VIRY.CZ

Problem sa prejavuje tak, ze pc pomaly mrzne najskor prehliadac potom vypadne klavesnica a potom mys. Pomoze len hruby reset.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:03:47, on 5.5.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\KMService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Documents and Settings\Dragon\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dragon\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dragon\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dragon\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dragon\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dragon\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dragon\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dragon\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dragon\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dragon\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dragon\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Application Layer Gateway] C:\Program Files\Common Files\alg.exe
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dragon\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KMService - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 11585 bytes

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

ComboFix 11-05-15.03 - Dragon 16.05.2011 0:18.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1464 [GMT 2:00]
Spuštěný z: c:\documents and settings\Dragon\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Dragon\Nabídka Start\Programy\System Tool
c:\documents and settings\Dragon\WINDOWS
C:\ErrLog.txt
c:\program files\Common Files\alg.exe
c:\program files\pdfforge Toolbar\IE\4.1\pdFForgetoolbarie.dll
.
c:\windows\system32\kernel32.dll . . . je infikován!!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-15 do 2011-05-15 )))))))))))))))))))))))))))))))
.
.
2011-05-15 18:34 . 2011-05-15 18:34 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\Softland
2011-05-14 00:35 . 2011-04-11 07:04 7071056 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{E23CA13A-D496-4CA3-BC0F-5749C36EECCA}\mpengine.dll
2011-05-10 19:44 . 2011-05-10 19:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\WeGame
2011-05-09 11:32 . 2011-05-09 11:32 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Softland
2011-05-09 11:25 . 2011-05-09 11:25 -------- d-----w- c:\documents and settings\NetworkService\Data aplikací\Softland
2011-05-09 11:25 . 2011-05-09 11:25 -------- d-----w- c:\documents and settings\Dragon\Data aplikací\Softland
2011-05-09 11:24 . 2011-04-27 13:47 23376 ----a-w- c:\windows\system32\dopdfmn7.dll
2011-05-09 11:24 . 2011-04-27 13:47 20816 ----a-w- c:\windows\system32\dopdfmi7.dll
2011-05-09 11:24 . 2010-02-05 13:00 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2011-05-09 11:24 . 2011-05-09 11:24 -------- d-----w- c:\program files\Softland
2011-05-09 11:11 . 2011-05-09 11:11 -------- d-----w- c:\documents and settings\Dragon\Data aplikací\UDC Profiles
2011-05-09 11:10 . 2011-03-24 15:29 25024 ----a-w- c:\windows\system32\udcpm.dll
2011-05-09 11:10 . 2011-05-09 11:10 -------- d-----w- c:\program files\Universal Document Converter
2011-05-09 10:57 . 2011-05-09 10:57 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PEERNET
2011-05-09 10:57 . 2011-05-09 10:57 -------- d-----w- c:\documents and settings\Dragon\Data aplikací\PEERNET
2011-05-09 10:55 . 2006-12-15 06:53 9216 ------w- c:\windows\system32\Spool\prtprocs\w32x86\pnproc2.dll
2011-05-09 10:55 . 2011-05-09 10:55 -------- d-----w- c:\program files\PDF Creator Plus 4.0
2011-05-09 10:49 . 2001-10-28 23:42 116224 ----a-w- c:\windows\system32\pdfmonnt.dll
2011-05-09 10:49 . 2011-05-09 10:49 -------- d-----w- c:\program files\PDF-Convert
2011-05-09 10:48 . 2011-05-09 10:49 -------- d-----w- c:\documents and settings\Dragon\Data aplikací\GetRightToGo
2011-05-05 10:03 . 2011-05-05 10:03 388096 ----a-r- c:\documents and settings\Dragon\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-05 10:03 . 2011-05-05 10:03 -------- d-----w- c:\program files\Trend Micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-05 21:09 . 2010-10-06 17:49 20654 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2011-04-11 20:06 . 2011-04-11 20:06 82380 ----a-w- c:\windows\system32\drivers\AFS2K.SYS
2011-04-11 07:04 . 2009-05-10 07:01 7071056 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-03-19 23:39 . 2011-03-19 23:39 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-03-19 23:39 . 2011-03-19 23:39 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-03-07 05:33 . 2009-05-10 06:26 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2008-04-27 10:10 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2008-04-14 07:45 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:08 . 2008-03-01 13:02 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08 . 2008-04-27 10:09 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08 . 2008-03-01 13:02 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2008-04-27 10:08 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2008-04-14 00:47 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2008-04-14 00:45 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2008-04-14 08:37 290432 ----a-w- c:\windows\system32\atmfd.dll
.
.
------- Sigcheck -------
.
[-] 2008-04-27 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-09-26 2969496]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2010-10-22 524288]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-01-18 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 21:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2010-04-15 08:17 427328 ----a-w- c:\program files\DAEMON Tools Pro\DTAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 14:06 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-17 15:55 149224 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Application Updater"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\2K Games\\BioShock 2\\SP\\Builds\\Binaries\\Bioshock2.exe"=
"c:\\Program Files\\2K Games\\BioShock 2\\MP\\Builds\\Binaries\\Bioshock2.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"=
"c:\\Program Files\\Counter-Strike 1.6 & Half-Life\\hl.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\BFME\\game.dat"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24808:TCP"= 24808:TCP:BitComet 24808 TCP
"24808:UDP"= 24808:UDP:BitComet 24808 UDP
"59082:TCP"= 59082:TCP:Pando Media Booster
"59082:UDP"= 59082:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.9.2010 19:36 697328]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6.9.2010 18:43 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6.9.2010 18:43 17744]
R2 KMService;KMService;c:\windows\system32\srvany.exe [4.10.2010 22:33 8192]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [21.1.2010 17:51 30963576]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 20:37 4640000]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 14:37 517096]
S3 sxeclone;sxeclone Driver;\??\c:\documents and settings\Dragon\Plocha\wh\sxeclone.sys --> c:\documents and settings\Dragon\Plocha\wh\sxeclone.sys [?]
S4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [22.10.2010 17:38 386560]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-05-13 c:\windows\Tasks\AdobeAAMUpdater-1.0-DRAGON-567B15BE-Dragon.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-01-18 01:01]
.
2011-05-15 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8302552384.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
.
2011-05-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\documents and settings\Dragon\Data aplikací\Mozilla\Firefox\Profiles\fhqe77ni.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13);user_pref(general.useragent.extra.zencast,
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Notify-AtiExtEvent - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-16 00:27
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1644491937-1364589140-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
[HKEY_USERS\S-1-5-21-1644491937-1364589140-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:3d,17,64,d8,77,0a,e5,20,ce,09,db,8d,bb,8e,fb,e9,f0,e2,6d,2f,e3,
6e,ae,a4,0d,dc,c1,5c,38,25,2b,d2,8c,c0,27,10,83,a8,40,c3,cf,69,52,ff,b6,77,\
"rkeysecu"=hex:64,b8,f0,d9,dd,4a,8c,5b,9e,77,f4,92,e7,10,09,f1
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(852)
c:\program files\AlienGUIse\fastload.dll
.
- - - - - - - > 'explorer.exe'(3236)
c:\program files\RocketDock\RocketDock.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~4\Office14\1051\GrooveIntlResource.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\ATKKBService.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\KMService.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
.
**************************************************************************
.
Celkový čas: 2011-05-16 00:32:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-05-15 22:32
.
Před spuštěním: 6 678 827 008
Po spuštění: 6 772 830 208
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /NoExecute=OptOut
.
- - End Of File - - BA67763FC73231526F02C8967A31C9EF

a skus sa vyjadrit k tomuto:
O23 - Service: KMService - Unknown owner - C:\WINDOWS\system32\srvany.exe

vobec netusim co to je?

C:\WINDOWS\system32\srvany.exe otestuj na www.virustotal.com
casto ide o produkt k nelegalnemu licencovaniu MS Office aj s darcekom - trojanom

ako sa toho zbavim? a to je vsetko co tam je?

je tam toho viac - na zaciatok vycisti s MBAM - uplny scan

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 6592

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

16.5.2011 21:18:27
mbam-log-2011-05-16 (21-18-24).txt

Typ kontroly: Rychlý test
Testované objekty: 145273
Uplynulý čas: 6 minut, 16 sekund

Infikované procesy v paměti: 1
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 2

Infikované procesy v paměti:
c:\WINDOWS\kmservice.exe (RiskWare.Tool.CK) -> 1244 -> No action taken.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\WINDOWS\kmservice.exe (RiskWare.Tool.CK) -> No action taken.
c:\documents and settings\Dragon\data aplikací\msdownload.exe (Trojan.MultiDropper) -> No action taken.

ten subor som odoslal a netusim co mam tam hladat na tej stranke

najdene polozky nechaj odstranit v MBAM
+
restart a spust ComboFix - bez scriptu - jeho log vloz

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 6592

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

19.5.2011 1:03:44
mbam-log-2011-05-19 (01-03-44).txt

Typ kontroly: Rychlý test
Testované objekty: 145192
Uplynulý čas: 4 minut, 54 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

JaRon píše: a spust ComboFix - bez scriptu - jeho log vloz

ako ho mam spustit bez scriptu?

Manthy485 píše:ako ho mam spustit bez scriptu?

Dvouklikem na soubor ComboFix.exe .

VIRY.CZ

Postupne zamrznutie PC

Postupne zamrznutie PC

Re: Postupne zamrznutie PC

Re: Postupne zamrznutie PC

Re: Postupne zamrznutie PC

Re: Postupne zamrznutie PC

Re: Postupne zamrznutie PC

Re: Postupne zamrznutie PC

Re: Postupne zamrznutie PC

Re: Postupne zamrznutie PC

Re: Postupne zamrznutie PC

Re: Postupne zamrznutie PC

Re: Postupne zamrznutie PC

Re: Postupne zamrznutie PC

Re: Postupne zamrznutie PC

Re: Postupne zamrznutie PC