VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Opět Policie

https://forum.viry.cz:443/viewtopic.php?t=129985

Stránka 1 z 2

Opět Policie

Napsal: 01 kvě 2013 17:30
od jessie
Takže mám problém s takzvaným ´´policejním virem´´ , který na mě včera z ničeho nic vyskočil při běžném prohlížení internetu. Mám načteno spoustu návodů jak se toho zbavit, ale některé nezabírají a na některé jsem krátký . Potřeboval bych nějak polopaticky vysvětlit jak se toho svinstva zbavit ? Přes nouzový režim mi to nejde protože ta svině na mě vyskočí i tam. Naštěstí mám na pc druhý účet, který zatim funguje celkem bez problému, ale mám tam nastavená jenom omezená práva, proto tam nemohu spustit programy jako combofix a dokonce ani nemůžu smazat viry, které najde antivir. Tahle stránka je asi poslední naděje, protože dnes už se s tím seru 2. den a zatím jsem na mrtvém bodě. Jestli ani tohle nepomůže tak už jen servisman :frusty: . Díky za případné rady.

Re: Opět Policie

Napsal: 01 kvě 2013 17:53
od jessie
Tak se omlouvám, už sem zjistil jak cambofix zapnout. Jinak 32 bit xp prof. sp3

Re: Opět Policie

Napsal: 01 kvě 2013 18:11
od jessie
Dočetl jsem se o něm v nějaké diskusi. A taky že je může být docela nebezpečný. Mám ho spoušet ? :?: ...sorry za debil*í otázky jsem amatér.

Re: Opět Policie

Napsal: 01 kvě 2013 18:31
od jessie
tady je ten log :

ComboFix 13-05-01.03 - admin 01.05.2013 19:23:56.1.2 - x86
Spuštěný z: c:\documents and settings\Guest\Dokumenty\Sta×enÚ soubory\ComboFix.exe
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Data aplikací\17lr.dat
c:\documents and settings\All Users\Data aplikací\791co.dat
c:\documents and settings\All Users\Data aplikací\corqer.dat
c:\documents and settings\All Users\Data aplikací\qe7bt.dat
c:\documents and settings\All Users\Data aplikací\rundll32.exe
c:\windows\system32\Cache
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-04-01 do 2013-05-01 )))))))))))))))))))))))))))))))
.
.
2013-05-01 17:18 . 2013-05-01 17:18 29904 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{E6D72CFA-F2CB-4430-85BC-67CC883C605D}\MpKsl69ecf023.sys
2013-05-01 15:05 . 2013-05-01 15:05 -------- d-----w- c:\documents and settings\Guest\Local Settings\Data aplikací\Eraser 6
2013-05-01 12:44 . 2013-05-01 15:49 60872 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{E6D72CFA-F2CB-4430-85BC-67CC883C605D}\offreg.dll
2013-05-01 12:42 . 2013-04-10 03:08 6906960 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{E6D72CFA-F2CB-4430-85BC-67CC883C605D}\mpengine.dll
2013-05-01 06:19 . 2013-05-01 06:21 -------- d-----w- c:\documents and settings\Administrator
2013-04-30 19:43 . 2013-04-30 19:43 -------- d-----w- c:\documents and settings\Guest\Local Settings\Data aplikací\AVG Secure Search
2013-04-30 19:43 . 2013-04-30 19:43 -------- d-----w- c:\documents and settings\Guest\Data aplikací\AVG2013
2013-04-30 19:43 . 2013-04-30 19:48 -------- d-----w- c:\documents and settings\Guest\Local Settings\Data aplikací\Avg2013
2013-04-30 19:39 . 2013-04-30 19:39 -------- d-----w- c:\documents and settings\admin\Data aplikací\AVG2013
2013-04-30 19:38 . 2013-04-30 19:38 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\AVG2013
2013-04-30 19:38 . 2013-04-30 19:38 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\AVG Secure Search
2013-04-30 19:37 . 2013-04-30 19:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG Secure Search
2013-04-30 19:37 . 2013-04-30 19:37 -------- d-----w- c:\documents and settings\admin\Data aplikací\AVG Secure Search
2013-04-30 19:37 . 2013-04-30 19:37 34592 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-04-30 19:37 . 2013-04-30 19:37 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2013-04-30 19:37 . 2013-04-30 19:37 -------- d-----w- c:\program files\AVG Secure Search
2013-04-30 19:36 . 2013-04-30 19:36 -------- d-----w- C:\$AVG
2013-04-30 19:36 . 2013-04-30 19:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG2013
2013-04-30 19:36 . 2013-04-30 19:36 -------- d-----w- c:\program files\AVG
2013-04-29 09:05 . 2013-04-10 03:08 6906960 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-13 13:50 . 2013-04-13 13:50 714526 ----a-w- c:\windows\unins000.exe
2013-04-13 13:50 . 2013-04-13 13:50 -------- d-----w- c:\program files\Tapur
2013-04-12 17:00 . 2013-04-12 17:00 -------- d-----w- C:\a4a849e4e621d029e38f48a6b5
2013-04-12 16:22 . 2013-04-12 16:22 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2013-04-12 16:16 . 2013-04-14 06:30 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Tarma Installer
2013-04-12 16:16 . 2013-04-12 16:16 -------- d-----w- c:\documents and settings\admin\Data aplikací\GoforFiles
2013-04-12 16:13 . 2013-04-12 16:13 171008 ----a-w- c:\windows\system32\rld.dll
2013-04-12 16:13 . 2013-04-12 16:13 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Logs
2013-04-08 16:49 . 2013-04-30 20:49 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\Avg2013
2013-04-06 14:13 . 2013-04-06 14:13 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-16 14:29 . 2012-04-16 08:08 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-16 14:29 . 2011-10-14 12:22 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-02 10:33 . 2011-10-12 13:12 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-03-13 12:32 . 2013-03-13 12:32 16486616 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-03-08 08:36 . 2008-04-14 06:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 16:06 . 2013-03-07 16:06 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-07 16:06 . 2013-03-07 16:06 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-07 16:06 . 2013-03-03 17:27 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-07 16:06 . 2013-03-03 17:27 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-07 15:56 . 2008-04-14 08:06 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-07 15:56 . 2008-04-14 06:06 2151936 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-02 02:08 . 2008-04-14 06:52 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:08 . 2008-04-14 06:51 43520 ------w- c:\windows\system32\licmgr10.dll
2013-03-02 02:08 . 2008-04-14 06:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:57 . 2008-04-14 05:45 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2008-04-14 05:50 385024 ------w- c:\windows\system32\html.iec
2013-03-01 08:32 . 2013-03-01 08:32 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-02-27 07:58 . 2011-10-12 11:40 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-26 21:40 . 2013-02-26 21:40 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-02-14 01:52 . 2013-02-14 01:52 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-02-12 00:32 . 2008-04-13 22:26 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-10 03:20 . 2013-02-19 17:17 892704 ----a-w- c:\windows\system32\nvdispgenco3220162.dll
2013-02-10 03:20 . 2013-02-19 17:17 1012512 ----a-w- c:\windows\system32\nvdispco3220294.dll
2013-02-10 03:20 . 2013-01-03 19:25 6070272 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-10 03:20 . 2011-10-12 12:50 7749632 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-10 03:20 . 2011-10-12 12:50 4078976 ----a-w- c:\windows\system32\nv4_disp.dll
2013-02-10 03:20 . 2011-10-12 12:50 2731296 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-10 03:20 . 2011-10-12 12:50 2481664 ----a-w- c:\windows\system32\nvapi.dll
2013-02-10 03:20 . 2011-10-12 12:50 1990944 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-10 03:20 . 2011-10-12 12:50 19685376 ----a-w- c:\windows\system32\nvoglnt.dll
2013-02-10 03:20 . 2011-10-12 12:50 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-10 03:20 . 2011-10-12 12:50 10707360 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2013-02-10 00:29 . 2011-10-12 12:50 258048 ----a-w- c:\windows\system32\nvrstr.dll
2013-02-10 00:29 . 2011-10-12 12:50 253952 ----a-w- c:\windows\system32\nvrsth.dll
2013-02-10 00:29 . 2011-10-12 12:50 253952 ----a-w- c:\windows\system32\nvrssv.dll
2013-02-10 00:29 . 2011-10-12 12:50 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2013-02-10 00:29 . 2011-10-12 12:50 126976 ----a-w- c:\windows\system32\nvrszht.dll
2013-02-10 00:29 . 2011-10-12 12:50 274432 ----a-w- c:\windows\system32\nvrspt.dll
2013-02-10 00:29 . 2011-10-12 12:50 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2013-02-10 00:29 . 2011-10-12 12:50 274432 ----a-w- c:\windows\system32\nvrsja.dll
2013-02-10 00:29 . 2011-10-12 12:50 270336 ----a-w- c:\windows\system32\nvrsru.dll
2013-02-10 00:29 . 2011-10-12 12:50 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2013-02-10 00:29 . 2011-10-12 12:50 266240 ----a-w- c:\windows\system32\nvrsko.dll
2013-02-10 00:29 . 2011-10-12 12:50 258048 ----a-w- c:\windows\system32\nvrssl.dll
2013-02-10 00:29 . 2011-10-12 12:50 258048 ----a-w- c:\windows\system32\nvrssk.dll
2013-02-10 00:29 . 2011-10-12 12:50 258048 ----a-w- c:\windows\system32\nvrspl.dll
2013-02-10 00:29 . 2011-10-12 12:50 253952 ----a-w- c:\windows\system32\nvrsno.dll
2013-02-10 00:29 . 2011-10-12 12:50 335872 ----a-w- c:\windows\system32\nvrshe.dll
2013-02-10 00:29 . 2011-10-12 12:50 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2013-02-10 00:29 . 2011-10-12 12:50 282624 ----a-w- c:\windows\system32\nvrsit.dll
2013-02-10 00:29 . 2011-10-12 12:50 282624 ----a-w- c:\windows\system32\nvrses.dll
2013-02-10 00:29 . 2011-10-12 12:50 282624 ----a-w- c:\windows\system32\nvrsel.dll
2013-02-10 00:29 . 2011-10-12 12:50 278528 ----a-w- c:\windows\system32\nvrsde.dll
2013-02-10 00:29 . 2011-10-12 12:50 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2013-02-10 00:29 . 2011-10-12 12:50 262144 ----a-w- c:\windows\system32\nvrshu.dll
2013-02-10 00:29 . 2011-10-12 12:50 253952 ----a-w- c:\windows\system32\nvrsda.dll
2013-02-10 00:29 . 2011-10-12 12:50 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2013-02-10 00:29 . 2011-10-12 12:50 249856 ----a-w- c:\windows\system32\nvrseng.dll
2013-02-10 00:29 . 2011-10-12 12:50 335872 ----a-w- c:\windows\system32\nvrsar.dll
2013-02-10 00:29 . 2011-10-12 12:50 249856 ----a-w- c:\windows\system32\nvrscs.dll
2013-02-10 00:27 . 2011-10-12 12:50 54272 ----a-w- c:\windows\system32\nvwddi.dll
2013-02-10 00:27 . 2011-10-12 12:50 156960 ----a-w- c:\windows\system32\nvsvc32.exe
2013-02-10 00:27 . 2011-10-12 12:50 223008 ----a-w- c:\windows\system32\nvmctray.dll
2013-02-10 00:27 . 2011-10-12 12:50 15664416 ----a-w- c:\windows\system32\nvcpl.dll
2013-02-10 00:27 . 2011-10-12 12:50 144160 ----a-w- c:\windows\system32\nvcolor.exe
2013-02-08 02:37 . 2013-02-08 02:37 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2013-02-08 02:37 . 2013-02-08 02:37 245048 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-02-08 02:37 . 2013-02-08 02:37 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-02-08 02:37 . 2013-02-08 02:37 170808 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-02-08 02:37 . 2013-02-08 02:37 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-04-12 15:27 . 2013-04-12 15:27 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-02-10 15664416]
"NvMediaCenter"="NvMCTray.dll" [2013-02-10 223008]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-02-10 1982312]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-03-13 4394032]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-04-30 1223344]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\admin\Nabídka Start\Programy\Po spuštění\
msconfig.lnk - [N/A]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Tapur\\Tapur.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PanProcess.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 dlniicas;dlniicas;c:\windows\system32\drivers\dlniicas.sys [x]
R1 hrdqmqzo;hrdqmqzo;c:\windows\system32\drivers\hrdqmqzo.sys [x]
R1 ttcpmhks;ttcpmhks;c:\windows\system32\drivers\ttcpmhks.sys [x]
R1 utyglirc;utyglirc;c:\windows\system32\drivers\utyglirc.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
R3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [x]
R3 cpuz130;cpuz130;c:\docume~1\admin\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 MpKsl69ecf023;MpKsl69ecf023;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{E6D72CFA-F2CB-4430-85BC-67CC883C605D}\MpKsl69ecf023.sys [x]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2013\avgfws.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]
S2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [x]
S2 vToolbarUpdater15.1.0;vToolbarUpdater15.1.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe [x]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSL69ECF023
.
Obsah adresáře 'Naplánované úlohy'
.
2013-05-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 14:29]
.
2013-05-01 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 10:11]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www1.delta-search.com/?affID=119293&tt=110413_www1&babsrc=HP_ss&mntrId=6C6000248C66E6F9
mStart Page = hxxp://home.sweetim.com/?st=6&barid={FCC596D7-2D00-11E2-ABEC-00248C66E6F9}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
TCP: DhcpNameServer = 10.69.128.88 10.69.128.18
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.1.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\d8xswv77.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - ExtSQL: 2013-04-14 08:30; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: 2013-04-30 22:09; avg@toolbar; c:\documents and settings\All Users\Data aplikací\AVG Secure Search\FireFoxExt\15.1.0.2
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108602
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 6c60825e00000000000000248c66e6f9
FF - user.js: extensions.BabylonToolbar_i.hardId - 6c60825e00000000000000248c66e6f9
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15403
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:29
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-01 19:27
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OOSAFEERASE02.00.00.01MSWINDOWS"="4E1DC2504F396FB13EE216D226A34F07FA2071BD4EC399402B7D0A628DAB70F2A61EFA6A64CDAD19EF38F0DF8F7855353503E47711B21ECF6FF5E4B3D5DC7EBA02CFEFD75D27D02FF279E0A0FD5305AFB12D675FAFCC66C66EF593526B89E78BFD7AEED59ABF8DFA579BAAEB956CDA228E5E5502FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407A2D97226D213B555C038D530D6EB345245CBB7BF9695DFF7A8D3745C637363488DFBE855A72557CFB6E21421933E8634BC2E2B2860CF054110928C68D15CF1BB84A4BFEDCB0EBB82F0000B1EFBC6007EE03B944F90F9F1644CAB14ACF9DCD7426B7A96F848DD91621688508B8BF438FA2B247FB04CC0C3AE178D5F4E96EE4B5EDF47295E86FAC746BFC328367ABDF47359CE5B9F40C3BA80F1592742E07EA424418C1B5873C0EE1A522E3FBD080622C9EDD37BC19A1739CB9CE6085319EEE0BD33FC7079FEFB3E59F079A219F4AACD6E2F0118110D43481CA1C002A1841321E71E8091A21EEE8F980589448E07F82B6927D84B5B4E42938CC8A47A1EE735A9F32FB14E0DC84FE07C3C76FBBC09B592D7258F94C099876ACBA48538121211E3C7D4E05644FC48D2C1880D8314C616FB67B88F59392EF3C19F068AE816CFD8DD5BC41240A8BAF6ACB31D4EF8D712C6885BB9F65E8D4D613060848D1C1977B1463D767B046C066E5836746EDEA3C2E5FA0B4295D0DB3F1BF2F97B1D475FDE33730EA589009867B2E23E4BD61CE12F06B862B0F1BE95CCE0E96D0BFBC07E61EB5D83D2DA750AEC3FFD5823A27A54B8AFCEDF27461D8146E7184D94A04761DF5D22664344896DA682012141A2A98F3D5CE9170AFE42377D5725C2C0357A46BDF98214FC4C4749A8DD644C2E5B3A7CA5FBDE3086BDE82649CA5E0C7919DD41E1AC617D4DAE19F48C27471DB60623D6D970A3E408D8B21083D33275EEDD5BB83952C92A45DBD19AEE2869F0ED8EBF3247135385C1D8218A0D753666134A3E67323C68AF3876283B6F9EB3B526954DEF60AC2DF42A7B9C7EC52721D69ED8375C41AE8D3E3DD5B3AAB2BEADEB7B706FCA1BFD132AFB32EFAB9656CDD10C39DA785D622E96B186F211622D862B48A6AACE70398C32B3A3CAA1E8E1BEF71A4C21740305630D35C6C5692B03109E30746BDD5E84C4A9942840C72B1E96FDCC2A68DAB1386A0BAC0BF3033C4FBF8117CBFE2BE5FB0AC5A44E49D651D29CACE91C6D8A6C90238E407AA5034C14AF29A55097418DAECF4DADD5BEDD513DBD5EFD2157B4BB1714A8DAF0E76012C79D7BC9D94C7BDE1FAC9A3FB5E0BC250C090657EA2DE2A94864FD2E7D2BE6CBD36B70B5F6970AE6C55C1F2918D4AACB64B2A589E15D6DC7156149AC64473739951F985C65D774"
.
Celkový čas: 2013-05-01 19:28:29
ComboFix-quarantined-files.txt 2013-05-01 17:28
.
Před spuštěním: Volných bajtů: 100 080 066 560
Po spuštění: Volných bajtů: 100 760 113 152
.
- - End Of File - - 8D6194A0D13D921375D96651A14F82FC

Re: Opět Policie

Napsal: 01 kvě 2013 18:43
od jessie
Provedu, ale mě trpělivost je toho ne mě docela dost :shock:

Re: Opět Policie

Napsal: 01 kvě 2013 19:34
od jessie
MBRscan

MBRScan v1.1.1

OS : Windows XP Home Service Pack 3 (32 bit)
PROCESSOR : x86 Family 6 Model 23 Stepping 10, GenuineIntel
BOOT : Normal Boot
DATE : 2013/05/01 (ISO 8601) at 19:50:48
________________________________________________________________________________

DISK : Device\Harddisk0\DR0 __WDC WD5000AAKS-00A7B2 (01.03B01)
BUS_TYPE : (0x03) P-ATA
USE_PIO : YES
MAX_TRANSFER : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0 465.8 Go [Fixed] ==> XP MBR Code

MBR_MD5 : F0FB92EC781C8E6D69D819819F8B5DDB
MBR_SHA1 : F93652A39BDDEB69ED9B853BDDE085F890D9FD9D

Device\Harddisk0\Partition1 156.2 Go 0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2 309.5 Go 0x07 NTFS / HPFS
________________________________________________________________________________

############################### Additional scan ################################

SystemStartOptions : NOEXECUTE=OPTIN FASTDETECT

________________________________________________________________________________

_______MBR \Device\Harddisk0\DR0

0x00000000 33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C 3À.м.|ûP.P.ü¾.|
0x00000010 BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04 ¿..PW¹å.ó¤Ë½¾.±.
0x00000020 38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5 8n.|.u..Å.âôÍ..õ
0x00000030 83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B .Æ.It.8,tö.µ.´..
0x00000040 F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88 ð¬<.tü»..´.Í.ëò.
0x00000050 4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B N.èF.s*þF..~..t.
0x00000060 80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83 .~..t..¶.uÒ.F...
0x00000070 46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB F...V..è!.s..¶.ë
0x00000080 BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0 ¼.>þ}Uªt..~..tÈ.
0x00000090 B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56 ·.ë©.ü.W.õË¿...V
0x000000A0 00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC .´.Í.r#.Á$?..Þ.ü
0x000000B0 43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56 C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0 0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C .w#r.9F.s.¸..».|
0x000000D0 8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A .N..V.Í.sQOtN2ä.
0x000000E0 56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD V.Í.ëä.V.`»ªU´AÍ
0x000000F0 13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60 .r6.ûUªu0öÁ.t+a`
0x00000100 6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A j.j..v..v.j.h.|j
0x00000110 01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B .j.´B.ôÍ.aas.Ot.
0x00000120 32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 4E 65 70 6C 2ä.V.Í.ëÖaùÃNepl
0x00000130 61 74 6E A0 20 74 61 62 75 6C 6B 61 20 6F 64 64 atn. tabulka odd
0x00000140 A1 6C 85 00 43 68 79 62 61 20 70 FD 69 20 6E 61 ¡l..Chyba pýi na
0x00000150 9F A1 74 A0 6E A1 20 6F 70 65 72 61 9F 6E A1 68 .¡t.n¡ opera.n¡h
0x00000160 6F 20 73 79 73 74 82 6D 75 00 4F 70 65 72 61 9F o syst.mu.Opera.
0x00000170 6E A1 20 73 79 73 74 82 6D 20 6E 65 6E 61 6C 65 n¡ syst.m nenale
0x00000180 7A 65 6E 00 00 00 00 00 00 00 00 00 00 00 00 00 zen.............
0x00000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001B0 00 00 00 00 00 2C 44 6A 3B 14 3C 14 00 00 80 01 .....,Dj;.<.....
0x000001C0 01 00 07 FE FF FF 3F 00 00 00 2E F7 87 13 00 FE ...þ..?....÷...þ
0x000001D0 FF FF 07 FE FF FF 6D F7 87 13 D4 54 B0 26 00 00 ...þ..m÷..ÔT°&..
0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª

__________________________16_BIT_ASM_CODE

0x0000 33c0 XOR AX, AX
0x0002 8ed0 MOV SS, AX
0x0004 bc 007c MOV SP, 0x7c00
0x0007 fb STI
0x0008 50 PUSH AX
0x0009 07 POP ES
0x000A 50 PUSH AX
0x000B 1f POP DS
0x000C fc CLD
0x000D be 1b7c MOV SI, 0x7c1b
0x0010 bf 1b06 MOV DI, 0x61b
0x0013 50 PUSH AX
0x0014 57 PUSH DI
0x0015 b9 e501 MOV CX, 0x1e5
0x0018 f3 a4 REP MOVSB
0x001A cb RETF
0x001B bd be07 MOV BP, 0x7be
0x001E b1 04 MOV CL, 0x4
0x0020 386e 00 CMP [BP+0x0], CH
0x0023 7c 09 JL 0x2e
0x0025 75 13 JNZ 0x3a
0x0027 83c5 10 ADD BP, 0x10
0x002A e2 f4 LOOP 0x20
0x002C cd 18 INT 0x18
0x002E 8bf5 MOV SI, BP
0x0030 83c6 10 ADD SI, 0x10
0x0033 49 DEC CX
0x0034 74 19 JZ 0x4f
0x0036 382c CMP [SI], CH
0x0038 74 f6 JZ 0x30
0x003A a0 b507 MOV AL, [0x7b5]
0x003D b4 07 MOV AH, 0x7
0x003F 8bf0 MOV SI, AX
0x0041 ac LODSB
0x0042 3c 00 CMP AL, 0x0
0x0044 74 fc JZ 0x42
0x0046 bb 0700 MOV BX, 0x7
0x0049 b4 0e MOV AH, 0xe
0x004B cd 10 INT 0x10
0x004D eb f2 JMP 0x41
0x004F 884e 10 MOV [BP+0x10], CL
0x0052 e8 4600 CALL 0x9b
0x0055 73 2a JAE 0x81
0x0057 fe46 10 INC BYTE [BP+0x10]
0x005A 807e 04 0b CMP BYTE [BP+0x4], 0xb
0x005E 74 0b JZ 0x6b
0x0060 807e 04 0c CMP BYTE [BP+0x4], 0xc
0x0064 74 05 JZ 0x6b
0x0066 a0 b607 MOV AL, [0x7b6]
0x0069 75 d2 JNZ 0x3d
0x006B 8046 02 06 ADD BYTE [BP+0x2], 0x6
0x006F 8346 08 06 ADD WORD [BP+0x8], 0x6
0x0073 8356 0a 00 ADC WORD [BP+0xa], 0x0
0x0077 e8 2100 CALL 0x9b
0x007A 73 05 JAE 0x81
0x007C a0 b607 MOV AL, [0x7b6]
0x007F eb bc JMP 0x3d
0x0081 813e fe7d 55aa CMP WORD [0x7dfe], 0xaa55
0x0087 74 0b JZ 0x94
0x0089 807e 10 00 CMP BYTE [BP+0x10], 0x0
0x008D 74 c8 JZ 0x57
0x008F a0 b707 MOV AL, [0x7b7]
0x0092 eb a9 JMP 0x3d
0x0094 8bfc MOV DI, SP
0x0096 1e PUSH DS
0x0097 57 PUSH DI
0x0098 8bf5 MOV SI, BP
0x009A cb RETF
0x009B bf 0500 MOV DI, 0x5
0x009E 8a56 00 MOV DL, [BP+0x0]
0x00A1 b4 08 MOV AH, 0x8
0x00A3 cd 13 INT 0x13
0x00A5 72 23 JB 0xca
0x00A7 8ac1 MOV AL, CL
0x00A9 24 3f AND AL, 0x3f
0x00AB 98 CBW
0x00AC 8ade MOV BL, DH
0x00AE 8afc MOV BH, AH
0x00B0 43 INC BX
0x00B1 f7e3 MUL BX
0x00B3 8bd1 MOV DX, CX
0x00B5 86d6 XCHG DH, DL
0x00B7 b1 06 MOV CL, 0x6
0x00B9 d2ee SHR DH, CL
0x00BB 42 INC DX
0x00BC f7e2 MUL DX
0x00BE 3956 0a CMP [BP+0xa], DX
0x00C1 77 23 JA 0xe6
0x00C3 72 05 JB 0xca
0x00C5 3946 08 CMP [BP+0x8], AX
0x00C8 73 1c JAE 0xe6
0x00CA b8 0102 MOV AX, 0x201
0x00CD bb 007c MOV BX, 0x7c00
0x00D0 8b4e 02 MOV CX, [BP+0x2]
0x00D3 8b56 00 MOV DX, [BP+0x0]
0x00D6 cd 13 INT 0x13
0x00D8 73 51 JAE 0x12b
0x00DA 4f DEC DI
0x00DB 74 4e JZ 0x12b
0x00DD 32e4 XOR AH, AH
0x00DF 8a56 00 MOV DL, [BP+0x0]
0x00E2 cd 13 INT 0x13
0x00E4 eb e4 JMP 0xca
0x00E6 8a56 00 MOV DL, [BP+0x0]
0x00E9 60 PUSHA
0x00EA bb aa55 MOV BX, 0x55aa
0x00ED b4 41 MOV AH, 0x41
0x00EF cd 13 INT 0x13
0x00F1 72 36 JB 0x129
0x00F3 81fb 55aa CMP BX, 0xaa55
0x00F7 75 30 JNZ 0x129
0x00F9 f6c1 01 TEST CL, 0x1
0x00FC 74 2b JZ 0x129
0x00FE 61 POPA
0x00FF 60 PUSHA
0x0100 6a 00 PUSH 0x0
0x0102 6a 00 PUSH 0x0
0x0104 ff76 0a PUSH WORD [BP+0xa]
0x0107 ff76 08 PUSH WORD [BP+0x8]
0x010A 6a 00 PUSH 0x0
0x010C 68 007c PUSH 0x7c00
0x010F 6a 01 PUSH 0x1
0x0111 6a 10 PUSH 0x10
0x0113 b4 42 MOV AH, 0x42
0x0115 8bf4 MOV SI, SP
0x0117 cd 13 INT 0x13
0x0119 61 POPA
0x011A 61 POPA
0x011B 73 0e JAE 0x12b
0x011D 4f DEC DI
0x011E 74 0b JZ 0x12b
0x0120 32e4 XOR AH, AH
0x0122 8a56 00 MOV DL, [BP+0x0]
0x0125 cd 13 INT 0x13
0x0127 eb d6 JMP 0xff
0x0129 61 POPA
0x012A f9 STC
0x012B c3 RET
0x012C 4e DEC SI
0x012D 65 DB 0x65
0x012D 65 70 6c JO 0x19c
0x0130 61 POPA
0x0131 74 6e JZ 0x1a1
0x0133 a0 2074 MOV AL, [0x7420]
0x0136 61 POPA
0x0137 6275 6c BOUND SI, [DI+0x6c]
0x013A 6b61 20 6f IMUL SP, [BX+DI+0x20], 0x6f
0x013E 64 DB 0x64
0x013F 64 a1 6c85 MOV AX, FS:[0x856c]
0x0143 0043 68 ADD [BP+DI+0x68], AL
0x0146 79 62 JNS 0x1aa
0x0148 61 POPA
0x0149 2070 fd AND [BX+SI-0x3], DH
0x014C 6920 6e61 IMUL SP, [BX+SI], 0x616e
0x0150 9f LAHF
0x0151 a1 74a0 MOV AX, [0xa074]
0x0154 6e OUTSB
0x0155 a1 206f MOV AX, [0x6f20]
0x0158 70 65 JO 0x1bf
0x015A 72 61 JB 0x1bd
0x015C 9f LAHF
0x015D 6e OUTSB
0x015E a1 686f MOV AX, [0x6f68]
0x0161 2073 79 AND [BP+DI+0x79], DH
0x0164 73 74 JAE 0x1da
0x0166 826d 75 00 SUB BYTE [DI+0x75], 0x0
0x016A 4f DEC DI
0x016B 70 65 JO 0x1d2
0x016D 72 61 JB 0x1d0
0x016F 9f LAHF
0x0170 6e OUTSB
0x0171 a1 2073 MOV AX, [0x7320]
0x0174 79 73 JNS 0x1e9
0x0176 74 82 JZ 0xfa
0x0178 6d INSW
0x0179 206e 65 AND [BP+0x65], CH
0x017C 6e OUTSB
0x017D 61 POPA
0x017E 6c INSB
0x017F 65 DB 0x65
0x017F 65 7a 65 JP 0x1e7
0x0182 6e OUTSB
0x0183 0000 ADD [BX+SI], AL
0x0185 0000 ADD [BX+SI], AL
0x0187 0000 ADD [BX+SI], AL
0x0189 0000 ADD [BX+SI], AL
0x018B 0000 ADD [BX+SI], AL
0x018D 0000 ADD [BX+SI], AL
0x018F 0000 ADD [BX+SI], AL
0x0191 0000 ADD [BX+SI], AL
0x0193 0000 ADD [BX+SI], AL
0x0195 0000 ADD [BX+SI], AL
0x0197 0000 ADD [BX+SI], AL
0x0199 0000 ADD [BX+SI], AL
0x019B 0000 ADD [BX+SI], AL
0x019D 0000 ADD [BX+SI], AL
0x019F 0000 ADD [BX+SI], AL
0x01A1 0000 ADD [BX+SI], AL
0x01A3 0000 ADD [BX+SI], AL
0x01A5 0000 ADD [BX+SI], AL
0x01A7 0000 ADD [BX+SI], AL
0x01A9 0000 ADD [BX+SI], AL
0x01AB 0000 ADD [BX+SI], AL
0x01AD 0000 ADD [BX+SI], AL
0x01AF 0000 ADD [BX+SI], AL
0x01B1 0000 ADD [BX+SI], AL
0x01B3 0000 ADD [BX+SI], AL
0x01B5 2c 44 SUB AL, 0x44
0x01B7 6a 3b PUSH 0x3b
0x01B9 14 3c ADC AL, 0x3c
0x01BB 14 00 ADC AL, 0x0
0x01BD 0080 0101 ADD [BX+SI+0x101], AL
0x01C1 0007 ADD [BX], AL
0x01C3 fe DB 0xfe
0x01C4 ff DB 0xff
0x01C5 ff DB 0xff
0x01C6 3f AAS
0x01C7 0000 ADD [BX+SI], AL
0x01C9 002e f787 ADD [0x87f7], CH
0x01CD 1300 ADC AX, [BX+SI]
0x01CF fe DB 0xfe
0x01D0 ff DB 0xff
0x01D1 ff07 INC WORD [BX]
0x01D3 fe DB 0xfe
0x01D4 ff DB 0xff
0x01D5 ff6d f7 JMP FAR WORD [DI-0x9]
0x01D8 8713 XCHG [BP+DI], DX
0x01DA d4 54 AAM 0x54
0x01DC b0 26 MOV AL, 0x26
0x01DE 0000 ADD [BX+SI], AL
0x01E0 0000 ADD [BX+SI], AL
0x01E2 0000 ADD [BX+SI], AL
0x01E4 0000 ADD [BX+SI], AL
0x01E6 0000 ADD [BX+SI], AL
0x01E8 0000 ADD [BX+SI], AL
0x01EA 0000 ADD [BX+SI], AL
0x01EC 0000 ADD [BX+SI], AL
0x01EE 0000 ADD [BX+SI], AL
0x01F0 0000 ADD [BX+SI], AL
0x01F2 0000 ADD [BX+SI], AL
0x01F4 0000 ADD [BX+SI], AL
0x01F6 0000 ADD [BX+SI], AL
0x01F8 0000 ADD [BX+SI], AL
0x01FA 0000 ADD [BX+SI], AL
0x01FC 0000 ADD [BX+SI], AL
0x01FE 55 PUSH BP
0x01FF aa STOSB

[/code]

PChunter
PChunter.rar
Pchunter
(55.44 KiB) Staženo 40 x

tady je scan PsychicalMBR.bin
https://www.virustotal.com/cs/file/24d9 ... 367432644/


Prosimtě ten OTL už chtěl něco uložit, ale pak to napsalo že nemůže...spouštěl jsem to z plochy :?: .... no a pak už to zamrzlo celý tak jsem to ukončil. Mám to zkusit znova ? :42: Jinak jsem snad udělal vše .

Re: Opět Policie

Napsal: 01 kvě 2013 19:49
od jessie
Dobrá, každopádně zatím díky moc za pomoc :)

Re: Opět Policie

Napsal: 01 kvě 2013 21:39
od jessie
OTL v nouzovém režimu

Re: Opět Policie

Napsal: 01 kvě 2013 21:40
od jessie
OTL v nouzovém režimu

Re: Opět Policie

Napsal: 02 kvě 2013 08:46
od jessie
akorát nevím co jsou to ty logy z jak si říkal, že je získám postupně :?:

Re: Opět Policie

Napsal: 02 kvě 2013 09:13
od jessie
combofix se chtěl jakoby znovu zapnout a odstranovat, tak jsem ho radsi vypnul .

Re: Opět Policie

Napsal: 02 kvě 2013 09:44
od jessie
ComboFix 13-05-01.03 - admin 02.05.2013 10:28:12.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1492 [GMT 2:00]
Spuštěný z: c:\documents and settings\admin\Dokumenty\Stažené soubory\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\admin\Plocha\CFScript.txt
AV: AVG Internet Security 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Internet Security 2013 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_dlniicas
-------\Service_hrdqmqzo
-------\Service_ttcpmhks
-------\Service_utyglirc
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-04-02 do 2013-05-02 )))))))))))))))))))))))))))))))
.
.
2013-05-02 08:09 . 2013-04-10 03:08 6906960 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9A112C0D-EA1C-4CBD-848F-A614FA36F0EC}\mpengine.dll
2013-05-01 18:07 . 2013-05-01 19:51 512 ----a-w- C:\PhysicalMBR.bin
2013-05-01 15:05 . 2013-05-01 15:05 -------- d-----w- c:\documents and settings\Guest\Local Settings\Data aplikací\Eraser 6
2013-05-01 12:42 . 2013-04-10 03:08 6906960 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-01 06:19 . 2013-05-01 06:21 -------- d-----w- c:\documents and settings\Administrator
2013-04-30 19:43 . 2013-04-30 19:43 -------- d-----w- c:\documents and settings\Guest\Local Settings\Data aplikací\AVG Secure Search
2013-04-30 19:43 . 2013-04-30 19:43 -------- d-----w- c:\documents and settings\Guest\Data aplikací\AVG2013
2013-04-30 19:43 . 2013-04-30 19:48 -------- d-----w- c:\documents and settings\Guest\Local Settings\Data aplikací\Avg2013
2013-04-30 19:39 . 2013-04-30 19:39 -------- d-----w- c:\documents and settings\admin\Data aplikací\AVG2013
2013-04-30 19:38 . 2013-04-30 19:38 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\AVG2013
2013-04-30 19:38 . 2013-04-30 19:38 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\AVG Secure Search
2013-04-30 19:37 . 2013-04-30 19:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG Secure Search
2013-04-30 19:37 . 2013-04-30 19:37 -------- d-----w- c:\documents and settings\admin\Data aplikací\AVG Secure Search
2013-04-30 19:37 . 2013-04-30 19:37 34592 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-04-30 19:37 . 2013-04-30 19:37 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2013-04-30 19:37 . 2013-04-30 19:37 -------- d-----w- c:\program files\AVG Secure Search
2013-04-30 19:36 . 2013-04-30 19:36 -------- d-----w- C:\$AVG
2013-04-30 19:36 . 2013-04-30 19:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG2013
2013-04-30 19:36 . 2013-04-30 19:36 -------- d-----w- c:\program files\AVG
2013-04-13 13:50 . 2013-04-13 13:50 714526 ----a-w- c:\windows\unins000.exe
2013-04-13 13:50 . 2013-04-13 13:50 -------- d-----w- c:\program files\Tapur
2013-04-12 17:00 . 2013-04-12 17:00 -------- d-----w- C:\a4a849e4e621d029e38f48a6b5
2013-04-12 16:22 . 2013-04-12 16:22 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2013-04-12 16:16 . 2013-04-14 06:30 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Tarma Installer
2013-04-12 16:16 . 2013-04-12 16:16 -------- d-----w- c:\documents and settings\admin\Data aplikací\GoforFiles
2013-04-12 16:13 . 2013-04-12 16:13 171008 ----a-w- c:\windows\system32\rld.dll
2013-04-12 16:13 . 2013-04-12 16:13 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Logs
2013-04-08 16:49 . 2013-04-30 20:49 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\Avg2013
2013-04-06 14:13 . 2013-04-06 14:13 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-16 14:29 . 2012-04-16 08:08 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-16 14:29 . 2011-10-14 12:22 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-02 10:33 . 2011-10-12 13:12 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-03-13 12:32 . 2013-03-13 12:32 16486616 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-03-08 08:36 . 2008-04-14 06:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 16:06 . 2013-03-07 16:06 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-07 16:06 . 2013-03-07 16:06 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-07 16:06 . 2013-03-03 17:27 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-07 16:06 . 2013-03-03 17:27 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-07 15:56 . 2008-04-14 08:06 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-07 15:56 . 2008-04-14 06:06 2151936 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-02 02:08 . 2008-04-14 06:52 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:08 . 2008-04-14 06:51 43520 ------w- c:\windows\system32\licmgr10.dll
2013-03-02 02:08 . 2008-04-14 06:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:57 . 2008-04-14 05:45 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2008-04-14 05:50 385024 ------w- c:\windows\system32\html.iec
2013-03-01 08:32 . 2013-03-01 08:32 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-02-27 07:58 . 2011-10-12 11:40 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-26 21:40 . 2013-02-26 21:40 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-02-14 01:52 . 2013-02-14 01:52 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-02-12 00:32 . 2008-04-13 22:26 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-10 03:20 . 2013-02-19 17:17 892704 ----a-w- c:\windows\system32\nvdispgenco3220162.dll
2013-02-10 03:20 . 2013-02-19 17:17 1012512 ----a-w- c:\windows\system32\nvdispco3220294.dll
2013-02-10 03:20 . 2013-01-03 19:25 6070272 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-10 03:20 . 2011-10-12 12:50 7749632 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-10 03:20 . 2011-10-12 12:50 4078976 ----a-w- c:\windows\system32\nv4_disp.dll
2013-02-10 03:20 . 2011-10-12 12:50 2731296 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-10 03:20 . 2011-10-12 12:50 2481664 ----a-w- c:\windows\system32\nvapi.dll
2013-02-10 03:20 . 2011-10-12 12:50 1990944 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-10 03:20 . 2011-10-12 12:50 19685376 ----a-w- c:\windows\system32\nvoglnt.dll
2013-02-10 03:20 . 2011-10-12 12:50 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-10 03:20 . 2011-10-12 12:50 10707360 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2013-02-10 00:29 . 2011-10-12 12:50 258048 ----a-w- c:\windows\system32\nvrstr.dll
2013-02-10 00:29 . 2011-10-12 12:50 253952 ----a-w- c:\windows\system32\nvrsth.dll
2013-02-10 00:29 . 2011-10-12 12:50 253952 ----a-w- c:\windows\system32\nvrssv.dll
2013-02-10 00:29 . 2011-10-12 12:50 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2013-02-10 00:29 . 2011-10-12 12:50 126976 ----a-w- c:\windows\system32\nvrszht.dll
2013-02-10 00:29 . 2011-10-12 12:50 274432 ----a-w- c:\windows\system32\nvrspt.dll
2013-02-10 00:29 . 2011-10-12 12:50 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2013-02-10 00:29 . 2011-10-12 12:50 274432 ----a-w- c:\windows\system32\nvrsja.dll
2013-02-10 00:29 . 2011-10-12 12:50 270336 ----a-w- c:\windows\system32\nvrsru.dll
2013-02-10 00:29 . 2011-10-12 12:50 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2013-02-10 00:29 . 2011-10-12 12:50 266240 ----a-w- c:\windows\system32\nvrsko.dll
2013-02-10 00:29 . 2011-10-12 12:50 258048 ----a-w- c:\windows\system32\nvrssl.dll
2013-02-10 00:29 . 2011-10-12 12:50 258048 ----a-w- c:\windows\system32\nvrssk.dll
2013-02-10 00:29 . 2011-10-12 12:50 258048 ----a-w- c:\windows\system32\nvrspl.dll
2013-02-10 00:29 . 2011-10-12 12:50 253952 ----a-w- c:\windows\system32\nvrsno.dll
2013-02-10 00:29 . 2011-10-12 12:50 335872 ----a-w- c:\windows\system32\nvrshe.dll
2013-02-10 00:29 . 2011-10-12 12:50 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2013-02-10 00:29 . 2011-10-12 12:50 282624 ----a-w- c:\windows\system32\nvrsit.dll
2013-02-10 00:29 . 2011-10-12 12:50 282624 ----a-w- c:\windows\system32\nvrses.dll
2013-02-10 00:29 . 2011-10-12 12:50 282624 ----a-w- c:\windows\system32\nvrsel.dll
2013-02-10 00:29 . 2011-10-12 12:50 278528 ----a-w- c:\windows\system32\nvrsde.dll
2013-02-10 00:29 . 2011-10-12 12:50 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2013-02-10 00:29 . 2011-10-12 12:50 262144 ----a-w- c:\windows\system32\nvrshu.dll
2013-02-10 00:29 . 2011-10-12 12:50 253952 ----a-w- c:\windows\system32\nvrsda.dll
2013-02-10 00:29 . 2011-10-12 12:50 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2013-02-10 00:29 . 2011-10-12 12:50 249856 ----a-w- c:\windows\system32\nvrseng.dll
2013-02-10 00:29 . 2011-10-12 12:50 335872 ----a-w- c:\windows\system32\nvrsar.dll
2013-02-10 00:29 . 2011-10-12 12:50 249856 ----a-w- c:\windows\system32\nvrscs.dll
2013-02-10 00:27 . 2011-10-12 12:50 54272 ----a-w- c:\windows\system32\nvwddi.dll
2013-02-10 00:27 . 2011-10-12 12:50 156960 ----a-w- c:\windows\system32\nvsvc32.exe
2013-02-10 00:27 . 2011-10-12 12:50 223008 ----a-w- c:\windows\system32\nvmctray.dll
2013-02-10 00:27 . 2011-10-12 12:50 15664416 ----a-w- c:\windows\system32\nvcpl.dll
2013-02-10 00:27 . 2011-10-12 12:50 144160 ----a-w- c:\windows\system32\nvcolor.exe
2013-02-08 02:37 . 2013-02-08 02:37 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2013-02-08 02:37 . 2013-02-08 02:37 245048 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-02-08 02:37 . 2013-02-08 02:37 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-02-08 02:37 . 2013-02-08 02:37 170808 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-02-08 02:37 . 2013-02-08 02:37 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-04-12 15:27 . 2013-04-12 15:27 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-02-10 15664416]
"NvMediaCenter"="NvMCTray.dll" [2013-02-10 223008]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-02-10 1982312]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-03-13 4394032]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-04-30 1223344]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Tapur\\Tapur.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PanProcess.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [8.2.2013 4:37 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [8.2.2013 4:37 245048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [8.2.2013 4:37 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [26.2.2013 23:40 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [1.3.2013 10:32 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [8.2.2013 4:37 170808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [14.2.2013 3:52 182072]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [30.4.2013 21:37 34592]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [9.1.2013 20:12 242240]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2013\avgfws.exe [19.2.2013 4:02 1418184]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [27.2.2013 23:42 4937264]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [19.2.2013 4:02 282624]
R2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [31.1.2013 18:12 625304]
R2 vToolbarUpdater15.1.0;vToolbarUpdater15.1.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe [30.4.2013 21:37 1008816]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12.1.2012 19:52 30944]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [12.10.2011 13:59 1390976]
S1 aglldzvz;aglldzvz;\??\c:\windows\system32\drivers\aglldzvz.sys --> c:\windows\system32\drivers\aglldzvz.sys [?]
S1 bsmrosfk;bsmrosfk;\??\c:\windows\system32\drivers\bsmrosfk.sys --> c:\windows\system32\drivers\bsmrosfk.sys [?]
S1 dnoemean;dnoemean;\??\c:\windows\system32\drivers\dnoemean.sys --> c:\windows\system32\drivers\dnoemean.sys [?]
S1 MpKsl8aff8dbc;MpKsl8aff8dbc;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C61C9544-E77F-42FF-856C-B8E0648F7D6F}\MpKsl8aff8dbc.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C61C9544-E77F-42FF-856C-B8E0648F7D6F}\MpKsl8aff8dbc.sys [?]
S1 vvnoixav;vvnoixav;\??\c:\windows\system32\drivers\vvnoixav.sys --> c:\windows\system32\drivers\vvnoixav.sys [?]
S1 xiokuroo;xiokuroo;\??\c:\windows\system32\drivers\xiokuroo.sys --> c:\windows\system32\drivers\xiokuroo.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [28.2.2013 18:45 161384]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12.1.2012 19:52 30944]
S3 cpuz130;cpuz130;\??\c:\docume~1\admin\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\admin\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [11.1.2012 8:11 32000]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [22.2.2012 12:34 22400]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [4.4.2012 17:38 30576]
S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [25.12.2012 15:35 13440]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [1.7.2010 15:21 34896]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 14:29]
.
2013-05-02 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 10:11]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www1.delta-search.com/?affID=119293&tt=110413_www1&babsrc=HP_ss&mntrId=6C6000248C66E6F9
mStart Page = hxxp://home.sweetim.com/?st=6&barid={FCC596D7-2D00-11E2-ABEC-00248C66E6F9}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
TCP: DhcpNameServer = 10.69.128.88 10.69.128.18
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.1.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\d8xswv77.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - ExtSQL: 2013-04-14 08:30; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: 2013-04-30 22:09; avg@toolbar; c:\documents and settings\All Users\Data aplikací\AVG Secure Search\FireFoxExt\15.1.0.2
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108602
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 6c60825e00000000000000248c66e6f9
FF - user.js: extensions.BabylonToolbar_i.hardId - 6c60825e00000000000000248c66e6f9
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15403
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:29
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-02 10:34
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OOSAFEERASE02.00.00.01MSWINDOWS"="4E1DC2504F396FB13EE216D226A34F07FA2071BD4EC399402B7D0A628DAB70F2A61EFA6A64CDAD19EF38F0DF8F7855353503E47711B21ECF6FF5E4B3D5DC7EBA02CFEFD75D27D02FF279E0A0FD5305AFB12D675FAFCC66C66EF593526B89E78BFD7AEED59ABF8DFA579BAAEB956CDA228E5E5502FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407A2D97226D213B555C038D530D6EB345245CBB7BF9695DFF7A8D3745C637363488DFBE855A72557CFB6E21421933E8634BC2E2B2860CF054110928C68D15CF1BB84A4BFEDCB0EBB82F0000B1EFBC6007EE03B944F90F9F1644CAB14ACF9DCD7426B7A96F848DD91621688508B8BF438FA2B247FB04CC0C3AE178D5F4E96EE4B5EDF47295E86FAC746BFC328367ABDF47359CE5B9F40C3BA80F1592742E07EA424418C1B5873C0EE1A522E3FBD080622C9EDD37BC19A1739CB9CE6085319EEE0BD33FC7079FEFB3E59F079A219F4AACD6E2F0118110D43481CA1C002A1841321E71E8091A21EEE8F980589448E07F82B6927D84B5B4E42938CC8A47A1EE735A9F32FB14E0DC84FE07C3C76FBBC09B592D7258F94C099876ACBA48538121211E3C7D4E05644FC48D2C1880D8314C616FB67B88F59392EF3C19F068AE816CFD8DD5BC41240A8BAF6ACB31D4EF8D712C6885BB9F65E8D4D613060848D1C1977B1463D767B046C066E5836746EDEA3C2E5FA0B4295D0DB3F1BF2F97B1D475FDE33730EA589009867B2E23E4BD61CE12F06B862B0F1BE95CCE0E96D0BFBC07E61EB5D83D2DA750AEC3FFD5823A27A54B8AFCEDF27461D8146E7184D94A04761DF5D22664344896DA682012141A2A98F3D5CE9170AFE42377D5725C2C0357A46BDF98214FC4C4749A8DD644C2E5B3A7CA5FBDE3086BDE82649CA5E0C7919DD41E1AC617D4DAE19F48C27471DB60623D6D970A3E408D8B21083D33275EEDD5BB83952C92A45DBD19AEE2869F0ED8EBF3247135385C1D8218A0D753666134A3E67323C68AF3876283B6F9EB3B526954DEF60AC2DF42A7B9C7EC52721D69ED8375C41AE8D3E3DD5B3AAB2BEADEB7B706FCA1BFD132AFB32EFAB9656CDD10C39DA785D622E96B186F211622D862B48A6AACE70398C32B3A3CAA1E8E1BEF71A4C21740305630D35C6C5692B03109E30746BDD5E84C4A9942840C72B1E96FDCC2A68DAB1386A0BAC0BF3033C4FBF8117CBFE2BE5FB0AC5A44E49D651D29CACE91C6D8A6C90238E407AA5034C14AF29A55097418DAECF4DADD5BEDD513DBD5EFD2157B4BB1714A8DAF0E76012C79D7BC9D94C7BDE1FAC9A3FB5E0BC250C090657EA2DE2A94864FD2E7D2BE6CBD36B70B5F6970AE6C55C1F2918D4AACB64B2A589E15D6DC7156149AC64473739951F985C65D774"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3964)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files\PANDORA.TV\PanService\PanProcess.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\RunDLL32.exe
.
**************************************************************************
.
Celkový čas: 2013-05-02 10:37:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-05-02 08:37
ComboFix2.txt 2013-05-01 17:28
.
Před spuštěním: Volných bajtů: 100 621 299 712
Po spuštění: Volných bajtů: 100 553 576 448
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - F335AC108E5EDA49DA1052F7390842E6

Re: Opět Policie

Napsal: 02 kvě 2013 13:18
od jessie
a k čemu jsou vůbec dobré ty logy ? :oops:

Re: Opět Policie

Napsal: 02 kvě 2013 19:29
od jessie
Bude to mít ještě nějaký pokračování ? Nebo sem to posílal zbytečně ?

Re: Opět Policie

Napsal: 02 kvě 2013 19:41
od cernohous13
Naughty píše:Zkus v nouzovem rezimu. Pak budu jeste domazavat. Ale nevim kdy, mozna zitra dopoledne enbo az pozde vecer po 22 hodine, podle toho jak budu stihat. Kdyby nahodou zatim.
Netlač na pilu - jsme tu ve svém volném čase :wink:
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz