Preventivní kontrola Vyřešeno

[Mous]

Prosím o preventivní kontrolu.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:14:26, on 21.1.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Users\Mous\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
E:\Miranda IM KP v4.2\miranda32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\Mous\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [FileUploader] E:\Share-Rapid Manager\SRDownloader.exe /min
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RelevantKnowledge - Unknown owner - C:\Program Files\RelevantKnowledge\rlservice.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--
End of file - 7806 bytes

[Reklama]

[Damned]

Máš tam MbAM, aktualizuj a spusť ho, vlož mi sem potom výsledný log.

[Mous]

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3615
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

22.1.2010 16:51:16
mbam-log-2010-01-22 (16-51-16).txt

Typ kontroly: Kompletní kontrola (C:\|)
Zkontrolované objekty: 194913
Uplynulý čas: 24 minute(s), 44 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

[Damned]

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Mous]

ComboFix 10-01-21.08 - Mous 22.01.2010 20:29:28.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1033.18.3063.1978 [GMT 1:00]
Spuštěný z: c:\users\Mous\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Symantec Endpoint Protection *disabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\temp
c:\users\Mous\AppData\Roaming\inst.exe
c:\users\Mous\AppData\Roaming\Microsoft\AdjMmsVista.dll
c:\users\Mous\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_RelevantKnowledge


((((((((((((((((((((((((( Soubory vytvořené od 2009-12-22 do 2010-01-22 )))))))))))))))))))))))))))))))
.

2099-12-24 16:10 . 2099-12-24 16:10 -------- d-----w- c:\program files\F-Secure
2099-12-24 07:16 . 2099-12-24 07:44 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2099-12-24 07:16 . 2099-12-24 07:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2099-12-23 21:04 . 2010-01-22 11:56 -------- d-----w- c:\users\Mous\AppData\Roaming\Hamachi
2099-12-23 21:04 . 2009-11-25 16:50 -------- d-----w- c:\program files\Hamachi
2010-01-21 21:14 . 2010-01-21 21:14 -------- d-----w- c:\program files\Trend Micro
2010-01-21 19:25 . 2010-01-21 19:25 -------- d-----w- c:\users\Mous\AppData\Roaming\Malwarebytes
2010-01-21 19:25 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-21 19:25 . 2010-01-21 19:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-21 19:25 . 2010-01-21 19:25 -------- d-----w- c:\programdata\Malwarebytes
2010-01-21 19:25 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-21 19:18 . 2009-12-14 09:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100121.005\CCERASER.DLL
2010-01-21 19:18 . 2009-11-16 09:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100121.005\NAVENG.SYS
2010-01-21 19:18 . 2009-11-16 09:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100121.005\EECTRL.SYS
2010-01-21 19:18 . 2009-11-16 09:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100121.005\ECMSVR32.DLL
2010-01-21 19:18 . 2009-11-16 09:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100121.005\NAVENG32.DLL
2010-01-21 19:18 . 2009-11-16 09:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100121.005\NAVEX32A.DLL
2010-01-21 19:18 . 2009-11-16 09:00 1323568 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100121.005\NAVEX15.SYS
2010-01-21 19:18 . 2009-11-16 09:00 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100121.005\ERASER.SYS
2010-01-20 19:12 . 2009-04-20 21:12 149768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\cndcipsdefs\20100119.001\WPSHelper.sys
2010-01-05 18:13 . 2010-01-05 18:13 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-05 18:13 . 2010-01-05 18:13 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-05 18:13 . 2010-01-05 18:13 -------- d-----w- c:\program files\OpenAL
2010-01-05 18:12 . 2010-01-05 18:13 -------- d-----w- c:\program files\Zombie Driver
2010-01-04 23:06 . 2010-01-04 23:06 -------- d-----w- c:\programdata\Martau
2010-01-04 23:06 . 2010-01-04 23:06 -------- d-----w- c:\program files\Total Uninstall 5
2010-01-04 16:55 . 2010-01-04 16:55 -------- d-----w- c:\programdata\Futuremark
2010-01-04 16:33 . 2010-01-04 16:33 -------- d-----w- c:\windows\system32\Futuremark
2010-01-04 16:33 . 2010-01-04 16:33 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2010-01-04 16:33 . 2008-04-22 07:53 27672 ----a-r- c:\windows\system32\drivers\Entech.sys
2010-01-04 16:32 . 2010-01-04 16:32 -------- d-----w- c:\program files\Futuremark
2010-01-04 16:32 . 2010-01-04 16:32 -------- d-----w- c:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP
2010-01-04 16:30 . 2010-01-04 16:30 -------- d-----w- c:\users\Mous\AppData\Roaming\InstallShield
2010-01-03 13:11 . 2010-01-03 13:11 -------- d-----w- C:\Diskeeper
2010-01-03 13:07 . 2009-10-21 00:04 45232 ----a-w- c:\windows\system32\drivers\DKRtWrt.sys
2010-01-03 13:07 . 2010-01-03 13:07 -------- d-----w- c:\programdata\Diskeeper Corporation
2010-01-03 13:07 . 2010-01-03 13:07 -------- d-----w- c:\program files\Common Files\Diskeeper Corporation
2010-01-03 13:07 . 2010-01-03 13:07 -------- d-----w- c:\program files\Windows Home Server
2010-01-03 13:07 . 2010-01-03 13:07 -------- d-----w- c:\program files\Diskeeper Corporation
2010-01-01 21:34 . 2010-01-01 21:34 -------- d-----w- c:\users\Mous\AppData\Local\Divinity 2
2010-01-01 21:32 . 2010-01-01 21:32 -------- d-----w- c:\programdata\Divinity 2
2010-01-01 01:12 . 2010-01-01 01:12 -------- d-----w- c:\users\Mous\AppData\Roaming\DAEMON Tools
2010-01-01 01:09 . 2010-01-01 01:09 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-01 01:09 . 2010-01-01 01:09 -------- d-----w- c:\users\Mous\AppData\Roaming\DAEMON Tools Pro
2010-01-01 01:08 . 2010-01-01 01:08 0 ----a-w- C:\run_dll.exe
2010-01-01 01:08 . 2010-01-01 01:08 0 ----a-w- C:\client_extractor.exe
2010-01-01 01:08 . 2010-01-01 01:08 0 ----a-w- C:\dll_loading_1.1652.0.exe
2010-01-01 00:55 . 2008-07-12 07:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-01-01 00:55 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-01-01 00:55 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-01-01 00:50 . 2010-01-01 00:50 -------- d-----w- c:\program files\Codemasters
2009-12-30 20:20 . 2010-01-04 23:09 -------- d-----w- c:\users\Mous\AppData\Roaming\Vso
2009-12-30 20:20 . 2009-12-30 20:20 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-30 20:20 . 2009-12-30 20:20 47360 ----a-w- c:\users\Mous\AppData\Roaming\pcouffin.sys
2009-12-30 20:20 . 2009-12-30 20:20 -------- d-----w- c:\program files\DVDFab 6
2009-12-30 20:17 . 2009-12-30 20:17 -------- d-----w- c:\programdata\DVD Shrink
2009-12-30 20:17 . 2009-12-30 20:17 -------- d-----w- c:\program files\DVD Shrink
2009-12-30 20:10 . 2009-12-30 20:10 -------- d-----w- c:\users\Mous\AppData\Roaming\Nero
2009-12-29 23:18 . 2009-12-29 23:18 -------- d-----w- c:\users\Mous\AppData\Roaming\Ventrilo
2009-12-29 23:14 . 2009-12-29 23:14 -------- d-----w- c:\windows\Trine v1.04 Steam Update
2009-12-29 23:09 . 2009-12-31 00:14 -------- d-----w- c:\program files\Trine
2009-12-29 20:56 . 2009-12-29 20:56 -------- d-----w- c:\program files\Alawar
2009-12-28 12:08 . 2009-12-28 12:14 -------- d-----w- c:\users\Mous\AppData\Roaming\GetRight

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-22 19:37 . 2009-12-05 22:46 -------- d-----w- c:\users\Mous\AppData\Roaming\Skype
2010-01-22 19:37 . 2009-12-05 22:49 -------- d-----w- c:\users\Mous\AppData\Roaming\skypePM
2010-01-22 19:35 . 2009-11-26 19:29 -------- d-----w- c:\programdata\NVIDIA
2010-01-22 11:47 . 2009-11-20 17:10 634392 ----a-w- c:\windows\system32\perfh005.dat
2010-01-22 11:47 . 2009-11-20 17:10 124754 ----a-w- c:\windows\system32\perfc005.dat
2010-01-21 21:09 . 2009-07-30 00:13 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-04 16:33 . 2009-11-23 12:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-04 16:32 . 2009-11-26 19:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-01 13:16 . 2009-07-30 00:11 -------- d-----w- c:\programdata\Nero
2010-01-01 13:16 . 2009-07-30 00:11 -------- d-----w- c:\program files\Nero
2010-01-01 13:16 . 2009-07-30 00:11 -------- d-----w- c:\program files\Common Files\Nero
2009-12-31 20:20 . 2009-11-20 16:53 109216 ----a-w- c:\users\Mous\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-28 12:15 . 2009-12-14 18:45 -------- d-----w- c:\users\Mous\AppData\Roaming\Hide IP NG
2009-12-27 12:21 . 2009-11-21 21:31 -------- d-----w- c:\program files\Cheat Engine
2009-12-17 19:30 . 2009-12-17 19:30 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2009-12-14 18:48 . 2009-12-14 18:48 -------- d-----w- c:\program files\ProxyShell
2009-12-14 18:36 . 2009-12-14 18:34 -------- d-----w- c:\program files\PingFu Iris
2009-12-14 18:35 . 2009-12-14 18:34 -------- d-----w- c:\users\Mous\AppData\Roaming\ArtOfPing
2009-12-14 09:00 . 2009-12-14 09:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\CCERASER.DLL
2009-12-10 20:38 . 2009-12-10 20:37 -------- d-----w- c:\users\Mous\AppData\Roaming\IObit
2009-12-09 21:06 . 2009-12-09 20:51 -------- d-----w- c:\program files\GamePark
2009-12-09 18:55 . 2009-12-09 18:55 -------- d-----w- c:\users\Mous\AppData\Roaming\Leadertech
2009-12-09 18:48 . 2009-11-23 12:10 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-08 16:42 . 2009-12-08 16:42 -------- d-----w- c:\program files\Common Files\PCSuite
2009-12-08 16:42 . 2009-12-08 16:42 -------- d-----w- c:\program files\Common Files\Nokia
2009-12-08 16:42 . 2009-12-05 15:14 -------- d-----w- c:\program files\Nokia
2009-12-08 16:42 . 2009-12-08 16:42 -------- d-----w- c:\program files\PC Connectivity Solution
2009-12-08 16:41 . 2009-12-08 16:41 95232 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2009-12-08 16:41 . 2009-12-08 16:41 8192 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2009-12-08 16:41 . 2009-12-08 16:41 61440 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-12-08 16:41 . 2009-12-08 16:41 10240 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2009-12-08 16:40 . 2009-12-05 15:09 -------- d-----w- c:\programdata\Installations
2009-12-08 16:40 . 2009-12-08 16:41 34698816 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_cze.exe
2009-12-07 16:52 . 2009-12-07 16:52 -------- d-----w- c:\program files\ShowMyPCService
2009-12-07 15:48 . 2009-12-07 15:48 -------- d-----w- c:\users\Mous\AppData\Roaming\teamspeak2
2009-12-05 22:49 . 2009-12-05 22:49 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-05 22:46 . 2009-12-05 22:46 -------- d-----w- c:\program files\Common Files\Skype
2009-12-05 22:46 . 2009-12-05 22:46 -------- d-----r- c:\program files\Skype
2009-12-05 22:46 . 2009-12-05 22:46 -------- d-----w- c:\programdata\Skype
2009-12-05 21:38 . 2009-12-05 21:38 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-12-05 19:25 . 2009-12-05 19:25 -------- d-----w- c:\users\Mous\AppData\Roaming\Spore
2009-12-05 15:26 . 2009-12-05 15:07 -------- d-----w- c:\users\Mous\AppData\Roaming\Audacity
2009-12-05 15:20 . 2009-12-05 15:19 -------- d-----w- c:\program files\AudioCommander
2009-12-05 15:19 . 2009-12-05 15:19 -------- dc-h--w- c:\programdata\{402F10B9-711E-4EF4-BC0E-AFE669ACC04C}
2009-12-05 15:16 . 2009-12-05 15:15 -------- d-----w- c:\users\Mous\AppData\Roaming\Nokia
2009-12-05 15:15 . 2009-12-05 15:15 -------- d-----w- c:\users\Mous\AppData\Roaming\PC Suite
2009-12-05 15:15 . 2009-12-05 15:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-12-05 15:15 . 2009-12-05 15:15 -------- d-----w- c:\programdata\PC Suite
2009-12-05 15:15 . 2009-12-05 15:15 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-12-05 15:15 . 2009-12-05 15:15 -------- d-----w- c:\program files\DIFX
2009-12-05 15:09 . 2009-12-05 15:09 95232 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-12-05 15:09 . 2009-12-05 15:09 8192 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-12-05 15:09 . 2009-12-05 15:09 61440 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-12-05 15:09 . 2009-12-05 15:09 10240 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-12-05 15:09 . 2009-12-05 15:09 33921368 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_cze_web.exe
2009-12-05 15:07 . 2009-12-05 15:07 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2009-12-05 15:06 . 2009-12-05 15:05 -------- d-----w- c:\program files\Magic Audio Editor Pro
2009-12-03 18:03 . 2009-12-03 18:03 -------- d-----w- c:\programdata\Blizzard Entertainment
2009-12-03 15:32 . 2009-12-03 15:32 -------- d-----w- c:\programdata\Blizzard
2009-12-02 14:34 . 2009-07-30 00:09 -------- d-----w- c:\program files\Java
2009-12-01 20:00 . 2009-12-01 17:17 -------- d-----w- c:\program files\Algebrator
2009-11-27 21:19 . 2009-11-27 21:18 -------- d-----w- c:\programdata\PMB Files
2009-11-27 21:18 . 2009-11-27 21:18 -------- d-----w- c:\program files\Pando Networks
2009-11-26 19:29 . 2009-11-26 19:28 -------- d-----w- c:\program files\NVIDIA Corporation
2009-11-26 19:28 . 2009-11-26 19:28 -------- d-----w- c:\program files\AGEIA Technologies
2009-11-25 16:50 . 2009-11-25 16:50 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-11-24 19:07 . 2009-11-24 19:07 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-11-23 21:34 . 2009-11-23 21:34 -------- d-----w- c:\program files\DAMN NFO Viewer
2009-11-21 20:01 . 2009-11-21 20:01 1078 ----a-r- c:\users\Mous\AppData\Roaming\Microsoft\Installer\{484886B5-B589-4133-A2EB-8FF147F68ABE}\_294823.exe
2009-11-20 19:33 . 2009-11-20 19:33 812648 ----a-w- c:\windows\system32\nvsvc.dll
2009-11-20 19:33 . 2009-11-20 19:33 66664 ----a-w- c:\windows\system32\nvshext.dll
2009-11-20 19:33 . 2009-11-20 19:33 1323624 ----a-w- c:\windows\system32\nvsvcr.dll
2009-11-20 19:33 . 2009-11-20 19:33 12685928 ----a-w- c:\windows\system32\nvcpl.dll
2009-11-20 19:33 . 2009-11-20 19:33 122984 ----a-w- c:\windows\system32\nvvsvc.exe
2009-11-20 19:33 . 2009-11-20 19:33 110184 ----a-w- c:\windows\system32\nvmctray.dll
2009-11-20 19:16 . 2009-11-20 19:16 0 ----a-w- c:\windows\nsreg.dat
2009-11-20 18:18 . 2009-12-08 16:21 4990056 ----a-w- c:\windows\system32\NVStWiz.exe
2009-11-20 17:08 . 2009-11-20 17:10 36232 ----a-w- c:\windows\system32\perfd005.dat
2009-11-20 17:08 . 2009-11-20 17:10 292004 ----a-w- c:\windows\system32\perfi005.dat
2009-11-20 17:08 . 2009-11-20 17:09 36232 ----a-w- c:\windows\inf\PERFLIB\0405\perfd.dat
2009-11-20 17:08 . 2009-11-20 17:09 36232 ----a-w- c:\windows\inf\PERFLIB\0405\perfc.dat
2009-11-20 17:08 . 2009-11-20 17:09 292004 ----a-w- c:\windows\inf\PERFLIB\0405\perfi.dat
2009-11-20 17:08 . 2009-11-20 17:09 292004 ----a-w- c:\windows\inf\PERFLIB\0405\perfh.dat
2009-11-16 09:00 . 2009-11-16 09:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVENG.SYS
2009-11-16 09:00 . 2009-11-16 09:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\EECTRL.SYS
2009-11-16 09:00 . 2009-11-16 09:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ECMSVR32.DLL
2009-11-16 09:00 . 2009-11-16 09:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVENG32.DLL
2009-11-16 09:00 . 2009-11-16 09:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVEX32A.DLL
2009-11-16 09:00 . 2009-11-16 09:00 1323568 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVEX15.SYS
2009-11-16 09:00 . 2009-11-16 09:00 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ERASER.SYS
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Mous\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-11-20 135664]
"FileUploader"="e:\share-rapid manager\SRDownloader.exe" [2009-12-27 468992]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-11-27 2923192]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-02-12 115560]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-06 7600672]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\users\Mous\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-11-25 624416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"TuneUp Utilities"=c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

R2 cpuz132;cpuz132;c:\windows\System32\drivers\cpuz132_x32.sys [22.11.2009 17:14 12672]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [24.12.2099 8:16 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [20.11.2009 19:17 240232]
R3 DKRtWrt;DKRtWrt;c:\windows\System32\drivers\DKRtWrt.sys [3.1.2010 14:07 45232]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3.1.2010 19:44 102448]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [22.5.2009 15:52 167936]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [1.1.2010 2:09 717296]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [18.11.2008 18:17 23888]
.
Obsah adresáře 'Naplánované úlohy'

2010-01-22 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-07-30 08:55]

2010-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-929804540-3650226206-110450735-1001Core.job
- c:\users\Mous\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-20 16:54]

2010-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-929804540-3650226206-110450735-1001UA.job
- c:\users\Mous\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-20 16:54]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Mous\AppData\Roaming\Mozilla\Firefox\Profiles\rtnkxsg1.default\
FF - plugin: c:\users\Mous\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.proxy.type - 0
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

SafeBoot-Symantec Antvirus



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GarenaPEngine]
"ImagePath"="\??\c:\users\Mous\AppData\Local\Temp\KXXA66D.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(2848)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\taskhost.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\users\Mous\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2010-01-22 20:39:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-22 19:39

Před spuštěním: 4 265 943 040 bytes free
Po spuštění: 3 913 596 928 bytes free

- - End Of File - - 9A5EC4FAE9526200049DEE4FFDCC7A44

[Damned]

Toto jsou co za čarokrásný soubory?
C:\run_dll.exe
C:\client_extractor.exe
C:\dll_loading_1.1652.0.exe

[Mous]

to fakt netuším, ale jsou krásně velké 0

[Damned]

Našel jsem, že by to mohli být původci červa. Asi ho už vidím.

Symantec budeš měnit za F-Secure? Je tam složka od F-Secure.

Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.

c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe

[Mous]

Nebudu
ten první
a druhý

[Damned]

Tak uděláme nejdříve toto:

Stáhni si :Dr. Web CureIt nebo z http://www.majorgeeks.com/Dr.Web_CureIT_d4783.html dej update , po aktualizaci dej start.

Tlačítky dole můzeš soubor léčit, smazat, přesunout nebo přejmenovat.Pak napiš výsledek. Sken může trvat dlouho. Nalezenou infekci nejdříve léčit, potom teprve smazat. Pokud něco najde ve složce System Volume Information, tak smazat.

[Mous]

Hodilo to tam automaticky expresní kontrolu a nic nenašlo.

[Damned]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
C:\run_dll.exe
C:\client_extractor.exe
C:\dll_loading_1.1652.0.exe
c:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP
c:\users\Mous\AppData\Local\Temp\KXXA66D.tmp

Folder::
c:\program files\F-Secure
c:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GarenaPEngine]




Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu