Prosím o kontrolu logu

Zpráva

ralcar · #1 Příspěvek od **ralcar** » 29 kvě 2014 12:51

Roguekiller našel nějaký PUM a ještě falešný ovladač pro Mozillu. Vkládám log a děkuji.
Omlouvám se a dávám log z RSIT.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Radim at 2014-05-30 14:32:01
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 5 GB (4%) free of 114 GB
Total RAM: 2558 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:32:13, on 30.5.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Radim\Plocha\RSIT.exe
C:\Program Files\trend micro\Radim.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [GUDelayStartup] "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4879006000
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Serviio - Unknown owner - C:\Program Files\Serviio\bin\ServiioService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe

--
End of file - 4624 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x5cv0bn6.default-1395370747187

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.214 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-03 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-08-03 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2014-03-11 951576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2012-11-27 393728]
"GUDelayStartup"=C:\Program Files\Glary Utilities 5\StartupManager.exe [2014-05-14 37152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-23 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Aplikace\Balicky2013\jre\bin\java.exe"="C:\Aplikace\Balicky2013\jre\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Serviio\bin\ServiioService.exe"="C:\Program Files\Serviio\bin\ServiioService.exe:*:Enabled:Serviio"
"C:\Program Files\Serviio\bin\ServiioConsole.exe"="C:\Program Files\Serviio\bin\ServiioConsole.exe:*:Enabled:Serviio"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe"="C:\Program Files\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe:*:Enabled:Update Engine"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FMVC"=fmcodec.dll

======File associations======

.js - edit -
.js - open - "C:\Program Files\URUSoft\Subtitle Workshop\SubtitleWorkshop.exe" /OPEN("%1")

======List of files/folders created in the last 1 month======

2014-05-30 14:32:01 ----D---- C:\rsit
2014-05-29 13:14:07 ----D---- C:\Documents
2014-05-29 13:14:07 ----A---- C:\WINDOWS\system32\drivers\TrueSight.sys
2014-05-29 13:14:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\RogueKiller
2014-05-28 18:08:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sony Mobile
2014-05-28 18:07:54 ----D---- C:\Program Files\Sony Mobile
2014-05-23 15:21:15 ----D---- C:\Program Files\Cheat Engine 6.3
2014-05-16 11:34:14 ----SHD---- C:\RECYCLER
2014-05-16 00:07:36 ----D---- C:\WINDOWS\Temp
2014-05-16 00:07:36 ----A---- C:\WINDOWS\zoek-delete.exe
2014-05-15 23:59:36 ----D---- C:\zoek_backup
2014-05-15 12:55:21 ----A---- C:\sc-cleaner.txt
2014-05-15 12:31:44 ----A---- C:\WINDOWS\system32\sqlite3.dll
2014-05-15 12:31:19 ----D---- C:\AdwCleaner
2014-05-15 11:41:35 ----A---- C:\WINDOWS\system32\BootDefrag.exe
2014-05-15 11:07:03 ----A---- C:\WINDOWS\system32\drivers\GUBootStartup.sys
2014-05-15 11:06:49 ----D---- C:\Program Files\Glary Utilities 5
2014-05-14 09:09:04 ----D---- C:\Program Files\Common Files\DESIGNER
2014-05-10 18:09:55 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 month======

2014-05-30 14:32:13 ----D---- C:\Program Files\trend micro
2014-05-30 14:32:07 ----D---- C:\WINDOWS\Prefetch
2014-05-30 14:31:50 ----D---- C:\Documents and Settings\Radim\Data aplikací\uTorrent
2014-05-30 14:25:41 ----D---- C:\Filmy
2014-05-30 13:48:32 ----AD---- C:\Moje filmy
2014-05-29 15:03:22 ----SHD---- C:\System Volume Information
2014-05-29 15:03:22 ----D---- C:\WINDOWS\system32\Restore
2014-05-29 15:03:11 ----D---- C:\WINDOWS\system32
2014-05-29 14:40:20 ----D---- C:\WINDOWS\system32\drivers
2014-05-29 14:33:34 ----D---- C:\WINDOWS\system32\config
2014-05-29 14:33:08 ----D---- C:\WINDOWS
2014-05-29 14:32:42 ----D---- C:\Program Files\CCleaner
2014-05-29 13:33:34 ----D---- C:\WINDOWS\system32\CatRoot2
2014-05-28 18:07:54 ----RD---- C:\Program Files
2014-05-28 18:05:56 ----D---- C:\Program Files\Sony Ericsson
2014-05-28 18:05:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sony Ericsson
2014-05-28 17:58:34 ----HD---- C:\WINDOWS\inf
2014-05-28 17:49:45 ----DC---- C:\WINDOWS\system32\DRVSTORE
2014-05-28 17:47:10 ----HD---- C:\Program Files\InstallShield Installation Information
2014-05-28 03:40:49 ----A---- C:\WINDOWS\win.ini
2014-05-26 14:08:03 ----D---- C:\Install
2014-05-24 16:10:26 ----A---- C:\WINDOWS\NeroDigital.ini
2014-05-16 00:01:14 ----D---- C:\WINDOWS\system32\drivers\etc
2014-05-15 15:12:46 ----SHD---- C:\WINDOWS\Installer
2014-05-15 11:32:01 ----SD---- C:\WINDOWS\Tasks
2014-05-15 11:13:23 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-05-15 11:07:11 ----D---- C:\Program Files\Glary Utilities 4
2014-05-15 11:07:11 ----D---- C:\Documents and Settings\Radim\Data aplikací\GlarySoft
2014-05-14 09:09:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2014-05-14 09:09:04 ----D---- C:\Program Files\Common Files
2014-05-12 07:20:59 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-05-09 06:51:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-06 16:59:33 ----D---- C:\Documents and Settings\Radim\Data aplikací\Vso
2014-05-06 16:59:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\VSO
2014-05-03 02:30:05 ----RSHDC---- C:\WINDOWS\system32\dllcache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 GUBootStartup;GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [2014-05-15 17088]
R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2011-07-18 432664]
R0 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2014-01-25 231960]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2008-04-14 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2008-04-14 55936]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-23 1578496]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2011-08-30 6435432]
R3 NETw3x32;Ovladač adaptéru Intel(R) PRO/Wireless 3945ABG pro Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-09-27 1709696]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2005-09-30 78720]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-09-16 846792]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S0 BootDefragDriver;BootDefragDriver; C:\WINDOWS\System32\drivers\BootDefragDriver.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S1 MpKsl247733c8;MpKsl247733c8; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKsl247733c8.sys []
S1 MpKslb7b84e2a;MpKslb7b84e2a; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKslb7b84e2a.sys []
S1 MpKslefaba5f7;MpKslefaba5f7; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKslefaba5f7.sys []
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-03-11 22216]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-05-10 119408]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15 257712]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Serviio;Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [2013-03-22 323584]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-23 409600]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Radim [Práva správce]
Mód : Kontrola -- Datum : 05/29/2014 13:37:47
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 1 ¤¤¤
[HJ][PUM] HKLM\[...]\SystemRestore : DisableSR (1) -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
[Address] EAT @firefox.exe (FREEBL_GetVector) : nssckbi.dll -> HOOKED (C:\Program Files\Mozilla Firefox\freebl3.dll @ 0x0AFB1000)

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD1200BEVS-07LAT0 +++++
--- User ---
[MBR] cbdd76dd6c2bfbb164e0218072db8c4c
[BSP] 5fdf83df0a734d986837b18d079676b6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 114463 MB
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_S_05292014_133747.txt >>

#2 Příspěvek od **Roli** » 30 kvě 2014 15:56

Zdravím, smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém

Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.

V případě nejasností je ZDE obrázkový návod.

ralcar · #3 Příspěvek od **ralcar** » 31 kvě 2014 14:38

Vkládám log z Combofixu. Ale nezůstane to v bodu obnovení?

ComboFix 14-05-29.01 - Radim 31.05.2014 14:26:48.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2558.2128 [GMT 2:00]
Spuštěný z: c:\documents and settings\Radim\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-04-28 do 2014-05-31 )))))))))))))))))))))))))))))))
.
.
2014-05-30 22:40 . 2014-04-30 23:37 8073384 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{47432F66-C426-4866-B66D-4C6579EA5851}\mpengine.dll
2014-05-30 12:32 . 2014-05-30 12:32 -------- d-----w- C:\rsit
2014-05-29 11:14 . 2014-05-29 12:07 26624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-05-29 11:14 . 2014-05-29 11:14 -------- d-----w- C:\Documents
2014-05-29 11:14 . 2014-05-29 11:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RogueKiller
2014-05-29 11:03 . 2014-04-30 23:37 8073384 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-28 16:08 . 2014-05-28 16:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Sony Mobile
2014-05-28 16:07 . 2014-05-28 16:07 -------- d-----w- c:\program files\Sony Mobile
2014-05-24 12:53 . 2014-05-24 12:53 -------- d-----w- c:\documents and settings\Radim\aTubeCatcher
2014-05-23 13:21 . 2014-05-23 13:21 -------- d-----w- c:\program files\Cheat Engine 6.3
2014-05-15 22:07 . 2014-05-15 21:59 24064 ----a-w- c:\windows\zoek-delete.exe
2014-05-15 21:59 . 2014-05-15 22:06 -------- d-----w- C:\zoek_backup
2014-05-15 10:31 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-05-15 10:31 . 2014-05-15 16:47 -------- d-----w- C:\AdwCleaner
2014-05-15 09:41 . 2014-05-14 08:39 101664 ----a-w- c:\windows\system32\BootDefrag.exe
2014-05-15 09:07 . 2014-05-15 09:07 17088 ----a-w- c:\windows\system32\drivers\GUBootStartup.sys
2014-05-15 09:06 . 2014-05-31 12:16 -------- d-----w- c:\program files\Glary Utilities 5
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-15 09:13 . 2012-04-11 11:43 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-15 09:13 . 2011-09-10 15:24 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-31 20:46 . 2014-03-31 20:46 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2014-03-31 20:46 . 2014-03-31 20:46 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2014-03-06 17:58 . 2008-04-14 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 17:58 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2014-03-06 17:58 . 2008-04-14 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2014-03-06 17:58 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-03-06 00:46 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-02-07 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
.
[-] 2011-07-18 . E3B22F050F840306FD522227F68046C5 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-11-27 393728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Aplikace\\Balicky2013\\jre\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Serviio\\bin\\ServiioService.exe"=
"c:\\Program Files\\Serviio\\bin\\ServiioConsole.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Sony Mobile\\Update Engine\\Sony Mobile Update Engine.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 GUBootStartup;GUBootStartup;c:\windows\system32\drivers\GUBootStartup.sys [15.5.2014 11:07 17088]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [7.8.2012 15:33 27632]
S0 BootDefragDriver;BootDefragDriver;c:\windows\system32\drivers\BootDefragDriver.sys --> c:\windows\system32\drivers\BootDefragDriver.sys [?]
S1 MpKsl247733c8;MpKsl247733c8;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKsl247733c8.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKsl247733c8.sys [?]
S1 MpKslb7b84e2a;MpKslb7b84e2a;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKslb7b84e2a.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKslb7b84e2a.sys [?]
S1 MpKslefaba5f7;MpKslefaba5f7;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKslefaba5f7.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKslefaba5f7.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [23.10.2013 8:15 172192]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [7.8.2012 15:38 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [7.8.2012 15:38 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [7.8.2012 15:38 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [7.8.2012 15:38 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [7.8.2012 15:38 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [7.8.2012 15:38 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [7.8.2012 15:38 115752]
S3 Serviio;Serviio;c:\program files\Serviio\bin\ServiioService.exe [22.3.2013 16:58 323584]
S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [7.8.2012 15:38 155824]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 8.8.8.8 172.22.52.5
FF - ProfilePath - c:\documents and settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x5cv0bn6.default-1395370747187\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - user.js: nglayout.initialpaint.delay - 100
FF - user.js: content.notify.ontimer - true
FF - user.js: content.notify.interval - 100000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 4
FF - user.js: network.http.max-persistent-connections-per-server - 2
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-31 14:33
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1076)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1024)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2014-05-31 14:35:24
ComboFix-quarantined-files.txt 2014-05-31 12:35
.
Před spuštěním: 3 237 806 080
Po spuštění: 3 269 091 328
.
- - End Of File - - 3E1683D44E0878EE67F98F6053EF7CC4

#4 Příspěvek od **Roli** » 01 čer 2014 18:33

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.

Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.

Pak ještě použij Mbam z mého podpisu a dej mi sem z něj log.

ralcar · #5 Příspěvek od **ralcar** » 01 čer 2014 19:58

Roguekiller stále detekuje ten PUM a falešný ovladač v Mozille.

Malwarebytes Anti-Malware (PRO) 1.75.0.130
http://www.malwarebytes.org

Database version: v2014.06.01.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Radim :: 84B938A95D0145B [administrator]

Protection: Disabled

1.6.2014 20:48:02
mbam-log-2014-06-01 (20-48-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 261954
Time elapsed: 6 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\Softonic\Universal Downloader (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#6 Příspěvek od **Roli** » 01 čer 2014 20:53

Stáhni a ulož na plochu AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem spusť,

objeví se okno kde vlevo nahoře klikni na Scan.

Po té proběhne sken a po jeho skončení klikni na Report a to co na Tebe vypadne mi sem zkopíruj.

ralcar · #7 Příspěvek od **ralcar** » 03 čer 2014 10:51

Pro jistotu jsem vypnul bod obnovení a projel to ještě jednou ADWC a je tam stále něco z Mozilly asi pořád ten nahlášený falešný ovladač a něco z Chromu.

# AdwCleaner v3.211 - Report created 03/06/2014 at 11:18:22
# Updated 26/05/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Radim - 84B938A95D0145B
# Running from : C:\Documents and Settings\Radim\Plocha\adwcleaner_3.211.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x5cv0bn6.default-1395370747187\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Softonic

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v29.0.1 (cs)

[ File : C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x5cv0bn6.default-1395370747187\prefs.js ]

-\\ Google Chrome v

[ File : C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R8].txt - [1130 octets] - [03/06/2014 11:09:24]
AdwCleaner[S6].txt - [1056 octets] - [03/06/2014 11:18:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [1116 octets] ##########

#8 Příspěvek od **Roli** » 03 čer 2014 17:26

Znovu spusť AdwCleaner ale tentokrát klikni na Clean,

proběhne restart PC kdy dojde ke smazání nepořádku.

Po té mi sem zase zkopíruj Report.

Pak už by měl být klid

ralcar · #9 Příspěvek od **ralcar** » 03 čer 2014 23:38

# AdwCleaner v3.211 - Report created 04/06/2014 at 00:32:59
# Updated 26/05/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Radim - 84B938A95D0145B
# Running from : C:\Documents and Settings\Radim\Plocha\adwcleaner_3.211.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v29.0.1 (cs)

[ File : C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x5cv0bn6.default-1395370747187\prefs.js ]

-\\ Google Chrome v

[ File : C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R10].txt - [1212 octets] - [04/06/2014 00:31:41]
AdwCleaner[R8].txt - [1130 octets] - [03/06/2014 11:09:24]
AdwCleaner[R9].txt - [1090 octets] - [03/06/2014 11:35:40]
AdwCleaner[S6].txt - [1196 octets] - [03/06/2014 11:18:22]
AdwCleaner[S7].txt - [1152 octets] - [03/06/2014 11:37:23]
AdwCleaner[S8].txt - [1133 octets] - [04/06/2014 00:32:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [1193 octets] ##########

#10 Příspěvek od **Roli** » 04 čer 2014 17:25

Bezva a stav PC ?

ralcar · #11 Příspěvek od **ralcar** » 05 čer 2014 16:05

Řekl bych, že dobrý. Ale stejně se chci zeptat, proč Roguekiller hlásí stále ten PUM i když je asi zakázán? A ten falešný ovladač v Mozille? Díky moc. Vkládám log

RogueKiller V9.0.0.0 [May 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Radim [Práva správce]
Mód : Kontrola -- Datum : 06/05/2014 17:28:19

====================== Environment
[isX64] 0
[APPDATA] C:\Documents and Settings\Radim\Data aplikací
[DESKTOP] C:\Documents and Settings\Radim\Plocha
[CAPPDATA] C:\Documents and Settings\All Users\Data aplikací
[CDESKTOP] C:\Documents and Settings\All Users\Plocha
[CDOCS] C:\Documents and Settings\All Users\Dokumenty
[CPROG] C:\Documents and Settings\All Users\Nabídka Start\Programy
[CSTARTMENU] C:\Documents and Settings\All Users\Nabídka Start
[DOCS] C:\Documents and Settings\Radim\Dokumenty
[FAVS] C:\Documents and Settings\Radim\Oblíbené položky
[LAPPDATA] C:\Documents and Settings\Radim\Local Settings\Data aplikací
[MUSIC] C:\Documents and Settings\Radim\Dokumenty\Hudba
[PICTS] C:\Documents and Settings\Radim\Dokumenty\Obrázky
[PROG] C:\Program Files
[PROGX86]
[QUICKLNCH] C:\Documents and Settings\Radim\Data aplikací\Microsoft\Internet Explorer\Quick Launch
[STARTMENU] C:\Documents and Settings\Radim\Nabídka Start
[SYS32] C:\WINDOWS\system32
[SYSWOW64] C:\WINDOWS\system32
[TMP] C:\DOCUME~1\Radim\LOCALS~1\Temp
[USER] C:\Documents and Settings\Radim
[VIDEOS] C:\Documents and Settings\Radim\Dokumenty\Filmy
[WINDOWS] C:\WINDOWS
[STARTUP FOLDER] C:\Documents and Settings\Radim\Nabídka Start\Programy\Po spuštění
[CSTARTUP FOLDER] C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
[INTERNET] 1
============================================

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 2 ¤¤¤
[PUM.Policies] HKEY_USERS\S-1-5-21-1708537768-1364589140-1177238915-1004\Software\Microsoft\Windows\CurrentVersion\Policies\System | disableregistrytools : 0 -> NALEZENO
[PUM.SysRestore] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore | DisableSR : 1 -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 2 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts]
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD1200BEVS-07LAT0 +++++
--- User ---
[MBR] cbdd76dd6c2bfbb164e0218072db8c4c
[BSP] 5fdf83df0a734d986837b18d079676b6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 114463 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_DEBUG_SCN_05292014_131854.log

#12 Příspěvek od **Roli** » 05 čer 2014 17:34

ralcar píše:Řekl bych, že dobrý. Ale stejně se chci zeptat, proč Roguekiller hlásí stále ten PUM i když je asi zakázán? A ten falešný ovladač v Mozille?

Ten PUM co hlásí je Bod obnovy a není to žádný falešný ovladač Mozilli, ale pozůstatek po toolbaru Pando.

ralcar · #13 Příspěvek od **ralcar** » 06 čer 2014 11:52

Mám ten pozůstatek smazat ručně? Díky moc a nashle.

#14 Příspěvek od **Roli** » 06 čer 2014 17:13

ralcar píše:Mám ten pozůstatek smazat ručně? Díky moc a nashle.

Pokud myslíš ten po tom toolbaru tak ano

ralcar · #15 Příspěvek od **ralcar** » 07 čer 2014 12:35

Který z těch dvou to je?

¤¤¤ ¤¤¤ Záznamy Registrů: : 2 ¤¤¤
[PUM.Policies] HKEY_USERS\S-1-5-21-1708537768-1364589140-1177238915-1004\Software\Microsoft\Windows\CurrentVersion\Policies\System | disableregistrytools : 0 -> NALEZENO
[PUM.SysRestore] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore | DisableSR : 1 -> NALEZENO

A toto je v pořádku?

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v29.0.1 (cs)

[ File : C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x5cv0bn6.default-1395370747187\prefs.js ]

-\\ Google Chrome v

[ File : C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]

VIRY.CZ

Prosím o kontrolu logu

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu