VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

velky problem

https://forum.viry.cz:443/viewtopic.php?t=126223

Stránka 1 z 1

velky problem

Napsal: 01 pro 2012 17:47
od SlavoK
Znicoho nic mi zacali naskakovat alert okna a security warningy a podobne blbosti, jednoznacne som dostal nejaky virus. Problem ale je ten, ze sa neda spustit ziaden program, ani vytvorit log, ani ziaden antivir, ani prehliadac, proste nic. Prosim o pomoc, ako postupovat?

Re: velky problem

Napsal: 01 pro 2012 18:04
od Rudy
Restartujte do nouz. režimu a dejte log RSIT: http://forum.viry.cz/viewtopic.php?f=13&t=105895 .

Re: velky problem

Napsal: 01 pro 2012 18:07
od SlavoK
V nudzovom režime som spustil malwarebytes antimalware, našlo mi sedem hrozieb, ktoré som odstránil. Po reštarte sa už počítač správa normálne, spravil som log z RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by SlavoK at 2012-06-07 12:28:32
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (2%) free of 110 GB
Total RAM: 2047 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:41, on 7.6.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Documents and Settings\SlavoK\My Documents\Programy\Antivíry\RSIT.exe
C:\Program Files\trend micro\SlavoK.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1454471165-1604221776-725345543-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1788485312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2066021691
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.mheller.com/mhLbl.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

--
End of file - 7017 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-23 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-11-23 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LXCCCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16 []
"lxccmon.exe"=C:\Program Files\Lexmark 3300 Series\lxccmon.exe [2005-07-21 192512]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2011-10-08 16744256]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []
"nwiz"=C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2011-10-08 1632360]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2012-05-08 348624]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,,BluetoothAuthenticationAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2011-10-08 1632360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoSMHelp"=01000000
"NoSMMyPictures"=01000000
"NoRecentDocsNetHood"=01000000
"NoSMMyDocs"=01000000
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoAutorun"=
"HonorAutorunSetting"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"E:\Games\Blur\Blur.exe"="E:\Games\Blur\Blur.exe:*:Enabled:Blur"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Documents and Settings\SlavoK\Application Data\MSJ-Driver-4532-56324-6224\winrsnbc.exe"="C:\Documents and Settings\SlavoK\Application Data\MSJ-Driver-4532-56324-6224\winrsnbc.exe:*:Enabled:MicrosoftCFGDriver"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2012-06-07 12:28:32 ----D---- C:\rsit
2012-05-26 23:18:43 ----D---- C:\Program Files\Cockatrice
2012-05-22 14:28:30 ----A---- C:\WINDOWS\DTLite.INI
2012-05-15 12:13:08 ----D---- C:\Documents and Settings\All Users\Application Data\Battle.net

======List of files/folders modified in the last 1 months======

2012-06-07 12:28:41 ----D---- C:\WINDOWS\Prefetch
2012-06-07 12:28:36 ----D---- C:\WINDOWS\temp
2012-06-07 12:28:33 ----D---- C:\Program Files\trend micro
2012-06-06 23:40:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-06-05 23:36:19 ----A---- C:\WINDOWS\winamp.ini
2012-06-05 15:41:42 ----D---- C:\Documents and Settings\SlavoK\Application Data\uTorrent
2012-06-04 18:55:29 ----D---- C:\Program Files\Lx_cats
2012-05-30 17:22:02 ----A---- C:\WINDOWS\WDICT32.INI
2012-05-30 00:09:22 ----D---- C:\WINDOWS\system32\CatRoot2
2012-05-27 21:08:32 ----SHD---- C:\WINDOWS\Installer
2012-05-26 23:18:43 ----RD---- C:\Program Files
2012-05-23 06:11:57 ----AD---- C:\WINDOWS
2012-05-22 14:28:17 ----D---- C:\WINDOWS\Tasks
2012-05-22 14:11:55 ----D---- C:\WINDOWS\system32\DirectX
2012-05-22 14:11:53 ----D---- C:\WINDOWS\inf
2012-05-22 14:11:17 ----D---- C:\WINDOWS\assembly
2012-05-21 07:39:12 ----D---- C:\Program Files\uTorrent
2012-05-19 00:26:20 ----HD---- C:\Program Files\InstallShield Installation Information
2012-05-16 14:44:55 ----D---- C:\WINDOWS\system32
2012-05-15 13:29:45 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2012-05-15 12:17:08 ----D---- C:\WINDOWS\WinSxS
2012-05-10 08:45:27 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2012-05-08 137928]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2011-09-16 36000]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-10-03 281760]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2012-05-08 83392]
R2 enodpl;enodpl; C:\WINDOWS\System32\drivers\enodpl.sys [2003-03-02 7552]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-10-03 25888]
R2 tandpl;tandpl; C:\WINDOWS\System32\drivers\tandpl.sys [2003-04-19 4736]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-01-30 4725760]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-10-08 12791488]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2008-05-26 9856]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-04-14 94592]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-04-14 273024]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 FIXUSTOR;FIXUSTOR; C:\WINDOWS\system32\DRIVERS\fixustor.sys [2007-06-11 12416]
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-06-08 17480]
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys []
S3 MSICPL;MSICPL; \??\D:\install4\MSICPL.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 PAC207;Trust WB-1400T Webcam; C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-14 508288]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 USTOR2K;USB Mass Storage Windows Driver; C:\WINDOWS\system32\DRIVERS\ustor2k.sys [2009-03-09 28928]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva397;XDva397; \??\C:\WINDOWS\system32\XDva397.sys []
S4 dwshd;dwshd; C:\WINDOWS\System32\drivers\dwshd.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira Realtime Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2012-05-08 110032]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2011-10-08 298304]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-08 2253120]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 lxcc_device;lxcc_device; C:\WINDOWS\system32\lxcccoms.exe [2005-07-06 466944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-27 116648]
S2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe []
S2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe []
S2 ScsiAccess;ScsiAccess; C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe []
S2 UTSCSI;CLCV0; C:\WINDOWS\system32\UTSCSI.EXE []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 257696]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-27 116648]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-06-12 2837916]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Re: velky problem

Napsal: 01 pro 2012 18:11
od Rudy
Poprosím o log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware
Přesvědčíme se, zda tam něco nezbylo.

Re: velky problem

Napsal: 01 pro 2012 18:26
od SlavoK
Tu to je:

ComboFix 12-12-01.01 - SlavoK 01.12.2012 18:16:08.15.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2047.1559 [GMT 1:00]
Running from: c:\documents and settings\SlavoK\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-01 to 2012-12-01 )))))))))))))))))))))))))))))))
.
.
2012-12-01 16:56 . 2012-12-01 16:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-01 16:56 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-01 16:28 . 2012-12-01 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\A4C975D6A60F7E4F0000A4C8D11282FD
2012-12-01 12:03 . 2012-12-01 12:06 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Adobe
2012-11-29 18:30 . 2012-11-29 18:30 -------- d-----w- c:\documents and settings\Guest\Application Data\Avira
2012-11-29 18:25 . 2012-11-29 18:25 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Mozilla
2012-11-27 12:09 . 2012-11-27 12:09 -------- d-----w- c:\documents and settings\SlavoK\Local Settings\Application Data\FLT
2012-11-26 18:59 . 2012-11-26 18:59 1409 ----a-w- c:\windows\QTFont.for
2012-11-21 10:24 . 2012-11-21 10:24 -------- d-----w- c:\documents and settings\SlavoK\Application Data\RenPy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-14 14:13 . 2012-10-17 10:38 83432 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-11-14 14:13 . 2012-10-17 10:38 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-11-14 14:13 . 2012-10-17 10:38 133824 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-10-08 20:45 . 2012-03-29 07:58 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 20:45 . 2011-08-12 12:34 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-24 21:16 . 2012-10-23 15:03 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-05 06:24 . 2012-06-07 15:07 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-05 06:24 . 2010-05-21 13:40 746984 ----a-w- c:\windows\system32\deployJava1.dll
2007-02-13 15:22 . 2010-01-09 13:34 947472 ----a-w- c:\program files\msjava.dll
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-04-21 01:18 . 2012-05-03 15:26 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-10-09 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 73728]
"lxccmon.exe"="c:\program files\Lexmark 3300 Series\lxccmon.exe" [2005-07-21 192512]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-11-26 384800]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoAutorun"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 01000000
"NoSMMyPictures"= 01000000
"NoRecentDocsNetHood"= 01000000
"NoSMMyDocs"= 01000000
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 03:42 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2011-10-08 04:50 1632360 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"e:\\Games\\Blur\\Blur.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58220:TCP"= 58220:TCP:Pando Media Booster
"58220:UDP"= 58220:UDP:Pando Media Booster
"1050:TCP"= 1050:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [17.10.2012 11:38 36552]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [17.10.2012 11:38 85280]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1.12.2012 17:56 22856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1.12.2012 17:56 676936]
S3 1394hub;1394 Enabled Hub;c:\windows\system32\svchost.exe -k netsvcs [7.12.2009 13:52 14336]
S3 apf003;apf003;c:\windows\system32\apf003.sys [11.8.2012 17:19 13232]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\SlavoK\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\SlavoK\LOCALS~1\Temp\CFcatchme.sys [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 FIXUSTOR;FIXUSTOR;c:\windows\system32\drivers\fixustor.sys [5.4.2010 18:22 12416]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [8.5.2010 9:37 36608]
S3 ncvet.dll;ncvet.dll;\??\c:\windows\Temp\ncvet.dll --> c:\windows\Temp\ncvet.dll [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.SYS [24.2.2005 12:29 508288]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [8.5.2010 9:37 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [8.5.2010 9:37 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [8.5.2010 9:37 121856]
S3 USTOR2K;USB Mass Storage Windows Driver;c:\windows\system32\drivers\ustor2k.sys [5.4.2010 18:17 28928]
S3 XDva400;XDva400;\??\c:\windows\system32\XDva400.sys --> c:\windows\system32\XDva400.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSCHEDULER
*NewlyCreated* - MBAMSERVICE
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 20:45]
.
2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-27 11:10]
.
2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-27 11:10]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\SlavoK\Application Data\Mozilla\Firefox\Profiles\ne6hvnge.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-10-15 10:19; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\SlavoK\Application Data\Mozilla\Firefox\Profiles\ne6hvnge.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-10-15 10:19; adblockpopups@jessehakanen.net; c:\documents and settings\SlavoK\Application Data\Mozilla\Firefox\Profiles\ne6hvnge.default\extensions\adblockpopups@jessehakanen.net.xpi
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
Supplementary scan did not complete!
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-01 18:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3664)
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
Completion time: 2012-12-01 18:25:45
ComboFix-quarantined-files.txt 2012-06-07 17:21
ComboFix2.txt 2012-06-07 16:30
.
Pre-Run: 4 126 969 856 bytes free
Post-Run: 4 175 601 664 voľných bajtov
.
- - End Of File - - CE49CB38A486825F9BD3025928F9A667

Re: velky problem

Napsal: 01 pro 2012 19:21
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
KillAll::

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Collect::
c:\windows\system32\XDva400.sys

Folder::
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1050:TCP"=-
"5000:UDP"=-

Driver::
XDva400

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

Reboot::
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Re: velky problem

Napsal: 02 pro 2012 10:45
od SlavoK
Tu je výpis:

ComboFix 12-12-01.02 - SlavoK 02.12.2012 10:29:09.16.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2047.1554 [GMT 1:00]
Running from: c:\documents and settings\SlavoK\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\SlavoK\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\admintool.exe
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\client.ini
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\ControlPanel.exe
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\CplTasks.xml
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\euc_state.json
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\extraroot.pem
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\guid.ini
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\installer.txt
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\installer_no_upload_silent.exe
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Languages\csy.dll
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Languages\dan.dll
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Languages\deu.dll
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Languages\esp.dll
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Languages\fin.dll
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Languages\fra.dll
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Languages\chs.dll
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Languages\cht.dll
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Languages\ita.dll
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Languages\jpn.dll
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Languages\kor.dll
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Languages\nld.dll
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Languages\nor.dll
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Languages\plk.dll
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Languages\ptb.dll
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Languages\ptg.dll
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Languages\rus.dll
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Languages\sve.dll
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Languages\trk.dll
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\daemon.debug.log
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\daemon.debug.log.121125_233014.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\daemon.debug.log.121126_095926.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\daemon.debug.log.121127_051516.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\daemon.debug.log.121127_055755.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\daemon.debug.log.121127_104907.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\daemon.debug.log.121128_070751.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\daemon.debug.log.121128_231353.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\daemon.debug.log.121129_082447.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\daemon.debug.log.121129_232504.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\daemon.debug.log.121130_090639.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\daemon.debug.log.121130_153407.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\daemon.debug.log.121201_094349.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\daemon.debug.log.121201_163801.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\daemon.debug.log.121201_170446.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\daemon.debug.log.121202_092315.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\daemon1.debug.log
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121125_104623.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121125_114623.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121125_124624.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121125_134625.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121125_144625.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121125_154626.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121125_164626.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121125_174627.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121125_184627.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121125_194628.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121125_204628.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121125_214629.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121125_224630.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121125_233015.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121126_095930.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121126_105930.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121126_115931.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121126_125931.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121126_135931.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121126_145931.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121126_155932.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121126_162625.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121127_051520.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121127_055756.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121127_104914.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121127_114915.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121127_124915.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121127_134916.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121127_144916.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121127_154916.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121127_164917.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121127_174918.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121127_184918.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121127_194919.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121127_204919.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121127_214920.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121127_224920.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121127_232033.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121128_070757.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121128_080757.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121128_090757.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121128_100758.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121128_110758.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121128_120759.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121128_130759.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121128_140759.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121128_150800.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121128_160800.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121128_170800.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121128_180800.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121128_190801.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121128_200801.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121128_210801.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121128_220802.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121128_230802.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121128_231355.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121129_082456.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121129_092457.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121129_102458.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121129_112458.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121129_122458.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121129_132458.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121129_142459.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121129_152459.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121129_162459.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121129_172500.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121129_182500.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121129_192501.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121129_202501.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121129_212502.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121129_222502.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121129_232502.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121130_090649.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121130_100649.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121130_110649.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121130_120650.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121130_130650.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121130_140650.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121130_150651.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121130_153408.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121201_094355.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121201_104356.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121201_114356.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121201_124357.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121201_134358.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121201_144358.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121201_154358.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121201_170452.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\Logs\debug.log.121202_092320.sent
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\netsession_installer.exe
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\netsession_win.exe
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\readme.txt
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\root.pem
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\rswinui.exe
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\uninstall.exe
c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\user.dat
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_XDVA400
-------\Service_XDva400
.
.
((((((((((((((((((((((((( Files Created from 2012-11-02 to 2012-12-02 )))))))))))))))))))))))))))))))
.
.
2012-12-01 16:56 . 2012-12-01 16:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-01 16:56 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-01 16:28 . 2012-12-01 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\A4C975D6A60F7E4F0000A4C8D11282FD
2012-12-01 12:03 . 2012-12-01 12:06 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Adobe
2012-11-29 18:30 . 2012-11-29 18:30 -------- d-----w- c:\documents and settings\Guest\Application Data\Avira
2012-11-29 18:25 . 2012-11-29 18:25 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Mozilla
2012-11-27 12:09 . 2012-11-27 12:09 -------- d-----w- c:\documents and settings\SlavoK\Local Settings\Application Data\FLT
2012-11-26 18:59 . 2012-11-26 18:59 1409 ----a-w- c:\windows\QTFont.for
2012-11-21 10:24 . 2012-11-21 10:24 -------- d-----w- c:\documents and settings\SlavoK\Application Data\RenPy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-14 14:13 . 2012-10-17 10:38 83432 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-11-14 14:13 . 2012-10-17 10:38 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-11-14 14:13 . 2012-10-17 10:38 133824 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-10-08 20:45 . 2012-03-29 07:58 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 20:45 . 2011-08-12 12:34 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-24 21:16 . 2012-10-23 15:03 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-05 06:24 . 2012-06-07 15:07 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-05 06:24 . 2010-05-21 13:40 746984 ----a-w- c:\windows\system32\deployJava1.dll
2007-02-13 15:22 . 2010-01-09 13:34 947472 ----a-w- c:\program files\msjava.dll
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-04-21 01:18 . 2012-05-03 15:26 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 73728]
"lxccmon.exe"="c:\program files\Lexmark 3300 Series\lxccmon.exe" [2005-07-21 192512]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-11-26 384800]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoAutorun"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 01000000
"NoSMMyPictures"= 01000000
"NoRecentDocsNetHood"= 01000000
"NoSMMyDocs"= 01000000
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 03:42 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2011-10-08 04:50 1632360 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"e:\\Games\\Blur\\Blur.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58220:TCP"= 58220:TCP:Pando Media Booster
"58220:UDP"= 58220:UDP:Pando Media Booster
"1052:TCP"= 1052:TCP:Akamai NetSession Interface
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [17.10.2012 11:38 36552]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [17.10.2012 11:38 85280]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1.12.2012 17:56 22856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1.12.2012 17:56 676936]
S3 1394hub;1394 Enabled Hub;c:\windows\system32\svchost.exe -k netsvcs [7.12.2009 13:52 14336]
S3 apf003;apf003;c:\windows\system32\apf003.sys [11.8.2012 17:19 13232]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\SlavoK\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\SlavoK\LOCALS~1\Temp\CFcatchme.sys [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 FIXUSTOR;FIXUSTOR;c:\windows\system32\drivers\fixustor.sys [5.4.2010 18:22 12416]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [8.5.2010 9:37 36608]
S3 ncvet.dll;ncvet.dll;\??\c:\windows\Temp\ncvet.dll --> c:\windows\Temp\ncvet.dll [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.SYS [24.2.2005 12:29 508288]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [8.5.2010 9:37 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [8.5.2010 9:37 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [8.5.2010 9:37 121856]
S3 USTOR2K;USB Mass Storage Windows Driver;c:\windows\system32\drivers\ustor2k.sys [5.4.2010 18:17 28928]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 20:45]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\SlavoK\Application Data\Mozilla\Firefox\Profiles\ne6hvnge.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-10-15 10:19; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\SlavoK\Application Data\Mozilla\Firefox\Profiles\ne6hvnge.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-10-15 10:19; adblockpopups@jessehakanen.net; c:\documents and settings\SlavoK\Application Data\Mozilla\Firefox\Profiles\ne6hvnge.default\extensions\adblockpopups@jessehakanen.net.xpi
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
Supplementary scan did not complete!
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Akamai - c:\documents and settings\SlavoK\Local Settings\Application Data\Akamai\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-02 10:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3444)
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\RunDLL32.exe
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\lxcccoms.exe
.
**************************************************************************
.
Completion time: 2012-12-02 10:45:15 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-07 17:21
ComboFix2.txt 2012-06-07 16:30
.
Pre-Run: 4 024 868 864 bytes free
Post-Run: 3 967 516 672 voľných bajtov
.
- - End Of File - - 23C96430F5487AE0C328C80EDA3F5EE4

Re: velky problem

Napsal: 02 pro 2012 11:37
od Rudy
Log již vypadá čistý. Nastala nějaká změna?

Re: velky problem

Napsal: 02 pro 2012 12:08
od SlavoK
Všetko beží ako má, ďakujem :)

Re: velky problem

Napsal: 02 pro 2012 12:34
od Rudy
Nemáte zač! :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz