ZAVIROVANÝ PC
Napsal: 08 čer 2009 20:00
Dobrý den,
Mám takový problém, po prihlaseni do windows se objevi bílé okno pres celou obrazovku ze byl nalezen virus Trojan.Spy.Win32.ZBOT.IKH, ktere nejde zavrit.. funguje pouze stav nouze. Podle předchozích témat zjištuji, že s tímto virem nejsem jediný a tak tu máte logy, ktere jste chtěli u předchozích problémů. Malwarebytes log, HijackThis a ComboFIX LOG. všechny byly provedeny v nouzovém režimu prostože v klasickém to není možné.
Předem děkuji za jakoukoliv radu..
--------------------------------------------------------------------------------------------------------------------------------------------------
LOG. Z Malwarebytes
Malwarebytes' Anti-Malware 1.37
Verze databáze: 2249
Windows 5.1.2600 Service Pack 3
8.6.2009 19:36:13
mbam-log-2009-06-08 (19-36-13).txt
Typ skenu: Rychlý sken
Objektu skenováno: 88613
Uplynulý cas: 1 minute(s), 24 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)
--------------------------------------------------------------------------------------------------------------------------------------------------
HIJACKZHIS log.
--------------------------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:40:38, on 8.6.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\PROGRAMY\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\PROGRAMY\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F3 - REG:win.ini: run=C:\WINDOWS\system32\portmap.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRAMY\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRAMY\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] D:\PROGRAMY\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [portmap.exe] C:\WINDOWS\system32\portmap.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [1] C:\WINDOWS\system32\portmap.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Quick Office.lnk = C:\WINDOWS\system32\portmap.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRAMY\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRAMY\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRAMY\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRAMY\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRAMY\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRAMY\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2515408249
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRAMY\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\PROGRAMY\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\PROGRAMY\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\PROGRAMY\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\PROGRAMY\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CardBusService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\CardBusService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 6524 bytes
-------------------------------------------------------------------------------------------------------------------------------------------------------
ComboFIX LOG.
ComboFix 09-06-07.07 - DiX 08.06.2009 19:47.1 - NTFSx86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1688 [GMT 2:00]
Spuštěný z: c:\documents and settings\DiX\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090607-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-08 do 2009-06-08 )))))))))))))))))))))))))))))))
.
2009-06-08 16:47 . 2009-06-08 17:21 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-08 16:24 . 2009-06-08 16:24 103424 ----a-w- c:\windows\system32\portmap.exe
2009-06-04 13:35 . 2009-06-04 13:35 -------- d-----w- c:\program files\MSXML 4.0
2009-06-03 14:27 . 2009-02-09 05:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-06-03 14:27 . 2009-02-09 05:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-06-03 14:27 . 2009-02-09 05:37 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2009-06-03 14:27 . 2009-02-09 05:37 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-06-03 14:27 . 2009-02-09 05:37 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2009-06-03 13:59 . 2009-02-09 05:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-06-03 13:57 . 2009-06-03 13:57 -------- d-sh--w- c:\windows\ftpcache
2009-06-02 13:39 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-06-02 13:39 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-06-02 13:39 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-06-02 13:39 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-06-02 13:39 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-06-02 13:39 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-06-02 13:39 . 2009-03-16 12:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-05-25 21:18 . 2006-05-20 15:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-05-23 18:09 . 2009-05-23 18:09 -------- d-----w- c:\program files\Sony
2009-05-23 17:55 . 2009-05-23 17:55 -------- d-----w- c:\program files\VSTplugins
2009-05-23 15:51 . 2009-05-23 15:51 -------- d-----w- c:\program files\Common Files\Apple
2009-05-23 15:51 . 2009-05-23 15:51 -------- d-----w- c:\program files\Apple Software Update
2009-05-23 10:29 . 2009-05-07 13:20 31232 ----a-w- c:\windows\system\vdremote.dll
2009-05-23 10:29 . 2009-05-07 13:19 25088 ----a-w- c:\windows\system\vdsvrlnk.dll
2009-05-23 10:20 . 2009-05-23 10:20 -------- d-----w- c:\windows\system32\xlive
2009-05-23 10:19 . 2009-05-23 10:20 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-05-22 22:34 . 2000-08-23 16:00 33280 ----a-w- c:\windows\system32\HUFFYUV.DLL
2009-05-22 18:57 . 2008-04-13 20:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-05-22 18:57 . 2008-04-13 20:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-05-22 18:57 . 2001-10-24 09:25 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-05-22 18:57 . 2008-04-14 04:51 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-05-22 18:27 . 2009-05-22 18:27 -------- d-----w- C:\Vyhledavače
2009-05-21 22:51 . 2009-05-21 22:51 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-05-21 16:29 . 2009-05-21 16:29 -------- d-----w- c:\windows\system32\Futuremark
2009-05-21 16:29 . 2008-09-17 13:14 27672 ----a-r- c:\windows\system32\drivers\Entech.sys
2009-05-21 16:29 . 2009-05-21 16:29 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2009-05-21 16:26 . 2009-05-21 16:26 -------- d-----w- c:\windows\Sun
2009-05-21 15:24 . 2009-05-29 18:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-21 15:24 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-21 15:24 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-19 13:27 . 2009-05-19 13:27 -------- d-----w- c:\program files\MSXML 6.0
2009-05-18 17:11 . 2009-05-19 13:31 -------- d-----w- c:\program files\Microsoft SQL Server
2009-05-18 16:32 . 2009-05-18 16:32 -------- d-----w- c:\program files\Microsoft WSE
2009-05-18 16:30 . 2009-05-18 19:29 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-05-18 16:29 . 2005-07-27 11:43 150224 ----a-w- c:\windows\system32\RGB9Rast_1.dll
2009-05-18 16:28 . 2009-05-18 19:14 -------- d-----w- c:\program files\Autodesk
2009-05-17 14:40 . 2009-05-17 14:40 -------- d-----w- c:\windows\Logs
2009-05-17 14:30 . 2009-05-17 14:30 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-05-17 14:30 . 2009-05-17 14:30 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-05-17 09:46 . 2008-04-13 20:09 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2009-05-17 09:46 . 2008-04-13 20:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-05-17 09:46 . 2008-04-13 20:16 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2009-05-17 09:46 . 2008-04-13 20:16 15232 ----a-w- c:\windows\system32\drivers\MPE.sys
2009-05-17 09:46 . 2008-04-13 20:16 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2009-05-17 09:46 . 2008-04-13 20:16 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-05-17 09:46 . 2008-04-13 21:16 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2009-05-17 09:46 . 2008-04-13 21:16 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-05-17 09:46 . 2008-04-13 21:16 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2009-05-17 09:46 . 2008-04-13 21:16 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-05-17 09:45 . 2008-04-13 20:16 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-05-17 09:45 . 2008-04-13 20:16 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-05-17 09:45 . 2008-04-13 20:16 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2009-05-17 09:45 . 2008-04-13 20:16 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-05-17 09:45 . 2008-04-13 20:16 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2009-05-17 09:45 . 2008-04-13 20:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-05-17 09:45 . 2008-04-14 04:52 57856 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-05-17 09:45 . 2008-04-13 20:16 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2009-05-17 09:45 . 2008-04-13 20:16 11776 ----a-w- c:\windows\system32\drivers\BdaSup.sys
2009-05-17 09:45 . 2007-06-01 03:42 835712 ----a-w- c:\windows\system32\drivers\AVerBDA6x.sys
2009-05-17 09:45 . 2006-11-20 03:32 3072 ----a-w- c:\windows\system32\34CoInstaller.dll
2009-05-17 09:44 . 2007-02-07 22:09 49152 ------r- c:\windows\system32\AVerIO.dll
2009-05-17 09:44 . 2005-04-28 04:08 3456 ------r- c:\windows\system32\AVerIO.sys
2009-05-17 09:44 . 2007-05-14 12:18 73728 ------r- c:\windows\system32\CardID.dll
2009-05-17 09:44 . 2007-03-04 20:19 249856 ------r- c:\windows\system32\sptlib02.dll
2009-05-17 09:44 . 2006-11-17 04:35 262144 ------r- c:\windows\system32\sptlib01.dll
2009-05-17 09:43 . 2009-05-17 09:44 -------- d-----w- c:\program files\AVerMedia
2009-05-17 09:43 . 2009-05-17 09:44 -------- d-----w- c:\program files\Common Files\AVerMedia
2009-05-17 08:45 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-05-16 23:22 . 2008-04-13 21:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-05-16 22:23 . 2001-10-24 08:54 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-05-16 22:23 . 2001-10-24 08:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-05-16 22:22 . 2005-04-12 17:21 5600 ----a-w- c:\windows\system32\drivers\WmVirHid.sys
2009-05-16 22:22 . 2005-04-12 17:21 45504 ----a-w- c:\windows\system32\drivers\WmXlCore.sys
2009-05-16 22:22 . 2005-04-12 17:09 159744 ----a-w- c:\windows\system32\WmJoyFrc.dll
2009-05-16 22:22 . 2005-04-12 17:21 22240 ----a-w- c:\windows\system32\drivers\WmFilter.sys
2009-05-16 22:22 . 2005-04-12 17:21 17632 ----a-w- c:\windows\system32\drivers\WmHidLo.sys
2009-05-16 22:22 . 2005-04-12 17:21 10144 ----a-w- c:\windows\system32\drivers\WmBEnum.sys
2009-05-16 21:48 . 2009-05-16 21:48 -------- d-----w- c:\program files\Microsoft Works
2009-05-16 21:47 . 2009-05-18 17:13 -------- d-----w- c:\program files\Microsoft.NET
2009-05-16 21:45 . 2009-05-16 21:45 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-05-16 21:45 . 2009-05-16 21:47 -------- d-----w- c:\windows\SHELLNEW
2009-05-16 21:35 . 2004-07-09 06:43 364544 ------w- c:\windows\system32\TwnLib4.dll
2009-05-16 21:35 . 2000-06-26 08:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2009-05-16 21:35 . 2004-07-26 14:16 471040 ------w- c:\windows\system32\ImagXRA7.dll
2009-05-16 21:35 . 2004-07-26 14:16 476320 ------w- c:\windows\system32\ImagXpr7.dll
2009-05-16 21:35 . 2004-07-26 14:16 262144 ------w- c:\windows\system32\ImagXR7.dll
2009-05-16 21:35 . 2004-07-26 14:16 1568768 ------w- c:\windows\system32\ImagX7.dll
2009-05-16 21:35 . 2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2009-05-16 21:35 . 2009-05-16 21:35 -------- d-----w- c:\program files\Common Files\Ahead
2009-05-16 20:33 . 2009-06-08 17:48 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-05-16 18:38 . 2009-05-14 05:50 545 ----a-w- c:\windows\UC.PIF
2009-05-16 18:38 . 2009-05-14 05:50 545 ----a-w- c:\windows\RAR.PIF
2009-05-16 18:38 . 2009-05-14 05:50 545 ----a-w- c:\windows\PKZIP.PIF
2009-05-16 18:38 . 2009-05-14 05:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-05-16 18:38 . 2009-05-14 05:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-05-16 18:38 . 2009-05-14 05:50 545 ----a-w- c:\windows\LHA.PIF
2009-05-16 18:38 . 2009-05-14 05:50 545 ----a-w- c:\windows\ARJ.PIF
2009-05-16 18:30 . 2009-05-16 18:30 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-05-16 18:30 . 2007-03-18 18:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-05-16 18:30 . 2006-09-29 10:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-05-16 18:30 . 2006-09-29 10:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-05-16 18:30 . 2006-09-29 10:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-05-16 18:30 . 2006-05-11 17:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2009-05-16 18:30 . 2002-12-10 00:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
2009-05-16 18:30 . 2009-05-16 18:30 -------- d-----w- c:\program files\VSO
2009-05-16 17:49 . 2009-05-16 17:49 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-05-16 17:48 . 2009-05-16 17:48 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-16 17:46 . 2009-05-24 09:54 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-16 15:27 . 2009-05-16 15:27 0 ----a-w- c:\windows\nsreg.dat
2009-05-16 14:30 . 2009-05-16 14:30 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-05-16 14:30 . 2009-04-27 12:21 28928 ----a-w- c:\windows\system32\uxtuneup.dll
2009-05-16 14:30 . 2009-05-16 14:30 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-05-16 14:29 . 2009-05-21 14:35 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-05-16 14:28 . 2009-05-16 14:28 -------- d-sh--w- c:\documents and settings\DiX\PrivacIE
2009-05-16 14:26 . 2009-06-08 14:27 137928 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-08 17:48 . 2008-12-19 12:28 578560 ----a-w- c:\windows\system32\user32.dll
2009-06-03 14:27 . 2009-06-03 13:59 -------- d-----w- c:\program files\Nokia
2009-06-03 14:26 . 2009-06-03 14:02 -------- d-----w- c:\program files\Common Files\Nokia
2009-06-03 14:20 . 2009-06-03 14:20 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-06-03 14:20 . 2009-06-03 14:20 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-06-03 14:05 . 2001-10-25 13:00 495958 ----a-w- c:\windows\system32\perfh005.dat
2009-06-03 14:05 . 2001-10-25 13:00 104858 ----a-w- c:\windows\system32\perfc005.dat
2009-06-03 14:04 . 2009-06-03 14:03 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-06-03 14:00 . 2009-06-03 14:00 -------- d-----w- c:\program files\DIFX
2009-05-21 16:29 . 2009-05-16 12:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-21 16:27 . 2009-05-16 12:33 -------- d-----w- c:\program files\Java
2009-05-20 16:15 . 2009-05-20 16:15 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-17 09:51 . 2009-05-16 12:10 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-17 09:51 . 2009-05-16 12:10 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-05-17 09:50 . 2009-05-16 12:10 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-05-16 22:22 . 2009-05-16 12:58 -------- d-----w- c:\program files\Common Files\Logitech
2009-05-16 22:22 . 2009-05-16 12:58 -------- d-----w- c:\program files\Logitech
2009-05-16 21:47 . 2009-05-16 12:30 -------- d-----w- c:\program files\MSBuild
2009-05-16 13:03 . 2009-05-16 13:03 -------- d-----w- c:\program files\Razer
2009-05-16 12:59 . 2009-05-16 12:59 -------- d-----w- c:\program files\Common Files\LogiShared
2009-05-16 12:56 . 2009-05-16 12:56 -------- d-----w- c:\program files\AGEIA Technologies
2009-05-16 12:56 . 2009-05-16 12:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-16 12:50 . 2009-05-16 12:50 -------- d-----w- c:\program files\Realtek
2009-05-16 12:50 . 2009-05-16 12:50 315392 ----a-w- c:\windows\HideWin.exe
2009-05-16 12:50 . 2009-05-16 12:47 15600 ----a-w- c:\windows\gdrv.sys
2009-05-16 12:48 . 2009-05-16 12:48 -------- d-----w- c:\program files\Intel
2009-05-16 12:33 . 2009-05-16 12:33 -------- d-----w- c:\program files\NVIDIA Corporation
2009-05-16 12:33 . 2009-05-16 12:33 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-16 12:30 . 2009-05-16 12:30 -------- d-----w- c:\program files\Reference Assemblies
2009-05-16 12:27 . 2009-05-16 12:27 -------- d-----w- c:\program files\Windows Defender
2009-05-16 12:15 . 2009-05-16 12:15 -------- d-----w- c:\program files\microsoft frontpage
2009-05-16 12:14 . 2009-05-16 12:14 -------- d-----w- c:\program files\Windows Plus
2009-05-16 12:12 . 2009-05-16 12:04 -------- d-----w- c:\program files\Windows Sidebar
2009-05-16 12:12 . 2009-05-16 12:12 -------- d-----w- c:\program files\Alky for Applications
2009-05-16 12:07 . 2009-05-16 12:07 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-16 12:06 . 2009-05-16 12:06 -------- d-----w- c:\program files\VistaExperience.org
2009-05-16 12:04 . 2009-05-16 12:04 -------- d-----w- c:\program files\Windows Media Connect 2
2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
.
Infected c:\windows\system32\user32.dll hex repaired
------- Sigcheck -------
[-] 2009-06-08 17:48 578560 CCB32D10C69A89822E9134C0C4894BE1 c:\windows\system32\user32.dll
[-] 2009-06-08 17:48 578560 CCB32D10C69A89822E9134C0C4894BE1 c:\windows\system32\dllcache\user32.dll
[-] 2008-12-19 12:29 557056 12A799AD9415AE9C8ABCC5F75E9CF034 c:\windows\system32\winlogon.exe
[-] 2008-12-19 12:43 1486336 D39127310CBAD1485EC5001A4ED1D853 c:\windows\explorer.exe
[-] 2008-12-19 12:23 40960 94927BB89A6825C4A5952A2BF78F027B c:\windows\system32\ctfmon.exe
[-] 2008-12-26 20:23 1571840 1E603EA2A3FDBAE9E5B88A8CB3C03124 c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-12-19 40960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="d:\programy\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"portmap.exe"="c:\windows\system32\portmap.exe" [2009-06-08 103424]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-12 16132608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-12-19 40960]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
c:\documents and settings\DiX\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Quick Office.lnk - c:\windows\system32\portmap.exe [2009-6-8 103424]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-16 692224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalUserRun"= 1 (0x1)
"DisableLocalUserRunOnce"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalUserRun"= 1 (0x1)
"DisableLocalUserRunOnce"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" /noui
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AlwaysReady Power Message APP"=ARPWRMSG.EXE
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"ehTray"=c:\windows\ehome\ehtray.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /install
"36X Raid Configurer"=c:\windows\system32\JMRaidSetup.exe boot
"JMB36X IDE Setup"=c:\windows\JM\JMInsIDE.exe
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
"Reclusa"=c:\program files\Razer\Reclusa\razerhid.exe
"Alcmtr"=ALCMTR.EXE
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide
"Adobe Reader Speed Launcher"="d:\programy\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"GrooveMonitor"="d:\programy\Microsoft Office\Office12\GrooveMonitor.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"QuickTime Task"="d:\programy\QuickTime\QTTask.exe" -atboottime
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"portmap.exe"=c:\windows\system32\portmap.exe
"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
"NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\PROGRAMY\\Xfire\\xfire.exe"=
"e:\\GAMES\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\PROGRAMY\\HLSW\\hlsw.exe"=
"d:\\PROGRAMY\\uTorrent\\uTorrent.exe"=
"d:\\PROGRAMY\\QIP\\qip.exe"=
"d:\\PROGRAMY\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\PROGRAMY\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\PROGRAMY\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\PROGRAMY\\mIRCcz\\mirc32.exe"=
"e:\\GAMES\\Atari\\The Chronicles of Riddick - Assault on Dark Athena\\System\\Win32_x86\\DarkAthena.exe"=
"d:\\PROGRAMY\\VLC\\vlc.exe"=
"e:\\GAMES\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"e:\\GAMES\\Bohemia Interactive\\arma2.exe"=
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 16:49 13592]
R3 RecFltr;Reclusa Keyboard;c:\windows\system32\drivers\RecFltr.sys [16.5.2009 15:03 41984]
S0 otni;otni;c:\windows\system32\drivers\stwzvyd.sys --> c:\windows\system32\drivers\stwzvyd.sys [?]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16.5.2009 15:08 114768]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.5.2009 15:08 20560]
S2 CardBusService;CardBusService;c:\program files\Common Files\AVerMedia\Service\CardBusService.exe [17.5.2009 11:44 188416]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [16.5.2009 16:30 604416]
S3 AVerBDA6x;AVerBDA6x service;c:\windows\system32\drivers\AVerBDA6x.sys [17.5.2009 11:45 835712]
S3 cpuz130;cpuz130;\??\c:\docume~1\DiX\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\DiX\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
Obsah adresáře 'Naplánované úlohy'
2009-06-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]
2009-06-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 14:50]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
SafeBoot-procexp90.Sys
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - d:\programy\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\DiX\Data aplikací\Mozilla\Firefox\Profiles\c7eyf3ll.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: d:\programy\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin7.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
d:\programy\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-08 19:48
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(828)
c:\windows\system32\setupapi.dll
.
Celkový čas: 2009-06-08 19:49
ComboFix-quarantined-files.txt 2009-06-08 17:49
Před spuštěním: Volných bajtů: 48 555 413 504
Po spuštění: Volných bajtů: 48 542 892 032
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
336 --- E O F --- 2009-06-05 12:43
-----------------------------------------------------------------------------------------------------------------------------------------------
Mám takový problém, po prihlaseni do windows se objevi bílé okno pres celou obrazovku ze byl nalezen virus Trojan.Spy.Win32.ZBOT.IKH, ktere nejde zavrit.. funguje pouze stav nouze. Podle předchozích témat zjištuji, že s tímto virem nejsem jediný a tak tu máte logy, ktere jste chtěli u předchozích problémů. Malwarebytes log, HijackThis a ComboFIX LOG. všechny byly provedeny v nouzovém režimu prostože v klasickém to není možné.
Předem děkuji za jakoukoliv radu..
--------------------------------------------------------------------------------------------------------------------------------------------------
LOG. Z Malwarebytes
Malwarebytes' Anti-Malware 1.37
Verze databáze: 2249
Windows 5.1.2600 Service Pack 3
8.6.2009 19:36:13
mbam-log-2009-06-08 (19-36-13).txt
Typ skenu: Rychlý sken
Objektu skenováno: 88613
Uplynulý cas: 1 minute(s), 24 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)
--------------------------------------------------------------------------------------------------------------------------------------------------
HIJACKZHIS log.
--------------------------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:40:38, on 8.6.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\PROGRAMY\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\PROGRAMY\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F3 - REG:win.ini: run=C:\WINDOWS\system32\portmap.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRAMY\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRAMY\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] D:\PROGRAMY\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [portmap.exe] C:\WINDOWS\system32\portmap.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [1] C:\WINDOWS\system32\portmap.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Quick Office.lnk = C:\WINDOWS\system32\portmap.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRAMY\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRAMY\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRAMY\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRAMY\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRAMY\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRAMY\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2515408249
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRAMY\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\PROGRAMY\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\PROGRAMY\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\PROGRAMY\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\PROGRAMY\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CardBusService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\CardBusService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 6524 bytes
-------------------------------------------------------------------------------------------------------------------------------------------------------
ComboFIX LOG.
ComboFix 09-06-07.07 - DiX 08.06.2009 19:47.1 - NTFSx86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1688 [GMT 2:00]
Spuštěný z: c:\documents and settings\DiX\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090607-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-08 do 2009-06-08 )))))))))))))))))))))))))))))))
.
2009-06-08 16:47 . 2009-06-08 17:21 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-08 16:24 . 2009-06-08 16:24 103424 ----a-w- c:\windows\system32\portmap.exe
2009-06-04 13:35 . 2009-06-04 13:35 -------- d-----w- c:\program files\MSXML 4.0
2009-06-03 14:27 . 2009-02-09 05:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-06-03 14:27 . 2009-02-09 05:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-06-03 14:27 . 2009-02-09 05:37 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2009-06-03 14:27 . 2009-02-09 05:37 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-06-03 14:27 . 2009-02-09 05:37 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2009-06-03 13:59 . 2009-02-09 05:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-06-03 13:57 . 2009-06-03 13:57 -------- d-sh--w- c:\windows\ftpcache
2009-06-02 13:39 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-06-02 13:39 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-06-02 13:39 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-06-02 13:39 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-06-02 13:39 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-06-02 13:39 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-06-02 13:39 . 2009-03-16 12:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-05-25 21:18 . 2006-05-20 15:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-05-23 18:09 . 2009-05-23 18:09 -------- d-----w- c:\program files\Sony
2009-05-23 17:55 . 2009-05-23 17:55 -------- d-----w- c:\program files\VSTplugins
2009-05-23 15:51 . 2009-05-23 15:51 -------- d-----w- c:\program files\Common Files\Apple
2009-05-23 15:51 . 2009-05-23 15:51 -------- d-----w- c:\program files\Apple Software Update
2009-05-23 10:29 . 2009-05-07 13:20 31232 ----a-w- c:\windows\system\vdremote.dll
2009-05-23 10:29 . 2009-05-07 13:19 25088 ----a-w- c:\windows\system\vdsvrlnk.dll
2009-05-23 10:20 . 2009-05-23 10:20 -------- d-----w- c:\windows\system32\xlive
2009-05-23 10:19 . 2009-05-23 10:20 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-05-22 22:34 . 2000-08-23 16:00 33280 ----a-w- c:\windows\system32\HUFFYUV.DLL
2009-05-22 18:57 . 2008-04-13 20:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-05-22 18:57 . 2008-04-13 20:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-05-22 18:57 . 2001-10-24 09:25 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-05-22 18:57 . 2008-04-14 04:51 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-05-22 18:27 . 2009-05-22 18:27 -------- d-----w- C:\Vyhledavače
2009-05-21 22:51 . 2009-05-21 22:51 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-05-21 16:29 . 2009-05-21 16:29 -------- d-----w- c:\windows\system32\Futuremark
2009-05-21 16:29 . 2008-09-17 13:14 27672 ----a-r- c:\windows\system32\drivers\Entech.sys
2009-05-21 16:29 . 2009-05-21 16:29 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2009-05-21 16:26 . 2009-05-21 16:26 -------- d-----w- c:\windows\Sun
2009-05-21 15:24 . 2009-05-29 18:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-21 15:24 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-21 15:24 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-19 13:27 . 2009-05-19 13:27 -------- d-----w- c:\program files\MSXML 6.0
2009-05-18 17:11 . 2009-05-19 13:31 -------- d-----w- c:\program files\Microsoft SQL Server
2009-05-18 16:32 . 2009-05-18 16:32 -------- d-----w- c:\program files\Microsoft WSE
2009-05-18 16:30 . 2009-05-18 19:29 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-05-18 16:29 . 2005-07-27 11:43 150224 ----a-w- c:\windows\system32\RGB9Rast_1.dll
2009-05-18 16:28 . 2009-05-18 19:14 -------- d-----w- c:\program files\Autodesk
2009-05-17 14:40 . 2009-05-17 14:40 -------- d-----w- c:\windows\Logs
2009-05-17 14:30 . 2009-05-17 14:30 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-05-17 14:30 . 2009-05-17 14:30 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-05-17 09:46 . 2008-04-13 20:09 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2009-05-17 09:46 . 2008-04-13 20:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-05-17 09:46 . 2008-04-13 20:16 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2009-05-17 09:46 . 2008-04-13 20:16 15232 ----a-w- c:\windows\system32\drivers\MPE.sys
2009-05-17 09:46 . 2008-04-13 20:16 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2009-05-17 09:46 . 2008-04-13 20:16 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-05-17 09:46 . 2008-04-13 21:16 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2009-05-17 09:46 . 2008-04-13 21:16 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-05-17 09:46 . 2008-04-13 21:16 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2009-05-17 09:46 . 2008-04-13 21:16 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-05-17 09:45 . 2008-04-13 20:16 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-05-17 09:45 . 2008-04-13 20:16 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-05-17 09:45 . 2008-04-13 20:16 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2009-05-17 09:45 . 2008-04-13 20:16 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-05-17 09:45 . 2008-04-13 20:16 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2009-05-17 09:45 . 2008-04-13 20:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-05-17 09:45 . 2008-04-14 04:52 57856 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-05-17 09:45 . 2008-04-13 20:16 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2009-05-17 09:45 . 2008-04-13 20:16 11776 ----a-w- c:\windows\system32\drivers\BdaSup.sys
2009-05-17 09:45 . 2007-06-01 03:42 835712 ----a-w- c:\windows\system32\drivers\AVerBDA6x.sys
2009-05-17 09:45 . 2006-11-20 03:32 3072 ----a-w- c:\windows\system32\34CoInstaller.dll
2009-05-17 09:44 . 2007-02-07 22:09 49152 ------r- c:\windows\system32\AVerIO.dll
2009-05-17 09:44 . 2005-04-28 04:08 3456 ------r- c:\windows\system32\AVerIO.sys
2009-05-17 09:44 . 2007-05-14 12:18 73728 ------r- c:\windows\system32\CardID.dll
2009-05-17 09:44 . 2007-03-04 20:19 249856 ------r- c:\windows\system32\sptlib02.dll
2009-05-17 09:44 . 2006-11-17 04:35 262144 ------r- c:\windows\system32\sptlib01.dll
2009-05-17 09:43 . 2009-05-17 09:44 -------- d-----w- c:\program files\AVerMedia
2009-05-17 09:43 . 2009-05-17 09:44 -------- d-----w- c:\program files\Common Files\AVerMedia
2009-05-17 08:45 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-05-16 23:22 . 2008-04-13 21:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-05-16 22:23 . 2001-10-24 08:54 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-05-16 22:23 . 2001-10-24 08:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-05-16 22:22 . 2005-04-12 17:21 5600 ----a-w- c:\windows\system32\drivers\WmVirHid.sys
2009-05-16 22:22 . 2005-04-12 17:21 45504 ----a-w- c:\windows\system32\drivers\WmXlCore.sys
2009-05-16 22:22 . 2005-04-12 17:09 159744 ----a-w- c:\windows\system32\WmJoyFrc.dll
2009-05-16 22:22 . 2005-04-12 17:21 22240 ----a-w- c:\windows\system32\drivers\WmFilter.sys
2009-05-16 22:22 . 2005-04-12 17:21 17632 ----a-w- c:\windows\system32\drivers\WmHidLo.sys
2009-05-16 22:22 . 2005-04-12 17:21 10144 ----a-w- c:\windows\system32\drivers\WmBEnum.sys
2009-05-16 21:48 . 2009-05-16 21:48 -------- d-----w- c:\program files\Microsoft Works
2009-05-16 21:47 . 2009-05-18 17:13 -------- d-----w- c:\program files\Microsoft.NET
2009-05-16 21:45 . 2009-05-16 21:45 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-05-16 21:45 . 2009-05-16 21:47 -------- d-----w- c:\windows\SHELLNEW
2009-05-16 21:35 . 2004-07-09 06:43 364544 ------w- c:\windows\system32\TwnLib4.dll
2009-05-16 21:35 . 2000-06-26 08:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2009-05-16 21:35 . 2004-07-26 14:16 471040 ------w- c:\windows\system32\ImagXRA7.dll
2009-05-16 21:35 . 2004-07-26 14:16 476320 ------w- c:\windows\system32\ImagXpr7.dll
2009-05-16 21:35 . 2004-07-26 14:16 262144 ------w- c:\windows\system32\ImagXR7.dll
2009-05-16 21:35 . 2004-07-26 14:16 1568768 ------w- c:\windows\system32\ImagX7.dll
2009-05-16 21:35 . 2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2009-05-16 21:35 . 2009-05-16 21:35 -------- d-----w- c:\program files\Common Files\Ahead
2009-05-16 20:33 . 2009-06-08 17:48 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-05-16 18:38 . 2009-05-14 05:50 545 ----a-w- c:\windows\UC.PIF
2009-05-16 18:38 . 2009-05-14 05:50 545 ----a-w- c:\windows\RAR.PIF
2009-05-16 18:38 . 2009-05-14 05:50 545 ----a-w- c:\windows\PKZIP.PIF
2009-05-16 18:38 . 2009-05-14 05:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-05-16 18:38 . 2009-05-14 05:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-05-16 18:38 . 2009-05-14 05:50 545 ----a-w- c:\windows\LHA.PIF
2009-05-16 18:38 . 2009-05-14 05:50 545 ----a-w- c:\windows\ARJ.PIF
2009-05-16 18:30 . 2009-05-16 18:30 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-05-16 18:30 . 2007-03-18 18:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-05-16 18:30 . 2006-09-29 10:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-05-16 18:30 . 2006-09-29 10:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-05-16 18:30 . 2006-09-29 10:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-05-16 18:30 . 2006-05-11 17:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2009-05-16 18:30 . 2002-12-10 00:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
2009-05-16 18:30 . 2009-05-16 18:30 -------- d-----w- c:\program files\VSO
2009-05-16 17:49 . 2009-05-16 17:49 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-05-16 17:48 . 2009-05-16 17:48 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-16 17:46 . 2009-05-24 09:54 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-16 15:27 . 2009-05-16 15:27 0 ----a-w- c:\windows\nsreg.dat
2009-05-16 14:30 . 2009-05-16 14:30 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-05-16 14:30 . 2009-04-27 12:21 28928 ----a-w- c:\windows\system32\uxtuneup.dll
2009-05-16 14:30 . 2009-05-16 14:30 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-05-16 14:29 . 2009-05-21 14:35 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-05-16 14:28 . 2009-05-16 14:28 -------- d-sh--w- c:\documents and settings\DiX\PrivacIE
2009-05-16 14:26 . 2009-06-08 14:27 137928 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-08 17:48 . 2008-12-19 12:28 578560 ----a-w- c:\windows\system32\user32.dll
2009-06-03 14:27 . 2009-06-03 13:59 -------- d-----w- c:\program files\Nokia
2009-06-03 14:26 . 2009-06-03 14:02 -------- d-----w- c:\program files\Common Files\Nokia
2009-06-03 14:20 . 2009-06-03 14:20 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-06-03 14:20 . 2009-06-03 14:20 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-06-03 14:05 . 2001-10-25 13:00 495958 ----a-w- c:\windows\system32\perfh005.dat
2009-06-03 14:05 . 2001-10-25 13:00 104858 ----a-w- c:\windows\system32\perfc005.dat
2009-06-03 14:04 . 2009-06-03 14:03 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-06-03 14:00 . 2009-06-03 14:00 -------- d-----w- c:\program files\DIFX
2009-05-21 16:29 . 2009-05-16 12:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-21 16:27 . 2009-05-16 12:33 -------- d-----w- c:\program files\Java
2009-05-20 16:15 . 2009-05-20 16:15 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-17 09:51 . 2009-05-16 12:10 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-17 09:51 . 2009-05-16 12:10 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-05-17 09:50 . 2009-05-16 12:10 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-05-16 22:22 . 2009-05-16 12:58 -------- d-----w- c:\program files\Common Files\Logitech
2009-05-16 22:22 . 2009-05-16 12:58 -------- d-----w- c:\program files\Logitech
2009-05-16 21:47 . 2009-05-16 12:30 -------- d-----w- c:\program files\MSBuild
2009-05-16 13:03 . 2009-05-16 13:03 -------- d-----w- c:\program files\Razer
2009-05-16 12:59 . 2009-05-16 12:59 -------- d-----w- c:\program files\Common Files\LogiShared
2009-05-16 12:56 . 2009-05-16 12:56 -------- d-----w- c:\program files\AGEIA Technologies
2009-05-16 12:56 . 2009-05-16 12:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-16 12:50 . 2009-05-16 12:50 -------- d-----w- c:\program files\Realtek
2009-05-16 12:50 . 2009-05-16 12:50 315392 ----a-w- c:\windows\HideWin.exe
2009-05-16 12:50 . 2009-05-16 12:47 15600 ----a-w- c:\windows\gdrv.sys
2009-05-16 12:48 . 2009-05-16 12:48 -------- d-----w- c:\program files\Intel
2009-05-16 12:33 . 2009-05-16 12:33 -------- d-----w- c:\program files\NVIDIA Corporation
2009-05-16 12:33 . 2009-05-16 12:33 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-16 12:30 . 2009-05-16 12:30 -------- d-----w- c:\program files\Reference Assemblies
2009-05-16 12:27 . 2009-05-16 12:27 -------- d-----w- c:\program files\Windows Defender
2009-05-16 12:15 . 2009-05-16 12:15 -------- d-----w- c:\program files\microsoft frontpage
2009-05-16 12:14 . 2009-05-16 12:14 -------- d-----w- c:\program files\Windows Plus
2009-05-16 12:12 . 2009-05-16 12:04 -------- d-----w- c:\program files\Windows Sidebar
2009-05-16 12:12 . 2009-05-16 12:12 -------- d-----w- c:\program files\Alky for Applications
2009-05-16 12:07 . 2009-05-16 12:07 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-16 12:06 . 2009-05-16 12:06 -------- d-----w- c:\program files\VistaExperience.org
2009-05-16 12:04 . 2009-05-16 12:04 -------- d-----w- c:\program files\Windows Media Connect 2
2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
.
Infected c:\windows\system32\user32.dll hex repaired
------- Sigcheck -------
[-] 2009-06-08 17:48 578560 CCB32D10C69A89822E9134C0C4894BE1 c:\windows\system32\user32.dll
[-] 2009-06-08 17:48 578560 CCB32D10C69A89822E9134C0C4894BE1 c:\windows\system32\dllcache\user32.dll
[-] 2008-12-19 12:29 557056 12A799AD9415AE9C8ABCC5F75E9CF034 c:\windows\system32\winlogon.exe
[-] 2008-12-19 12:43 1486336 D39127310CBAD1485EC5001A4ED1D853 c:\windows\explorer.exe
[-] 2008-12-19 12:23 40960 94927BB89A6825C4A5952A2BF78F027B c:\windows\system32\ctfmon.exe
[-] 2008-12-26 20:23 1571840 1E603EA2A3FDBAE9E5B88A8CB3C03124 c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-12-19 40960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="d:\programy\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"portmap.exe"="c:\windows\system32\portmap.exe" [2009-06-08 103424]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-12 16132608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-12-19 40960]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
c:\documents and settings\DiX\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Quick Office.lnk - c:\windows\system32\portmap.exe [2009-6-8 103424]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-16 692224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalUserRun"= 1 (0x1)
"DisableLocalUserRunOnce"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalUserRun"= 1 (0x1)
"DisableLocalUserRunOnce"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" /noui
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AlwaysReady Power Message APP"=ARPWRMSG.EXE
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"ehTray"=c:\windows\ehome\ehtray.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /install
"36X Raid Configurer"=c:\windows\system32\JMRaidSetup.exe boot
"JMB36X IDE Setup"=c:\windows\JM\JMInsIDE.exe
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
"Reclusa"=c:\program files\Razer\Reclusa\razerhid.exe
"Alcmtr"=ALCMTR.EXE
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide
"Adobe Reader Speed Launcher"="d:\programy\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"GrooveMonitor"="d:\programy\Microsoft Office\Office12\GrooveMonitor.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"QuickTime Task"="d:\programy\QuickTime\QTTask.exe" -atboottime
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"portmap.exe"=c:\windows\system32\portmap.exe
"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
"NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\PROGRAMY\\Xfire\\xfire.exe"=
"e:\\GAMES\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\PROGRAMY\\HLSW\\hlsw.exe"=
"d:\\PROGRAMY\\uTorrent\\uTorrent.exe"=
"d:\\PROGRAMY\\QIP\\qip.exe"=
"d:\\PROGRAMY\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\PROGRAMY\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\PROGRAMY\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\PROGRAMY\\mIRCcz\\mirc32.exe"=
"e:\\GAMES\\Atari\\The Chronicles of Riddick - Assault on Dark Athena\\System\\Win32_x86\\DarkAthena.exe"=
"d:\\PROGRAMY\\VLC\\vlc.exe"=
"e:\\GAMES\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"e:\\GAMES\\Bohemia Interactive\\arma2.exe"=
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 16:49 13592]
R3 RecFltr;Reclusa Keyboard;c:\windows\system32\drivers\RecFltr.sys [16.5.2009 15:03 41984]
S0 otni;otni;c:\windows\system32\drivers\stwzvyd.sys --> c:\windows\system32\drivers\stwzvyd.sys [?]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16.5.2009 15:08 114768]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.5.2009 15:08 20560]
S2 CardBusService;CardBusService;c:\program files\Common Files\AVerMedia\Service\CardBusService.exe [17.5.2009 11:44 188416]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [16.5.2009 16:30 604416]
S3 AVerBDA6x;AVerBDA6x service;c:\windows\system32\drivers\AVerBDA6x.sys [17.5.2009 11:45 835712]
S3 cpuz130;cpuz130;\??\c:\docume~1\DiX\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\DiX\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
Obsah adresáře 'Naplánované úlohy'
2009-06-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]
2009-06-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 14:50]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
SafeBoot-procexp90.Sys
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - d:\programy\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\DiX\Data aplikací\Mozilla\Firefox\Profiles\c7eyf3ll.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: d:\programy\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: d:\programy\QuickTime\Plugins\npqtplugin7.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
d:\programy\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-08 19:48
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(828)
c:\windows\system32\setupapi.dll
.
Celkový čas: 2009-06-08 19:49
ComboFix-quarantined-files.txt 2009-06-08 17:49
Před spuštěním: Volných bajtů: 48 555 413 504
Po spuštění: Volných bajtů: 48 542 892 032
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
336 --- E O F --- 2009-06-05 12:43
-----------------------------------------------------------------------------------------------------------------------------------------------
