Prosím o kontrolu desktop 2010

[Duhen]

Tak jsem zde a brzo vložím log Mbam


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4060

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

3.5.2010 11:07:19
mbam-log-2010-05-03 (11-07-19).txt

Typ skenu: Úplný sken (C:\|D:\|)
Skenované objekty: 168780
Uplynulý čas: 23 minuta(y), 35 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 2
Infikované soubory: 27

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
C:\Documents and Settings\Uzivatel\Nabídka Start\Programy\Desktop Security 2010 (Rogue.DesktopSecurity2010) -> No action taken.
C:\Documents and Settings\Uzivatel\Data aplikací\Desktop Security 2010 (Rogue.DesktopSecurity2010) -> No action taken.

Infikované soubory:
C:\System Volume Information\_restore{8FFBEF89-8E29-43C9-A755-B4FA6F828D3B}\RP513\A0070798.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{8FFBEF89-8E29-43C9-A755-B4FA6F828D3B}\RP513\A0070813.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{8FFBEF89-8E29-43C9-A755-B4FA6F828D3B}\RP513\A0070814.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{8FFBEF89-8E29-43C9-A755-B4FA6F828D3B}\RP513\A0070815.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{8FFBEF89-8E29-43C9-A755-B4FA6F828D3B}\RP513\A0070816.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{8FFBEF89-8E29-43C9-A755-B4FA6F828D3B}\RP513\A0070817.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{8FFBEF89-8E29-43C9-A755-B4FA6F828D3B}\RP514\A0071095.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{8FFBEF89-8E29-43C9-A755-B4FA6F828D3B}\RP514\A0071096.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{8FFBEF89-8E29-43C9-A755-B4FA6F828D3B}\RP514\A0071097.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{8FFBEF89-8E29-43C9-A755-B4FA6F828D3B}\RP514\A0071098.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{8FFBEF89-8E29-43C9-A755-B4FA6F828D3B}\RP514\A0071099.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{8FFBEF89-8E29-43C9-A755-B4FA6F828D3B}\RP514\A0071100.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{8FFBEF89-8E29-43C9-A755-B4FA6F828D3B}\RP514\A0071102.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{8FFBEF89-8E29-43C9-A755-B4FA6F828D3B}\RP514\A0071103.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{8FFBEF89-8E29-43C9-A755-B4FA6F828D3B}\RP514\A0071104.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{8FFBEF89-8E29-43C9-A755-B4FA6F828D3B}\RP514\A0071106.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Uzivatel\Nabídka Start\Programy\Desktop Security 2010\Activate Desktop Security 2010.lnk (Rogue.DesktopSecurity2010) -> No action taken.
C:\Documents and Settings\Uzivatel\Nabídka Start\Programy\Desktop Security 2010\Desktop Security 2010.lnk (Rogue.DesktopSecurity2010) -> No action taken.
C:\Documents and Settings\Uzivatel\Nabídka Start\Programy\Desktop Security 2010\Help Desktop Security 2010.lnk (Rogue.DesktopSecurity2010) -> No action taken.
C:\Documents and Settings\Uzivatel\Nabídka Start\Programy\Desktop Security 2010\How to Activate Desktop Security 2010.lnk (Rogue.DesktopSecurity2010) -> No action taken.
C:\Documents and Settings\Uzivatel\Data aplikací\Desktop Security 2010\mfc71.dll (Rogue.DesktopSecurity2010) -> No action taken.
C:\Documents and Settings\Uzivatel\Data aplikací\Desktop Security 2010\MFC71ENU.DLL (Rogue.DesktopSecurity2010) -> No action taken.
C:\Documents and Settings\Uzivatel\Data aplikací\Desktop Security 2010\msvcp71.dll (Rogue.DesktopSecurity2010) -> No action taken.
C:\Documents and Settings\Uzivatel\Data aplikací\Desktop Security 2010\msvcr71.dll (Rogue.DesktopSecurity2010) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\temp\ie1B.tmp (Malware.Trace) -> No action taken.
C:\Documents and Settings\Uzivatel\Nabídka Start\Programy\Desktop Security 2010.LNK (Rogue.DesktopSecurity2010) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\temp\ie3.tmp (Trojan.Agent) -> No action taken.

[motji]

Co našel mbam, smažte, za chvilku vložím skript na combofix

[motji]

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Restore::
c:\windows\system32\userinit.exe

Collect::
c:\program files\common files\lightscribe\content\fra\gettingstarted.exe
c:\program files\broadcom\bacs\broadcomsuite.exe
c:\program files\common files\lightscribe\content\dan\startedgetting.exe
c:\program files\ahead\coverdesigner\designerdesigner.exe
c:\program files\ahead\nero soundtrax\soundtraxsoundtrax.exe

Registry::
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartedGetting"=-
"GettingStarted"=-
"ManagementApplication"=-
"StartedGetting27449"=-
"DesignerDesigner"=-
"NeroSoundTrax10048"=-

DDS::
uLocal Page = hxxp://www.the-exit.com
uStart Page = hxxp://www.centrum.cz/skinit/icq/
uDefault_Search_URL = hxxp://www.the-exit.com
mLocal Page = hxxp://www.the-exit.com
mStart Page = hxxp://www.the-exit.com
uCustomizeSearch = hxxp://www.the-exit.com/search
uSearchAssistant = hxxp://www.the-exit.com/search

Folder::
C:\Documents and Settings\Uzivatel\Data aplikací\Desktop Security 2010

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

[Duhen]

ComboFix 10-05-02.03 - Uzivatel 03.05.2010 13:12:59.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2039.1536 [GMT 2:00]
Spuštěný z: c:\documents and settings\Uzivatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Uzivatel\Plocha\CFScript.txt

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Možné infikované stránky -----

hxxp://banksguard com
Nakažená kopie c:\windows\system32\userinit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\userinit.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-03 do 2010-05-03 )))))))))))))))))))))))))))))))
.

2010-05-03 08:36 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-03 08:36 . 2010-05-03 08:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-03 08:36 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-01 08:46 . 2010-05-01 08:46 -------- d-----w- c:\program files\Alwil Software
2010-05-01 08:33 . 2010-05-01 09:03 -------- d-----w- c:\program files\trend micro
2010-05-01 08:33 . 2010-05-01 08:33 -------- d-----w- C:\rsit
2010-05-01 08:30 . 2010-05-01 08:54 -------- d-----w- c:\program files\CCleaner
2010-05-01 07:27 . 2010-05-01 07:27 390144 ----a-w- c:\windows\system32\CF2501.exe
2010-04-20 20:51 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-03 11:15 . 2004-08-18 12:00 46488 ----a-w- c:\windows\system32\perfc005.dat
2010-05-03 11:15 . 2004-08-18 12:00 310592 ----a-w- c:\windows\system32\perfh005.dat
2010-05-03 08:43 . 2010-01-20 15:57 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-01 09:16 . 2007-12-21 22:37 -------- d-----w- c:\program files\Common Files\LightScribe
2010-05-01 09:11 . 2008-10-19 12:55 -------- d-----w- c:\program files\OpenAL
2010-05-01 09:09 . 2008-03-02 14:19 -------- d-----w- c:\program files\Horsez Dědictví hřebčína
2010-05-01 09:08 . 2007-12-22 16:59 -------- d-----w- c:\program files\SystemRequirementsLab
2010-05-01 09:05 . 2008-07-05 18:30 -------- d-----w- c:\program files\Faraónovo tajemství
2010-05-01 09:02 . 2008-05-25 12:42 -------- d-----w- c:\program files\McDonaldsDragons
2010-05-01 08:59 . 2007-12-21 23:24 -------- d-----w- c:\program files\Microsoft Works
2010-05-01 08:59 . 2010-03-31 01:19 -------- d-----w- c:\program files\Common Files\Skype
2010-05-01 08:58 . 2009-06-08 16:22 -------- d-----w- c:\program files\ICQ6.5
2010-05-01 08:53 . 2008-08-23 08:37 -------- d-----w- c:\program files\Beach Soccer
2010-05-01 08:53 . 2008-10-22 20:34 -------- d-----w- c:\program files\PC Connectivity Solution
2010-05-01 08:53 . 2008-05-09 14:47 -------- d-----w- c:\program files\Windows Media Connect 2
2010-05-01 08:52 . 2009-05-18 17:21 -------- d-----w- c:\program files\ICQ6Toolbar
2010-05-01 08:51 . 2008-10-05 16:18 -------- d-----w- c:\program files\McDonaldsFairies
2010-05-01 08:51 . 2008-07-06 07:11 -------- d-----w- c:\program files\Medvěd Míša - Nová dobrodružství
2010-03-11 12:36 . 2004-08-18 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:36 . 2004-08-18 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:36 . 2004-08-18 12:00 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:11 . 2004-08-18 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 13:11 . 2004-08-18 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:08 . 2004-08-18 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:08 . 2004-08-17 15:45 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:35 . 2004-08-18 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-18 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-05-01_07.35.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 22:02 . 2009-07-11 22:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2004-08-18 12:00 . 2008-04-14 03:22 26112 c:\windows\system32\userinit.exe
+ 2004-08-18 12:00 . 2010-05-03 11:15 40380 c:\windows\system32\perfc009.dat
+ 2009-07-11 22:02 . 2009-07-11 22:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2004-08-18 12:00 . 2010-05-03 11:15 312184 c:\windows\system32\perfh009.dat
+ 2010-05-01 11:50 . 2010-05-01 11:50 262144 c:\windows\system32\config\systemprofile\NtUser.dat
+ 2010-05-01 08:46 . 2010-05-01 08:46 219648 c:\windows\Installer\1b4c1e.msi
+ 2009-07-11 22:02 . 2009-07-11 22:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-11-19 2295072]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-19 68856]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetRefresh"="c:\program files\COMPAQ\SetRefresh\\SetRefresh.exe" [2003-11-20 525824]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-11 16267776]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-07 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-07 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-07 137752]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-23 8466432]
"nwiz"="nwiz.exe" [2007-12-23 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-23 81920]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 3100672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\Uzivatel\\temp\\TeamViewer3\\TeamViewer.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [18.5.2009 19:21 222456]
S2 gupdate1c9f6aaa92b81a6;Služba Google Update (gupdate1c9f6aaa92b81a6);c:\program files\Google\Update\GoogleUpdate.exe [27.6.2009 0:08 133104]
S3 HPKBCCID;HP Keyboard Smart Card Driver;c:\windows\system32\drivers\HPKBCCID.sys [22.12.2007 0:30 46976]
S3 STC2DFU;STCII DFU Adapter;c:\windows\system32\drivers\Stc2Dfu.sys [25.10.2004 1:04 7796]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-11-19 13:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 22:08]

2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 22:08]
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://www.the-exit.com/search
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
FF - ProfilePath - c:\documents and settings\Uzivatel\Data aplikací\Mozilla\Firefox\Profiles\5ai9gjar.default\
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-CoverCoverEd - c:\program files\ahead\coverdesigner\designerdesigner.exe
HKLM-Run-LSSProxyLSCMHT - c:\program files\common files\lightscribe\lsprintdialogmsvcm80.exe
HKLM-Run-GettingStarted - c:\program files\common files\lightscribe\content\fra\gettingstarted.exe
HKLM-Run-InstallShieldObject - c:\program files\common files\installshield\professional\runtime\installshieldobjectps.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-03 13:18
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2316)
c:\windows\system32\btmmhook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Celkový čas: 2010-05-03 13:19:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-03 11:19
ComboFix2.txt 2010-05-01 07:49
ComboFix3.txt 2010-05-01 07:38

Před spuštěním: Volných bajtů: 29 975 207 936
Po spuštění: Volných bajtů: 29 948 194 816

- - End Of File - - 00408A60B8194632120F0247B10123A2

[motji]

Ještě jeden skript

Kód: Vybrat vše

Extra::
DDS::
uSearchAssistant = hxxp://www.the-exit.com/search

Jak to vypadá s počítačem?

[Duhen]

Zdá se vše v pořádku , explorer jsem přeinstaloval na IE 8 a už funguje. Také jsem nainstaloval Eset Smart Security 4

ComboFix 10-05-02.03 - Uzivatel 03.05.2010 14:41:15.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2039.1619 [GMT 2:00]
Spuštěný z: c:\documents and settings\Uzivatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Uzivatel\Plocha\CFScript.txt

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-04-03 do 2010-05-03 )))))))))))))))))))))))))))))))
.

2010-05-03 08:36 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-03 08:36 . 2010-05-03 08:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-03 08:36 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-01 08:46 . 2010-05-01 08:46 -------- d-----w- c:\program files\Alwil Software
2010-05-01 08:33 . 2010-05-01 09:03 -------- d-----w- c:\program files\trend micro
2010-05-01 08:33 . 2010-05-01 08:33 -------- d-----w- C:\rsit
2010-05-01 08:30 . 2010-05-01 08:54 -------- d-----w- c:\program files\CCleaner
2010-05-01 07:27 . 2010-05-01 07:27 390144 ----a-w- c:\windows\system32\CF2501.exe
2010-04-20 20:51 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-03 11:20 . 2004-08-18 12:00 46488 ----a-w- c:\windows\system32\perfc005.dat
2010-05-03 11:20 . 2004-08-18 12:00 310592 ----a-w- c:\windows\system32\perfh005.dat
2010-05-03 08:43 . 2010-01-20 15:57 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-01 09:16 . 2007-12-21 22:37 -------- d-----w- c:\program files\Common Files\LightScribe
2010-05-01 09:11 . 2008-10-19 12:55 -------- d-----w- c:\program files\OpenAL
2010-05-01 09:09 . 2008-03-02 14:19 -------- d-----w- c:\program files\Horsez Dědictví hřebčína
2010-05-01 09:08 . 2007-12-22 16:59 -------- d-----w- c:\program files\SystemRequirementsLab
2010-05-01 09:05 . 2008-07-05 18:30 -------- d-----w- c:\program files\Faraónovo tajemství
2010-05-01 09:02 . 2008-05-25 12:42 -------- d-----w- c:\program files\McDonaldsDragons
2010-05-01 08:59 . 2007-12-21 23:24 -------- d-----w- c:\program files\Microsoft Works
2010-05-01 08:59 . 2010-03-31 01:19 -------- d-----w- c:\program files\Common Files\Skype
2010-05-01 08:58 . 2009-06-08 16:22 -------- d-----w- c:\program files\ICQ6.5
2010-05-01 08:53 . 2008-08-23 08:37 -------- d-----w- c:\program files\Beach Soccer
2010-05-01 08:53 . 2008-10-22 20:34 -------- d-----w- c:\program files\PC Connectivity Solution
2010-05-01 08:53 . 2008-05-09 14:47 -------- d-----w- c:\program files\Windows Media Connect 2
2010-05-01 08:52 . 2009-05-18 17:21 -------- d-----w- c:\program files\ICQ6Toolbar
2010-05-01 08:51 . 2008-10-05 16:18 -------- d-----w- c:\program files\McDonaldsFairies
2010-05-01 08:51 . 2008-07-06 07:11 -------- d-----w- c:\program files\Medvěd Míša - Nová dobrodružství
2010-03-11 12:36 . 2004-08-18 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:36 . 2004-08-18 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:36 . 2004-08-18 12:00 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:11 . 2004-08-18 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 13:11 . 2004-08-18 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:08 . 2004-08-18 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:08 . 2004-08-17 15:45 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:35 . 2004-08-18 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-18 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-05-01_07.35.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 22:02 . 2009-07-11 22:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2010-05-01 11:50 . 2010-05-01 11:50 262144 c:\windows\system32\config\systemprofile\NtUser.dat
+ 2010-05-01 08:46 . 2010-05-01 08:46 219648 c:\windows\Installer\1b4c1e.msi
+ 2009-07-11 22:02 . 2009-07-11 22:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-11-19 2295072]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-19 68856]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetRefresh"="c:\program files\COMPAQ\SetRefresh\\SetRefresh.exe" [2003-11-20 525824]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-11 16267776]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-07 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-07 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-07 137752]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-23 8466432]
"nwiz"="nwiz.exe" [2007-12-23 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-23 81920]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 3100672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\Uzivatel\\temp\\TeamViewer3\\TeamViewer.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [18.5.2009 19:21 222456]
S2 gupdate1c9f6aaa92b81a6;Služba Google Update (gupdate1c9f6aaa92b81a6);c:\program files\Google\Update\GoogleUpdate.exe [27.6.2009 0:08 133104]
S3 HPKBCCID;HP Keyboard Smart Card Driver;c:\windows\system32\drivers\HPKBCCID.sys [22.12.2007 0:30 46976]
S3 STC2DFU;STCII DFU Adapter;c:\windows\system32\drivers\Stc2Dfu.sys [25.10.2004 1:04 7796]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-11-19 13:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 22:08]

2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 22:08]
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://www.the-exit.com/search
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
FF - ProfilePath - c:\documents and settings\Uzivatel\Data aplikací\Mozilla\Firefox\Profiles\5ai9gjar.default\
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2768)
c:\windows\system32\btmmhook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-05-03 14:44:39
ComboFix-quarantined-files.txt 2010-05-03 12:44
ComboFix2.txt 2010-05-03 11:19
ComboFix3.txt 2010-05-01 07:49
ComboFix4.txt 2010-05-01 07:38

Před spuštěním: Volných bajtů: 29 962 887 168
Po spuštění: Volných bajtů: 29 951 156 224

- - End Of File - - 50D5F43DC581A2708FEE4C65382DBE0B

[motji]

Pokud by vám to nevadilo, raději bych ještě něco ověřila, poslední combofix je nějaký tajemný

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.

[Duhen]

Tady je zatím jednička, dvojka se tvoří

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-05-03 16:01:46
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Uzivatel\LOCALS~1\Temp\pxtdapow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

---- EOF - GMER 1.0.15 ----




GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-03 16:50:04
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Uzivatel\LOCALS~1\Temp\pxtdapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xB4426610]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xB4426C10]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xB4426730]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xB44264B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xB4426570]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xB44266D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xB4426690]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xB4426650]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xB44267D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xB4426510]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xB4426590]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0xB44264D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xB44265D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xB4426750]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB90B8380, 0x2FF527, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[3820] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

---- EOF - GMER 1.0.15 ----


Snad je to komplet , ale možná se to seklo, přestalo to najednou pracovat a tak jsem myslel , že to je hotové......

[motji]

Zkuste ten druhý sken ještě v nouzovém režimu.
Jak to vypadá s pc?

[Duhen]

PC se chová normálně po instalaci Eset Nod Security našel ještě 4 mrchy které jsem smazal, po desktop 2010 ani památky
K PC se zase dostanu ve středu, ale myslím , že už je v pořádku. Odinstaloval jsem combofix , mbam, a ostatní a dočistil jsem T-Cleaner .

Co bych ještě měl udělat?

[motji]

Vložit nový log ze Rsitu

[Duhen]

Tak asi Rsit log nebude, K PC se tak brzo nedostanu. Je to PC známého a už ho potřeboval.
Věřím, že jste jako vždy odvedla skvělou práci a vše bude OK, případně se ozvu.
Zatím PC šlape

Díky za vše

[motji]

Není zač, Vy jste i uklidil, snad to bude v pořádku