VIRY.CZ

Zdravím vas chalani,
pri starte (NB Asus F5GLseries) mi nabehne obrazovka s hlásením, ze moju kopiu Win
aktivoval dalsi uzivatel a ziada ma znova aktivovat Win
Prebehol som to Spy-botom a Win Essentials, niečo naslo a odstránilo,
ale stále mi tam zstáva Backdoor:Win32/IRCbot.gen!X.
PROSIM vas o POMOC, vopred díky. "w"

ComboFix 11-07-12.09 - Norika . 07. 2011 1:13.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6001.1.1250.421.1051.18.2814.1545 [GMT 2:00]
Running from: f:\slavo\SOFT\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Norika\AppData\Roaming\hidserv.exe
c:\users\Norika\AppData\Roaming\SERVICES.EXE
.
.
((((((((((((((((((((((((( Files Created from 2011-06-12 to 2011-07-12 )))))))))))))))))))))))))))))))
.
.
2011-07-12 23:19 . 2011-07-12 23:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-12 23:10 . 2011-07-12 23:11 -------- d-----w- C:\32788R22FWJFW
2011-07-12 22:47 . 2011-07-12 22:47 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5B098F13-72A8-4A13-8B61-88B4EEEECF2D}\MpKsld4a3dbdc.sys
2011-07-12 22:34 . 2010-09-30 15:15 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2011-07-12 22:33 . 2010-09-30 15:09 21312 ----a-w- c:\windows\system32\authuitu.dll
2011-07-12 22:33 . 2010-09-30 15:09 30016 ----a-w- c:\windows\system32\uxtuneup.dll
2011-07-12 22:33 . 2011-07-12 22:33 -------- d-----w- c:\users\Norika\AppData\Roaming\TuneUp Software
2011-07-12 22:33 . 2011-07-12 22:33 -------- d-----w- c:\program files\TuneUp Utilities 2010
2011-07-12 22:33 . 2011-07-12 22:33 -------- d-----w- c:\programdata\TuneUp Software
2011-07-12 22:32 . 2011-07-12 22:32 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2011-07-12 22:30 . 2011-07-12 22:32 -------- d-----w- c:\users\Norika\AppData\Roaming\HD Tune Pro
2011-07-12 21:23 . 2010-01-17 16:18 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-07-12 21:23 . 2006-10-18 19:05 232448 ----a-w- c:\windows\system32\mp3fhg.acm
2011-07-12 21:23 . 2010-12-07 18:40 183808 ----a-w- c:\windows\system32\xvidvfw.dll
2011-07-12 21:23 . 2010-12-07 18:22 810496 ----a-w- c:\windows\system32\xvidcore.dll
2011-07-12 21:23 . 2010-11-03 19:08 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2011-07-12 21:23 . 2010-12-27 08:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-07-12 21:23 . 2011-07-12 21:24 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-07-12 21:02 . 2011-07-12 21:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-07-12 21:02 . 2011-07-12 21:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-12 17:40 . 2011-07-12 17:40 439632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CC8390FF-31E1-487D-A2B7-405FE3130707}\gapaengine.dll
2011-07-12 17:40 . 2011-06-07 06:55 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5B098F13-72A8-4A13-8B61-88B4EEEECF2D}\mpengine.dll
2011-07-12 17:40 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-07-12 17:16 . 2011-07-12 17:17 -------- d-----w- c:\program files\Microsoft Security Client
2011-07-12 16:44 . 2011-05-02 15:58 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-07-12 16:44 . 2011-04-29 12:49 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-12 16:44 . 2011-04-29 12:49 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-07-12 16:44 . 2011-04-29 12:49 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 16:41 . 2011-07-12 16:41 -------- d-----w- c:\users\Norika\AppData\Local\VS Revo Group
2011-07-12 16:41 . 2011-04-29 14:54 276992 ----a-w- c:\windows\system32\schannel.dll
2011-07-12 16:41 . 2009-12-30 10:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-07-12 16:41 . 2011-07-12 16:41 -------- d-----w- c:\program files\VS Revo Group
2011-07-04 10:13 . 2011-07-04 10:13 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-04 10:13 . 2011-07-04 10:13 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-13 18:25 . 2010-12-17 16:43 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-06-13 18:25 . 2010-12-17 15:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-06-13 18:14 . 2011-02-12 04:28 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-12 17:20 . 2008-10-20 02:05 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-05-17 15:18 . 2011-05-17 14:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-04-27 13:25 . 2011-04-27 13:25 65024 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2011-04-18 11:18 . 2011-04-18 11:18 43392 ----a-w- c:\windows\system32\drivers\MpNWMon.sys
2011-04-18 11:18 . 2011-04-18 11:18 165648 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2011-07-04 10:13 . 2011-05-14 11:15 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-19 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Device Detector"="DevDetect.exe -autorun" [X]
"RemoteControl"="c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe" [2008-04-03 87336]
"LanguageShortcut"="c:\program files\ASUSTek\ASUSDVD\Language\Language.exe" [2008-02-22 62760]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-25 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-25 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-12 6265376]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-08-28 655360]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-17 102400]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2008-10-20 3054136]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2008-10-20 47672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\users\Norika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-12-12 157008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-10 752168]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Webshots.lnk - c:\program files\Webshots\WebshotsTray.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-26 135664]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Kontrola siete od spoločnosti Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 TF1D091010;TF1D091010;c:\windows\system32\DRIVERS\TF1D091010.sys [2008-02-01 99968]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 MpKsld4a3dbdc;MpKsld4a3dbdc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5B098F13-72A8-4A13-8B61-88B4EEEECF2D}\MpKsld4a3dbdc.sys [2011-07-12 28752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-09-30 1051968]
S3 DCamUSBET;USB2.0 1.3M UVC WebCam;c:\windows\system32\DRIVERS\etDevice.sys [2007-09-06 474624]
S3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\DRIVERS\etFilter.sys [2008-02-05 206464]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-06-25 44064]
S3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\DRIVERS\etScan.sys [2008-01-31 6528]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-25 10064]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLD4A3DBDC
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-26 13:46]
.
2011-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-26 13:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://fullarticles.net
uInternet Settings,ProxyOverride = 127.0.0.1
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PCTRAN~1\webie.dll
TCP: DhcpNameServer = 192.168.250.6 192.168.1.1
FF - ProfilePath - c:\users\Norika\AppData\Roaming\Mozilla\Firefox\Profiles\6t2lgi39.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Windows Activation - c:\users\Norika\AppData\Roaming\services.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-13 01:19
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-07-13 01:21:29
ComboFix-quarantined-files.txt 2011-07-12 23:21
.
Pre-Run: 41 354 522 624 bytes free
Post-Run: 42 075 648 000 bytes free
.
- - End Of File - - E12D614DD06F042DC5B0F10A5B6B3C28

Dobré ráno

Takže už falešná aktivace zmizela?

Výborně

zatím pohledáme zbytky havětí a odpoledne vám napíši script

Malwarebytes' Anti-Malware Obrázek

Stáhneme,nainstalujeme a spustíme(pokud si nevíte rady jak,klikněte ZDE)
Vybereme Úplná kontrola a klikneme na tlačítko Prohledat
Program provede kontrolu počítače a na konci se vám objeví hláska,že bylo skenování dokončeno,tak potvrdíme tlačítkem OK
Objeví se vám log,který mi sem vložte
NIC NEMAZAT!!Program mívá občas falešné detekce,takže mazat budeme až po konzultaci

Mimochodem,bylo to asi přesně toto,že? http://www.viry.cz/forum/viewtopic.php? ... &p=1003936

posielam log z mbam
vopred díky za odpoved

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verzia databázy: 7115

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

13. 7. 2011 21:50:30
mbam-log-2011-07-13 (21-49-41).txt

Typ kontroly: Úplná kontrola (C:\|D:\|)
Objektov kontrolovaných: 308965
Uplynutý čas: 1 hod, 4 min, 28 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 0
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 3

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
(Škodlivé položky neboli zistené)

Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
c:\program files\vs revo group\revo uninstaller pro\patch.exe (RiskWare.Tool.CK) -> No action taken.
c:\Qoobox\quarantine\C\Users\Norika\AppData\Roaming\hidserv.exe.vir (Trojan.Dropper) -> No action taken.
c:\Qoobox\quarantine\C\Users\Norika\AppData\Roaming\services.exe.vir (Trojan.Agent) -> No action taken.

Bohužel jsem měl dnes pilno..čili nalezené položky smazat..a zítra tu máte scriptík

děkuji za pochopení

tak jo

díky

Jinak problém po spuštění Combofixu nejspíše zmizel..ale ještě je to třeba dočistit...kdyžtak mi napište chování a stav pc

ať to vemu při jednom

valím spat..brzo stávám do práce..dobrou noc

Dobré ránko,tak tady máte ten scriptík

Otevřeme si Poznámkový blok Obrázek

(stiskneme klávesovou kombinaci WIN+R a napíšeme ,,notepad,, bez úvozovek a dáme enter)

Vložíme do něj následující script:

Kód: Vybrat vše

KillAll::

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

DDS::
uStart Page = hxxp://fullarticles.net

Driver::
gupdate

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=-
"WMPNSCFG"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"=-
"GrooveMonitor"=-
"WinampAgent"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"QuickTime Task"=-


File::
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
c:\users\Norika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

Reboot::

Soubor uložíme na Plochu jako CFScript.txt
Poté tento soubor uchopíme levým tlačítkem myši a přetáhneme na ikonu Combofixu a upustíme
Poté Combofix provede všechny operace a udělá nový log,který sem vložte

dole posielam nový log

... podla pokynov posielam nový log so scriptom:
P.S. notebook dost dlho startuje aj 2 minuty, je to normálne?
ASUS F5, CPU T3200, 3GB RAM, Vista Business
vopred díky

ComboFix 11-07-12.09 - Norika . 07. 2011 17:02:54.2.2 - x86
Microsoft® Windows Vista™ Business 6.0.6001.1.1250.421.1051.18.2814.1542 [GMT 2:00]
Running from: c:\users\Norika\Desktop\ComboFix.exe
Command switches used :: c:\users\Norika\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk"
"c:\users\Norika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Norika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
.
.
((((((((((((((((((((((((( Files Created from 2011-06-14 to 2011-07-14 )))))))))))))))))))))))))))))))
.
.
2011-07-14 15:09 . 2011-07-14 15:09 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FEF67912-CF94-42FA-B251-AC9463262AAB}\MpKsl831716d9.sys
2011-07-14 15:08 . 2011-07-14 15:10 -------- d-----w- c:\users\Norika\AppData\Local\temp
2011-07-14 15:08 . 2011-07-14 15:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-14 04:51 . 2011-07-14 04:51 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FEF67912-CF94-42FA-B251-AC9463262AAB}\MpKsl9c9ec977.sys
2011-07-13 20:38 . 2011-07-13 20:38 -------- d-----w- c:\program files\Common Files\Adobe
2011-07-13 18:32 . 2011-06-07 06:55 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-13 18:32 . 2011-06-07 06:55 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FEF67912-CF94-42FA-B251-AC9463262AAB}\mpengine.dll
2011-07-13 18:28 . 2011-07-13 18:28 -------- d-----w- c:\users\Norika\AppData\Roaming\Malwarebytes
2011-07-13 18:28 . 2010-11-29 15:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-13 18:28 . 2011-07-13 18:28 -------- d-----w- c:\programdata\Malwarebytes
2011-07-13 18:28 . 2011-07-13 18:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-13 18:28 . 2010-11-29 15:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-13 05:50 . 2011-05-18 01:05 507904 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-07-13 05:50 . 2011-05-18 01:05 196608 ----a-w- c:\windows\system32\fsquirt.exe
2011-07-13 05:50 . 2011-05-18 01:05 23040 ----a-w- c:\windows\system32\drivers\bthenum.sys
2011-07-13 05:50 . 2011-05-18 01:05 30208 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-07-13 05:48 . 2011-07-13 05:48 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-07-13 05:31 . 2011-06-02 12:59 2042368 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 05:31 . 2011-05-02 12:00 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-07-13 05:31 . 2011-04-20 14:47 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 05:31 . 2011-04-20 14:44 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-12 23:10 . 2011-07-14 15:00 -------- d-----w- C:\32788R22FWJFW
2011-07-12 22:34 . 2010-09-30 15:15 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2011-07-12 22:33 . 2010-09-30 15:09 21312 ----a-w- c:\windows\system32\authuitu.dll
2011-07-12 22:33 . 2010-09-30 15:09 30016 ----a-w- c:\windows\system32\uxtuneup.dll
2011-07-12 22:33 . 2011-07-12 22:33 -------- d-----w- c:\users\Norika\AppData\Roaming\TuneUp Software
2011-07-12 22:33 . 2011-07-12 22:33 -------- d-----w- c:\program files\TuneUp Utilities 2010
2011-07-12 22:33 . 2011-07-12 22:33 -------- d-----w- c:\programdata\TuneUp Software
2011-07-12 22:32 . 2011-07-12 22:32 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2011-07-12 22:30 . 2011-07-12 22:32 -------- d-----w- c:\users\Norika\AppData\Roaming\HD Tune Pro
2011-07-12 21:23 . 2010-01-17 16:18 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-07-12 21:23 . 2006-10-18 19:05 232448 ----a-w- c:\windows\system32\mp3fhg.acm
2011-07-12 21:23 . 2010-12-07 18:40 183808 ----a-w- c:\windows\system32\xvidvfw.dll
2011-07-12 21:23 . 2010-12-07 18:22 810496 ----a-w- c:\windows\system32\xvidcore.dll
2011-07-12 21:23 . 2010-11-03 19:08 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2011-07-12 21:23 . 2010-12-27 08:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-07-12 21:23 . 2011-07-12 21:24 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-07-12 21:02 . 2011-07-12 21:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-07-12 21:02 . 2011-07-12 21:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-12 17:40 . 2011-07-12 17:40 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CC8390FF-31E1-487D-A2B7-405FE3130707}\gapaengine.dll
2011-07-12 17:40 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-07-12 17:16 . 2011-07-12 17:17 -------- d-----w- c:\program files\Microsoft Security Client
2011-07-12 16:44 . 2011-04-29 12:49 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-07-12 16:44 . 2011-04-29 12:49 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-07-12 16:44 . 2011-05-02 16:00 766464 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-07-12 16:44 . 2010-12-20 15:39 563200 ----a-w- c:\windows\system32\oleaut32.dll
2011-07-12 16:44 . 2011-05-02 15:58 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-07-12 16:44 . 2011-04-29 12:49 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-12 16:44 . 2011-04-29 12:49 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-07-12 16:44 . 2011-04-29 12:49 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 16:41 . 2011-07-12 16:41 -------- d-----w- c:\users\Norika\AppData\Local\VS Revo Group
2011-07-12 16:41 . 2011-04-29 14:54 276992 ----a-w- c:\windows\system32\schannel.dll
2011-07-12 16:41 . 2011-04-21 13:16 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-07-12 16:41 . 2009-12-30 10:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-07-12 16:41 . 2011-07-12 16:41 -------- d-----w- c:\program files\VS Revo Group
2011-07-12 16:41 . 2011-04-14 14:24 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-07-04 10:13 . 2011-07-04 10:13 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-04 10:13 . 2011-07-04 10:13 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-14 15:10 . 2008-10-20 02:05 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-05-17 15:18 . 2011-05-17 14:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-04-29 14:54 . 2011-07-12 16:41 276992 ----a-w- c:\windows\system32\schannel.dll
2011-04-27 13:25 . 2011-04-27 13:25 65024 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2011-04-18 11:18 . 2011-04-18 11:18 43392 ----a-w- c:\windows\system32\drivers\MpNWMon.sys
2011-04-18 11:18 . 2011-04-18 11:18 165648 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2011-07-04 10:13 . 2011-05-14 11:15 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-25 13548064]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-12 6265376]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-08-28 655360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-10 752168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Norika^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\users\Norika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
DevDetect.exe -autorun [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2008-10-20 02:00 47672 ----a-w- c:\windows\AsScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2008-10-20 02:00 3054136 ----a-w- c:\windows\AsScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
2008-01-23 22:34 7766016 ----a-w- c:\program files\ATKOSD2\ATKOSD2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-19 02:52 104936 ----a-w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControlUser]
2008-01-12 05:40 98304 ----a-w- c:\program files\ATK Hotkey\HControlUser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2008-02-22 18:19 62760 ----a-w- c:\program files\ASUSTek\ASUSDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 17:16 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2Go_Menu]
2008-06-14 01:11 210216 ----a-w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2008-04-03 02:09 87336 ----a-w- c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-03-19 18:01 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-08-17 06:40 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02 36352 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R1 MpKsl0e46d3ae;MpKsl0e46d3ae;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FEF67912-CF94-42FA-B251-AC9463262AAB}\MpKsl0e46d3ae.sys [x]
R1 MpKsl9de255d1;MpKsl9de255d1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FEF67912-CF94-42FA-B251-AC9463262AAB}\MpKsl9de255d1.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 TF1D091010;TF1D091010;c:\windows\system32\DRIVERS\TF1D091010.sys [2008-02-01 99968]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 MpKsl831716d9;MpKsl831716d9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FEF67912-CF94-42FA-B251-AC9463262AAB}\MpKsl831716d9.sys [2011-07-14 28752]
S1 MpKsl9c9ec977;MpKsl9c9ec977;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FEF67912-CF94-42FA-B251-AC9463262AAB}\MpKsl9c9ec977.sys [2011-07-14 28752]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-09-30 1051968]
S3 DCamUSBET;USB2.0 1.3M UVC WebCam;c:\windows\system32\DRIVERS\etDevice.sys [2007-09-06 474624]
S3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\DRIVERS\etFilter.sys [2008-02-05 206464]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
S3 NisSrv;Kontrola siete od spoločnosti Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-06-25 44064]
S3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\DRIVERS\etScan.sys [2008-01-31 6528]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-25 10064]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL831716D9
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-26 13:46]
.
2011-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-26 13:46]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = 127.0.0.1
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PCTRAN~1\webie.dll
TCP: DhcpNameServer = 192.168.250.6 192.168.1.1
FF - ProfilePath - c:\users\Norika\AppData\Roaming\Mozilla\Firefox\Profiles\6t2lgi39.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-14 17:12
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3560)
c:\program files\Common Files\SmartCom\DragnDropCopyHook.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\rundll32.exe
c:\program files\ASUS\SmartLogon\smartlogon.exe
c:\windows\system32\WLANExt.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\ASUS\ATK Media\DMEDIA.EXE
c:\program files\ASUS\ATK Media\GPSWATCH.EXE
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\windows\system32\conime.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2011-07-14 17:15:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-14 15:15
ComboFix2.txt 2011-07-12 23:21
.
Pre-Run: 39 000 354 816 bytes free
Post-Run: 38 645 772 288 bytes free
.
- - End Of File - - C7F9115BB3A641ECAF65BFF18A2CC60A

Otevřeme si Poznámkový blok Obrázek

(stiskneme klávesovou kombinaci WIN+R a napíšeme ,,notepad,, bez úvozovek a dáme enter)

Vložíme do něj následující script:

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[-HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
[-HKLM\~\startupfolder\C:^Users^Norika^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Webshots.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControlUser]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2Go_Menu]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-

Soubor uložíme jako oprava.reg (při ukládání nastavte Uložit jako typ:Všechny soubory)
Poté tento soubor spustíme a potvrdíme

Stiskněte klávesovou kombinaci WIN+R( nebo start-spustit ),čímž se vám otevře okno pro zadání příkazu pro spuštění a zkopírujte a vložte sem následujíci text: Combofix /Uninstall a dejte enter

T-Cleaner

Spustíme,zmáčkneme klávesu A a potvrdíme ENTER(některé antiviry mohou detekovat utilitu jako vir-jedá se o falešný poplach,proto IGNOROVAT nebo dočasně vypnout antivir )
po použití T-Cleaner smažte

TFC

Stáhneme a spustíme program
Klikneme na Start a potvrdíme OK
Program začne uklízet,poté restartuje pc
po použití program smažte

Poté provedeme údržbu pc

Údržba PC:

1)Čištění dočasných složek + neplatné registry

Ccleaner

Stáhneme a nainstalujeme program
Spustíme program
ČISTIČ
Windows zde necháme vše jak je (pokud používáme IE,tak odškrkneme jeho položky) a zaškrkneme položky Start Menu zástupci a Zástupci na ploše
Aplikace - necháme jak je,ale pokud používáme nějaký prohlížeč (Google chrome,Firefox,Opera..) tak odškrkneme jeho položky
>Stiskeneme tlačítko Analyzovat a poté Spustit Cleaner
Registry
>Stiskneme tlačítko Hledej problémy,program začne hledat neplatné registry..podé zvolíme Opravit vybrané problémy..
>Program se zeptá,zda chceme vytvořit zálohu registrů,zvolíme ano a uložíme si někde zálohu(kdyby byli po opravení registru s něčím problémy,tak zálohu
obnovíme tak,že spustíme uloženou zálohu a potvrdíme ano),dále zvolíme Opravit všechny problémy a Zavřít
>opakujte dokud nebude registr bez problémů
Program používáme 1x 14dní (záleží na používání pc,můžeme i jednou týdně)

2)Defragmentace disku

Defraggler

Stáhneme a nainstalujeme program
Spustíme program
Vybereme disk ( C:,D:..prostě který používáme)
Pokud je ve sloupci Fragmentace více než 5% dejte Defragmentovat
Proveďte se všemi používanými disky
Provádíme 1x za měsíc

3)Aktualizace programů

FileHippo.com Update Checker

Stáhneme a nainstalujeme program(Při instalaci odškrkneme volbu Run at Startup )
Spustíme program
Program vyhledá nainstalované programy v PC a zjistí dostupné aktualizace
Poté se vám otevře internetová stránka,kde budou nabídnuté aplikace k aktualizování
>X Updates Detected..to jsou dostupné aktualizace..
> klikneme na zelenou šipečku a stáhneme program,poté nainstalujeme jeho aktuální verzi
> X Beta Updates Detected..tyto aktualizace nestahujte,jedná se o betaverze,které jsou ve vývoji a jsou nestabilní
Provádíme 1x za 14 dní nebo jednou za měsíc

Jak se PC chová

... mašina vyzerá byť zase v pohode

Ešte raz díky za odbornú pomoc a hlavne za čas.
Ať se daří!!!

Rád jsem vám pomohl

hezký zbytek dne i vám

VIRY.CZ

Prosím o kontrolu logu z Combofix

Prosím o kontrolu logu z Combofix

Re: Prosím o kontrolu logu z Combofix

Re: Prosím o kontrolu logu z Combofix

Re: Prosím o kontrolu logu z Combofix

Re: Prosím o kontrolu logu z Combofix

Re: Prosím o kontrolu logu z Combofix

Re: Prosím o kontrolu logu z Combofix

Re: Prosím o kontrolu logu z Combofix

Re: Prosím o kontrolu logu z Combofix

Re: Prosím o kontrolu logu z Combofix

Re: Prosím o kontrolu logu z Combofix

Re: Prosím o kontrolu logu z Combofix