virus Alert
Napsal: 12 říj 2008 13:15
Včera se mi stáhl přistahováno Noadware 5 do PC.Dlle návodů zde pro - virus Alert - jsem postupoval jak radil Marinus s Combofix a vše jsem provedl dle toho návodu.Po ukončení se objevil log.text ,který přikládám.V úvodu je napsáno upozornění,že není konzola pro zotavení??Jsem nováček.Jsou to balíčky oprav pro XP???Dále jsem měl na ploše nějaké černé ikony 1.System Error Fixer 2-Malware Defender 3.Protect Your Privacy.Nyní po ukončení Combofixu se změníly na nějaké zástupce-už né černé už jako nějaké webové adresy? Smazat je??Upozornění na virus alert se již neukazuje:
ComboFix 08-10-11.02 - PC 2008-10-12 12:34:03.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1106 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\PC\Plocha\VirTerminator.exe
Použité ovládací přepínače :: /killall
* Vytvořen nový Bod Obnovení
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\eear.exe
C:\WINDOWS\olnmraew.dll
C:\WINDOWS\qmafxprs.dll
C:\WINDOWS\system32\dcwnrxuj.ini
C:\WINDOWS\system32\fhwcqjxo.ini
C:\WINDOWS\system32\hgGvsppn.dll
C:\WINDOWS\system32\HghRBJlm.ini
C:\WINDOWS\system32\HghRBJlm.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\oxjqcwhf.dll
C:\WINDOWS\vortsgbqevx.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IPRIP
-------\Service_Iprip
((((((((((((((((((((((((( Soubory vytvořené od 2008-09-12 do 2008-10-12 )))))))))))))))))))))))))))))))
.
2008-10-12 12:22 . 2008-10-12 12:23 <DIR> d-------- C:\ComboFix
2008-10-11 21:32 . 2008-10-11 21:32 426 --a------ C:\WINDOWS\wininit.ini
2008-10-11 21:07 . 2008-10-12 10:12 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-11 21:07 . 2008-10-12 12:00 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-10-11 20:30 . 2008-10-12 05:07 <DIR> d-------- C:\Program Files\Rapid Antivirus
2008-10-11 20:25 . 2008-10-11 20:25 <DIR> d-------- C:\Documents and Settings\PC\Data aplikací\install_4876_MHw0MXwxMDAwMDAwMDAwfHx8fHx8fHw_
2008-10-11 20:00 . 2008-10-11 20:03 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-10-11 20:00 . 2008-10-11 20:00 <DIR> d-------- C:\Documents and Settings\PC\Data aplikací\PC Tools
2008-10-11 20:00 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-10-11 20:00 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-10-11 20:00 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-10-11 20:00 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-10-11 14:08 . 2008-10-11 11:38 86,016 --a------ C:\WINDOWS\qkeftmxn.exe
2008-09-22 19:14 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-09-22 19:14 . 2004-08-03 22:31 20,992 --a--c--- C:\WINDOWS\system32\dllcache\rtl8139.sys
2008-09-22 18:57 . 2008-09-22 18:57 <DIR> d-------- C:\Program Files\DIFX
2008-09-22 18:57 . 2006-05-10 12:22 43,008 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2008-09-22 18:36 . 2008-09-22 18:36 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-09-22 18:36 . 2008-09-22 18:36 <DIR> d-------- C:\Program Files\Realtek
2008-09-22 18:36 . 2008-09-22 18:36 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\InstallShield
2008-09-22 18:36 . 2005-02-17 07:15 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2008-09-22 14:31 . 2008-09-22 14:31 <DIR> d-------- C:\WINDOWS\vnDrvBas
2008-09-14 15:04 . 2008-09-14 15:04 0 --a------ C:\WINDOWS\Nanoxx-9500HD Channel-Editor 02.01.INI
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-12 10:24 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-10-11 10:05 --------- d-----w C:\Documents and Settings\PC\Data aplikací\Skype
2008-10-10 15:25 --------- d-----w C:\Documents and Settings\PC\Data aplikací\skypePM
2008-10-07 09:03 --------- d-----w C:\Documents and Settings\PC\Data aplikací\BitTorrent
2008-10-03 18:30 --------- d-----w C:\Program Files\Fausto
2008-09-30 13:05 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2008-09-27 14:09 --------- d-----w C:\Program Files\SetEdit918
2008-09-26 11:03 --------- d-----w C:\Program Files\BitTorrent
2008-09-22 16:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-22 09:13 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-19 20:09 --------- d-----w C:\Documents and Settings\PC\Data aplikací\MSN6
2008-09-09 16:37 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-09-09 16:37 249,856 ------w C:\WINDOWS\Setup1.exe
2008-09-07 11:29 --------- d-----w C:\Program Files\SetEditOctagon
2008-09-03 11:58 --------- d-----w C:\Program Files\Get IP
2008-09-02 09:03 --------- d-----w C:\Program Files\DNA
2008-08-30 08:38 --------- d-----w C:\Documents and Settings\PC\Data aplikací\DNA
2008-08-29 19:35 --------- d-----w C:\Program Files\Duolabs
2008-08-24 15:44 852,240 ----a-w C:\Program Files\zkouška.udb
2008-08-24 12:54 852,240 ----a-w C:\Program Files\Můjset.udb
2008-08-23 17:15 --------- d-----w C:\Program Files\SetEditVantage
2008-08-23 16:27 --------- d-----w C:\Documents and Settings\PC\Data aplikací\SatChannelListEditor
2008-08-14 16:55 --------- d-----w C:\Program Files\btw
2008-08-14 16:35 --------- d-----w C:\Program Files\WIDCOMM
2008-08-01 06:30 852,240 ----a-w C:\Program Files\01082008.udb
2008-07-27 11:15 852,240 ----a-w C:\Program Files\UserDatabase.UDB
2008-07-26 11:27 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2008-07-18 13:58 491,520 ----a-w C:\WINDOWS\WebIE.dll
2008-07-18 13:58 356,352 ----a-w C:\WINDOWS\TrnOutl.dll
2008-07-18 13:58 294,912 ----a-w C:\WINDOWS\TrnWord.dll
2008-07-18 13:57 45,056 ----a-w C:\WINDOWS\TRNOEH.DLL
2008-07-18 13:57 26,624 ----a-w C:\WINDOWS\OETRN.EXE
2008-07-18 13:57 200,704 ----a-w C:\WINDOWS\TRNOET.DLL
2008-07-18 13:48 516,096 ----a-w C:\WINDOWS\UN32.EXE
2008-07-16 11:55 30,240 ----a-w C:\WINDOWS\system32\VRVD302.dll
2008-01-20 18:38 32 ----a-w C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15360]
"NBJ"="C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" [2005-09-16 1961984]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-06-10 286720]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2007-08-28 4579328]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 88024]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-25 1235736]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"VTTimer"="VTTimer.exe" [2005-03-08 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2006-03-23 C:\WINDOWS\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 C:\WINDOWS\soundman.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15360]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-13 561213]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 241664]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.mpegacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"VIDC.ACDV"= ACDV.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=
"C:\\Documents and Settings\\PC\\Dokumenty\\eMule\\emule.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Documents and Settings\\All Users\\Data aplikací\\Skype\\Plugins\\Plugins\\289650C9E52C40FE91D947C6D0EB72DA\\remotex.exe"=
"C:\\Documents and Settings\\PC\\Plocha\\Sharemax\\ShareMax.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Skupiny sítě Peer-to-Peer
"3540:UDP"= 3540:UDP:Protokol PNRP (Peer Name Resolution Protocol)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-07-06 12936]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 9728]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 11264]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-25 97928]
R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 13696]
R1 VRVD302;VRVD302;C:\WINDOWS\system32\DRIVERS\VRVD302.sys [2008-07-16 11296]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 17:51 13560]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-25 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-06 76040]
R3 mssmbios;Ovladač Microsoft System Management BIOS;C:\WINDOWS\system32\DRIVERS\mssmbios.sys [2004-08-17 15488]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 69120]
S3 602SQL 8 FastCGI Client;602SQL 8 FastCGI Client;c:\Program Files\webgencz\602FSVC8.EXE [ ]
S3 p2pgasvc;Ověřování v síti skupiny rovnocenných počítačů;C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S3 p2pimsvc;Správce identit sítě rovnocenných počítačů;C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S3 p2psvc;Síť rovnocenných počítačů;C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S3 PNRPSvc;Protokol PNRP;C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S3 snpstd2;VideoCAM Look;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-07-28 334080]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 USBBOX;Settop Box USB driver;C:\WINDOWS\system32\Drivers\USBBOX.sys [2003-12-22 16640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Obsah adresáře 'Naplánované úlohy'
2007-03-04 C:\WINDOWS\Tasks\XoftSpy.job
- C:\Program Files\XoftSpy\XoftSpy.exe []
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{009C0FAD-4A2A-4E3D-882C-1FFD1C72A630} - (no file)
BHO-{903C377B-E501-4A35-A6B2-1E3994711EA1} - (no file)
Toolbar-{66AD2449-068B-4327-BE6C-598A34A57288} - C:\WINDOWS\olnmraew.dll
HKCU-Run-OEXPRESS - (no file)
HKCU-Run-WEBTRAN - (no file)
HKLM-Run-Get IP - (no file)
ShellExecuteHooks-{903C377B-E501-4A35-A6B2-1E3994711EA1} - (no file)
SSODL-qmafxprs-{41DD6D70-5AF6-4780-98AA-F854DE20195A} - C:\WINDOWS\qmafxprs.dll
SSODL-lfstbwvd-{8414F3B9-DCEE-4EFC-8A8A-E89A996F8514} - (no file)
Notify-qoMcbyWn - qoMcbyWn.dll
Notify-urqooMfg - urqooMfg.dll
.
------- Doplňkový sken -------
.
FireFox -: Profile - C:\Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\ijtk1f11.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://seznam.cz/
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-12 12:38:23
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
------------------------ Jiné spuštené procesy ------------------------
.
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\snmp.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Celkový čas: 2008-10-12 12:42:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-10-12 10:42:22
Před spuštěním: Volných bajtů: 39 417 466 880
Po spuštění: Volných bajtů: 39,336,079,360
225 --- E O F --- 2007-06-26 06:56:31
ComboFix 08-10-11.02 - PC 2008-10-12 12:34:03.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1106 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\PC\Plocha\VirTerminator.exe
Použité ovládací přepínače :: /killall
* Vytvořen nový Bod Obnovení
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\eear.exe
C:\WINDOWS\olnmraew.dll
C:\WINDOWS\qmafxprs.dll
C:\WINDOWS\system32\dcwnrxuj.ini
C:\WINDOWS\system32\fhwcqjxo.ini
C:\WINDOWS\system32\hgGvsppn.dll
C:\WINDOWS\system32\HghRBJlm.ini
C:\WINDOWS\system32\HghRBJlm.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\oxjqcwhf.dll
C:\WINDOWS\vortsgbqevx.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IPRIP
-------\Service_Iprip
((((((((((((((((((((((((( Soubory vytvořené od 2008-09-12 do 2008-10-12 )))))))))))))))))))))))))))))))
.
2008-10-12 12:22 . 2008-10-12 12:23 <DIR> d-------- C:\ComboFix
2008-10-11 21:32 . 2008-10-11 21:32 426 --a------ C:\WINDOWS\wininit.ini
2008-10-11 21:07 . 2008-10-12 10:12 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-11 21:07 . 2008-10-12 12:00 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-10-11 20:30 . 2008-10-12 05:07 <DIR> d-------- C:\Program Files\Rapid Antivirus
2008-10-11 20:25 . 2008-10-11 20:25 <DIR> d-------- C:\Documents and Settings\PC\Data aplikací\install_4876_MHw0MXwxMDAwMDAwMDAwfHx8fHx8fHw_
2008-10-11 20:00 . 2008-10-11 20:03 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-10-11 20:00 . 2008-10-11 20:00 <DIR> d-------- C:\Documents and Settings\PC\Data aplikací\PC Tools
2008-10-11 20:00 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-10-11 20:00 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-10-11 20:00 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-10-11 20:00 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-10-11 14:08 . 2008-10-11 11:38 86,016 --a------ C:\WINDOWS\qkeftmxn.exe
2008-09-22 19:14 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-09-22 19:14 . 2004-08-03 22:31 20,992 --a--c--- C:\WINDOWS\system32\dllcache\rtl8139.sys
2008-09-22 18:57 . 2008-09-22 18:57 <DIR> d-------- C:\Program Files\DIFX
2008-09-22 18:57 . 2006-05-10 12:22 43,008 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2008-09-22 18:36 . 2008-09-22 18:36 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-09-22 18:36 . 2008-09-22 18:36 <DIR> d-------- C:\Program Files\Realtek
2008-09-22 18:36 . 2008-09-22 18:36 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\InstallShield
2008-09-22 18:36 . 2005-02-17 07:15 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2008-09-22 14:31 . 2008-09-22 14:31 <DIR> d-------- C:\WINDOWS\vnDrvBas
2008-09-14 15:04 . 2008-09-14 15:04 0 --a------ C:\WINDOWS\Nanoxx-9500HD Channel-Editor 02.01.INI
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-12 10:24 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-10-11 10:05 --------- d-----w C:\Documents and Settings\PC\Data aplikací\Skype
2008-10-10 15:25 --------- d-----w C:\Documents and Settings\PC\Data aplikací\skypePM
2008-10-07 09:03 --------- d-----w C:\Documents and Settings\PC\Data aplikací\BitTorrent
2008-10-03 18:30 --------- d-----w C:\Program Files\Fausto
2008-09-30 13:05 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2008-09-27 14:09 --------- d-----w C:\Program Files\SetEdit918
2008-09-26 11:03 --------- d-----w C:\Program Files\BitTorrent
2008-09-22 16:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-22 09:13 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-19 20:09 --------- d-----w C:\Documents and Settings\PC\Data aplikací\MSN6
2008-09-09 16:37 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-09-09 16:37 249,856 ------w C:\WINDOWS\Setup1.exe
2008-09-07 11:29 --------- d-----w C:\Program Files\SetEditOctagon
2008-09-03 11:58 --------- d-----w C:\Program Files\Get IP
2008-09-02 09:03 --------- d-----w C:\Program Files\DNA
2008-08-30 08:38 --------- d-----w C:\Documents and Settings\PC\Data aplikací\DNA
2008-08-29 19:35 --------- d-----w C:\Program Files\Duolabs
2008-08-24 15:44 852,240 ----a-w C:\Program Files\zkouška.udb
2008-08-24 12:54 852,240 ----a-w C:\Program Files\Můjset.udb
2008-08-23 17:15 --------- d-----w C:\Program Files\SetEditVantage
2008-08-23 16:27 --------- d-----w C:\Documents and Settings\PC\Data aplikací\SatChannelListEditor
2008-08-14 16:55 --------- d-----w C:\Program Files\btw
2008-08-14 16:35 --------- d-----w C:\Program Files\WIDCOMM
2008-08-01 06:30 852,240 ----a-w C:\Program Files\01082008.udb
2008-07-27 11:15 852,240 ----a-w C:\Program Files\UserDatabase.UDB
2008-07-26 11:27 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2008-07-18 13:58 491,520 ----a-w C:\WINDOWS\WebIE.dll
2008-07-18 13:58 356,352 ----a-w C:\WINDOWS\TrnOutl.dll
2008-07-18 13:58 294,912 ----a-w C:\WINDOWS\TrnWord.dll
2008-07-18 13:57 45,056 ----a-w C:\WINDOWS\TRNOEH.DLL
2008-07-18 13:57 26,624 ----a-w C:\WINDOWS\OETRN.EXE
2008-07-18 13:57 200,704 ----a-w C:\WINDOWS\TRNOET.DLL
2008-07-18 13:48 516,096 ----a-w C:\WINDOWS\UN32.EXE
2008-07-16 11:55 30,240 ----a-w C:\WINDOWS\system32\VRVD302.dll
2008-01-20 18:38 32 ----a-w C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15360]
"NBJ"="C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" [2005-09-16 1961984]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-06-10 286720]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2007-08-28 4579328]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 88024]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-25 1235736]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"VTTimer"="VTTimer.exe" [2005-03-08 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2006-03-23 C:\WINDOWS\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 C:\WINDOWS\soundman.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15360]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-13 561213]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 241664]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.mpegacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"VIDC.ACDV"= ACDV.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=
"C:\\Documents and Settings\\PC\\Dokumenty\\eMule\\emule.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Documents and Settings\\All Users\\Data aplikací\\Skype\\Plugins\\Plugins\\289650C9E52C40FE91D947C6D0EB72DA\\remotex.exe"=
"C:\\Documents and Settings\\PC\\Plocha\\Sharemax\\ShareMax.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Skupiny sítě Peer-to-Peer
"3540:UDP"= 3540:UDP:Protokol PNRP (Peer Name Resolution Protocol)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-07-06 12936]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 9728]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 11264]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-25 97928]
R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 13696]
R1 VRVD302;VRVD302;C:\WINDOWS\system32\DRIVERS\VRVD302.sys [2008-07-16 11296]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 17:51 13560]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-25 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-06 76040]
R3 mssmbios;Ovladač Microsoft System Management BIOS;C:\WINDOWS\system32\DRIVERS\mssmbios.sys [2004-08-17 15488]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 69120]
S3 602SQL 8 FastCGI Client;602SQL 8 FastCGI Client;c:\Program Files\webgencz\602FSVC8.EXE [ ]
S3 p2pgasvc;Ověřování v síti skupiny rovnocenných počítačů;C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S3 p2pimsvc;Správce identit sítě rovnocenných počítačů;C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S3 p2psvc;Síť rovnocenných počítačů;C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S3 PNRPSvc;Protokol PNRP;C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S3 snpstd2;VideoCAM Look;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-07-28 334080]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 USBBOX;Settop Box USB driver;C:\WINDOWS\system32\Drivers\USBBOX.sys [2003-12-22 16640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Obsah adresáře 'Naplánované úlohy'
2007-03-04 C:\WINDOWS\Tasks\XoftSpy.job
- C:\Program Files\XoftSpy\XoftSpy.exe []
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{009C0FAD-4A2A-4E3D-882C-1FFD1C72A630} - (no file)
BHO-{903C377B-E501-4A35-A6B2-1E3994711EA1} - (no file)
Toolbar-{66AD2449-068B-4327-BE6C-598A34A57288} - C:\WINDOWS\olnmraew.dll
HKCU-Run-OEXPRESS - (no file)
HKCU-Run-WEBTRAN - (no file)
HKLM-Run-Get IP - (no file)
ShellExecuteHooks-{903C377B-E501-4A35-A6B2-1E3994711EA1} - (no file)
SSODL-qmafxprs-{41DD6D70-5AF6-4780-98AA-F854DE20195A} - C:\WINDOWS\qmafxprs.dll
SSODL-lfstbwvd-{8414F3B9-DCEE-4EFC-8A8A-E89A996F8514} - (no file)
Notify-qoMcbyWn - qoMcbyWn.dll
Notify-urqooMfg - urqooMfg.dll
.
------- Doplňkový sken -------
.
FireFox -: Profile - C:\Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\ijtk1f11.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://seznam.cz/
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-12 12:38:23
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
------------------------ Jiné spuštené procesy ------------------------
.
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\snmp.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Celkový čas: 2008-10-12 12:42:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-10-12 10:42:22
Před spuštěním: Volných bajtů: 39 417 466 880
Po spuštění: Volných bajtů: 39,336,079,360
225 --- E O F --- 2007-06-26 06:56:31
