Jump to content

check PC


Guest

Recommended Posts

hi please check PC from my frends

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.65.1.1000

www.malwarebytes.org

Verze databáze: v2012.12.22.07

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

jaroslav :: JAKE [administrátor]

Ochrana: Zakázána

12/23/2012 1:25:17 PM

mbam-log-2012-12-23 (13-25-17).txt

Typ: Rychlá kontrola

Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM

Nastavení kontroly zakázáno: P2P

Kontrolované objekty: 198693

Uplynulý čas: 19 minut, 31 sekund

Nalezené procesy v paměti: 0

(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0

(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0

(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0

(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0

(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0

(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0

(Žádné škodlivé položky nebyly zjištěny)

(konec)

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702

Run by jaroslav at 13:17:04 on 2012-12-23

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1527.675 [GMT 0:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

============== Running Processes ================

.

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\jaroslav\Desktop\WAREZ\msert.exe

C:\Program Files\Opera\opera.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\System32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.landing.savetubevideo.com/index.php?from=3

uInternet Connection Wizard,ShellNext = hxxp://www.msn.co.uk/

uProxyServer = 81.89.63.129:8080

uProxyOverride = <local>

uURLSearchHooks: {2877A654-1C9F-4cb5-8438-16022B2FDD9C} - <orphaned>

uURLSearchHooks: PC Tools Browser Guard: {472734EA-242A-422b-ADF8-83D1E48CC825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll

mURLSearchHooks: {2877A654-1C9F-4cb5-8438-16022B2FDD9C} - <orphaned>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll

TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoResolveTrack = dword:1

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoResolveTrack = dword:1

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Pridat do Anti-Banner - <no file>

IE: Pridat do Anti-Banner - <no file>

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 88.81.100.2 88.81.98.4

TCP: Interfaces\{FA3B0640-3A31-4E85-B706-48EB089FFE08} : DHCPNameServer = 88.81.100.2 88.81.98.4

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]

R1 MpKsl03d990a9;MpKsl03d990a9;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1bcbb2d2-0d1e-41a2-a782-4b15c2708314}\MpKsl03d990a9.sys [2012-12-23 29904]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools\pc tools security\bdt\BDTUpdateService.exe [2012-12-23 580728]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-12-23 399432]

R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2012-8-18 32896]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-15 22856]

R4 PCTCore;PCTools KDS;c:\windows\system32\drivers\pctcore.sys --> c:\windows\system32\drivers\PCTCore.sys [?]

R4 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctds.sys --> c:\windows\system32\drivers\pctDS.sys [?]

R4 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctefa.sys --> c:\windows\system32\drivers\pctEFA.sys [?]

R4 pctgntdi;pctgntdi;\??\c:\windows\system32\drivers\pctgntdi.sys --> c:\windows\system32\drivers\pctgntdi.sys [?]

R4 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-12-23 202280]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-12-23 40776]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]

S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2012-12-23 62688]

.

=============== Created Last 30 ================

.

2012-12-23 12:47:28 60872 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1bcbb2d2-0d1e-41a2-a782-4b15c2708314}\offreg.dll

2012-12-23 12:47:13 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1bcbb2d2-0d1e-41a2-a782-4b15c2708314}\MpKsl03d990a9.sys

2012-12-23 05:06:47 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-12-23 04:53:41 62688 ----a-w- c:\windows\system32\drivers\PCTBD.sys

2012-12-23 04:53:31 769144 ----a-w- c:\windows\BDTSupport.dll

2012-12-23 04:53:26 150648 ----a-w- c:\windows\SGDetectionTool.dll

2012-12-23 04:53:16 2280568 ----a-w- c:\windows\PCTBDCore.dll

2012-12-23 04:53:14 1690744 ----a-w- c:\windows\PCTBDRes.dll

2012-12-23 04:07:59 6812136 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1bcbb2d2-0d1e-41a2-a782-4b15c2708314}\mpengine.dll

2012-12-23 04:05:50 -------- d-----w- c:\program files\PC Tools

2012-12-23 03:24:37 -------- d-----w- c:\program files\Microsoft Security Client

2012-12-23 03:13:04 202280 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2012-12-23 03:13:04 -------- d-----w- c:\program files\common files\PC Tools

2012-12-23 03:09:52 -------- d-----w- c:\documents and settings\all users\application data\PC Tools

2012-12-23 03:09:49 -------- d-----w- c:\documents and settings\jaroslav\application data\TestApp

2012-12-23 00:06:14 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys

2012-12-23 00:06:14 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

2012-12-23 00:06:07 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys

2012-12-23 00:06:07 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys

2012-11-25 12:52:44 -------- d-----w- c:\documents and settings\all users\application data\FirmTools

2012-11-25 12:52:27 -------- d-----w- c:\program files\FirmTools

2012-11-24 20:18:45 10472 ----a-w- c:\windows\system32\drivers\ssadcm.sys

2012-11-24 20:18:44 1416680 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll

2012-11-24 20:18:43 10344 ----a-w- c:\windows\system32\drivers\ssadwh.sys

2012-11-24 20:18:11 -------- d-----w- c:\program files\SAMSUNG

2012-11-24 20:15:35 -------- d-----w- c:\documents and settings\all users\application data\Samsung

2012-11-24 20:14:39 -------- d-----w- c:\windows\system32\no

2012-11-24 20:14:39 -------- d-----w- c:\program files\Simlock Remote Client

.

==================== Find3M ====================

.

2012-12-18 22:17:16 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-18 22:17:15 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec

2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll

2012-09-29 19:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 13:22:09.27 ===============

Attach.txt.txt

Link to post
Share on other sites

  • Staff

what symptoms is your friend experiencing?

please run the following:

Please download aswMBR to your desktop.

  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.