); C:\Windows\system32\DRIVERS\toshnd5.sys [2008-09-10 25856]
R3 toshunic;Toshiba F3507g Mobile Broadband Network Adapter (WDM); C:\Windows\system32\DRIVERS\toshunic.sys [2008-09-10 368128]
R3 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
R3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2008-01-21 45624]
R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2008-07-15 17960]
S3 catchme;catchme; \??\C:\Users\zurbej\AppData\Local\Temp\catchme.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-10 73216]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Authentec memory manager;Authentec memory manager service; C:\Windows\system32\TAMSvr.exe [2008-09-02 49152]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-07-10 40960]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2010-11-11 11736]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 TempoMonitoringService;Notebook Performance Tuning Service ; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [2008-08-26 99720]
R2 Thpsrv;Ochrana HDD TOSHIBA; C:\Windows\system32\ThpSrv.exe [2008-07-25 551736]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2008-08-12 83312]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2007-11-21 129632]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2008-08-05 464224]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2008-05-22 120168]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2008-07-15 106496]
R2 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2008-08-11 622592]
R2 TW3GSVC;3G RF Power Control Utility; C:\Program Files\Toshiba\3GUty\tw3gsvc.exe [2008-07-18 110592]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-08-08 77824]
S3 GoogleDesktopManager-051210-111108;Správca pre program Google Desktop 5.9.1005.12335; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-02 30192]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-02 182768]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

dikes

Re: po precisteni od system tool

Napsal: 17 úno 2011 18:36
od Asar
Můžete sem vložit log, který vytvořil Combofix? Měl by se nacházet na C:\ComboFix.txt.

Re: po precisteni od system tool

Napsal: 17 úno 2011 20:04
od oso
tu je log z combofix, diki :D

ComboFix 11-02-16.01 - xxxxx. 02. 2011 9:43.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1250.421.1051.18.1912.962 [GMT 1:00]
Running from: c:\users\xxxx\Desktop\ComboFix.exe
AV: Microsoft Forefront Client Security *Disabled/Outdated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Forefront Client Security *Disabled/Outdated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Desktop
c:\programdata\eJaKcLn14700
c:\programdata\eJaKcLn14700\eJaKcLn14700
c:\programdata\eJaKcLn14700\eJaKcLn14700.exe
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\kadnarova.OLYMPIC\Desktop\PLOCHA\Vancouver 2010\Desktop_.ini
c:\users\kadnarova.OLYMPIC\Desktop\PLOCHA\Vancouver 2010\News\Desktop_.ini
c:\users\kadnarova.OLYMPIC\Desktop\PLOCHA\Vancouver 2010\ubytovanie\Desktop_.ini
c:\users\kadnarova.OLYMPIC\Desktop\PLOCHA\Vancouver 2010\Visits\Desktop_.ini
c:\users\kadnarova.OLYMPIC\Desktop\sport (sbs)\EYOF Beograd 2007\Akreditacie\Cyklistika\Desktop_.ini
c:\users\kadnarova.OLYMPIC\Desktop\sport (sbs)\EYOF Beograd 2007\Akreditacie\Cyklistika\fotky\Desktop_.ini
c:\users\kadnarova.OLYMPIC\Desktop\sport (sbs)\EYOF Beograd 2007\Akreditacie\Desktop_.ini
c:\users\kadnarova.OLYMPIC\Desktop\sport (sbs)\EYOF Beograd 2007\Akreditacie\VP\Desktop_.ini
c:\users\kadnarova.OLYMPIC\Desktop\sport (sbs)\EYOF Beograd 2007\Desktop_.ini
c:\users\kadnarova.OLYMPIC\Desktop\sport (sbs)\EYOF Beograd 2007\Hodnotenie\Desktop_.ini
c:\users\kadnarova.OLYMPIC\Desktop\sport (sbs)\EYOF Beograd 2007\CHdM\Desktop_.ini
c:\users\kadnarova.OLYMPIC\Desktop\sport (sbs)\EYOF Beograd 2007\Komunikacia\Desktop_.ini
c:\users\kadnarova.OLYMPIC\Desktop\sport (sbs)\EYOF Beograd 2007\Komunikacia\FORMS\Desktop_.ini
c:\users\kadnarova.OLYMPIC\Desktop\sport (sbs)\EYOF Beograd 2007\Komunikacia\Loga\Desktop_.ini
c:\users\kadnarova.OLYMPIC\Desktop\sport (sbs)\EYOF Beograd 2007\Komunikacia\Manuals\Desktop_.ini
c:\users\kadnarova.OLYMPIC\Desktop\sport (sbs)\EYOF Beograd 2007\Komunikacia\Program\Desktop_.ini
c:\users\kadnarova.OLYMPIC\Desktop\sport (sbs)\EYOF Beograd 2007\Komunikacia\Vlajka\Desktop_.ini

----- BITS: Possible infected sites -----

hxxp://sbs:8530
.
((((((((((((((((((((((((( Files Created from 2011-01-17 to 2011-02-17 )))))))))))))))))))))))))))))))
.

2011-02-17 08:52 . 2011-02-17 08:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-17 08:52 . 2011-02-17 08:52 -------- d-----w- c:\users\xxxxx.OLYMPIC\AppData\Local\temp
2011-02-17 08:52 . 2011-02-17 08:52 -------- d-----w- c:\users\xxxxx\AppData\Local\temp
2011-02-17 08:52 . 2011-02-17 08:52 -------- d-----w- c:\users\xxxx\AppData\Local\temp
2011-02-17 08:34 . 2011-02-17 08:40 -------- d-----w- C:\32788R22FWJFW
2011-02-17 08:10 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-17 08:10 . 2011-02-17 08:10 -------- d-----w- c:\programdata\Malwarebytes
2011-02-17 08:10 . 2011-02-17 08:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-17 08:10 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-17 07:51 . 2011-02-17 07:52 -------- d-----w- c:\users\xxxxj
2011-02-12 19:01 . 2011-02-12 18:59 4177272 ----a-w- c:\temp\ProcessExplorer\procexp.exe
2011-02-12 17:56 . 2011-02-12 17:56 -------- d-----w- c:\users\xxxxxx.OLYMPIC\temp
2011-01-26 20:31 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2011-01-26 20:31 . 2010-06-11 16:16 274944 ----a-w- c:\windows\system32\schannel.dll
2011-01-26 20:31 . 2010-06-17 16:16 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe
2011-01-26 20:31 . 2010-06-17 18:08 10926592 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll
2011-01-26 20:30 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys
2011-01-26 20:30 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2011-01-26 20:29 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-01-26 20:29 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-01-26 20:28 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2011-01-26 20:28 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2011-01-26 20:28 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-01-26 20:27 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-02 09:38 . 2010-02-02 03:48 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1]
@="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}"
[HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}]
2008-07-25 13:41 118784 ----a-w- c:\program files\TrueSuite Access Manager\IconOvrly.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-10 2153472]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-07-04 430080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-09-16 188416]
"NDSTray.exe"="NDSTray.exe" [BU]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-27 6295552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-02 30192]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-08-26 103824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-30 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-30 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-30 145944]
"FingerPrintNotifer"="c:\program files\TrueSuite Access Manager\FpNotifier.exe" [2008-09-03 712704]
"UsbMonitor"="c:\program files\TrueSuite Access Manager\usbnotify.exe" [2008-07-25 94208]
"PwdBank"="c:\program files\TrueSuite Access Manager\PwdBank.exe" [2008-09-03 3152384]
"TosAutLk"="c:\program files\TOSHIBA\WirelessKeyLogon\TosAutLk.exe" [2008-04-02 116040]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-07-31 417792]
"TOSHIBA_3G_UTY"="c:\program files\Toshiba\3GUty\TW3GCTRL.exe" [2008-07-18 1581056]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"Microsoft Forefront Client Security Antimalware Service"="c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" [2010-01-19 1033600]

c:\users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

c:\users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FCSAM]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe [2010-01-19 16880]
R2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe [2007-04-06 73120]
R3 GoogleDesktopManager-051210-111108;Správca pre program Google Desktop 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-02 30192]
S0 AlfaFF;AlfaFF mini-filter driver;c:\windows\system32\Drivers\AlfaFF.sys [2008-07-25 42608]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2008-07-09 28024]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2007-09-04 13336]
S2 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe [2008-09-02 49152]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-07-10 40960]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-08-26 99720]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2008-07-15 106496]
S2 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2008-08-11 622592]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2008-04-30 6144]
S2 TW3GSVC;3G RF Power Control Utility;c:\program files\Toshiba\3GUty\tw3gsvc.exe [2008-07-18 110592]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2008-06-13 225920]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-08-08 77824]
S3 Sony_EricssonWWSC;Toshiba F3507g Mobile Broadband USIM Port;c:\windows\system32\DRIVERS\toshscard.sys [2008-08-07 24232]
S3 toshbus;Toshiba F3507g Mobile Broadband Device driver (WDM);c:\windows\system32\DRIVERS\toshbus.sys [2008-09-10 276352]
S3 toshcard;Toshiba F3507g Mobile Broadband Device Management;c:\windows\system32\DRIVERS\toshcard.sys [2008-09-10 351616]
S3 toshgps;Toshiba F3507g Mobile Broadband GPS Port;c:\windows\system32\DRIVERS\toshgps.sys [2008-09-11 76840]
S3 toshmdfl;Toshiba F3507g Mobile Broadband Modem Filter;c:\windows\system32\DRIVERS\toshmdfl.sys [2008-09-10 14976]
S3 toshmdfl2;Toshiba F3507g Mobile Broadband Data Modem Filter;c:\windows\system32\DRIVERS\toshmdfl2.sys [2008-09-10 14976]
S3 toshmdm;Toshiba F3507g Mobile Broadband Modem Driver;c:\windows\system32\DRIVERS\toshmdm.sys [2008-09-10 360192]
S3 toshmdm2;Toshiba F3507g Mobile Broadband Data Modem Driver;c:\windows\system32\DRIVERS\toshmdm2.sys [2008-09-10 404864]
S3 toshnd5;Toshiba F3507g Mobile Broadband Network Adapter (NDIS);c:\windows\system32\DRIVERS\toshnd5.sys [2008-09-10 25856]
S3 toshunic;Toshiba F3507g Mobile Broadband Network Adapter (WDM);c:\windows\system32\DRIVERS\toshunic.sys [2008-09-10 368128]
S4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-12-20 38224]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBAMSWISSARMY

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-TOSDCR - %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-ITSecMng - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
HKLM-Run-TPCHWMsg - %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-17 09:53
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????M?0^???`???????????? ??(

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-02-17 09:55:52
ComboFix-quarantined-files.txt 2011-02-17 08:55

Pre-Run: 66 208 497 664 bytes free
Post-Run: 66 641 022 976 bytes free

- - End Of File - - 744AB511B6150BFAA3A399E6A7E8BC62

Re: po precisteni od system tool

Napsal: 17 úno 2011 21:43
od Asar
Log je OK.

Re: po precisteni od system tool

Napsal: 17 úno 2011 22:20
od oso
dik myslel som ze to bude ok :)

Re: po precisteni od system tool

Napsal: 18 úno 2011 07:58
od Asar
Není zač.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz