Nabehne, ale pak se bez hlasky ukonci explorer

[Luciecz]

Prosim o pomoc nejspis s virem, pc nabehne, spusti se wndws a prihlasi uzivatel, po pokusu spustit program nebo kopirovat slozku se bez hlasky ukonci explorer (poprve se mi ta hlaska objevila, ze nastala chyba a bude ukoncen) a je jen prazdna obrazovka. Po restartu slo chvili byt na internetu, ale pri pokusu o instalaci lepsiho antiviru system spadl hned pri pokusu o otevreni slozky stazene soubory.
Take se mi jednou objevila chzbova hlaska runtime error 204 at 00a0246c

zde log z nouzoveho rezimu

Logfile of random's system information tool 1.09 (written by random/random)
Run by Lucie at 2011-12-30 17:34:29
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 87 GB (61%) free of 142 GB
Total RAM: 1014 MB (78% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\gv0b58u3.default

prefs.js - "browser.startup.homepage" - "chrome://superstart/content/index.html"

"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"=C:\Program Files\McAfee\SiteAdvisor
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
afurladvisor@anchorfree.com
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\gv0b58u3.default\extensions\
cs@dictionaries.addons.mozilla.org
superstart@enjoyfreeware.org
{d37dc5d0-431d-44e5-8c91-49419370caa1}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-12 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - C:\Program Files\McAfee\MSK\MskAPBho.dll [2008-09-22 246088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2008-09-27 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-12-22 342192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll [2011-11-30 1003576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-04 121632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
Hotspot Shield Class - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll [2011-05-25 233288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-04 121632]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-12-22 342192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LManager"=C:\Program Files\Launch Manager\LManager.exe [2009-02-20 817672]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2009-05-01 137752]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2009-05-01 354840]
"PersistenceThread"=C:\WINDOWS\system32\PersistenceThread.exe [2009-05-01 92696]
"AzMixerSel"=C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe [2006-07-17 53248]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-07-30 24064]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2008-04-14 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2008-09-23 641208]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-02-27 1434920]
"PLFSetI"=C:\WINDOWS\PLFSetI.exe []
"RemoteControl8"=C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-10-17 91432]
"PDVD8LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\DOCUME~1\ALLUSE~1\DATAAP~1\wimnjquiwin.dat [2011-11-05 1063614]
"ProductReg"=C:\Program Files\Acer\WR_PopUp\ProductReg.exe [2009-04-15 135168]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-07-19 39408]
"ICQ"=C:\Program Files\ICQ7.6\ICQ.exe [2011-10-11 127040]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Documents and Settings\Lucie\Nabídka Start\Programy\Po spuštění
ctfmon.lnk - C:\WINDOWS\system32\rundll32.exe
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igdlogin]
C:\WINDOWS\system32\igdlogin.dll [2009-04-28 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Lucie\Plocha\xp\L2tp_client1\Connector.exe"="C:\Documents and Settings\Lucie\Plocha\xp\L2tp_client1\Connector.exe:*:Enabled:ZJU L2TP Client"
"C:\Documents and Settings\Lucie\Plocha\xp\L2tp_client1\updater.exe"="C:\Documents and Settings\Lucie\Plocha\xp\L2tp_client1\updater.exe:*:Enabled:ZJU L2TP Auto Updater"
"C:\Documents and Settings\Lucie\Plocha\FreeU21.exe"="C:\Documents and Settings\Lucie\Plocha\FreeU21.exe:*:Enabled:Fast and Secure Gateway to Internet Freedom"
"C:\Program Files\ICQ7.6\ICQ.exe"="C:\Program Files\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\ICQ7.6\ICQ.exe"="C:\Program Files\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"msacm.siren"=sirenacm.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-12-30 17:34:34 ----D---- C:\Program Files\trend micro
2011-12-30 17:34:29 ----D---- C:\rsit
2011-12-30 16:29:21 ----A---- C:\WINDOWS\ntbtlog.txt
2011-12-29 17:21:47 ----D---- C:\Program Files\Microsoft Visual Studio
2011-12-29 17:15:32 ----D---- C:\Program Files\Microsoft Visual Studio 8
2011-12-29 17:06:38 ----D---- C:\IUware Online
2011-12-28 11:38:47 ----D---- C:\Documents and Settings\Lucie\Data aplikací\Help
2011-12-28 11:29:13 ----A---- C:\WINDOWS\system32\Inetwh32.dll
2011-12-28 11:29:12 ----A---- C:\WINDOWS\system32\vbar332.dll
2011-12-28 11:29:12 ----A---- C:\WINDOWS\system32\ROBOEX32.DLL
2011-12-28 11:27:15 ----A---- C:\WINDOWS\system32\drivers\dtsoftbus01.sys
2011-12-28 11:26:40 ----D---- C:\Program Files\DAEMON Tools Lite
2011-12-28 11:26:16 ----D---- C:\Documents and Settings\Lucie\Data aplikací\DAEMON Tools Lite
2011-12-28 11:26:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2011-12-24 16:16:19 ----A---- C:\WINDOWS\system32\ptpusb.dll
2011-12-24 16:16:18 ----A---- C:\WINDOWS\system32\ptpusd.dll
2011-12-24 16:16:16 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2011-12-17 08:30:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2639417$
2011-12-17 08:29:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2624667$
2011-12-17 08:19:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2633952$
2011-12-17 08:19:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2619339$
2011-12-17 08:18:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2618451$
2011-12-17 08:16:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2620712$
2011-12-17 08:15:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2633171$

======List of files/folders modified in the last 1 month======

2011-12-30 17:34:34 ----RD---- C:\Program Files
2011-12-30 16:45:12 ----D---- C:\WINDOWS\Temp
2011-12-30 16:34:21 ----AD---- C:\WINDOWS\system32
2011-12-30 16:34:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-12-30 16:29:21 ----D---- C:\WINDOWS
2011-12-30 16:24:31 ----D---- C:\WINDOWS\Registration
2011-12-30 15:33:49 ----D---- C:\WINDOWS\Prefetch
2011-12-30 13:54:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-12-30 12:13:09 ----D---- C:\Program Files\Mozilla Firefox
2011-12-30 12:05:51 ----D---- C:\Program Files\SecurityKISS Tunnel
2011-12-29 21:53:31 ----D---- C:\WINDOWS\system32\drivers\etc
2011-12-29 21:53:20 ----D---- C:\WINDOWS\system32\CatRoot2
2011-12-29 18:20:28 ----D---- C:\Documents and Settings\Lucie\Data aplikací\ICQ
2011-12-29 17:26:47 ----SHD---- C:\WINDOWS\Installer
2011-12-29 17:26:25 ----SHD---- C:\Config.Msi
2011-12-29 17:26:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2011-12-29 17:26:13 ----RSD---- C:\WINDOWS\assembly
2011-12-29 17:22:56 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-12-29 17:21:06 ----D---- C:\Program Files\Microsoft Office
2011-12-29 17:21:05 ----RSD---- C:\WINDOWS\Fonts
2011-12-29 17:20:35 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-12-29 17:14:55 ----D---- C:\WINDOWS\SHELLNEW
2011-12-29 17:14:44 ----A---- C:\WINDOWS\win.ini
2011-12-29 17:14:38 ----D---- C:\Program Files\Common Files\System
2011-12-29 15:34:41 ----D---- C:\Documents and Settings\Lucie\Data aplikací\SoftGrid Client
2011-12-29 13:44:03 ----D---- C:\Documents and Settings\Lucie\Data aplikací\Skype
2011-12-29 10:51:50 ----D---- C:\Documents and Settings\Lucie\Data aplikací\uTorrent
2011-12-28 11:29:30 ----HD---- C:\WINDOWS\inf
2011-12-28 11:27:40 ----D---- C:\WINDOWS\system32\drivers
2011-12-28 11:27:33 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-12-24 16:16:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-12-21 19:24:08 ----SD---- C:\Documents and Settings\Lucie\Data aplikací\Microsoft
2011-12-21 19:18:03 ----D---- C:\Documents and Settings\Lucie\Data aplikací\Adobe
2011-12-19 18:31:04 ----A---- C:\WINDOWS\system32\ipconfig_results.txt
2011-12-17 17:40:57 ----D---- C:\Program Files\McAfee
2011-12-17 08:29:42 ----A---- C:\WINDOWS\imsins.BAK
2011-12-17 08:26:35 ----D---- C:\Program Files\Internet Explorer
2011-12-17 08:25:17 ----HD---- C:\WINDOWS\$hf_mig$
2011-12-17 08:15:47 ----D---- C:\i386
2011-12-02 15:48:01 ----D---- C:\WINDOWS\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2011-12-28 239168]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 16896]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2009-02-27 205360]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2008-09-27 212968]
S1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-08-26 120136]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-02-20 1952512]
S3 BTKRNL;Enumenátor sběrnice Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2009-04-16 991136]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HssDrv;Hotspot Shield Helper Miniport; C:\WINDOWS\system32\DRIVERS\HssDrv.sys [2011-05-25 37376]
S3 igd;igd; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-04-28 5096544]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-07-29 5870080]
S3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2008-09-27 79272]
S3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2008-09-27 35240]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2008-09-27 34216]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2008-09-27 40488]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 Ndisrd;WinpkFilter Service; C:\WINDOWS\system32\DRIVERS\ndisrd.sys [2011-08-22 22016]
S3 NdisrdMP;NdisrdMP; C:\WINDOWS\system32\DRIVERS\ndisrd.sys [2011-08-22 22016]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RtsUStor.sys [2009-03-12 164864]
S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-04-16 132480]
S3 RtsUIR;Realtek IR Driver; C:\WINDOWS\system32\DRIVERS\Rts516xIR.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2009-12-12 25984]
S3 taphss;Anchorfree HSS Adapter; C:\WINDOWS\system32\DRIVERS\taphss.sys [2011-05-25 32768]
S3 USBCCID;Realtek Smartcard Reader Driver; C:\WINDOWS\system32\DRIVERS\RtsUCcid.sys []
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2008-04-14 13952]
S4 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-09-23 792184]
S2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2009-06-20 349528]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-05 135664]
S2 hshld;Hotspot Shield Service; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2011-07-02 298824]
S2 HssSrv;Hotspot Shield Routing Service; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [2011-05-25 363336]
S2 HssWd;Hotspot Shield Monitoring Service; C:\Program Files\Hotspot Shield\bin\hsswd.exe [2011-05-25 329544]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-18 198432]
S2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-09-12 2482848]
S2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2008-09-10 359248]
S2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2008-09-27 144704]
S2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2008-09-12 884360]
S2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2008-09-22 25416]
S2 RS_Service;Raw Socket Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [2009-02-05 237568]
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-30 46104]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-07-30 24064]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-05 135664]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-07-19 182768]
S3 HssTrayService;Hotspot Shield Tray Service; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [2011-07-02 63976]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-30 881664]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2008-09-27 363024]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 149352]
S4 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2008-09-27 606736]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-30 132096]

-----------------EOF-----------------



DEKUJI!

[vyosek]

Zdravim a pekny den preji

Jste se dala na chov konicku trojskych ci co

Prihlaste se do nouzoveho rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti)

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

• Ukoncete vsechny programy
• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Zvolte moznost 2 a potvrte enterem
• Utilita provede svou cinnost a da log - ten sem vlozte
• Nyni znovu, ale zvolte moznost 3 a pote jeste 4 - logy opet vlozte

[Luciecz]

RogueKiller V6.2.1 [12/28/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode
User: Lucie [Admin rights]
Mode: Remove -- Date : 12/30/2011 18:37:04

い?Bad processes: 0 い?

い?Registry Entries: 7 い?
[BLACKLIST DLL] HKCU\[...]\Run : CTFMON.EXE (C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\ALLUSE~1\DATAAP~1\wimnjquiwin.dat,StartAs) -> DELETED
[BLACKLIST DLL] HKUS\.DEFAULT[...]\Run : CTFMON.EXE (C:\WINDOWS\system32\rundll32.exe c:\docume~1\alluse~1\dataap~1\wimnjquiwin.dat,StartAs) -> DELETED
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{DEF73217-D0A0-4867-80F5-EC316B913899} : NameServer (10.10.0.21) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{DEF73217-D0A0-4867-80F5-EC316B913899} : NameServer (10.10.0.21) -> NOT REMOVED, USE DNSFIX
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

い?Particular Files / Folders: い?

い?Driver: [NOT LOADED] い?

い?Infection : い?

い?HOSTS File: い?
127.0.0.1 localhost


い?MBR Check: い?

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] d5173e179ce687a751efaecce5e348ab
[BSP] af9eb7196eaebf96b2e771bb2e792a24 : Windows Vista/7 MBR Code
Partition table:
0 - [XXXXXX] UNKNW [HIDDEN!] Offset (sectors): 2048 | Size: 10737 Mo
1 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 20973568 | Size: 149301 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 452cd092bbcea496dab2aec573e4e41e
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT16 [VISIBLE] Offset (sectors): 247 | Size: 2041 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt



RogueKiller V6.2.1 [12/28/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode
User: Lucie [Admin rights]
Mode: HOSTSFix -- Date : 12/30/2011 18:38:13

い?Bad processes: 0 い?

い?Driver: [NOT LOADED] い?

い?HOSTS File: い?
127.0.0.1 localhost


い?Resetted HOSTS: い?
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



RogueKiller V6.2.1 [12/28/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode
User: Lucie [Admin rights]
Mode: ProxyFix -- Date : 12/30/2011 18:38:39

い?Bad processes: 0 い?

い?Driver: [NOT LOADED] い?

い?Registry Entries: 0 い?

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

[vyosek]

Fajn, RK nam udelal dost prace, jdeme dale

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[Luciecz]

jen doplnujici dotaz: muzu poustet combofix v nouzovem rezimu nebo mam zkusit bezny?

[vyosek]

Zkuste bezny, ale pokud by haproval, tak skocte zpatky do nouzaku

[Luciecz]

Musela jsem spoustet v nouzovem rezimu, kdyz se pocitac restartoval, nechala jsem ho najet v normalnim-sam se tedz spustil i antivir a mam tady vystrahu, ze blokuje potencionalne nezadouci program Tool-nircmd- pta se jestli odebrat nebo duverovat.

pak se mi objevilo nejake handle license agreement sysinternals software license terms (accept nebo decline)
bod obnoveni jsem vytvorit nemohla. protoze byl pocitac nepripojitelny k netu.

A takz vkladam log

ComboFix 11-12-29.05 - Administrator 30.12.2011 19:22:18.1.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.692 [GMT 8:00]
Spu歵靚?z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
VAROV罭?- NA TOMTO PO韧TA菼 NEN?NAINSTALOV罭A KONZOLA PRO ZOTAVEN?!!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatn?v齧azy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Data aplikac韁wimnjquiwin.dat
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000023_.tmp.dll
c:\windows\system32\_000024_.tmp.dll
c:\windows\system32\_000025_.tmp.dll
c:\windows\system32\_000026_.tmp.dll
c:\windows\system32\SET106.tmp
c:\windows\system32\SET11E.tmp
c:\windows\system32\SET183.tmp
c:\windows\system32\SET18C.tmp
c:\windows\system32\SET199.tmp
c:\windows\system32\SET1BF.tmp
c:\windows\system32\SET1D8.tmp
c:\windows\system32\SET200.tmp
c:\windows\system32\SET206.tmp
c:\windows\system32\SET228.tmp
c:\windows\system32\SET229.tmp
c:\windows\system32\SET22A.tmp
c:\windows\system32\SET22B.tmp
c:\windows\system32\SET23B.tmp
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((( Soubory vytvo鴈n?od 2011-11-28 do 2011-12-30 )))))))))))))))))))))))))))))))
.
.
2011-12-30 11:15 . 2011-12-30 11:15 -------- d-----w- c:\documents and settings\Administrator
2011-12-30 10:36 . 2011-12-30 10:39 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-12-30 09:34 . 2011-12-30 09:34 -------- d-----w- c:\program files\trend micro
2011-12-30 09:34 . 2011-12-30 09:34 -------- d-----w- C:\rsit
2011-12-29 09:15 . 2011-12-29 09:15 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-12-29 09:06 . 2011-12-29 09:06 -------- d-----w- C:\IUware Online
2011-12-28 03:29 . 1998-10-20 15:05 54784 ----a-w- c:\windows\system32\Inetwh32.dll
2011-12-28 03:29 . 2004-02-04 06:16 163840 ----a-w- c:\windows\system32\egusound.ocx
2011-12-28 03:29 . 2001-06-14 02:30 1044480 ----a-w- c:\windows\system32\ROBOEX32.DLL
2011-12-28 03:29 . 1999-05-06 17:00 140288 ----a-w- c:\windows\system32\COMDLG32.OCX
2011-12-28 03:29 . 1999-03-12 16:00 127488 ----a-w- c:\windows\system32\Ccrpsld.ocx
2011-12-28 03:29 . 1996-11-07 18:48 368912 ----a-w- c:\windows\system32\vbar332.dll
2011-12-28 03:27 . 2011-12-28 03:27 239168 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-12-28 03:26 . 2011-12-28 03:27 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-12-28 03:26 . 2011-12-28 03:26 -------- d-----w- c:\documents and settings\All Users\Data aplikac韁DAEMON Tools Lite
2011-12-24 08:16 . 2001-10-24 04:25 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-12-24 08:16 . 2008-04-14 00:51 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-12-24 08:16 . 2008-04-13 16:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-12-24 08:16 . 2008-04-13 16:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M v齪is ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-20 13:22 . 2011-08-16 18:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 14:40 . 2009-07-30 07:44 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:13 . 2009-07-30 07:44 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2009-07-30 07:43 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2009-07-30 07:43 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2009-07-30 07:43 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2009-07-30 07:43 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:32 . 2009-07-30 07:43 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2008-04-14 08:06 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 10:49 . 2008-04-14 08:06 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-18 11:13 . 2009-07-30 07:43 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2009-07-29 22:09 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-11-11 11:11 . 2011-10-24 14:15 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spou歵靋?body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Pozn醡ka* pr醶dn?z醶namy a legitimn?v齝hoz?鷇aje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2009-04-15 135168]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-18 39408]
"ICQ"="c:\program files\ICQ7.6\ICQ.exe" [2011-10-10 127040]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-20 817672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-01 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-01 354840]
"PersistenceThread"="c:\windows\system32\PersistenceThread.exe" [2009-05-01 92696]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-07-17 53248]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-07-30 24064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-09-23 641208]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-27 1434920]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-10-17 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
.
c:\documents and settings\All Users\Nab韉ka Start\Programy\Po spu歵靚韁
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-7-30 565248]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-6-20 607584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igdlogin]
2009-04-28 03:44 65536 ----a-w- c:\windows\system32\igdlogin.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Lucie\\Plocha\\xp\\L2tp_client1\\Connector.exe"=
"c:\\Documents and Settings\\Lucie\\Plocha\\xp\\L2tp_client1\\updater.exe"=
"c:\\Documents and Settings\\Lucie\\Plocha\\FreeU21.exe"=
"c:\\Program Files\\ICQ7.6\\ICQ.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [28.12.2011 11:27 239168]
R2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [2.7.2011 2:38 298824]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [30.7.2009 9:36 198432]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [30.7.2009 9:59 237568]
R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [30.7.2009 8:40 5096544]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\Ndisrd.sys [22.8.2011 23:04 22016]
S2 gupdate;Slu瀊a Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5.8.2011 22:52 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [30.7.2009 8:46 1684736]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [30.7.2009 8:50 24064]
S3 gupdatem;Slu瀊a Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5.8.2011 22:52 135664]
S3 Ndisrd;WinpkFilter Service;c:\windows\system32\drivers\Ndisrd.sys [22.8.2011 23:04 22016]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [30.7.2009 8:32 164864]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
Obsah adres狲e 'Napl醤ovan?鷏ohy'
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-05 14:52]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-05 14:52]
.
2009-07-30 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-30 22:32]
.
2011-09-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-30 22:32]
.
.
------- Dopl騥ov?sken -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&m=ao751h&r=0xph07114706l0313wul5w47m14305
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&m=ao751h&r=0xph07114706l0313wul5w47m14305
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:download@securitykiss.com?subject=Please%20send%20me%20a%20copy%20of%20SecurityKISS%20Tunnel
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat do zazen?&Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zazen?Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: Interfaces\{DEF73217-D0A0-4867-80F5-EC316B913899}: NameServer = 10.10.0.21
FF - ProfilePath - c:\documents and settings\Lucie\Data aplikac韁Mozilla\Firefox\Profiles\gv0b58u3.default\
FF - prefs.js: browser.startup.homepage - chrome://superstart/content/index.html
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATN?POLO嶬Y ODSTRAN蘊?Z REGISTRU - - - -
.
HKLM-Run-PLFSetI - c:\windows\PLFSetI.exe
HKU-Default-Run-ctfmon.exe - c:\docume~1\alluse~1\dataap~1\wimnjquiwin.dat
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-30 19:37
Windows 5.1.2600 Service Pack 3 NTFS
.
skenov醤?skryt齝h proces?...
.
skenov醤?skryt齝h polo瀍k 'Po spu歵靚? ...
.
skenov醤?skryt齝h soubor?...
.
sken byl 鷖pe歯?dokon鑕n
skryt?soubory: 0
.
**************************************************************************
.
--------------------- Knihovny nav醶an?na b鞛韈?procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3652)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jin?spu歵en?procesy ------------------------
.
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Hotspot Shield\bin\hsswd.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\rundll32.exe
c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
c:\progra~1\INTERN~1\iexplore.exe
c:\progra~1\INTERN~1\iexplore.exe
c:\progra~1\mcafee\VIRUSS~1\mcvsshld.exe
c:\progra~1\mcafee\msc\mcupdmgr.exe
.
**************************************************************************
.
Celkov?鑑s: 2011-12-30 19:44:52 - po桧ta?byl restartov醤
ComboFix-quarantined-files.txt 2011-12-30 11:44
.
P鴈d spu歵靚韒: Voln齝h bajt? 91?26?66?64
Po spu歵靚? Voln齝h bajt? 96?86?32?56
.
- - End Of File - - EECF079BCBD8EC5D8E8F37D32FEF6939

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "ProductReg"=-
  "swg"=-
  "ICQ"=-
  "ctfmon.exe"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Adobe Reader Speed Launcher"=-
  "RemoteControl8"=-
  "PDVD8LanguageShortcut"=-
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
  "DisableMonitoring"=dword:00000000
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
  "DisableMonitoring"=dword:00000000
  
  Driver::
  gupdate
  gupdatem
  
  File::
  c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  
  DDS::
  uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 5w47m14305
  mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 5w47m14305
  
  Collect::
  C:\WINDOWS\system32\rundll32.exe
  C:\Documents and Settings\Lucie\Nabídka Start\Programy\Po spuštěníctfmon.lnk
  
  ClearJavaCache::
  
  AtJob::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[Luciecz]

Dalsi doplnujici dotaz, program po mne chce vzpnout rezidentni stit MCAfee antiviru, nemam tuseni, tak to udelat, protoze program se nechce spustit tak, abych ho mohla vypnout

[vyosek]

Zkuste McAfee vypnout dle navodu v tomto tematu http://www.bleepingcomputer.com/forums/topic114351.html

Pripadne pokud vam to nepujde, tak hlasku ComboFixu odkliknete at pokracuje

[Luciecz]

pri hledani jsem navod nasla taky, ale neslo to. Spustila jsem, ale objevila se hlaska ze szstem nemohl nalezt NIRKMD a combofix nepokracuje, po odkliknuti se to objevilo i v combofixu, ze system nemuze nalezt a chce to odkliknout znovu

[vyosek]

Stahnete http://www.slunecnice.cz/sw/nircmd/

Restart PC

Aplikujte skript pro CF

[Luciecz]

PO restartu sel i vzpnout antivir, log :

ComboFix 11-12-29.05 - Lucie 30.12.2011 20:49:37.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.477 [GMT 8:00]
Spu歵靚?z: c:\documents and settings\Lucie\Plocha\ComboFix.exe
Pou瀒t?ovl醖ac?p鴈p韓a鑕 :: c:\documents and settings\Lucie\Plocha\cfscript.txt
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
VAROV罭?- NA TOMTO PO韧TA菼 NEN?NAINSTALOV罭A KONZOLA PRO ZOTAVEN?!!
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
file zipped: c:\windows\system32\rundll32.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatn?v齧azy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\EventSystem.log
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovlada鑕/Slu瀊y )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvo鴈n?od 2011-11-28 do 2011-12-30 )))))))))))))))))))))))))))))))
.
.
2011-12-30 11:15 . 2011-12-30 11:15 -------- d-----w- c:\documents and settings\Administrator
2011-12-30 10:36 . 2011-12-30 10:39 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-12-30 09:34 . 2011-12-30 09:34 -------- d-----w- c:\program files\trend micro
2011-12-30 09:34 . 2011-12-30 09:34 -------- d-----w- C:\rsit
2011-12-29 13:53 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Data aplikac韁Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2011-12-29 09:15 . 2011-12-29 09:15 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-12-29 09:06 . 2011-12-29 09:06 -------- d-----w- C:\IUware Online
2011-12-28 03:38 . 2011-12-28 03:38 -------- d-----w- c:\documents and settings\Lucie\Local Settings\Data aplikac韁Help
2011-12-28 03:29 . 1998-10-20 15:05 54784 ----a-w- c:\windows\system32\Inetwh32.dll
2011-12-28 03:29 . 2004-02-04 06:16 163840 ----a-w- c:\windows\system32\egusound.ocx
2011-12-28 03:29 . 2001-06-14 02:30 1044480 ----a-w- c:\windows\system32\ROBOEX32.DLL
2011-12-28 03:29 . 1999-05-06 17:00 140288 ----a-w- c:\windows\system32\COMDLG32.OCX
2011-12-28 03:29 . 1999-03-12 16:00 127488 ----a-w- c:\windows\system32\Ccrpsld.ocx
2011-12-28 03:29 . 1996-11-07 18:48 368912 ----a-w- c:\windows\system32\vbar332.dll
2011-12-28 03:27 . 2011-12-28 03:27 239168 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-12-28 03:26 . 2011-12-28 03:27 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-12-28 03:26 . 2011-12-28 03:28 -------- d-----w- c:\documents and settings\Lucie\Data aplikac韁DAEMON Tools Lite
2011-12-28 03:26 . 2011-12-28 03:26 -------- d-----w- c:\documents and settings\All Users\Data aplikac韁DAEMON Tools Lite
2011-12-24 08:16 . 2001-10-24 04:25 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-12-24 08:16 . 2008-04-14 00:51 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-12-24 08:16 . 2008-04-13 16:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-12-24 08:16 . 2008-04-13 16:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M v齪is ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-20 13:22 . 2011-08-16 18:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 14:40 . 2009-07-30 07:44 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:13 . 2009-07-30 07:44 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2009-07-30 07:43 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2009-07-30 07:43 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2009-07-30 07:43 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2009-07-30 07:43 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:32 . 2009-07-30 07:43 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2008-04-14 08:06 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 10:49 . 2008-04-14 08:06 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-18 11:13 . 2009-07-30 07:43 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2009-07-29 22:09 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-11-11 11:11 . 2011-10-24 14:15 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-30_11.37.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-30 07:43 . 2011-12-30 12:46 68768 c:\windows\system32\perfc009.dat
- 2009-07-30 07:43 . 2011-12-30 11:40 68768 c:\windows\system32\perfc009.dat
+ 2009-07-30 07:44 . 2011-12-30 12:46 79576 c:\windows\system32\perfc005.dat
- 2009-07-30 07:44 . 2011-12-30 11:40 79576 c:\windows\system32\perfc005.dat
+ 2009-07-30 07:43 . 2011-12-30 12:46 434674 c:\windows\system32\perfh009.dat
- 2009-07-30 07:43 . 2011-12-30 11:40 434674 c:\windows\system32\perfh009.dat
+ 2009-07-30 07:44 . 2011-12-30 12:46 431422 c:\windows\system32\perfh005.dat
- 2009-07-30 07:44 . 2011-12-30 11:40 431422 c:\windows\system32\perfh005.dat
.
(((((((((((((((((((((((((((((((((( Spou歵靋?body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Pozn醡ka* pr醶dn?z醶namy a legitimn?v齝hoz?鷇aje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-20 817672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-01 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-01 354840]
"PersistenceThread"="c:\windows\system32\PersistenceThread.exe" [2009-05-01 92696]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-07-17 53248]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-07-30 24064]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-09-23 641208]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-27 1434920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
.
c:\documents and settings\Lucie\Nab韉ka Start\Programy\Po spu歵靚韁
ctfmon.lnk - c:\windows\system32\rundll32.exe [2009-7-30 33280]
Vezy obrazovky a spu歵靚?aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Nab韉ka Start\Programy\Po spu歵靚韁
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-7-30 565248]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-6-20 607584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igdlogin]
2009-04-28 03:44 65536 ----a-w- c:\windows\system32\igdlogin.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Lucie\\Plocha\\xp\\L2tp_client1\\Connector.exe"=
"c:\\Documents and Settings\\Lucie\\Plocha\\xp\\L2tp_client1\\updater.exe"=
"c:\\Documents and Settings\\Lucie\\Plocha\\FreeU21.exe"=
"c:\\Program Files\\ICQ7.6\\ICQ.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [28.12.2011 11:27 239168]
R2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [2.7.2011 2:38 298824]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [30.7.2009 9:36 198432]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [30.7.2009 9:59 237568]
R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [30.7.2009 8:40 5096544]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\Ndisrd.sys [22.8.2011 23:04 22016]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [30.7.2009 8:46 1684736]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [30.7.2009 8:50 24064]
S3 Ndisrd;WinpkFilter Service;c:\windows\system32\drivers\Ndisrd.sys [22.8.2011 23:04 22016]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [30.7.2009 8:32 164864]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
Obsah adres狲e 'Napl醤ovan?鷏ohy'
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-05 14:52]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-05 14:52]
.
2009-07-30 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-30 22:32]
.
2011-09-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-30 22:32]
.
.
------- Dopl騥ov?sken -------
.
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:download@securitykiss.com?subject=Please%20send%20me%20a%20copy%20of%20SecurityKISS%20Tunnel
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat do zazen?&Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zazen?Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: Interfaces\{DEF73217-D0A0-4867-80F5-EC316B913899}: NameServer = 10.10.0.21
FF - ProfilePath - c:\documents and settings\Lucie\Data aplikac韁Mozilla\Firefox\Profiles\gv0b58u3.default\
FF - prefs.js: browser.startup.homepage - chrome://superstart/content/index.html
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATN?POLO嶬Y ODSTRAN蘊?Z REGISTRU - - - -
.
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-30 21:06
Windows 5.1.2600 Service Pack 3 NTFS
.
skenov醤?skryt齝h proces?...
.
skenov醤?skryt齝h polo瀍k 'Po spu歵靚? ...
.
skenov醤?skryt齝h soubor?...
.
sken byl 鷖pe歯?dokon鑕n
skryt?soubory: 0
.
**************************************************************************
.
--------------------- Knihovny nav醶an?na b鞛韈?procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2316)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jin?spu歵en?procesy ------------------------
.
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Hotspot Shield\bin\hsswd.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\wscntfy.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
.
**************************************************************************
.
Celkov?鑑s: 2011-12-30 21:11:49 - po桧ta?byl restartov醤
ComboFix-quarantined-files.txt 2011-12-30 13:11
ComboFix2.txt 2011-12-30 11:44
.
P鴈d spu歵靚韒: Voln齝h bajt? 96?87?35?76
Po spu歵靚? Voln齝h bajt? 97?42?10?76
.
- - End Of File - - F1020173273881EA683C845AEC6B78F8

[vyosek]

Stahnete OTM (viz muj podpis)

• Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
• Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

• Kód: Vybrat vše

  :reg
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "ProductReg"=-
  "swg"=-
  "ICQ"=-
  "ctfmon.exe"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Adobe Reader Speed Launcher"=-
  "RemoteControl8"=-
  "PDVD8LanguageShortcut"=-
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
  "DisableMonitoring"=dword:00000000
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
  "DisableMonitoring"=dword:00000000
  
  :files
  C:\WINDOWS\system32\rundll32.exe
  C:\Documents and Settings\Lucie\Nabídka Start\Programy\Po spuštění\ctfmon.lnk
  c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]

• Kliknete na cervene tlacitko MoveIt!
• Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

[Luciecz]

All processes killed
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ProductReg not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\swg not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ICQ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\RemoteControl8 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\PDVD8LanguageShortcut not found.
HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
========== FILES ==========
C:\WINDOWS\system32\rundll32.exe moved successfully.
C:\Documents and Settings\Lucie\Nabídka Start\Programy\Po spuštění\ctfmon.lnk moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
C:\WINDOWS\system32\wbem\SET1DA.tmp moved successfully.
C:\WINDOWS\system32\wbem\SET1DB.tmp moved successfully.
C:\WINDOWS\system32\wbem\SET1DC.tmp moved successfully.
File/Folder C:\WINDOWS\*.tmp not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 55275659 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Lucie
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 963408 bytes
->FireFox cache emptied: 65727120 bytes
->Flash cache emptied: 8282504 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 45301760 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33438 bytes
RecycleBin emptied: 480283 bytes

Total Files Cleaned = 168,00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: Lucie
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 12312011_081240

Files moved on Reboot...

Registry entries deleted on Reboot...