Prosím o pomoc.Při spuštění MWAV tento hlásí:"Trojan-Downloader.bat.ftp.ab Trojan dovnloader" nalezen v souborovém systému atd.
"Saminside Spyvare/Adware" nalezen v soborovém systému atd.
"Savenow Adware"nalezen v soborovém systému atd.
Po chvíli činnosti se program MWAV ukončí,není ani ve správci úloh
Pokud spustím progr.Spybot -Search+Destroy1.4 a dám zkontrolovat, na pc po chvíli naskočí "modrá obrazovka"-bylo ukončeno z důvodu, hw,sw,pokud vidíte poprvé ...
Internet explorer má také potíže (došlo k závažné chybě progr. byl ukončen,odeslat,neodesílat) po chvíli provozu.Mozilla Firefox problém nemá.
Je to virem?
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
to jsou velmi kusé informace.začněme základní detekční utilitou-Hijackthis
HijackThis stahneš tady-
http://www.trendsecure.com/portal/en-US ... ckThis.exe
ulož ho do vlastní složky,spusť,klikni na "Do a system scan and save a logfile"
Vygenerovaný texťák zkopíruj sem.
mimochodem,Spybot je již ve verzi 1.5 tady http://www.slunecnice.cz/sw/spybot/
HijackThis stahneš tady-
http://www.trendsecure.com/portal/en-US ... ckThis.exe
ulož ho do vlastní složky,spusť,klikni na "Do a system scan and save a logfile"
Vygenerovaný texťák zkopíruj sem.
mimochodem,Spybot je již ve verzi 1.5 tady http://www.slunecnice.cz/sw/spybot/
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:09:53, on 2.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\qttask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\OETRN.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ferda Mravenec\Plocha\Bezpečnost PC\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{494E995B-8D7A-4467-A681-BFB6182234E6}: NameServer = 10.102.0.252,10.102.0.253
O17 - HKLM\System\CS1\Services\Tcpip\..\{494E995B-8D7A-4467-A681-BFB6182234E6}: NameServer = 10.102.0.252,10.102.0.253
O17 - HKLM\System\CS2\Services\Tcpip\..\{494E995B-8D7A-4467-A681-BFB6182234E6}: NameServer = 10.102.0.252,10.102.0.253
O17 - HKLM\System\CS3\Services\Tcpip\..\{494E995B-8D7A-4467-A681-BFB6182234E6}: NameServer = 10.102.0.252,10.102.0.253
O17 - HKLM\System\CS4\Services\Tcpip\..\{494E995B-8D7A-4467-A681-BFB6182234E6}: NameServer = 10.102.0.252,10.102.0.253
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
--
End of file - 6560 bytes
Scan saved at 23:09:53, on 2.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\qttask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\OETRN.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ferda Mravenec\Plocha\Bezpečnost PC\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{494E995B-8D7A-4467-A681-BFB6182234E6}: NameServer = 10.102.0.252,10.102.0.253
O17 - HKLM\System\CS1\Services\Tcpip\..\{494E995B-8D7A-4467-A681-BFB6182234E6}: NameServer = 10.102.0.252,10.102.0.253
O17 - HKLM\System\CS2\Services\Tcpip\..\{494E995B-8D7A-4467-A681-BFB6182234E6}: NameServer = 10.102.0.252,10.102.0.253
O17 - HKLM\System\CS3\Services\Tcpip\..\{494E995B-8D7A-4467-A681-BFB6182234E6}: NameServer = 10.102.0.252,10.102.0.253
O17 - HKLM\System\CS4\Services\Tcpip\..\{494E995B-8D7A-4467-A681-BFB6182234E6}: NameServer = 10.102.0.252,10.102.0.253
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
--
End of file - 6560 bytes
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
žedný viry tam nevidím.
odinstaluj v Přidat/odebrat CrawlerToolbar
fixni
v okně programu HJT zaškrtni nalevo u položek co napíšu a potom klik na Fix checked
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
ale jsou to zbytečnosti
takže to projeď těmito utilitkamy a pošli logy
jako první
Stáhni si SDFix
a spusť ho,vybalí se do vlastní složky (bude asi na C:\SDfix).
Poté restartuj PC do nouzového režimu.Otevři složku kde je vybalený SDFix a spusť soubor RunThis.bat a stiskni Y pro zahájení čistícího procesu.
Pro dokončení bude třeba stisknout libovolnou klávesu a počítač se restartuje.
Při nabíhání operačního systému budeš muset po vyzvání stisknout libovolnou klávesu pro vstup do do Win.
Po naběhnutí OS by ti měl zobrazit výpis SDFixu tak ho sem zkopíruj pokud by ti nevyběhne tak je umístěný ve své vlastní složce jako Report.txt
a druhá
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt
odinstaluj v Přidat/odebrat CrawlerToolbar
fixni
v okně programu HJT zaškrtni nalevo u položek co napíšu a potom klik na Fix checked
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
ale jsou to zbytečnosti
takže to projeď těmito utilitkamy a pošli logy
jako první
Stáhni si SDFix
a spusť ho,vybalí se do vlastní složky (bude asi na C:\SDfix).
Poté restartuj PC do nouzového režimu.Otevři složku kde je vybalený SDFix a spusť soubor RunThis.bat a stiskni Y pro zahájení čistícího procesu.
Pro dokončení bude třeba stisknout libovolnou klávesu a počítač se restartuje.
Při nabíhání operačního systému budeš muset po vyzvání stisknout libovolnou klávesu pro vstup do do Win.
Po naběhnutí OS by ti měl zobrazit výpis SDFixu tak ho sem zkopíruj pokud by ti nevyběhne tak je umístěný ve své vlastní složce jako Report.txt
a druhá
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt
SDFix: Version 1.116
Run by Administrator on st 05.12.2007 at 08:57
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\regedit.com - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-05 09:08:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
IPC error: 2 Systém nemůže nalézt uvedený soubor.
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:18,99,0e,35,f2,c2,04,1c,fb,b5,ab,44,8c,c3,f9,5c,84,50,d5,96,e0,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:c8,3c,c7,60,d1,81,80,6a,ca,35,e4,60,05,bd,4d,58,b9,89,04,07,96,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:afc927c2
"s1"=dword:ac32b9b4
"s2"=dword:ad7d679f
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:78,c9,6b,41,27,93,d2,3b,7a,d4,f9,8a,ae,a7,5e,30,06,31,e6,6a,32,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:78,c9,6b,41,27,93,d2,3b,7a,d4,f9,8a,ae,a7,5e,30,06,31,e6,6a,32,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"="C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe:*:Enabled:Sunbelt Firewall GUI"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Tue 17 Aug 2004 4,639 A.SH. --- "C:\Program Files\Windows Media Player\mplayer2.exe"
Tue 17 Aug 2004 73,728 A.SH. --- "C:\Program Files\Windows Media Player\wmplayer.exe"
Mon 5 Nov 2007 952 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Mon 3 Dec 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 29 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2dc117f7601f191af8f2f9d04f2e2595\BIT1.tmp"
Fri 16 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6e75856c6efd762fe9068b5aa0da3bd6\BIT2.tmp"
Finished!
ComboFix 07-11-08.1 - Ferda Mravenec 2007-11-08 22:33:13.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.695 [GMT 1:00]
Running from: C:\Documents and Settings\Ferda Mravenec\Plocha\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com
.
((((((((((((((((((((((((( Files Created from 2007-10-08 to 2007-11-08 )))))))))))))))))))))))))))))))
.
2007-11-07 22:25 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-07 19:38 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-11-07 19:38 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab
2007-11-07 19:38 1,188,128 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-07 19:38 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-11-07 19:38 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-11-07 19:38 7,200 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-07 19:34 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files
2007-11-05 22:26 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-11-05 22:26 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-11-05 22:26 <DIR> d-a------ C:\WINDOWS\system32\systems.txt
2007-11-05 22:26 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-11-05 22:26 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-11-05 22:26 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-11-05 22:26 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-11-05 22:24 147,968 --a------ C:\WINDOWS\R.COM
2007-11-05 22:24 137,216 --a------ C:\WINDOWS\system32\T.COM
2007-11-05 22:16 <DIR> d-------- C:\Program Files\RegCleaner
2007-11-05 22:13 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Yahoo! Companion
2007-11-05 22:11 <DIR> d-------- C:\Program Files\Yahoo!
2007-11-05 22:11 <DIR> d-------- C:\Program Files\CCleaner
2007-11-05 17:26 952 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-04 01:22 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2007-11-04 01:22 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2007-11-04 01:22 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2007-11-04 01:22 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2007-11-04 01:22 <DIR> d-------- C:\Documents and Settings\Administrator\Šablony
2007-11-04 01:22 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2007-11-04 01:22 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2007-11-04 01:22 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2007-11-03 21:12 <DIR> d-------- C:\HiJack
2007-11-03 19:01 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-11-03 17:53 0 --a------ C:\DVDIdle.dat
2007-11-03 16:23 <DIR> d-------- C:\DVDFab_Temp
2007-11-03 15:50 <DIR> d-------- C:\DVDFabPlatinum_Temp
2007-11-03 15:50 39,488 --a------ C:\WINDOWS\system32\drivers\Pcouffin.sys
2007-11-03 15:49 <DIR> d-------- C:\Program Files\DVDFab Platinum
2007-11-03 15:46 <DIR> d-------- C:\Program Files\DVDIdle Pro
2007-11-03 15:43 <DIR> d-------- C:\DVDFabDecrypter_Temp
2007-11-03 15:42 <DIR> d-------- C:\Program Files\DVDFab Decrypter
2007-11-02 21:59 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-11-02 10:48 <DIR> d-------- C:\Flash
2007-11-02 10:46 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-10-28 10:39 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-10-28 10:39 85,376 --a--c--- C:\WINDOWS\system32\dllcache\nabtsfec.sys
2007-10-28 10:39 54,272 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-10-28 10:39 54,272 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2007-10-28 10:39 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-10-28 10:39 17,024 --a--c--- C:\WINDOWS\system32\dllcache\ccdecode.sys
2007-10-28 10:07 <DIR> d-------- C:\Program Files\Common Files\Logitech
2007-10-28 10:06 <DIR> d-------- C:\Program Files\Logitech
2007-10-28 10:03 82,380 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
2007-10-28 10:01 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-10-28 10:01 327,168 --a------ C:\WINDOWS\IsUn0405.exe
2007-10-27 20:45 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-10-27 20:43 <DIR> d-------- C:\Program Files\Mozilla
2007-10-27 20:40 98,304 --a------ C:\WINDOWS\system32\qttask.exe
2007-10-27 20:35 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-10-27 20:34 <DIR> d-------- C:\Program Files\ACE Mega CoDecS Pack
2007-10-27 20:05 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007
2007-10-27 20:05 <DIR> d-------- C:\Documents and Settings\Ferda Mravenec\Data aplikací\TuneUp Software
2007-10-27 20:05 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
2007-10-27 20:05 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-10-27 19:58 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2007-10-27 19:57 4,108,992 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2007-10-27 19:55 <DIR> d-------- C:\Program Files\Realtek AC97
2007-10-27 19:55 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-10-27 19:55 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2007-10-27 19:55 577,536 --a------ C:\WINDOWS\soundman.exe
2007-10-27 19:55 315,392 --a------ C:\WINDOWS\alcupd.exe
2007-10-27 19:55 217,088 --a------ C:\WINDOWS\Alcrmv.exe
2007-10-27 19:55 147,456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2007-10-27 19:54 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-10-27 14:00 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-27 13:59 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2007-10-27 13:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-27 13:42 <DIR> d-------- C:\Program Files\Crawler
2007-10-26 19:36 <DIR> d-------- C:\WINDOWS\$hf_mig$
2007-10-26 19:36 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-10-25 07:07 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-10-25 07:07 223,128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2007-10-25 07:05 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-10-25 07:05 96,256 --a------ C:\WINDOWS\system32\drivers\sptd4237.sys
2007-10-24 20:13 270,336 --a------ C:\WINDOWS\system32\imon.dll
2007-10-24 20:10 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-10-24 20:08 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-10-24 20:08 145,792 --a--c--- C:\WINDOWS\system32\dllcache\portcls.sys
2007-10-24 20:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-10-24 20:08 60,288 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
2007-10-24 20:08 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-10-24 20:08 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-10-24 20:08 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-10-24 20:08 4,096 --a--c--- C:\WINDOWS\system32\dllcache\ksuser.dll
2007-10-24 20:07 58,240 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-10-24 20:06 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-10-24 20:06 1,897,408 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-10-24 20:05 75,264 --a------ C:\WINDOWS\system32\usbui.dll
2007-10-24 20:05 66,591 --a------ C:\WINDOWS\system32\drivers\el90xbc5.sys
2007-10-24 20:05 42,240 --a------ C:\WINDOWS\system32\drivers\VIAAGP.SYS
2007-10-24 20:05 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-08 21:37 7,200 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-08 21:36 1,188,128 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-07 18:43 1,460 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-07 18:43 1,196 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-07 18:38 82,061 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-11-07 18:38 81,549 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-11-03 14:50 39,488 ----a-w C:\WINDOWS\system32\drivers\Pcouffin.sys
2007-10-28 09:03 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS
2007-10-24 17:24 --------- d-----w C:\Program Files\microsoft frontpage
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 C:\WINDOWS\soundman.exe]
"QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [2007-10-27 20:40]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 09:08]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 11:40]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 20:56]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 12:31]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 12:24]
"Tweak UI"="TWEAKUI.CPL" [2003-03-25 05:49 C:\WINDOWS\system32\tweakui.cpl]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 12:06]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDIDL~1\DVDShell.dll [2004-10-09 15:18 49152]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-10-27 19:05:57 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-08 22:37:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-08 22:39:50
.
--- E O F ---
Run by Administrator on st 05.12.2007 at 08:57
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\regedit.com - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-05 09:08:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
IPC error: 2 Systém nemůže nalézt uvedený soubor.
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:18,99,0e,35,f2,c2,04,1c,fb,b5,ab,44,8c,c3,f9,5c,84,50,d5,96,e0,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:c8,3c,c7,60,d1,81,80,6a,ca,35,e4,60,05,bd,4d,58,b9,89,04,07,96,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:afc927c2
"s1"=dword:ac32b9b4
"s2"=dword:ad7d679f
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:78,c9,6b,41,27,93,d2,3b,7a,d4,f9,8a,ae,a7,5e,30,06,31,e6,6a,32,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:78,c9,6b,41,27,93,d2,3b,7a,d4,f9,8a,ae,a7,5e,30,06,31,e6,6a,32,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"="C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe:*:Enabled:Sunbelt Firewall GUI"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Tue 17 Aug 2004 4,639 A.SH. --- "C:\Program Files\Windows Media Player\mplayer2.exe"
Tue 17 Aug 2004 73,728 A.SH. --- "C:\Program Files\Windows Media Player\wmplayer.exe"
Mon 5 Nov 2007 952 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Mon 3 Dec 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 29 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2dc117f7601f191af8f2f9d04f2e2595\BIT1.tmp"
Fri 16 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6e75856c6efd762fe9068b5aa0da3bd6\BIT2.tmp"
Finished!
ComboFix 07-11-08.1 - Ferda Mravenec 2007-11-08 22:33:13.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.695 [GMT 1:00]
Running from: C:\Documents and Settings\Ferda Mravenec\Plocha\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com
.
((((((((((((((((((((((((( Files Created from 2007-10-08 to 2007-11-08 )))))))))))))))))))))))))))))))
.
2007-11-07 22:25 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-07 19:38 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-11-07 19:38 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab
2007-11-07 19:38 1,188,128 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-07 19:38 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-11-07 19:38 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-11-07 19:38 7,200 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-07 19:34 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files
2007-11-05 22:26 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-11-05 22:26 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-11-05 22:26 <DIR> d-a------ C:\WINDOWS\system32\systems.txt
2007-11-05 22:26 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-11-05 22:26 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-11-05 22:26 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-11-05 22:26 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-11-05 22:24 147,968 --a------ C:\WINDOWS\R.COM
2007-11-05 22:24 137,216 --a------ C:\WINDOWS\system32\T.COM
2007-11-05 22:16 <DIR> d-------- C:\Program Files\RegCleaner
2007-11-05 22:13 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Yahoo! Companion
2007-11-05 22:11 <DIR> d-------- C:\Program Files\Yahoo!
2007-11-05 22:11 <DIR> d-------- C:\Program Files\CCleaner
2007-11-05 17:26 952 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-04 01:22 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2007-11-04 01:22 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2007-11-04 01:22 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2007-11-04 01:22 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2007-11-04 01:22 <DIR> d-------- C:\Documents and Settings\Administrator\Šablony
2007-11-04 01:22 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2007-11-04 01:22 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2007-11-04 01:22 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2007-11-03 21:12 <DIR> d-------- C:\HiJack
2007-11-03 19:01 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-11-03 17:53 0 --a------ C:\DVDIdle.dat
2007-11-03 16:23 <DIR> d-------- C:\DVDFab_Temp
2007-11-03 15:50 <DIR> d-------- C:\DVDFabPlatinum_Temp
2007-11-03 15:50 39,488 --a------ C:\WINDOWS\system32\drivers\Pcouffin.sys
2007-11-03 15:49 <DIR> d-------- C:\Program Files\DVDFab Platinum
2007-11-03 15:46 <DIR> d-------- C:\Program Files\DVDIdle Pro
2007-11-03 15:43 <DIR> d-------- C:\DVDFabDecrypter_Temp
2007-11-03 15:42 <DIR> d-------- C:\Program Files\DVDFab Decrypter
2007-11-02 21:59 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-11-02 10:48 <DIR> d-------- C:\Flash
2007-11-02 10:46 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-10-28 10:39 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-10-28 10:39 85,376 --a--c--- C:\WINDOWS\system32\dllcache\nabtsfec.sys
2007-10-28 10:39 54,272 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-10-28 10:39 54,272 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2007-10-28 10:39 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-10-28 10:39 17,024 --a--c--- C:\WINDOWS\system32\dllcache\ccdecode.sys
2007-10-28 10:07 <DIR> d-------- C:\Program Files\Common Files\Logitech
2007-10-28 10:06 <DIR> d-------- C:\Program Files\Logitech
2007-10-28 10:03 82,380 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
2007-10-28 10:01 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-10-28 10:01 327,168 --a------ C:\WINDOWS\IsUn0405.exe
2007-10-27 20:45 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-10-27 20:43 <DIR> d-------- C:\Program Files\Mozilla
2007-10-27 20:40 98,304 --a------ C:\WINDOWS\system32\qttask.exe
2007-10-27 20:35 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-10-27 20:34 <DIR> d-------- C:\Program Files\ACE Mega CoDecS Pack
2007-10-27 20:05 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007
2007-10-27 20:05 <DIR> d-------- C:\Documents and Settings\Ferda Mravenec\Data aplikací\TuneUp Software
2007-10-27 20:05 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
2007-10-27 20:05 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-10-27 19:58 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2007-10-27 19:57 4,108,992 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2007-10-27 19:55 <DIR> d-------- C:\Program Files\Realtek AC97
2007-10-27 19:55 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-10-27 19:55 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2007-10-27 19:55 577,536 --a------ C:\WINDOWS\soundman.exe
2007-10-27 19:55 315,392 --a------ C:\WINDOWS\alcupd.exe
2007-10-27 19:55 217,088 --a------ C:\WINDOWS\Alcrmv.exe
2007-10-27 19:55 147,456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2007-10-27 19:54 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-10-27 14:00 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-27 13:59 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2007-10-27 13:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-27 13:42 <DIR> d-------- C:\Program Files\Crawler
2007-10-26 19:36 <DIR> d-------- C:\WINDOWS\$hf_mig$
2007-10-26 19:36 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-10-25 07:07 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-10-25 07:07 223,128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2007-10-25 07:05 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-10-25 07:05 96,256 --a------ C:\WINDOWS\system32\drivers\sptd4237.sys
2007-10-24 20:13 270,336 --a------ C:\WINDOWS\system32\imon.dll
2007-10-24 20:10 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-10-24 20:08 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-10-24 20:08 145,792 --a--c--- C:\WINDOWS\system32\dllcache\portcls.sys
2007-10-24 20:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-10-24 20:08 60,288 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
2007-10-24 20:08 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-10-24 20:08 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-10-24 20:08 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-10-24 20:08 4,096 --a--c--- C:\WINDOWS\system32\dllcache\ksuser.dll
2007-10-24 20:07 58,240 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-10-24 20:06 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-10-24 20:06 1,897,408 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-10-24 20:05 75,264 --a------ C:\WINDOWS\system32\usbui.dll
2007-10-24 20:05 66,591 --a------ C:\WINDOWS\system32\drivers\el90xbc5.sys
2007-10-24 20:05 42,240 --a------ C:\WINDOWS\system32\drivers\VIAAGP.SYS
2007-10-24 20:05 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-08 21:37 7,200 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-08 21:36 1,188,128 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-07 18:43 1,460 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-07 18:43 1,196 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-07 18:38 82,061 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-11-07 18:38 81,549 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-11-03 14:50 39,488 ----a-w C:\WINDOWS\system32\drivers\Pcouffin.sys
2007-10-28 09:03 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS
2007-10-24 17:24 --------- d-----w C:\Program Files\microsoft frontpage
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 C:\WINDOWS\soundman.exe]
"QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [2007-10-27 20:40]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 09:08]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 11:40]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 20:56]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 12:31]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 12:24]
"Tweak UI"="TWEAKUI.CPL" [2003-03-25 05:49 C:\WINDOWS\system32\tweakui.cpl]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 12:06]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDIDL~1\DVDShell.dll [2004-10-09 15:18 49152]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-10-27 19:05:57 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-08 22:37:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-08 22:39:50
.
--- E O F ---
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
nic tam nevidím.
spybot si přeinstaloval?
přeinstaluj i IExplorer http://support.microsoft.com/kb/318378/cs#top
spybot si přeinstaloval?
přeinstaluj i IExplorer http://support.microsoft.com/kb/318378/cs#top
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 4 hosti