Podezření na vir(sshnas21.dll)

Zpráva

merci · #1 Příspěvek od **merci** » 24 bře 2010 13:39

Dobrý den,prosím o kontrolu logu RSIT(musel jsem log vytvořit v nouzovém režimu),mám podezření na nějakou havěť-sshnas21.dll.Zkoušel jsem Avast-udělal test na 84 procent a pak se zasekl,Spyboot jsem nemohl ani nainstalovat.Některé aplikace se seknout a musím i natvrdo restartovat.Proto Vás moc prosím o radu,zda se s tím dá ještě něco udělat a nebo nahrát nově systém.Předem děkuji moc za radu.

merci

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-03-24 13:28:26
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 161 GB (53%) free of 305 GB
Total RAM: 3582 MB (92% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:28:33, on 24.3.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Plocha\RSIT.exe
C:\Documents and Settings\Administrator\Plocha\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15187&l=dis
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{11F2C15F-2560-40E0-BA43-A188FC50B86C}: NameServer = 192.168.1.1,62.240.185.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{11F2C15F-2560-40E0-BA43-A188FC50B86C}: NameServer = 192.168.1.1,62.240.185.5
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5844 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily).job
C:\WINDOWS\tasks\PCConfidential.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
PandoraTV Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-07-10 1174920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-31 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-31 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-08-16 962808]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{D4027C7F-154A-4066-A1AD-4243D8127440} - PandoraTV Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-07-10 1174920]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2009-08-17 13877248]
"amd_dc_opt"=C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe [2006-06-28 106496]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Microsoft Games\Halo\halo.exe"="C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo"
"C:\Program Files\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\Mass Effect\Binaries\MassEffect.exe"="C:\Program Files\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game"
"C:\Program Files\Mass Effect\MassEffectLauncher.exe"="C:\Program Files\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"
"C:\Program Files\Electronic Arts\Dead Space\Dead Space.exe"="C:\Program Files\Electronic Arts\Dead Space\Dead Space.exe:*:Enabled:Dead Space ™"
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Steam\SteamApps\luckydee\team fortress 2\hl2.exe"="C:\Program Files\Steam\SteamApps\luckydee\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe"="C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2"
"C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe"="C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer"
"C:\Program Files\Steam\steam.exe"="C:\Program Files\Steam\steam.exe:*:Enabled:Steam"
"C:\Program Files\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe"="C:\Program Files\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe:*:Enabled:Far Cry"
"C:\Program Files\Steam\SteamApps\common\aliens vs predator\AvP_Launcher.exe"="C:\Program Files\Steam\SteamApps\common\aliens vs predator\AvP_Launcher.exe:*:Enabled:Aliens vs Predator"
"C:\Program Files\Steam\SteamApps\common\aliens vs predator\AvP_DX11.exe"="C:\Program Files\Steam\SteamApps\common\aliens vs predator\AvP_DX11.exe:*:Enabled:Aliens vs Predator"
"C:\Program Files\Steam\SteamApps\common\aliens vs predator\AvP.exe"="C:\Program Files\Steam\SteamApps\common\aliens vs predator\AvP.exe:*:Enabled:Aliens vs Predator"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-03-24 13:27:52 ----A---- C:\WINDOWS\ntbtlog.txt
2010-03-23 18:18:10 ----D---- C:\Program Files\CCleaner
2010-03-23 18:00:25 ----D---- C:\rsit
2010-03-23 15:36:27 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
2010-03-23 15:34:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-03-23 15:33:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-23 14:24:15 ----D---- C:\Program Files\Error Repair Professional
2010-03-23 13:58:30 ----D---- C:\Program Files\Free Windows Registry Cleaner
2010-03-23 13:39:55 ----A---- C:\WINDOWS\system32\MRT.exe
2010-03-22 12:52:45 ----D---- C:\Program Files\CENIK_ELIMAT
2010-03-21 16:40:27 ----HDC---- C:\WINDOWS\$NtUninstallWudf01007$
2010-03-21 16:39:54 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2010-03-21 16:39:51 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$
2010-03-21 16:39:17 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Nokia
2010-03-21 16:39:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Suite
2010-03-21 16:39:16 ----D---- C:\Documents and Settings\Administrator\Data aplikací\PC Suite
2010-03-21 16:38:59 ----D---- C:\Program Files\Common Files\PCSuite
2010-03-21 16:38:56 ----D---- C:\Program Files\Common Files\Nokia
2010-03-21 16:38:49 ----D---- C:\Program Files\PC Connectivity Solution
2010-03-21 16:38:45 ----A---- C:\WINDOWS\system32\wdfcoinstaller01007.dll
2010-03-21 16:38:45 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll
2010-03-21 16:38:39 ----D---- C:\Program Files\Nokia
2010-03-21 16:38:39 ----A---- C:\WINDOWS\system32\nmwcdcls.dll
2010-03-21 16:38:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\Installations
2010-03-21 14:46:12 ----A---- C:\WINDOWS\Kcarua.exe
2010-03-21 14:46:06 ----A---- C:\WINDOWS\system32\sshnas21.dll
2010-03-15 13:32:44 ----D---- C:\Program Files\Music Express
2010-03-11 21:17:31 ----D---- C:\Program Files\ImTOO
2010-03-11 20:46:21 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Media Player Classic
2010-03-11 14:57:38 ----D---- C:\videodvdmaker
2010-03-11 14:57:38 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Video DVD Maker FREE
2010-03-11 14:56:37 ----A---- C:\WINDOWS\avisplitter.ini
2010-03-11 14:56:36 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2010-03-11 14:56:36 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2010-03-11 14:56:36 ----A---- C:\WINDOWS\system32\xvidcore.dll
2010-03-11 14:56:35 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2010-03-11 14:56:35 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2010-03-11 14:56:34 ----D---- C:\Program Files\K-Lite Codec Pack
2010-03-11 14:53:26 ----D---- C:\Program Files\Video DVD Maker
2010-03-11 13:37:48 ----D---- C:\Documents and Settings\Administrator\Data aplikací\DVD Flick
2010-03-11 13:37:38 ----A---- C:\WINDOWS\system32\ssubtmr6.dll
2010-03-11 13:37:37 ----D---- C:\Program Files\DVD Flick
2010-03-08 09:25:52 ----D---- C:\Program Files\Fox
2010-03-06 13:26:29 ----AT---- C:\WINDOWS\system32\SIntfNT.dll
2010-03-06 13:26:29 ----AT---- C:\WINDOWS\system32\SIntf32.dll
2010-03-06 13:26:29 ----AT---- C:\WINDOWS\system32\SIntf16.dll
2010-03-05 23:06:46 ----D---- C:\WINDOWS\Minidump
2010-03-03 18:50:30 ----D---- C:\Program Files\Common Files\Open Design Alliance
2010-03-03 18:49:42 ----D---- C:\Program Files\Common Files\PCschematic
2010-03-03 18:49:24 ----D---- C:\PCSELEDU

======List of files/folders modified in the last 1 months======

2010-03-24 13:27:52 ----D---- C:\WINDOWS
2010-03-24 13:02:04 ----D---- C:\WINDOWS\Temp
2010-03-24 12:59:10 ----D---- C:\Program Files\Mozilla Firefox
2010-03-24 12:58:51 ----SHD---- C:\WINDOWS\CSC
2010-03-23 18:44:10 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-23 18:19:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-03-23 18:18:10 ----RD---- C:\Program Files
2010-03-23 15:36:27 ----D---- C:\WINDOWS\system32\drivers
2010-03-23 14:56:11 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-03-23 14:50:24 ----D---- C:\WINDOWS\Debug
2010-03-23 13:46:39 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-03-23 13:39:55 ----D---- C:\WINDOWS\system32
2010-03-22 22:06:06 ----D---- C:\WINDOWS\Prefetch
2010-03-22 19:25:46 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-22 10:41:51 ----D---- C:\Program Files\Steam
2010-03-21 19:13:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-21 18:26:00 ----SD---- C:\WINDOWS\Tasks
2010-03-21 16:40:31 ----HD---- C:\WINDOWS\inf
2010-03-21 16:40:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-21 16:39:07 ----D---- C:\Program Files\DIFX
2010-03-21 16:39:06 ----SHD---- C:\WINDOWS\Installer
2010-03-21 16:39:06 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-03-21 16:38:59 ----D---- C:\Program Files\Common Files
2010-03-15 16:27:52 ----D---- C:\WINDOWS\repair
2010-03-15 16:27:42 ----D---- C:\WINDOWS\Registration
2010-03-12 20:46:03 ----D---- C:\Program Files\Ubisoft
2010-03-12 20:43:14 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-12 20:36:25 ----D---- C:\Program Files\Common Files\BioWare
2010-03-12 20:36:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\BioWare
2010-03-12 17:52:45 ----D---- C:\WINDOWS\system32\DirectX
2010-03-11 14:52:21 ----D---- C:\Program Files\Codec Pack - All In 1
2010-03-11 14:52:04 ----A---- C:\WINDOWS\iun6002.exe
2010-03-03 18:50:29 ----D---- C:\WINDOWS\Downloaded Installations
2010-02-25 17:30:09 ----RSD---- C:\WINDOWS\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R3 AmdTools;AMD Special Tools Driver; C:\WINDOWS\system32\DRIVERS\AmdTools.sys [2006-06-27 31744]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-16 11984]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2002-12-30 9600]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-12-30 12160]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
S1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
S1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
S1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
S1 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
S1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
S1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys []
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
S2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-11-04 281760]
S2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
S2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-10-02 25888]
S2 NIOC;NIOC Service; \??\C:\WINDOWS\System32\NIOC.SYS []
S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 a1gjla68;a1gjla68; C:\WINDOWS\system32\drivers\a1gjla68.sys []
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
S3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
S3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb.sys [2007-05-31 12416]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys [2005-12-08 142336]
S3 CTUSFSYN;Creative SoundFont Synthesizer; C:\WINDOWS\system32\drivers\ctusfsyn.sys [2006-08-07 162176]
S3 hamachi_oem;PlayLinc Adapter; C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-08-28 10664]
S3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link PCI Express Ethernet Controller; C:\WINDOWS\System32\DRIVERS\m4cxw2k3.sys [2005-03-10 227584]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2009-08-16 7729568]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2006-09-11 57856]
S3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2006-09-11 19968]
S3 ossrv;Creative OS Services Driver; C:\WINDOWS\System32\DRIVERS\ctoss2k.sys [2005-12-08 114688]
S3 P17xfi;Sound Blaster X-Fi Xtreme Audio; C:\WINDOWS\system32\drivers\P17xfi.sys [2006-09-25 1173504]
S3 p17xfilt;p17xfilt; C:\WINDOWS\system32\drivers\p17xfilt.sys [2007-01-15 1663232]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-12-13 47360]
S3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]
S3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys []
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
S2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-12 44032]
S2 CTDevice_Srv;CT Device Query service; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [2007-04-02 61440]
S2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-08-16 222968]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-31 153376]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2009-08-17 168004]
S2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 CTUPnPSv;Creative Centrale Media Server; C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-06-08 208896]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

#2 Příspěvek od **Caroprd111** » 24 bře 2010 13:56

Zdravím

Na logu se pracuje, prosím o strpení.

#3 Příspěvek od **Caroprd111** » 24 bře 2010 13:58

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
Během skenování může být počítač restartován.

merci · #4 Příspěvek od **merci** » 24 bře 2010 14:36

Tak jsem ten log z Combofixu musel zase dělat přes nouzový režim-jinak nešel vůbec spustit.Tak ho posílám a s napětím čekám co se bude dít dál.Děkuji za odpověď merci

ComboFix 10-03-23.04 - Administrator 24.03.2010 14:22:32.1.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.3582.3217 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Dokumenty\cc_20100323_182014.reg
c:\documents and settings\Administrator\Dokumenty\cc_20100323_182034.reg
c:\documents and settings\All Users\Nabídka Start\Programy\Error Repair Professional
c:\documents and settings\All Users\Nabídka Start\Programy\Error Repair Professional\Error Repair Professional.lnk
c:\documents and settings\All Users\Nabídka Start\Programy\Error Repair Professional\Uninstall Error Repair Professional.lnk
c:\program files\Error Repair Professional
c:\program files\Error Repair Professional\autostart.exe
c:\program files\Error Repair Professional\Backups\Backup_14-49-35_23-3-2010.reg
c:\program files\Error Repair Professional\Backups\Backup_14-54-11_23-3-2010.reg
c:\program files\Error Repair Professional\Dataprogs.dat
c:\program files\Error Repair Professional\ErrorRepairProfessional.exe
c:\program files\Error Repair Professional\unins000.dat
c:\program files\Error Repair Professional\unins000.exe
c:\windows\system32\drivers\oreans32.sys
c:\windows\system32\ieuinit.inf
c:\windows\system32\SIntf16.dll
c:\windows\system32\sshnas21.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Service_SSHNAS
-------\Legacy_oreans32
-------\Service_oreans32

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-24 do 2010-03-24 )))))))))))))))))))))))))))))))
.

2010-03-23 17:18 . 2010-03-23 17:18 -------- d-----w- c:\program files\CCleaner
2010-03-23 17:00 . 2010-03-24 12:28 -------- d-----w- C:\rsit
2010-03-23 14:34 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-23 14:33 . 2010-03-23 14:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-23 14:33 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-23 12:58 . 2010-03-23 13:00 -------- d-----w- c:\program files\Free Windows Registry Cleaner
2010-03-22 11:52 . 2010-03-22 11:54 -------- d-----w- c:\program files\CENIK_ELIMAT
2010-03-21 15:40 . 2004-08-03 22:08 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-03-21 15:40 . 2004-08-03 22:08 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-03-21 15:39 . 2008-03-21 12:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-03-21 15:38 . 2010-03-21 15:38 -------- d-----w- c:\program files\Common Files\PCSuite
2010-03-21 15:38 . 2010-03-21 15:38 -------- d-----w- c:\program files\Common Files\Nokia
2010-03-21 15:38 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-03-21 15:38 . 2010-03-21 15:38 -------- d-----w- c:\program files\PC Connectivity Solution
2010-03-21 15:38 . 2009-10-06 10:52 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-03-21 15:38 . 2009-10-06 10:52 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-03-21 15:38 . 2009-10-06 10:52 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-03-21 15:38 . 2009-10-06 10:55 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2010-03-21 15:38 . 2009-10-06 10:52 660480 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-03-21 15:38 . 2009-10-06 10:52 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-03-21 15:38 . 2010-03-21 15:38 -------- d-----w- c:\program files\Nokia
2010-03-21 15:38 . 2009-10-06 10:52 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-03-21 13:46 . 2010-03-21 13:46 159232 ----a-w- c:\windows\Kcarua.exe
2010-03-15 12:32 . 2010-03-15 12:32 -------- d-----w- c:\program files\Music Express
2010-03-11 20:17 . 2010-03-11 20:17 -------- d-----w- c:\program files\ImTOO
2010-03-11 13:57 . 2010-03-11 13:57 -------- d-----w- C:\videodvdmaker
2010-03-11 13:56 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-03-11 13:56 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-03-11 13:56 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-03-11 13:56 . 2009-10-13 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-03-11 13:56 . 2010-03-11 13:56 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-11 13:53 . 2010-03-11 13:53 -------- d-----w- c:\program files\Video DVD Maker
2010-03-11 12:37 . 2003-01-26 12:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2010-03-11 12:37 . 2010-03-11 12:37 -------- d-----w- c:\program files\DVD Flick
2010-03-08 08:25 . 2010-03-08 08:25 -------- d-----w- c:\program files\Fox
2010-03-06 12:26 . 2010-03-13 19:57 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-03-06 12:26 . 2010-03-13 19:57 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-03-03 17:50 . 2010-03-03 17:50 -------- d-----w- c:\program files\Common Files\Open Design Alliance
2010-03-03 17:49 . 2010-03-03 17:49 -------- d-----w- c:\program files\Common Files\PCschematic
2010-03-03 17:49 . 2010-03-21 08:30 -------- d-----w- C:\PCSELEDU

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-24 13:25 . 2002-12-30 19:24 82372 ----a-w- c:\windows\system32\perfc005.dat
2010-03-24 13:25 . 2002-12-30 19:24 437558 ----a-w- c:\windows\system32\perfh005.dat
2010-03-23 13:56 . 2009-11-12 21:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-22 09:41 . 2009-12-24 19:45 -------- d-----w- c:\program files\Steam
2010-03-21 15:40 . 2010-03-21 15:40 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-03-21 15:40 . 2010-03-21 15:40 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-03-21 15:40 . 2010-03-21 15:40 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-03-21 15:39 . 2010-03-21 15:39 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-03-21 15:39 . 2009-10-07 18:36 -------- d-----w- c:\program files\DIFX
2010-03-12 19:46 . 2010-01-29 08:56 -------- d-----w- c:\program files\Ubisoft
2010-03-12 19:43 . 2009-09-01 11:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-12 19:36 . 2009-10-24 19:46 -------- d-----w- c:\program files\Common Files\BioWare
2010-03-11 13:52 . 2009-09-25 16:47 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-03-11 13:52 . 2009-09-25 16:47 737280 ----a-w- c:\windows\iun6002.exe
2010-01-29 09:10 . 2010-01-29 09:10 98304 ----a-w- c:\windows\system32CmdLineExt.dll
2009-09-28 15:38 . 2009-09-28 15:36 48 --sh--w- c:\windows\S567A515C.tmp
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 16:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2009-08-17 13877248]
"amd_dc_opt"="c:\program files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 106496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Steam\\SteamApps\\luckydee\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\aliens vs predator\\AvP_Launcher.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\aliens vs predator\\AvP_DX11.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\aliens vs predator\\AvP.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25.9.2009 17:24 685816]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [25.9.2009 15:50 222968]
R2 NIOC;NIOC Service;c:\windows\system32\NIOC.sys [27.9.2002 17:21 22912]
R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [7.10.2009 19:35 31744]
R3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link PCI Express Ethernet Controller;c:\windows\system32\drivers\m4cxw2k3.sys [10.3.2005 6:42 227584]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [21.5.2008 12:42 64000]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [28.8.2006 23:54 10664]
.
Obsah adresáře 'Naplánované úlohy'

2010-03-22 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-07-10 16:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.ask.com?o=15187&l=dis
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {11F2C15F-2560-40E0-BA43-A188FC50B86C} = 192.168.1.1,62.240.185.5
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\v3tqp805.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8 ... &gfns=1&q=
FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll
FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-24 14:29
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A7C81E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb810cfc3
\Driver\ACPI -> ACPI.sys @ 0xb7e7dcb8
\Driver\atapi -> 0x8a83a1e8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
NDIS: D-Link DGE-530T Gigabit Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xb7cefba0
PacketIndicateHandler -> NDIS.sys @ 0xb7cfcb21
SendHandler -> NDIS.sys @ 0xb7cda87b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1123561945-1214440339-839522115-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:85,b9,8c,eb,56,2b,13,5f,a1,a7,80,ed,87,55,88,92,60,84,8d,37,be,82,c6,
b0,a8,fb,cd,e2,97,d1,c6,d7,f3,74,46,96,cc,97,d8,f5,bc,9d,c9,55,b8,68,60,2f,\
"??"=hex:ec,7f,62,96,57,2c,d6,08,cc,a5,1f,55,b4,c4,7c,48

[HKEY_USERS\S-1-5-21-1123561945-1214440339-839522115-500\Software\SecuROM\License information*]
"datasecu"=hex:fb,8b,d9,74,0b,61,44,bc,83,46,b0,d7,e9,28,c8,02,9f,4c,71,92,28,
2a,b6,a6,64,6e,95,e2,25,0f,1b,8d,67,f6,02,bb,c6,09,47,e7,d5,9f,a7,56,cf,74,\
"rkeysecu"=hex:ff,52,60,56,87,6e,39,83,13,cf,43,1e,5d,db,a0,ca
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2776)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\nvsvc32.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-03-24 14:33:07 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-24 13:33

Před spuštěním: Volných bajtů: 169 138 806 784
Po spuštění: Volných bajtů: 168 846 364 672

- - End Of File - - 31AF8063C1CCB3F0CA3CDF7294D02D1E

#5 Příspěvek od **Caroprd111** » 24 bře 2010 14:39

Tohle otestujte na http://www.virustotal.com/cs/
c:\windows\Kcarua.exe

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte.)

merci · #6 Příspěvek od **merci** » 24 bře 2010 14:44

Tak mi to ukázalo toto

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.03.24 -
AhnLab-V3 5.0.0.2 2010.03.24 -
AntiVir 8.2.1.196 2010.03.24 TR/Agent.AS.3319
Antiy-AVL 2.0.3.7 2010.03.24 Packed/Win32.Krap.gen
Authentium 5.2.0.5 2010.03.24 W32/FakeAlert.FT.gen!Eldorado
Avast 4.8.1351.0 2010.03.24 Win32:Trojan-gen
Avast5 5.0.332.0 2010.03.24 Win32:Trojan-gen
AVG 9.0.0.787 2010.03.24 Crypt.QSH
BitDefender 7.2 2010.03.24 -
CAT-QuickHeal 10.00 2010.03.24 Win32.Packed.Krap.as.5
ClamAV 0.96.0.0-git 2010.03.24 -
Comodo 4368 2010.03.24 -
DrWeb 5.0.1.12222 2010.03.24 Trojan.DownLoad1.47680
eSafe 7.0.17.0 2010.03.24 -
eTrust-Vet 35.2.7386 2010.03.24 Win32/FakeAlert.D!generic
F-Prot 4.5.1.85 2010.03.23 W32/FakeAlert.FT.gen!Eldorado
F-Secure 9.0.15370.0 2010.03.24 -
Fortinet 4.0.14.0 2010.03.24 -
GData 19 2010.03.24 Win32:Trojan-gen
Ikarus T3.1.1.80.0 2010.03.24 -
Jiangmin 13.0.900 2010.03.24 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.03.24 Packed.Win32.Krap.as
McAfee 5929 2010.03.23 -
McAfee+Artemis 5929 2010.03.23 -
McAfee-GW-Edition 6.8.5 2010.03.24 Heuristic.LooksLike.Trojan.Agent.H
Microsoft 1.5605 2010.03.24 TrojanDownloader:Win32/Renos.KF
NOD32 4971 2010.03.24 a variant of Win32/Kryptik.DFA
Norman 6.04.10 2010.03.24 -
nProtect 2009.1.8.0 2010.03.24 -
Panda 10.0.2.2 2010.03.23 Suspicious file
PCTools 7.0.3.5 2010.03.24 -
Prevx 3.0 2010.03.24 High Risk Cloaked Malware
Rising 22.40.02.03 2010.03.24 Dropper.Win32.Nodef.oo
Sophos 4.51.0 2010.03.24 Mal/FakeAV-CO
Sunbelt 6031 2010.03.22 -
Symantec 20091.2.0.41 2010.03.24 Suspicious.Insight
TheHacker 6.5.2.0.242 2010.03.24 Trojan/Kryptik.deq
TrendMicro 9.120.0.1004 2010.03.24 TROJ_RENOS.SMD
VBA32 3.12.12.2 2010.03.24 -
ViRobot 2010.3.24.2242 2010.03.24 -
VirusBuster 5.0.27.0 2010.03.24 Trojan.Codecpack.Gen.4
Rozšiřující informace
File size: 159232 bytes
MD5...: 55e365ea7403a54d994c98d0fd42fb82
SHA1..: ce75b4a483517b8fe2c0c0f3a7b3efb925aa3861
SHA256: 152d7f097085e957865a73b843462c30003191694ca0fcc496b8e1cbabaf7360
ssdeep: 3072:bUiRR4mbUwJ6M2uOFab99lw4+ISIUdMDjWJ5sydVgObN7:n4aUwH2EFRZgd
mjWJ5syXgY
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1577
timedatestamp.....: 0x49b0cb3b (Fri Mar 06 07:05:31 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.CODE 0x1000 0x73fa 0x7400 5.83 1148549935d138a93ab5ad0497108758
.idata 0x9000 0x1db2d 0x1dc00 7.55 3158de6a9d10102ded62092a27af0308
.rdata 0x27000 0xf64 0x1000 5.19 4e6347d1e8342ec29363185502a0498d
INIT 0x28000 0x1302e 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b
.tls 0x3c000 0x5d2 0x600 0.00 53e979547d8c2ea86560ac45de08ae25

( 4 imports )
> kernel32.dll: GetOEMCP, GetDiskFreeSpaceA, GetStringTypeW, CreateFileA, HeapFree, FormatMessageA, GetStartupInfoA, GetSystemDefaultLangID, GetDateFormatA, lstrcpyA, WideCharToMultiByte, GetFileSize, GetCommandLineA, GetLocaleInfoA, LocalAlloc, GetModuleHandleA, HeapAlloc, VirtualQuery, SizeofResource, FindFirstFileA, GetStringTypeA, FindResourceA, SetErrorMode, LoadLibraryExA, GetFileAttributesA, GlobalAlloc, SetThreadLocale, MoveFileA, GetVersionExA, GetThreadLocale, lstrlenA, GetVersion, ExitThread, GetEnvironmentStrings, GetCurrentThreadId, VirtualFree, GetACP, LoadLibraryA, lstrcpynA, EnterCriticalSection, GetCPInfo, DeleteFileA, FindClose, VirtualAlloc, GetFileType, GetStdHandle, GetTickCount, ExitProcess, ResetEvent, VirtualAllocEx
> ntdll.dll: RtlDeleteCriticalSection, wcscat
> MSVCRT.DLL: sqrt, exit, atol, malloc, strlen, wcstol, _acmdln, time, memset, calloc, rand, memmove, srand, wcsncmp, mbstowcs, memcpy, swprintf, tolower, wcscspn, wcschr, clock
> user32.dll: EnumWindows, DeferWindowPos, GetScrollInfo, DrawIcon, GetSubMenu, ShowWindow, FillRect, IsDialogMessageA, IsWindowEnabled, DrawFrameControl, DefFrameProcA, IsMenu, GetMenuItemInfoA, GetIconInfo, GetClipboardData, IsWindowVisible, DrawTextA, SystemParametersInfoA, GetClassInfoA, GetMenuState, GetMenuStringA, DrawMenuBar, GetMenuItemCount, CheckMenuItem, CallWindowProcA, GetWindowTextA, DispatchMessageW, GetCursorPos, GetKeyNameTextA, GetDesktopWindow, ClientToScreen, SetWindowPos, GetDCEx, SetWindowLongA, RegisterClassA, EqualRect, GetMenuItemID, CreateIcon, GetMenu, BeginPaint, BeginDeferWindowPos, HideCaret, EnableWindow, CreateMenu, CharLowerBuffA, DefMDIChildProcA, DrawIconEx, GetActiveWindow, GetScrollPos, EndPaint, DrawEdge, GetForegroundWindow, GetMessagePos, GetCursor, IsChild, GetClassLongA, GetClientRect, CreatePopupMenu, EnumChildWindows, EnumThreadWindows, CharNextA, CharLowerA, SetCursor, CharToOemA, CreateWindowExA, CallNextHookEx, GetWindow, EnableMenuItem, MessageBoxA, FindWindowA, DispatchMessageA, ShowScrollBar, GetDlgItem, GetCapture, GetSysColor, GetFocus, FrameRect, EndDeferWindowPos, GetLastActivePopup, EnableScrollBar, GetDC, GetSysColorBrush, DefWindowProcA, GetScrollRange, SetTimer, GetKeyState, GetPropA, SetWindowTextA

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (60.8%)
Win32 Executable Generic (13.7%)
Win32 Dynamic Link Library (generic) (12.2%)
Win16/32 Executable Delphi generic (3.3%)
Clipper DOS Executable (3.2%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
<a href='http://info.prevx.com/aboutprogramtext. ... 00BAB65250' target='_blank'>http://info.prevx.com/aboutprogramtext. ... AB65250</a>

VAROVÁNÍ VAROVÁNÍ: VirusTotal je služba poskytovaná zdarma společnosti Hispasec Sistemas. Kvalita výsledků není nijak zaručena. Výsledky jsou závislé na tvůrci daného produktu. Vysledky testů nemusí být 100% správné. Tyto výsledky nemusí znamenat, že daný soubor je infikován, nebo čistý!

#7 Příspěvek od **Caroprd111** » 24 bře 2010 14:47

Pokud nemáte, přesuňte Combofix na plochu

Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-

File::
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
c:\windows\S567A515C.tmp
c:\windows\Kcarua.exe

Folder::
c:\program files\Ask.com

DDS::
uStart Page = hxxp://www.ask.com?o=15187&l=dis

RegLock::
[HKEY_USERS\S-1-5-21-1123561945-1214440339-839522115-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
[HKEY_USERS\S-1-5-21-1123561945-1214440339-839522115-500\Software\SecuROM\License information*]

Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
Po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

merci · #8 Příspěvek od **merci** » 24 bře 2010 15:03

Provedl jsem vše,jak jste mi poradil,Windows naběhl bez problémů a zde je ten nový log

ComboFix 10-03-23.04 - Administrator 24.03.2010 14:52:31.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.3582.3243 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt.txt
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
"c:\windows\Kcarua.exe"
"c:\windows\S567A515C.tmp"
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\windows\Kcarua.exe
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
c:\windows\S567A515C.tmp . . . . nemohl být smazán

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-24 do 2010-03-24 )))))))))))))))))))))))))))))))
.

2010-03-23 17:18 . 2010-03-23 17:18 -------- d-----w- c:\program files\CCleaner
2010-03-23 17:00 . 2010-03-24 12:28 -------- d-----w- C:\rsit
2010-03-23 14:34 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-23 14:33 . 2010-03-23 14:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-23 14:33 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-23 12:58 . 2010-03-23 13:00 -------- d-----w- c:\program files\Free Windows Registry Cleaner
2010-03-22 11:52 . 2010-03-22 11:54 -------- d-----w- c:\program files\CENIK_ELIMAT
2010-03-21 15:40 . 2004-08-03 22:08 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-03-21 15:40 . 2004-08-03 22:08 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-03-21 15:39 . 2008-03-21 12:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-03-21 15:38 . 2010-03-21 15:38 -------- d-----w- c:\program files\Common Files\PCSuite
2010-03-21 15:38 . 2010-03-21 15:38 -------- d-----w- c:\program files\Common Files\Nokia
2010-03-21 15:38 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-03-21 15:38 . 2010-03-21 15:38 -------- d-----w- c:\program files\PC Connectivity Solution
2010-03-21 15:38 . 2009-10-06 10:52 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-03-21 15:38 . 2009-10-06 10:52 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-03-21 15:38 . 2009-10-06 10:52 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-03-21 15:38 . 2009-10-06 10:55 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2010-03-21 15:38 . 2009-10-06 10:52 660480 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-03-21 15:38 . 2009-10-06 10:52 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-03-21 15:38 . 2010-03-21 15:38 -------- d-----w- c:\program files\Nokia
2010-03-21 15:38 . 2009-10-06 10:52 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-03-15 12:32 . 2010-03-15 12:32 -------- d-----w- c:\program files\Music Express
2010-03-11 20:17 . 2010-03-11 20:17 -------- d-----w- c:\program files\ImTOO
2010-03-11 13:57 . 2010-03-11 13:57 -------- d-----w- C:\videodvdmaker
2010-03-11 13:56 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-03-11 13:56 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-03-11 13:56 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-03-11 13:56 . 2009-10-13 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-03-11 13:56 . 2010-03-11 13:56 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-11 13:53 . 2010-03-11 13:53 -------- d-----w- c:\program files\Video DVD Maker
2010-03-11 12:37 . 2003-01-26 12:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2010-03-11 12:37 . 2010-03-11 12:37 -------- d-----w- c:\program files\DVD Flick
2010-03-08 08:25 . 2010-03-08 08:25 -------- d-----w- c:\program files\Fox
2010-03-06 12:26 . 2010-03-13 19:57 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-03-06 12:26 . 2010-03-13 19:57 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-03-03 17:50 . 2010-03-03 17:50 -------- d-----w- c:\program files\Common Files\Open Design Alliance
2010-03-03 17:49 . 2010-03-03 17:49 -------- d-----w- c:\program files\Common Files\PCschematic
2010-03-03 17:49 . 2010-03-21 08:30 -------- d-----w- C:\PCSELEDU

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-24 13:57 . 2010-03-24 13:57 0 ------w- c:\windows\S567A515C.tmp
2010-03-24 13:32 . 2002-12-30 19:24 82724 ----a-w- c:\windows\system32\perfc005.dat
2010-03-24 13:32 . 2002-12-30 19:24 438184 ----a-w- c:\windows\system32\perfh005.dat
2010-03-23 13:56 . 2009-11-12 21:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-22 09:41 . 2009-12-24 19:45 -------- d-----w- c:\program files\Steam
2010-03-21 15:40 . 2010-03-21 15:40 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-03-21 15:40 . 2010-03-21 15:40 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-03-21 15:40 . 2010-03-21 15:40 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-03-21 15:39 . 2010-03-21 15:39 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-03-21 15:39 . 2009-10-07 18:36 -------- d-----w- c:\program files\DIFX
2010-03-12 19:46 . 2010-01-29 08:56 -------- d-----w- c:\program files\Ubisoft
2010-03-12 19:43 . 2009-09-01 11:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-12 19:36 . 2009-10-24 19:46 -------- d-----w- c:\program files\Common Files\BioWare
2010-03-11 13:52 . 2009-09-25 16:47 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-03-11 13:52 . 2009-09-25 16:47 737280 ----a-w- c:\windows\iun6002.exe
2010-01-29 09:10 . 2010-01-29 09:10 98304 ----a-w- c:\windows\system32CmdLineExt.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-03-24_13.29.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-24 13:57 . 2010-03-24 13:57 16384 c:\windows\temp\Perflib_Perfdata_4a4.dat
+ 2002-12-30 19:24 . 2010-03-24 13:32 71368 c:\windows\system32\perfc009.dat
+ 2002-12-30 19:24 . 2010-03-24 13:32 441612 c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2009-08-17 13877248]
"amd_dc_opt"="c:\program files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 106496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Steam\\SteamApps\\luckydee\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\aliens vs predator\\AvP_Launcher.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\aliens vs predator\\AvP_DX11.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\aliens vs predator\\AvP.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25.9.2009 17:24 685816]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [25.9.2009 15:50 222968]
R2 NIOC;NIOC Service;c:\windows\system32\NIOC.sys [27.9.2002 17:21 22912]
R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [7.10.2009 19:35 31744]
R3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link PCI Express Ethernet Controller;c:\windows\system32\drivers\m4cxw2k3.sys [10.3.2005 6:42 227584]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [21.5.2008 12:42 64000]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [28.8.2006 23:54 10664]
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {11F2C15F-2560-40E0-BA43-A188FC50B86C} = 192.168.1.1,62.240.185.5
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\v3tqp805.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8 ... &gfns=1&q=
FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll
FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-24 14:57
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A83A1E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb810cfc3
\Driver\ACPI -> ACPI.sys @ 0xb7e7dcb8
\Driver\atapi -> 0x8a7c81e8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
NDIS: D-Link DGE-530T Gigabit Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xb7cefba0
PacketIndicateHandler -> NDIS.sys @ 0xb7cfcb21
SendHandler -> NDIS.sys @ 0xb7cda87b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1123561945-1214440339-839522115-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:85,b9,8c,eb,56,2b,13,5f,a1,a7,80,ed,87,55,88,92,60,84,8d,37,be,82,c6,
b0,a8,fb,cd,e2,97,d1,c6,d7,f3,74,46,96,cc,97,d8,f5,bc,9d,c9,55,b8,68,60,2f,\
"??"=hex:ec,7f,62,96,57,2c,d6,08,cc,a5,1f,55,b4,c4,7c,48

[HKEY_USERS\S-1-5-21-1123561945-1214440339-839522115-500\Software\SecuROM\License information*]
"datasecu"=hex:fb,8b,d9,74,0b,61,44,bc,83,46,b0,d7,e9,28,c8,02,9f,4c,71,92,28,
2a,b6,a6,64,6e,95,e2,25,0f,1b,8d,67,f6,02,bb,c6,09,47,e7,d5,9f,a7,56,cf,74,\
"rkeysecu"=hex:ff,52,60,56,87,6e,39,83,13,cf,43,1e,5d,db,a0,ca
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2908)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\nvsvc32.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-03-24 15:00:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-24 14:00
ComboFix2.txt 2010-03-24 13:33

Před spuštěním: Volných bajtů: 168 823 877 632
Po spuštění: Volných bajtů: 168 787 783 680

- - End Of File - - 979132AF9EE7CFD0BD3217CE817F1D56

#9 Příspěvek od **Caroprd111** » 24 bře 2010 15:04

Odinstalujte všechny emulátory virtuálních mechanik.

Obrázek

Stáhněte SPTD http://www.duplexsecure.com/en/downloads

Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
zvolte možnost Uninstall a restartujte PC.

Stáhněte a spusťte http://www.jpshortstuff.247fixes.com/Defogger.exe

Klikněte na "Disable" a restartujte PC.

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Obrázek

Start > Spustit (Win + R)

Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

Klikněte na OK

Vytvoří se log s názvem mbr.log, vložte ho sem.

merci · #10 Příspěvek od **merci** » 24 bře 2010 15:14

Provedl jsem a objevilo se toto

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
kernel: MBR read successfully
user & kernel MBR OK

#11 Příspěvek od **Caroprd111** » 24 bře 2010 15:14

OK, jak to vypadá s PC

merci · #12 Příspěvek od **merci** » 24 bře 2010 15:21

Myslím že compík se zase probudil-vše se zrychlilo,složky jdou otevírat bez problémů,zatím se nic nezasekává-vypadá to že je vše OK.Strašně moc a moc děkuji za Vaše cenné rady a trpělivost se mnou.Prosím Vás,mohu nyní vymazat ty logy,programy-defogger,SPTDinst,Combofix.Nespadne to zase?
Ještě jednou moc děkuji ! merci

#13 Příspěvek od **Caroprd111** » 24 bře 2010 15:23

Dejte nový log z RSIT, poté Vám napíšu co s těmi programy.

merci · #14 Příspěvek od **merci** » 24 bře 2010 15:26

Zde je ten log z RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-03-24 15:24:58
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 161 GB (53%) free of 305 GB
Total RAM: 3582 MB (90% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:25:04, on 24.3.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\Administrator\Plocha\RSIT.exe
C:\Documents and Settings\Administrator\Plocha\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{11F2C15F-2560-40E0-BA43-A188FC50B86C}: NameServer = 192.168.1.1,62.240.185.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{11F2C15F-2560-40E0-BA43-A188FC50B86C}: NameServer = 192.168.1.1,62.240.185.5
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5589 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-31 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-31 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-08-16 962808]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2009-08-17 13877248]
"amd_dc_opt"=C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe [2006-06-28 106496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Mass Effect\Binaries\MassEffect.exe"="C:\Program Files\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game"
"C:\Program Files\Mass Effect\MassEffectLauncher.exe"="C:\Program Files\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Steam\SteamApps\luckydee\team fortress 2\hl2.exe"="C:\Program Files\Steam\SteamApps\luckydee\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe"="C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2"
"C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe"="C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer"
"C:\Program Files\Steam\steam.exe"="C:\Program Files\Steam\steam.exe:*:Enabled:Steam"
"C:\Program Files\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe"="C:\Program Files\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe:*:Enabled:Far Cry"
"C:\Program Files\Steam\SteamApps\common\aliens vs predator\AvP_Launcher.exe"="C:\Program Files\Steam\SteamApps\common\aliens vs predator\AvP_Launcher.exe:*:Enabled:Aliens vs Predator"
"C:\Program Files\Steam\SteamApps\common\aliens vs predator\AvP_DX11.exe"="C:\Program Files\Steam\SteamApps\common\aliens vs predator\AvP_DX11.exe:*:Enabled:Aliens vs Predator"
"C:\Program Files\Steam\SteamApps\common\aliens vs predator\AvP.exe"="C:\Program Files\Steam\SteamApps\common\aliens vs predator\AvP.exe:*:Enabled:Aliens vs Predator"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-03-24 15:06:59 ----SHD---- C:\RECYCLER
2010-03-24 15:00:37 ----A---- C:\ComboFix.txt
2010-03-24 14:57:05 ----SH---- C:\WINDOWS\S567A515C.tmp
2010-03-24 14:26:47 ----D---- C:\WINDOWS\temp
2010-03-24 14:15:13 ----A---- C:\WINDOWS\zip.exe
2010-03-24 14:15:13 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-03-24 14:15:13 ----A---- C:\WINDOWS\SWSC.exe
2010-03-24 14:15:13 ----A---- C:\WINDOWS\SWREG.exe
2010-03-24 14:15:13 ----A---- C:\WINDOWS\sed.exe
2010-03-24 14:15:13 ----A---- C:\WINDOWS\PEV.exe
2010-03-24 14:15:13 ----A---- C:\WINDOWS\NIRCMD.exe
2010-03-24 14:15:13 ----A---- C:\WINDOWS\MBR.exe
2010-03-24 14:15:13 ----A---- C:\WINDOWS\grep.exe
2010-03-24 14:15:09 ----D---- C:\WINDOWS\ERDNT
2010-03-24 14:11:44 ----D---- C:\Qoobox
2010-03-24 13:27:52 ----A---- C:\WINDOWS\ntbtlog.txt
2010-03-23 18:18:10 ----D---- C:\Program Files\CCleaner
2010-03-23 18:00:25 ----D---- C:\rsit
2010-03-23 15:36:27 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
2010-03-23 15:34:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-03-23 15:33:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-23 13:58:30 ----D---- C:\Program Files\Free Windows Registry Cleaner
2010-03-23 13:39:55 ----A---- C:\WINDOWS\system32\MRT.exe
2010-03-22 12:52:45 ----D---- C:\Program Files\CENIK_ELIMAT
2010-03-21 16:40:27 ----HDC---- C:\WINDOWS\$NtUninstallWudf01007$
2010-03-21 16:39:54 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2010-03-21 16:39:51 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$
2010-03-21 16:39:17 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Nokia
2010-03-21 16:39:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Suite
2010-03-21 16:39:16 ----D---- C:\Documents and Settings\Administrator\Data aplikací\PC Suite
2010-03-21 16:38:59 ----D---- C:\Program Files\Common Files\PCSuite
2010-03-21 16:38:56 ----D---- C:\Program Files\Common Files\Nokia
2010-03-21 16:38:49 ----D---- C:\Program Files\PC Connectivity Solution
2010-03-21 16:38:45 ----A---- C:\WINDOWS\system32\wdfcoinstaller01007.dll
2010-03-21 16:38:45 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll
2010-03-21 16:38:39 ----D---- C:\Program Files\Nokia
2010-03-21 16:38:39 ----A---- C:\WINDOWS\system32\nmwcdcls.dll
2010-03-21 16:38:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\Installations
2010-03-15 13:32:44 ----D---- C:\Program Files\Music Express
2010-03-11 21:17:31 ----D---- C:\Program Files\ImTOO
2010-03-11 20:46:21 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Media Player Classic
2010-03-11 14:57:38 ----D---- C:\videodvdmaker
2010-03-11 14:57:38 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Video DVD Maker FREE
2010-03-11 14:56:37 ----A---- C:\WINDOWS\avisplitter.ini
2010-03-11 14:56:36 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2010-03-11 14:56:36 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2010-03-11 14:56:36 ----A---- C:\WINDOWS\system32\xvidcore.dll
2010-03-11 14:56:35 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2010-03-11 14:56:35 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2010-03-11 14:56:34 ----D---- C:\Program Files\K-Lite Codec Pack
2010-03-11 14:53:26 ----D---- C:\Program Files\Video DVD Maker
2010-03-11 13:37:48 ----D---- C:\Documents and Settings\Administrator\Data aplikací\DVD Flick
2010-03-11 13:37:38 ----A---- C:\WINDOWS\system32\ssubtmr6.dll
2010-03-11 13:37:37 ----D---- C:\Program Files\DVD Flick
2010-03-08 09:25:52 ----D---- C:\Program Files\Fox
2010-03-06 13:26:29 ----AT---- C:\WINDOWS\system32\SIntfNT.dll
2010-03-06 13:26:29 ----AT---- C:\WINDOWS\system32\SIntf32.dll
2010-03-05 23:06:46 ----D---- C:\WINDOWS\Minidump
2010-03-03 18:50:30 ----D---- C:\Program Files\Common Files\Open Design Alliance
2010-03-03 18:49:42 ----D---- C:\Program Files\Common Files\PCschematic
2010-03-03 18:49:24 ----D---- C:\PCSELEDU

======List of files/folders modified in the last 1 months======

2010-03-24 15:11:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-24 15:08:04 ----D---- C:\WINDOWS\system32\drivers
2010-03-24 15:07:45 ----D---- C:\WINDOWS
2010-03-24 15:00:05 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-24 14:57:20 ----A---- C:\WINDOWS\system.ini
2010-03-24 14:56:09 ----SD---- C:\WINDOWS\Tasks
2010-03-24 14:56:09 ----RD---- C:\Program Files
2010-03-24 14:54:25 ----D---- C:\WINDOWS\system32
2010-03-24 14:54:25 ----D---- C:\WINDOWS\AppPatch
2010-03-24 14:54:24 ----D---- C:\Program Files\Common Files
2010-03-24 14:32:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-24 14:27:42 ----SHD---- C:\WINDOWS\CSC
2010-03-24 14:26:54 ----D---- C:\WINDOWS\system32\config
2010-03-24 12:59:10 ----D---- C:\Program Files\Mozilla Firefox
2010-03-23 18:44:10 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-23 18:19:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-03-23 14:56:11 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-03-23 14:50:24 ----D---- C:\WINDOWS\Debug
2010-03-22 22:06:06 ----D---- C:\WINDOWS\Prefetch
2010-03-22 10:41:51 ----D---- C:\Program Files\Steam
2010-03-21 16:40:31 ----HD---- C:\WINDOWS\inf
2010-03-21 16:40:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-21 16:39:07 ----D---- C:\Program Files\DIFX
2010-03-21 16:39:06 ----SHD---- C:\WINDOWS\Installer
2010-03-21 16:39:06 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-03-15 16:27:52 ----D---- C:\WINDOWS\repair
2010-03-15 16:27:42 ----D---- C:\WINDOWS\Registration
2010-03-12 20:46:03 ----D---- C:\Program Files\Ubisoft
2010-03-12 20:43:14 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-12 20:36:25 ----D---- C:\Program Files\Common Files\BioWare
2010-03-12 20:36:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\BioWare
2010-03-12 17:52:45 ----D---- C:\WINDOWS\system32\DirectX
2010-03-11 14:52:21 ----D---- C:\Program Files\Codec Pack - All In 1
2010-03-11 14:52:04 ----A---- C:\WINDOWS\iun6002.exe
2010-03-03 18:50:29 ----D---- C:\WINDOWS\Downloaded Installations
2010-02-25 17:30:09 ----RSD---- C:\WINDOWS\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-11-04 281760]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-10-02 25888]
R2 NIOC;NIOC Service; \??\C:\WINDOWS\System32\NIOC.SYS []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 AmdTools;AMD Special Tools Driver; C:\WINDOWS\system32\DRIVERS\AmdTools.sys [2006-06-27 31744]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys [2005-12-08 142336]
R3 CTUSFSYN;Creative SoundFont Synthesizer; C:\WINDOWS\system32\drivers\ctusfsyn.sys [2006-08-07 162176]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-16 11984]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2002-12-30 9600]
R3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link PCI Express Ethernet Controller; C:\WINDOWS\System32\DRIVERS\m4cxw2k3.sys [2005-03-10 227584]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-12-30 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2009-08-16 7729568]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\System32\DRIVERS\ctoss2k.sys [2005-12-08 114688]
R3 P17xfi;Sound Blaster X-Fi Xtreme Audio; C:\WINDOWS\system32\drivers\P17xfi.sys [2006-09-25 1173504]
R3 p17xfilt;p17xfilt; C:\WINDOWS\system32\drivers\p17xfilt.sys [2007-01-15 1663232]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
S3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb.sys [2007-05-31 12416]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 hamachi_oem;PlayLinc Adapter; C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-08-28 10664]
S3 mbr;mbr; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2006-09-11 57856]
S3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2006-09-11 19968]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-12-13 47360]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]
S3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys []
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-12 44032]
R2 CTDevice_Srv;CT Device Query service; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [2007-04-02 61440]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-08-16 222968]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-31 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2009-08-17 168004]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 CTUPnPSv;Creative Centrale Media Server; C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-06-08 208896]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

#15 Příspěvek od **Caroprd111** » 24 bře 2010 15:38

Doporučuji odinstalovat (pokud nepoužíváte) toolbary (lišty) v Přidat nebo odebrat programy.

Obrázek

Odinstalujte ComboFix přes:
Start >> Spustit, zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter

Obrázek

Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
Po použití program vymažte. Pozor,antiviry ho mohou falešně označit za vir.

Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe

Spusťte.
Klikněte na "CleanUp!". Potvrďte hlášky stiskem "Yes" (Bude následovat restart)

Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478

Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.

Záložka Čistič
Dejte analyzovat, po dokončení dejte Spustit Ccleaner.

Záložka Registry
Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
OK Zavřít

Doinstalujte SP3 http://www.viry.cz/forum/viewtopic.php?f=46&t=86100

Obrázek

V logu nevidím antivir a firewall, doinstalujte

http://www.viry.cz/forum/viewtopic.php?f=29&t=6152 + http://www.viry.cz/forum/viewtopic.php?f=41&t=6523

Obrázek

Použité programy můžete smazat.

VIRY.CZ

Podezření na vir(sshnas21.dll)

Podezření na vir(sshnas21.dll)

Re: Podezření na vir(sshnas21.dll)

Re: Podezření na vir(sshnas21.dll)

Re: Podezření na vir(sshnas21.dll)

Re: Podezření na vir(sshnas21.dll)

Re: Podezření na vir(sshnas21.dll)

Re: Podezření na vir(sshnas21.dll)

Re: Podezření na vir(sshnas21.dll)

Re: Podezření na vir(sshnas21.dll)

Re: Podezření na vir(sshnas21.dll)

Re: Podezření na vir(sshnas21.dll)

Re: Podezření na vir(sshnas21.dll)

Re: Podezření na vir(sshnas21.dll)

Re: Podezření na vir(sshnas21.dll)

Re: Podezření na vir(sshnas21.dll)