nefunguje brana firewall ani centrum zabezpeceni

[jarek26]

dobry den,
Chcem sa opitat ci je moznost nejako obnovit branu firewall aj centrum zabezpeceni,bez toho aby som musel preinstalovat windows xp,ci sa to nejako neda z dvd window xp-nejako ked chybaju casti windowsu.Alebo cim to moze byt sposobene,v poslednom case som neinstaloval ziadny program.
Dakujem

[stell]

zdravim
Pravdepodobne mas to zavirene

Stiahnes>>RSIT >>logy vloz sem,

[jarek26]

Logfile of random's system information tool 1.06 (written by random/random)
Run by jaroslav at 2010-01-06 15:44:18
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (31%) free of 7 GB
Total RAM: 383 MB (15% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:45:07, on 6.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\jaroslav\Dokumenty\Downloads\Programs\RSIT.exe
C:\Program Files\trend micro\jaroslav.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - (no file)
R3 - URLSearchHook: MHURLSearchHook Class - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Celebrity Toolbar\tbhelper.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: MHTBPos00 - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Celebrity Toolbar\tbcore3.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: MyHeritage New Tab - {D62EC836-BF1E-4CAC-81BE-FB9179835D8E} - C:\Program Files\Celebrity Toolbar\mhxpcomi.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Celebrity Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Celebrity Toolbar\tbcore3.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM obsah FLV videa - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Program Files\Celebrity Toolbar\mhxpcomi.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: cbssreg - C:\Documents and Settings\All Users\Dokumenty\Settings\cbss.dll
O23 - Service: Abel - Unknown owner - D:\Hacking\Cain\Abel.exe (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 7078 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\ParetoLogic Registration.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2009-11-11 173488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
MHTBPos00 Class - C:\Program Files\Celebrity Toolbar\tbcore3.dll [2009-05-07 2642432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{259F616C-A300-44F5-B04A-ED001A26C85C}]
Solid Converter PDF - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll [2006-11-02 259584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-11 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-11-25 1230080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D62EC836-BF1E-4CAC-81BE-FB9179835D8E}]
CMySite Class - C:\Program Files\Celebrity Toolbar\mhxpcomi.dll [2009-12-06 217088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-11-25 1230080]
{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - Celebrity Toolbar - C:\Program Files\Celebrity Toolbar\tbcore3.dll [2009-05-07 2642432]
{259F616C-A300-44F5-B04A-ED001A26C85C} - Solid Converter PDF - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll [2006-11-02 259584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe [2009-12-07 3171760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-12-04 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg]
C:\Documents and Settings\All Users\Dokumenty\Settings\cbss.dll [2010-01-05 50176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-08-08 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25f827ec-e3d7-11de-b953-0008021dc4e7}]
shell\AutoRun\command - F:\RECYCLER\S-1-6-21-9432276501-9644491937-600001250-3300\fileaccess.exe
shell\open\command - F:\RECYCLER\S-1-6-21-9432276501-9644491937-600001250-3300\fileaccess.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25f827ee-e3d7-11de-b953-0008021dc4e7}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
shell\Open(0)\command - Recycled\ctfmon.exe


======List of files/folders created in the last 1 months======

2010-01-06 15:44:21 ----D---- C:\Program Files\trend micro
2010-01-06 15:44:18 ----D---- C:\rsit
2010-01-06 14:54:02 ----D---- C:\Program Files\Siber Systems
2010-01-06 14:07:46 ----D---- C:\Program Files\Foundstone Free Tools
2010-01-06 13:54:54 ----D---- C:\WINDOWS\Downloaded Installations
2010-01-06 13:50:29 ----A---- C:\WINDOWS\DJ Music Mixer Uninstaller.exe
2010-01-06 13:49:45 ----D---- C:\Program Files\DJ Music Mixer
2010-01-06 10:46:41 ----D---- C:\Documents and Settings\jaroslav\Data aplikací\Uniblue
2010-01-06 10:41:12 ----D---- C:\Program Files\Common Files\ParetoLogic
2010-01-06 10:41:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\ParetoLogic
2010-01-06 09:48:06 ----D---- C:\WINDOWS\system32\NtmsData
2010-01-03 20:53:04 ----A---- C:\WINDOWS\msa.exe
2010-01-03 20:52:26 ----A---- C:\WINDOWS\system32\sshnas.dll
2010-01-03 20:28:44 ----D---- C:\Documents and Settings\jaroslav\Data aplikací\SBMAV Disk Cleaner
2010-01-03 20:16:09 ----D---- C:\Documents and Settings\jaroslav\Data aplikací\URSoft
2010-01-03 20:15:59 ----D---- C:\Program Files\Your Uninstaller 2008
2010-01-02 22:24:41 ----D---- C:\Documents and Settings\jaroslav\Data aplikací\Enchanted Katya
2010-01-02 22:09:42 ----D---- C:\Documents and Settings\jaroslav\Data aplikací\Valusoft
2010-01-02 22:09:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\Valusoft
2010-01-02 21:59:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Go Go Gourmet
2010-01-02 19:55:51 ----D---- C:\Documents and Settings\jaroslav\Data aplikací\Merscom
2010-01-02 19:55:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Merscom
2010-01-02 15:59:06 ----D---- C:\WINDOWS\system32\temp
2010-01-02 15:58:33 ----A---- C:\WINDOWS\system32\lame_enc.dll
2010-01-02 15:58:33 ----A---- C:\WINDOWS\system32\Kara_ww.dll
2010-01-02 15:58:33 ----A---- C:\WINDOWS\system32\Kara_v.dll
2010-01-02 15:58:33 ----A---- C:\WINDOWS\system32\Kara_mx.dll
2010-01-02 15:58:33 ----A---- C:\WINDOWS\system32\Kara_K5.dll
2010-01-02 15:58:33 ----A---- C:\WINDOWS\system32\Kara_K.dll
2010-01-02 15:58:33 ----A---- C:\WINDOWS\system32\Kara_C.dll
2010-01-02 15:58:33 ----A---- C:\WINDOWS\system32\Kara__E.dll
2010-01-02 15:58:33 ----A---- C:\WINDOWS\system32\kara__ao.dll
2010-01-02 15:58:32 ----A---- C:\WINDOWS\system32\Bass.dll
2010-01-02 15:58:15 ----D---- C:\Program Files\Karaoke5
2010-01-02 15:03:41 ----A---- C:\WINDOWS\system32\erdmpg-6.dll
2010-01-02 15:02:20 ----D---- C:\Program Files\Common Files\Doblon
2010-01-02 15:02:14 ----D---- C:\Program Files\Doblon
2010-01-01 14:48:01 ----A---- C:\WINDOWS\pdf2word.INI
2010-01-01 14:18:56 ----A---- C:\WINDOWS\ConverterCore.INI
2010-01-01 14:12:52 ----D---- C:\Documents and Settings\jaroslav\Data aplikací\SolidDocuments
2010-01-01 14:12:25 ----D---- C:\Program Files\SolidDocuments
2010-01-01 14:12:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\SolidDocuments
2010-01-01 13:47:08 ----A---- C:\WINDOWS\pdf2text.INI
2009-12-31 16:22:21 ----D---- C:\Program Files\Shockwave.com
2009-12-29 19:49:34 ----D---- C:\Program Files\Foxit Software
2009-12-29 18:34:00 ----D---- C:\Documents and Settings\jaroslav\Data aplikací\Foxit
2009-12-29 15:43:47 ----D---- C:\Documents and Settings\jaroslav\Data aplikací\Mean Hamster
2009-12-29 15:43:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\Mean Hamster
2009-12-28 17:15:17 ----D---- C:\Documents and Settings\jaroslav\Data aplikací\Help
2009-12-28 15:20:52 ----D---- C:\Documents and Settings\jaroslav\Data aplikací\PlayFirst
2009-12-28 15:20:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\PlayFirst
2009-12-28 12:33:36 ----D---- C:\Documents and Settings\jaroslav\Data aplikací\ViquaSoft
2009-12-27 21:48:07 ----D---- C:\Program Files\Celebrity Toolbar
2009-12-27 20:45:43 ----D---- C:\Documents and Settings\jaroslav\Data aplikací\MMToolz
2009-12-27 15:45:14 ----D---- C:\Program Files\Ztrl
2009-12-26 14:24:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
2009-12-26 14:24:00 ----D---- C:\Program Files\Google
2009-12-26 14:23:10 ----D---- C:\Program Files\Common Files\Oberon Media
2009-12-24 14:20:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Trymedia
2009-12-23 23:01:09 ----D---- C:\Documents and Settings\jaroslav\Data aplikací\WebCam Recorder
2009-12-23 13:07:11 ----D---- C:\Documents and Settings\jaroslav\Data aplikací\Identities
2009-12-23 12:21:01 ----D---- C:\Program Files\GetFLV
2009-12-23 11:51:55 ----RAS---- C:\WINDOWS\system32\gfbaksm.dll
2009-12-23 11:49:38 ----A---- C:\WINDOWS\system32\gfkernel.dll
2009-12-21 13:03:04 ----D---- C:\WINDOWS\Camp Funshine - Carrie the Caregiver 3
2009-12-18 16:45:01 ----A---- C:\WINDOWS\uninst.exe
2009-12-17 14:15:10 ----D---- C:\Program Files\AbiWord
2009-12-17 12:17:28 ----A---- C:\WINDOWS\system32\Samba.ini
2009-12-17 12:17:21 ----A---- C:\WINDOWS\system32\DBCLIENT.DLL
2009-12-17 12:17:19 ----D---- C:\Program Files\Common Files\Borland Shared
2009-12-17 11:51:46 ----D---- C:\Program Files\Trell
2009-12-17 00:04:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\DBOData
2009-12-14 08:49:27 ----A---- C:\WINDOWS\CONTEXT.INI
2009-12-14 08:44:32 ----A---- C:\WINDOWS\thtitanc.INI
2009-12-13 23:23:55 ----D---- C:\Documents and Settings\jaroslav\Data aplikací\Media Player Classic
2009-12-13 21:31:54 ----A---- C:\WINDOWS\system32\unrar.dll
2009-12-13 21:31:53 ----A---- C:\WINDOWS\avisplitter.ini
2009-12-13 21:31:52 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2009-12-13 21:31:51 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2009-12-13 21:31:51 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-12-13 21:31:48 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2009-12-13 21:31:48 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2009-12-13 21:31:46 ----D---- C:\Program Files\K-Lite Codec Pack
2009-12-13 21:17:19 ----D---- C:\WINDOWS\lhsp
2009-12-13 21:16:57 ----D---- C:\WINDOWS\speech
2009-12-13 21:12:48 ----D---- C:\WINDOWS\system32\URTTEMP
2009-12-13 17:48:08 ----A---- C:\WINDOWS\system32\gdiplus.dll
2009-12-13 14:47:59 ----RSH---- C:\WINDOWS\system32\PlntCl.exe
2009-12-11 17:26:44 ----D---- C:\Documents and Settings\jaroslav\Data aplikací\WinRAR
2009-12-11 17:26:02 ----D---- C:\Program Files\WinRAR
2009-12-11 16:38:06 ----SHD---- C:\WINDOWS\ftpcache
2009-12-10 20:39:31 ----A---- C:\WINDOWS\system32\Iyvu9_32.dll
2009-12-10 20:39:31 ----A---- C:\WINDOWS\system32\Iacenc.dll
2009-12-10 20:39:28 ----D---- C:\Program Files\Intel
2009-12-10 20:38:55 ----A---- C:\WINDOWS\IsUninst.exe
2009-12-10 20:38:45 ----D---- C:\Program Files\WMV9_VCM
2009-12-09 23:11:11 ----N---- C:\WINDOWS\system32\ncVEAudio.dll
2009-12-09 23:11:11 ----N---- C:\WINDOWS\system32\ncvDS61.dll
2009-12-09 23:11:11 ----N---- C:\WINDOWS\system32\ncUtil62.dll
2009-12-09 23:11:11 ----N---- C:\WINDOWS\system32\NCTVideoCompress.dll
2009-12-09 23:11:11 ----N---- C:\WINDOWS\system32\ncSSTimer2.dll
2009-12-09 23:11:11 ----N---- C:\WINDOWS\system32\ncPopup2.dll
2009-12-09 23:11:11 ----N---- C:\WINDOWS\system32\ncIM.dll
2009-12-09 23:11:11 ----N---- C:\WINDOWS\system32\DartSecure2.dll
2009-12-09 23:11:11 ----N---- C:\WINDOWS\system32\DartCertificate.dll
2009-12-09 23:11:10 ----N---- C:\WINDOWS\system32\ncvvfw61.dll
2009-12-09 23:11:10 ----N---- C:\WINDOWS\system32\ncvul70.dll
2009-12-09 23:11:10 ----N---- C:\WINDOWS\system32\ncvul60.dll
2009-12-09 23:11:10 ----N---- C:\WINDOWS\system32\NCTAudioRecord2.dll
2009-12-09 23:11:10 ----N---- C:\WINDOWS\system32\NCTAudioPlayer2.dll
2009-12-09 23:11:10 ----N---- C:\WINDOWS\system32\ncRichEditUtility.dll
2009-12-09 23:11:10 ----N---- C:\WINDOWS\system32\ncHTTP.dll
2009-12-09 23:11:10 ----N---- C:\WINDOWS\system32\ncCompress.dll
2009-12-09 23:11:10 ----N---- C:\WINDOWS\system32\msvcr70.dll
2009-12-09 23:11:10 ----N---- C:\WINDOWS\system32\DartWebUtil.dll
2009-12-09 23:11:10 ----N---- C:\WINDOWS\system32\DartWebASP.dll
2009-12-09 23:11:10 ----N---- C:\WINDOWS\system32\DartSock.dll
2009-12-09 23:11:09 ----N---- C:\WINDOWS\system32\zlib32.dll
2009-12-09 23:11:09 ----N---- C:\WINDOWS\system32\nczlib.dll
2009-12-09 23:11:08 ----A---- C:\WINDOWS\system32\MSSTDFMT.DLL
2009-12-09 22:57:21 ----D---- C:\WINDOWS\system32\appmgmt
2009-12-09 19:05:07 ----D---- C:\Documents and Settings\jaroslav\Data aplikací\Groove Games
2009-12-09 15:04:41 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-12-08 13:23:55 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2009-12-08 11:11:47 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-08 10:02:49 ----D---- C:\Documents and Settings\jaroslav\Data aplikací\Thinstall
2009-12-07 22:55:56 ----RSD---- C:\WINDOWS\assembly
2009-12-07 22:54:44 ----D---- C:\WINDOWS\Microsoft.NET
2009-12-07 15:18:44 ----D---- C:\Program Files\Internet Download Manager
2009-12-07 14:54:49 ----D---- C:\Documents and Settings\jaroslav\Data aplikací\IDM
2009-12-07 13:05:11 ----A---- C:\WINDOWS\system32\PAStiSvc.exe
2009-12-07 13:05:04 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-12-07 13:04:35 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-07 13:04:22 ----D---- C:\WINDOWS\Pixart
2009-12-07 13:04:22 ----D---- C:\Program Files\Phenix-Q8
2009-12-07 13:04:22 ----D---- C:\Program Files\Common Files\PCCamera
2009-12-07 13:03:56 ----D---- C:\Program Files\Common Files\InstallShield

======List of files/folders modified in the last 1 months======

2010-01-06 15:44:21 ----RD---- C:\Program Files
2010-01-06 15:17:12 ----A---- C:\WINDOWS\win.ini
2010-01-06 15:12:23 ----D---- C:\Documents and Settings\jaroslav\Data aplikací\Skype
2010-01-06 15:11:49 ----SHD---- C:\WINDOWS\Installer
2010-01-06 14:56:01 ----D---- C:\Documents and Settings\jaroslav\Data aplikací\skypePM
2010-01-06 13:55:20 ----SD---- C:\Documents and Settings\jaroslav\Data aplikací\Microsoft
2010-01-06 13:54:54 ----D---- C:\WINDOWS
2010-01-06 13:50:07 ----D---- C:\WINDOWS\system32
2010-01-06 12:41:00 ----D---- C:\Documents and Settings\jaroslav\Data aplikací\DMCache
2010-01-06 12:36:47 ----D---- C:\Program Files\Mozilla Firefox
2010-01-06 12:35:45 ----D---- C:\WINDOWS\Temp
2010-01-06 12:34:22 ----D---- C:\WINDOWS\system32\drivers
2010-01-06 12:33:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-06 12:04:59 ----SD---- C:\WINDOWS\Tasks
2010-01-06 10:46:26 ----D---- C:\WINDOWS\Prefetch
2010-01-06 10:41:12 ----D---- C:\Program Files\Common Files
2010-01-06 10:37:23 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-06 10:28:15 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-06 09:44:30 ----SHD---- C:\System Volume Information
2010-01-06 00:03:36 ----A---- C:\WINDOWS\system.ini
2010-01-03 20:23:22 ----D---- C:\WINDOWS\security
2010-01-02 15:58:32 ----RSD---- C:\WINDOWS\Fonts
2009-12-31 16:40:20 ----HD---- C:\WINDOWS\inf
2009-12-27 20:15:00 ----D---- C:\WINDOWS\system32\config
2009-12-27 19:58:27 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-12-27 19:30:29 ----A---- C:\AUTOEXEC.BAT
2009-12-27 14:55:11 ----HD---- C:\$AVG8.VAULT$
2009-12-26 18:33:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-23 13:15:50 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2009-12-18 20:24:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG Security Toolbar
2009-12-17 14:15:42 ----D---- C:\WINDOWS\WinSxS
2009-12-17 11:35:46 ----HD---- C:\WINDOWS\PIF
2009-12-14 16:57:14 ----D---- C:\Program Files\UltraISO
2009-12-13 23:26:30 ----D---- C:\Program Files\Windows Media Connect 2
2009-12-13 21:13:53 ----D---- C:\WINDOWS\Registration
2009-12-13 21:13:33 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-09 22:57:21 ----D---- C:\Documents and Settings\jaroslav\Data aplikací\Mozilla
2009-12-09 15:01:10 ----D---- C:\WINDOWS\system32\mui
2009-12-09 15:01:09 ----D---- C:\Program Files\Internet Explorer
2009-12-08 10:16:20 ----D---- C:\Program Files\Free Window Registry Repair
2009-12-07 13:04:22 ----D---- C:\WINDOWS\twain_32

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-12-04 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-12-04 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-12-04 108552]
R3 ac97intc;Služba instalace zvukového ovladače Intel(r) (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-10-24 117760]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-04-13 1897408]
R3 PAC7311;Phenix-Q8; C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-10-18 154752]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-08-08 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-08-08 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-12-04 908056]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-12-04 297752]
S2 Abel;Abel; D:\Hacking\Cain\Abel.exe []
S2 ScReadSpool;SolidPDFConverterReadSpool; C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe [2006-11-02 184320]
S2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

[stell]

Pripoj USB-kluce
Stiahnes>>OTMoveIt3 by OldTimer >.podla navodu vloz text a klik-Moveit>>log po restarte vloz sem

Kód: Vybrat vše

:processes
explorer.exe

:files
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
C:\Documents and Settings\All Users\Dokumenty\Settings\cbss.dll
F:\RECYCLER
C:\WINDOWS\msa.exe
C:\WINDOWS\system32\sshnas.dll
D:\Hacking\Cain

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25f827ec-e3d7-11de-b953-0008021dc4e7}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25f827ee-e3d7-11de-b953-0008021dc4e7}]

:services
Abel

:commands
[purity]
[emptytemp]
[ClearAllRestorePoints]
[resethosts]
[start explorer]
[Reboot]

http://download.bleepingcomputer.com/ma ... -setup.exe
Stiahnes>>Malwarebytes' Anti-Malware
sprav komplet skan,,log vloz sem,

[jarek26]

No predtym musim povedat,ze skor ako som zacal to o co ste ma ziadali,tak som si dal scan cez avg,kde mi vyhladalo tiez msa.exe";shnas.dll" ako trojsky kun,a dalo mi to do-presunulo do trezoru,a este mi jedine naslo v jendom programe ,ze obsahuje makra,ine co bolo vypisalo zamceny subor -neotestovano.tak potom som urobil ten vas test:
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.
C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job moved successfully.
LoadLibrary failed for C:\Documents and Settings\All Users\Dokumenty\Settings\cbss.dll
File move failed. C:\Documents and Settings\All Users\Dokumenty\Settings\cbss.dll scheduled to be moved on reboot.
File/Folder F:\RECYCLER not found.
File/Folder C:\WINDOWS\msa.exe not found.
File/Folder C:\WINDOWS\system32\sshnas.dll not found.
File/Folder D:\Hacking\Cain not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25f827ec-e3d7-11de-b953-0008021dc4e7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25f827ec-e3d7-11de-b953-0008021dc4e7}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25f827ee-e3d7-11de-b953-0008021dc4e7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25f827ee-e3d7-11de-b953-0008021dc4e7}\ not found.
========== SERVICES/DRIVERS ==========
Service Abel stopped successfully!
Service Abel deleted successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: jaroslav
->Temp folder emptied: 792976 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 39231142 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 292352 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 39,00 mb


Restore points cleared and new OTM Restore Point set!
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTM by OldTimer - Version 3.1.4.0 log created on 01062010_170118

Files moved on Reboot...
File move failed. C:\Documents and Settings\All Users\Dokumenty\Settings\cbss.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...




A co dalej?este stale tam nieco mam?
Dakujem

[stell]

napisal som ti tam,,spust program malwarebytes,a zaroven si precitaj cerveny text v mojom podpise,

[jarek26]

Takze urobil som scan,kde ho davam nizsie,ale zatial som este nic neodstranil,ani nerestartoval pc,pretoze cakam ci to mozem vsetko odstranit,ci nieco nieje od instalacky windows,aby som nemusel preinstalovavat windows cely.a ak to odstranim a restartujem malo by to byt vsetko v poraidku?
Dakujem.
log:
Malwarebytes' Anti-Malware 1.43
Verze databáze: 3501
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

6.1.2010 17:45:23
mbam-log-2010-01-06 (17-45-14).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 101453
Uplynulý čas: 9 minute(s), 14 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 1
Infikované klíče registru: 9
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
C:\Documents and Settings\All Users\Dokumenty\Settings\cbss.dll (Trojan.Agent) -> No action taken.

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\4VDD85L8NF (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Zeldar (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Astrocom (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\NeoChronos (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\PUT2VIDQLG (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\B1RQJ7YJ0U (Trojan.FakeAlert) -> No action taken.

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\WINDOWS\system32\gfbaksm.dat (Malware.Packer.Morphine) -> No action taken.
C:\WINDOWS\system32\gfbaksm.dll (Malware.Packer.Morphine) -> No action taken.
C:\Documents and Settings\All Users\Dokumenty\Settings\cbss.dll (Trojan.Agent) -> No action taken.

[jarek26]

no odstranil som to :
Malwarebytes' Anti-Malware 1.43
Verze databáze: 3501
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

6.1.2010 18:00:30
mbam-log-2010-01-06 (18-00-30).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 101453
Uplynulý čas: 9 minute(s), 14 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 1
Infikované klíče registru: 9
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
C:\Documents and Settings\All Users\Dokumenty\Settings\cbss.dll (Trojan.Agent) -> Delete on reboot.

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\4VDD85L8NF (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Zeldar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Astrocom (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NeoChronos (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PUT2VIDQLG (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\B1RQJ7YJ0U (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\WINDOWS\system32\gfbaksm.dat (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gfbaksm.dll (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dokumenty\Settings\cbss.dll (Trojan.Agent) -> Delete on reboot.




po restarte som dal scan rychly a nenaslo mi uz nic,ale stale to nefunguje.

[stell]

clovece ty si dajaky iniciativny,co keby si zmazal systemovy subor??
pisal som precitaj cerveny text v podpise,ok
Spust este raz Malwarebytes,ale daj uplny skan,log vloz sem,

[jarek26]

posielam log:
Malwarebytes' Anti-Malware 1.43
Verze databáze: 3501
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

6.1.2010 19:20:16
mbam-log-2010-01-06 (19-20-16).txt

Typ kontroly: Kompletní kontrola (C:\|D:\|)
Zkontrolované objekty: 146914
Uplynulý čas: 44 minute(s), 1 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
D:\games\Nove\Stand_O__Food_2\Stand O' Food 2\Uninstall.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
D:\games\Nove\Sunset_Studio_Deluxe\Sunset_Studio_Deluxe_v1.0.0.25\THETA.nfo.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.

[stell]

PROSIM CITAJTE POZORNE NAVODY!!!,

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte>>
http://download.bleepingcomputer.com/sUBs/ComboFix.exe



Suhlasit instalacio Konzoly pre zotavenie (Recovery console)


- ComboFix je třeba spustit pod účtem s právy administrátora.
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano;

A este raz >ANO<

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího modreho okna

- Po dokončení skenování, trvajícího maximálně 10-15 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah do svého threadu na forum
- Před použitím ComboFixu je treba vypnout všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary. NAVOD: http://www.bleepingcomputer.com/forums/topic114351.html
Mohou zasahovat do činnosti ComboFixu, což může způsobit, že nebude fungovat korektně.
V případě detekce antiviru u ComboFixu se jedná o falešný poplach.

[jarek26]

ComboFix 10-01-04.01 - jaroslav 06.01.2010 19:51:41.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.383.128 [GMT 1:00]
Spuštěný z: c:\documents and settings\jaroslav\Plocha\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Dokumenty\Settings

----- BITS: Možné infikované stránky -----

hxxp://soft.export.yandex.ru
Nakažená kopie c:\windows\system32\DRIVERS\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty ate it :p
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS


((((((((((((((((((((((((( Soubory vytvořené od 2009-12-06 do 2010-01-06 )))))))))))))))))))))))))))))))
.

2010-01-06 16:32 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-06 16:32 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 16:01 . 2010-01-06 16:01 -------- d-----w- C:\_OTM
2010-01-06 14:44 . 2010-01-06 14:45 -------- d-----w- c:\program files\trend micro
2010-01-06 14:44 . 2010-01-06 14:45 -------- d-----w- C:\rsit
2010-01-06 13:54 . 2010-01-06 13:54 -------- d-----w- c:\program files\Siber Systems
2010-01-06 13:07 . 2010-01-06 13:07 -------- d-----w- c:\program files\Foundstone Free Tools
2010-01-06 12:54 . 2010-01-06 12:54 -------- d-----w- c:\windows\Downloaded Installations
2010-01-06 12:50 . 2010-01-06 12:50 274350 ----a-w- c:\windows\DJ Music Mixer Uninstaller.exe
2010-01-06 12:49 . 2010-01-06 12:53 -------- d-----w- c:\program files\DJ Music Mixer
2010-01-06 09:59 . 2010-01-06 11:33 367392 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-01-06 09:59 . 2010-01-06 11:33 19744 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-01-06 08:48 . 2010-01-06 08:48 -------- d-----w- c:\windows\system32\NtmsData
2010-01-03 19:15 . 2010-01-03 19:20 -------- d-----w- c:\program files\Your Uninstaller 2008
2010-01-02 14:59 . 2010-01-02 14:59 -------- d-----w- c:\windows\system32\temp
2010-01-02 14:58 . 2009-12-18 07:51 130560 ----a-w- c:\windows\system32\Kara_K.dll
2010-01-02 14:58 . 2009-11-27 14:48 12352 ----a-w- c:\windows\system32\Kara__E.dll
2010-01-02 14:58 . 2009-10-20 14:34 15936 ----a-w- c:\windows\system32\Kara_ww.dll
2010-01-02 14:58 . 2009-10-20 14:32 14456 ----a-w- c:\windows\system32\Kara_v.dll
2010-01-02 14:58 . 2009-10-20 14:28 17472 ----a-w- c:\windows\system32\Kara_C.dll
2010-01-02 14:58 . 2009-10-20 14:03 28760 ----a-w- c:\windows\system32\Kara_K5.dll
2010-01-02 14:58 . 2009-10-20 13:44 16448 ----a-w- c:\windows\system32\Kara_mx.dll
2010-01-02 14:58 . 2009-10-10 09:57 12864 ----a-w- c:\windows\system32\kara__ao.dll
2010-01-02 14:58 . 2006-10-03 13:33 462848 ----a-w- c:\windows\system32\lame_enc.dll
2010-01-02 14:58 . 2009-10-13 11:47 98872 ----a-w- c:\windows\system32\Bass.dll
2010-01-02 14:58 . 2010-01-02 14:58 -------- d-----w- c:\program files\Karaoke5
2010-01-02 14:03 . 2008-10-16 16:55 3799951 ----a-w- c:\windows\system32\erdmpg-6.dll
2010-01-02 14:02 . 2010-01-02 14:03 -------- d-----w- c:\program files\Common Files\Doblon
2010-01-02 14:02 . 2010-01-02 14:03 -------- d-----w- c:\program files\Doblon
2010-01-01 13:12 . 2010-01-01 13:12 -------- d-----w- c:\program files\SolidDocuments
2009-12-31 15:22 . 2009-12-31 15:22 -------- d-----w- c:\program files\Shockwave.com
2009-12-29 18:49 . 2010-01-01 18:04 -------- d-----w- c:\program files\Foxit Software
2009-12-27 20:48 . 2010-01-03 19:22 -------- d-----w- c:\program files\Celebrity Toolbar
2009-12-27 14:45 . 2010-01-04 18:39 -------- d-----w- c:\program files\Ztrl
2009-12-27 09:15 . 2009-12-27 09:15 921632 ----a-w- C:\PA7311.DAT
2009-12-26 17:32 . 2009-07-08 07:30 1053056 ----a-w- c:\windows\system32\drivers\V2WCDRV.sys
2009-12-26 13:24 . 2009-12-26 18:35 -------- d-----w- c:\program files\Google
2009-12-26 13:23 . 2009-12-26 13:23 -------- d-----w- c:\program files\Common Files\Oberon Media
2009-12-23 11:21 . 2009-12-23 11:36 -------- d-----w- c:\program files\GetFLV
2009-12-23 10:49 . 2009-12-23 10:51 640512 ----a-w- c:\windows\system32\gfkernel.dll
2009-12-21 12:03 . 2009-12-21 12:03 -------- d-----w- c:\windows\Camp Funshine - Carrie the Caregiver 3
2009-12-18 15:45 . 1999-03-23 08:12 299520 ----a-w- c:\windows\uninst.exe
2009-12-18 15:45 . 2009-12-18 15:45 -------- d-----w- c:\documents and settings\jaroslav\WINDOWS
2009-12-17 13:19 . 2009-12-27 20:15 -------- d-----w- c:\documents and settings\jaroslav\AbiSuite
2009-12-17 13:15 . 2009-12-17 13:16 -------- d-----w- c:\program files\AbiWord
2009-12-17 11:17 . 1999-01-20 04:01 210032 ----a-w- c:\windows\system32\DBCLIENT.DLL
2009-12-17 11:17 . 2009-12-17 11:17 -------- d-----w- c:\program files\Common Files\Borland Shared
2009-12-17 10:51 . 2010-01-04 18:40 -------- d-----w- c:\program files\Trell
2009-12-13 20:31 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-12-13 20:31 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-12-13 20:31 . 2009-06-07 15:24 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2009-12-13 20:31 . 2009-06-07 15:16 819200 ----a-w- c:\windows\system32\xvidcore.dll
2009-12-13 20:31 . 2009-12-11 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-13 20:31 . 2009-12-13 20:32 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-12-13 20:17 . 2009-12-13 20:17 -------- d-----w- c:\windows\lhsp
2009-12-13 20:16 . 2009-12-13 20:17 -------- d-----w- c:\windows\speech
2009-12-13 20:12 . 2009-12-13 20:12 -------- d-----w- c:\windows\system32\URTTEMP
2009-12-13 16:48 . 2001-09-05 19:00 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2009-12-13 13:47 . 2009-12-13 13:47 69120 --sh--r- c:\windows\system32\PlntCl.exe
2009-12-11 15:38 . 2009-12-11 15:38 -------- d-sh--w- c:\windows\ftpcache
2009-12-10 19:39 . 1998-11-18 15:33 144384 ----a-w- c:\windows\system32\Iacenc.dll
2009-12-10 19:39 . 1997-06-13 07:56 56832 ----a-w- c:\windows\system32\Iyvu9_32.dll
2009-12-10 19:39 . 2009-12-10 19:39 -------- d-----w- c:\program files\Intel
2009-12-10 19:38 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-12-10 19:38 . 2009-12-10 19:38 -------- d-----w- c:\program files\WMV9_VCM
2009-12-09 14:04 . 2009-12-09 14:04 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-08 10:11 . 2009-12-08 10:43 -------- dc----w- c:\windows\system32\DRVSTORE
2009-12-08 08:53 . 2008-04-13 23:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-06 11:33 . 2010-01-06 09:59 5996 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-01-06 11:33 . 2010-01-06 09:59 2900 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-01-04 18:31 . 2009-12-27 14:45 5 ----a-w- c:\program files\trl.trl
2010-01-03 19:23 . 2009-12-07 14:18 -------- d-----w- c:\program files\Internet Download Manager
2009-12-17 10:35 . 2009-12-17 10:35 2855 ----a-w- c:\windows\PIF\prvolby.PIF
2009-12-14 16:30 . 2009-12-07 12:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-14 16:30 . 2009-12-07 12:03 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-14 15:57 . 2009-12-04 20:55 -------- d-----w- c:\program files\UltraISO
2009-12-13 22:26 . 2009-12-04 18:51 -------- d-----w- c:\program files\Windows Media Connect 2
2009-12-13 20:13 . 2001-10-25 12:00 75146 ----a-w- c:\windows\system32\perfc005.dat
2009-12-13 20:13 . 2001-10-25 12:00 403374 ----a-w- c:\windows\system32\perfh005.dat
2009-12-13 14:38 . 2009-12-04 18:56 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-13 14:38 . 2009-12-04 18:56 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-12-08 09:16 . 2009-12-04 20:45 -------- d-----w- c:\program files\Free Window Registry Repair
2009-12-07 12:04 . 2009-12-07 12:04 -------- d-----w- c:\program files\Phenix-Q8
2009-12-07 12:04 . 2009-12-07 12:04 -------- d-----w- c:\program files\Common Files\PCCamera
2009-12-05 22:16 . 2009-12-04 18:56 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-12-05 12:37 . 2009-12-05 12:37 4096 ----a-w- c:\windows\d3dx.dat
2009-12-05 07:37 . 2009-12-04 20:42 -------- d-----w- c:\program files\The KMPlayer
2009-12-04 21:56 . 2009-12-04 21:54 -------- d-----w- c:\program files\Common Files\Ahead
2009-12-04 21:54 . 2009-12-04 21:54 -------- d-----w- c:\program files\Nero
2009-12-04 21:50 . 2009-12-04 21:27 -------- d-----w- c:\program files\Scorpions WinCheater
2009-12-04 21:38 . 2009-12-04 20:46 -------- d-----w- c:\program files\totalcmd
2009-12-04 21:34 . 2009-12-04 21:34 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-04 21:31 . 2009-12-04 21:29 -------- d-----r- c:\program files\Skype
2009-12-04 21:29 . 2009-12-04 21:29 -------- d-----w- c:\program files\Common Files\Skype
2009-12-04 20:58 . 2009-12-04 20:58 0 ----a-w- c:\windows\nsreg.dat
2009-12-04 20:48 . 2009-12-04 20:48 -------- d-----w- c:\program files\CCleaner
2009-12-04 20:47 . 2009-12-04 20:47 -------- d-----w- c:\program files\MMToolz
2009-12-04 20:23 . 2009-12-04 19:46 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-04 20:23 . 2009-12-04 19:46 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-04 20:23 . 2009-12-04 19:46 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-04 20:23 . 2009-12-04 19:46 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-04 20:22 . 2009-12-04 19:46 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-12-04 19:46 . 2009-12-04 19:46 -------- d-----w- c:\program files\AVG
2009-12-04 18:58 . 2009-12-04 18:58 -------- d-----w- c:\program files\microsoft frontpage
2009-12-04 18:52 . 2009-12-04 18:52 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-06 12:59 . 2009-12-27 20:48 192512 ----a-w- c:\program files\mozilla firefox\components\mhxpcom.dll
.

------- Sigcheck -------

[-] 2008-08-08 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Celebrity Toolbar\tbhelper.dll" [2009-05-07 355840]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 ----a-w- c:\program files\Celebrity Toolbar\tbcore3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:02 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D62EC836-BF1E-4CAC-81BE-FB9179835D8E}]
2009-12-06 12:59 217088 ----a-w- c:\program files\Celebrity Toolbar\mhxpcomi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Celebrity Toolbar\tbcore3.dll" [2009-05-07 2642432]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Celebrity Toolbar\tbcore3.dll" [2009-05-07 2642432]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-12-07 3171760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-04 20:23 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [4.12.2009 20:46 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4.12.2009 20:46 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4.12.2009 20:46 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [4.12.2009 20:46 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4.12.2009 21:23 297752]
R3 PAC7311;Phenix-Q8;c:\windows\system32\drivers\PA707UCM.SYS [18.10.2005 11:48 154752]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - c:\program files\Celebrity Toolbar\mhxpcomi.dll
FF - ProfilePath - c:\documents and settings\jaroslav\Data aplikací\Mozilla\Firefox\Profiles\vp23gnk6.default\
FF - prefs.js: browser.search.selectedEngine - Hledat
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
FF - component: c:\documents and settings\jaroslav\Data aplikací\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\Mozilla Firefox\components\mhxpcom.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-*{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-06 19:59
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2756)
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\program files\Internet Download Manager\idmmkb.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
c:\windows\System32\PAStiSvc.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Celkový čas: 2010-01-06 20:02:02 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-06 19:01

Před spuštěním: 2 647 019 520
Po spuštění: 2 624 909 312

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 66BAE30D131ABDAE69C9727F07D9E73B




Chcem sa spitat je vsetko uz v poriadku?
Dakujem pekne

[stell]

stiahnes na plochu>Download>spustis>>vloz zeleny text a klik >look,,log vloz sem

Kód: Vybrat vše

:filefind
atapi.sys

[jarek26]

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 20:17 on 06/01/2010 by jaroslav (Administrator - Elevation successful)

========== filefind ==========

Searching for "atapi.sys"
C:\WINDOWS\ERDNT\cache\atapi.sys --a--- 96512 bytes [19:00 06/01/2010] [22:10 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\dllcache\atapi.sys --a--c 96512 bytes [22:10 13/04/2008] [22:10 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\drivers\atapi.sys ------ 96512 bytes [22:10 13/04/2008] [22:10 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674

-=End Of File=-

[stell]

ok,odinstaluj combofix
klik start>klik>spustit>zkopiruj prikaz do okna
combofix /uninstall klikni na ok,combofix sa spusti a odinstaluje sa.
spust OTMOVEIT>klik Cleanup,yes,yes,

Stáhni, nainstaluj program CCleaner - http://www.ccleaner.com/download/downloadpage.aspx?f=2
- PravyKlik na kos-spustit ccleaner ->>>Cakas>>na cistenie,,
PravyKlik na kos-otvorit ccleaner-záložka Windows a stiskni Analyzovat a poté Spustit Cleaner
- Klikni na záložku Aplikace a stiskni Analyzovat a poté Spustit Cleaner
- Klikni na Registry, stiskni Hledej problémy, po dokončení skenování klikni na Opravit vybrané problémy,
-zvol Ano pro vytvoření zálohy, ulož nabídnutý soubor a klikni na Opravit všechny problémy,Pokrocile,nababraj,vsetko nechaj tak nastavene ako je,

Preskanujes pc programom Cureit,nakolko log sa mi nepaci,

DrWeb-CureIt
stiahni ho na plochu a zatial nespustaj,,
Restart do nudzoveho rezimu>>2x>klik a spustis>klik >NO>ok>
ak vyskoci >>zelene okno>zatvoris>>v pravo hore krizikom,,
>.>>Tlacitkom Start spustis skener,[prebehne expres scan(Toto je krátke skenovanie súborov v súčasnosti bežíaci v pamäti, boot sektory, a cielené zložiek).]
Ak sa zobrazí výzva na prevzatie plnej verzii Free Trial, jednoducho ignorovať a kliknite na tlačidlo X zatvoríte okno.
Ak sa pri tomto kratkom scane najdu infikovane subory, klikni na
"Vyber vsetky" -> "Liecit" -> " Cure> Presunúť nevyliečiteľné. ".
budu v zlozke C: \ Documents and Settings \ userprofile \ DoctorWeb \ Quarantine v prípade, že sa nedá liečiť)
[*] Vo vrchnom menu klikni na "Volby" -> "Zmenit Nastavenia" a vyfajkni [zrus]>>Heuristicka analyza a Vyzva na akciu -> "OK">Pouzit<<. Vrat sa naspat do hlavneho menu, v nom zvol komplet scan a klikni na zelenu sipku naprvo pod logom Dr. Web.
[*] Ked bude scan hotovy, vo vrchnom menu klik na "File" a zvol "Uloz...". Uloz log na plochu a vloz ho sem. Nezabudni restartovat PC.[/list]
Reštartovať počítač, pretože je mozne že súbory bude presunutý / odstránený az pri reštarte.
Po reštarte, obsah protokolu z Dr.Web.cvs -otvor v poznamkovom bloku a vloz sem,
toto skenovanie môže trvať dlhší čas