Guest Posted December 23, 2012 ID:626321 Share Posted December 23, 2012 hi please check PC from my frends Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.65.1.1000www.malwarebytes.orgVerze databáze: v2012.12.22.07Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702jaroslav :: JAKE [administrátor]Ochrana: Zakázána12/23/2012 1:25:17 PMmbam-log-2012-12-23 (13-25-17).txtTyp: Rychlá kontrolaNastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUMNastavení kontroly zakázáno: P2PKontrolované objekty: 198693Uplynulý čas: 19 minut, 31 sekundNalezené procesy v paměti: 0(Žádné škodlivé položky nebyly zjištěny)Nalezené moduly v paměti: 0(Žádné škodlivé položky nebyly zjištěny)Nalezené klíče v registru: 0(Žádné škodlivé položky nebyly zjištěny)Nalezené hodnoty v registru: 0(Žádné škodlivé položky nebyly zjištěny)Nalezené datové položky v registru: 0(Žádné škodlivé položky nebyly zjištěny)Nalezené složky: 0(Žádné škodlivé položky nebyly zjištěny)Nalezené soubory: 0(Žádné škodlivé položky nebyly zjištěny)(konec)DDS (Ver_2012-11-20.01) - NTFS_x86Internet Explorer: 8.0.6001.18702Run by jaroslav at 13:17:04 on 2012-12-23Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1527.675 [GMT 0:00].AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}.============== Running Processes ================.C:\Program Files\Microsoft Security Client\MsMpEng.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exeC:\WINDOWS\System32\HPZipm12.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\WINDOWS\system32\ctfmon.exeC:\Documents and Settings\jaroslav\Desktop\WAREZ\msert.exeC:\Program Files\Opera\opera.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\WINDOWS\System32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\System32\svchost.exe -k LocalServiceC:\WINDOWS\System32\svchost.exe -k imgsvcC:\WINDOWS\System32\svchost.exe -k HTTPFilter.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.landing.savetubevideo.com/index.php?from=3uInternet Connection Wizard,ShellNext = hxxp://www.msn.co.uk/uProxyServer = 81.89.63.129:8080uProxyOverride = <local>uURLSearchHooks: {2877A654-1C9F-4cb5-8438-16022B2FDD9C} - <orphaned>uURLSearchHooks: PC Tools Browser Guard: {472734EA-242A-422b-ADF8-83D1E48CC825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dllmURLSearchHooks: {2877A654-1C9F-4cb5-8438-16022B2FDD9C} - <orphaned>BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dllTB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dllEB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exemRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbyloginmRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkeydRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXEdRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -tuPolicies-Explorer: NoDriveTypeAutoRun = dword:323uPolicies-Explorer: NoResolveTrack = dword:1uPolicies-Explorer: NoDriveAutoRun = dword:67108863uPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoResolveTrack = dword:1mPolicies-Explorer: NoDriveAutoRun = dword:67108863mPolicies-Explorer: NoDriveTypeAutoRun = dword:323mPolicies-Explorer: NoDrives = dword:0mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1mPolicies-Explorer: NoDriveTypeAutoRun = dword:323mPolicies-Explorer: NoDriveAutoRun = dword:67108863IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000IE: Pridat do Anti-Banner - <no file>IE: Pridat do Anti-Banner - <no file>IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option...INFO: HKLM has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option..DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabTCP: NameServer = 88.81.100.2 88.81.98.4TCP: Interfaces\{FA3B0640-3A31-4E85-B706-48EB089FFE08} : DHCPNameServer = 88.81.100.2 88.81.98.4Notify: igfxcui - igfxsrvc.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllHosts: 127.0.0.1 www.spywareinfo.com.============= SERVICES / DRIVERS ===============.R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]R1 MpKsl03d990a9;MpKsl03d990a9;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1bcbb2d2-0d1e-41a2-a782-4b15c2708314}\MpKsl03d990a9.sys [2012-12-23 29904]R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools\pc tools security\bdt\BDTUpdateService.exe [2012-12-23 580728]R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-12-23 399432]R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2012-8-18 32896]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-15 22856]R4 PCTCore;PCTools KDS;c:\windows\system32\drivers\pctcore.sys --> c:\windows\system32\drivers\PCTCore.sys [?]R4 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctds.sys --> c:\windows\system32\drivers\pctDS.sys [?]R4 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctefa.sys --> c:\windows\system32\drivers\pctEFA.sys [?]R4 pctgntdi;pctgntdi;\??\c:\windows\system32\drivers\pctgntdi.sys --> c:\windows\system32\drivers\pctgntdi.sys [?]R4 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-12-23 202280]S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-12-23 40776]S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2012-12-23 62688].=============== Created Last 30 ================.2012-12-23 12:47:28 60872 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1bcbb2d2-0d1e-41a2-a782-4b15c2708314}\offreg.dll2012-12-23 12:47:13 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1bcbb2d2-0d1e-41a2-a782-4b15c2708314}\MpKsl03d990a9.sys2012-12-23 05:06:47 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2012-12-23 04:53:41 62688 ----a-w- c:\windows\system32\drivers\PCTBD.sys2012-12-23 04:53:31 769144 ----a-w- c:\windows\BDTSupport.dll2012-12-23 04:53:26 150648 ----a-w- c:\windows\SGDetectionTool.dll2012-12-23 04:53:16 2280568 ----a-w- c:\windows\PCTBDCore.dll2012-12-23 04:53:14 1690744 ----a-w- c:\windows\PCTBDRes.dll2012-12-23 04:07:59 6812136 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1bcbb2d2-0d1e-41a2-a782-4b15c2708314}\mpengine.dll2012-12-23 04:05:50 -------- d-----w- c:\program files\PC Tools2012-12-23 03:24:37 -------- d-----w- c:\program files\Microsoft Security Client2012-12-23 03:13:04 202280 ----a-w- c:\windows\system32\drivers\PCTSD.sys2012-12-23 03:13:04 -------- d-----w- c:\program files\common files\PC Tools2012-12-23 03:09:52 -------- d-----w- c:\documents and settings\all users\application data\PC Tools2012-12-23 03:09:49 -------- d-----w- c:\documents and settings\jaroslav\application data\TestApp2012-12-23 00:06:14 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys2012-12-23 00:06:14 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys2012-12-23 00:06:07 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys2012-12-23 00:06:07 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys2012-11-25 12:52:44 -------- d-----w- c:\documents and settings\all users\application data\FirmTools2012-11-25 12:52:27 -------- d-----w- c:\program files\FirmTools2012-11-24 20:18:45 10472 ----a-w- c:\windows\system32\drivers\ssadcm.sys2012-11-24 20:18:44 1416680 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll2012-11-24 20:18:43 10344 ----a-w- c:\windows\system32\drivers\ssadwh.sys2012-11-24 20:18:11 -------- d-----w- c:\program files\SAMSUNG2012-11-24 20:15:35 -------- d-----w- c:\documents and settings\all users\application data\Samsung2012-11-24 20:14:39 -------- d-----w- c:\windows\system32\no2012-11-24 20:14:39 -------- d-----w- c:\program files\Simlock Remote Client.==================== Find3M ====================.2012-12-18 22:17:16 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-12-18 22:17:15 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll2012-09-29 19:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys.============= FINISH: 13:22:09.27 ===============Attach.txt.txt Link to post Share on other sites More sharing options...
Staff CatByte Posted December 23, 2012 Staff ID:626326 Share Posted December 23, 2012 what symptoms is your friend experiencing?please run the following:Please download aswMBR to your desktop.Double click the aswMBR.exe icon to run itWhen asked if you want to download Avast's virus definitions please select Yes.Click the Scan button to start the scanOn completion of the scan, click the save log button, save it to your desktop and post it in your next reply.You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well Link to post Share on other sites More sharing options...
LDTate Posted December 31, 2012 ID:628751 Share Posted December 31, 2012 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts