otravuje mně "braviax.exe" - zřejmě nějaký vir
Napsal: 13 srp 2009 19:00
zde je log z Combo Fixu:
ComboFix 09-08-10.06 - Karajev 13.08.2009 18:52.2.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1015.627 [GMT 2:00]
Spuštěný z: g:\documents and settings\Karajev\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090812-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: VirusKeeper 2009 Pro antivirus *On-access scanning enabled* (Updated) {165EE528-D666-4745-B14E-AA998BBEC191}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
g:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
g:\windows\system32\braviax.exe
g:\windows\system32\wisdstr.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-13 do 2009-08-13 )))))))))))))))))))))))))))))))
.
2009-08-13 16:02 . 2009-08-13 16:02 -------- d-----w- G:\rsit
2009-08-13 16:02 . 2009-08-13 16:02 -------- d-----w- g:\program files\trend micro
2009-08-13 15:32 . 2009-08-13 15:32 -------- d-----w- G:\PC_Antispyware2010
2009-08-13 15:32 . 2009-08-13 15:33 -------- d-----w- g:\program files\PC_Antispyware2010
2009-08-12 22:48 . 2009-08-12 22:48 -------- d-----w- g:\windows\system32\wbem\Repository
2009-08-12 20:36 . 2004-08-18 12:00 221184 ----a-w- g:\windows\system32\wmpns.dll
2009-08-12 19:12 . 2009-08-12 22:04 146 ----a-w- g:\documents and settings\Karajev\delself.bat
2009-08-12 18:27 . 2001-10-25 12:00 2944 -c--a-w- g:\windows\system32\dllcache\null.sys
2009-08-12 18:27 . 2001-10-25 12:00 2944 ----a-w- g:\windows\system32\drivers\null.sys
2009-08-12 18:26 . 2009-08-12 18:26 619584 -c--a-w- g:\windows\system32\dllcache\ntfs.sys
2009-08-12 18:25 . 2009-08-12 18:25 26686 ----a-w- g:\windows\system32\msword98.exe
2009-08-12 18:25 . 2009-08-12 18:25 26686 ----a-w- g:\documents and settings\Karajev\msword98.exe
2009-08-12 17:11 . 2009-07-10 13:28 1315328 -c----w- g:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 205312 -c----w- g:\windows\system32\dllcache\mswebdvd.dll
2009-07-17 19:04 . 2009-07-17 19:04 58880 -c----w- g:\windows\system32\dllcache\atl.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-12 18:26 . 2004-08-03 22:15 619584 ----a-w- g:\windows\system32\drivers\ntfs.sys
2009-08-05 09:01 . 2004-08-17 14:49 205312 ----a-w- g:\windows\system32\mswebdvd.dll
2009-08-01 20:53 . 2008-07-07 18:55 -------- d-----w- g:\program files\Microsoft Silverlight
2009-07-17 19:04 . 2009-07-17 19:04 58880 ----a-w- g:\windows\system32\SETAD.tmp
2009-07-17 19:04 . 2004-08-17 14:49 58880 ----a-w- g:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-17 14:49 286208 ----a-w- g:\windows\system32\wmpdxm.dll
2009-06-29 16:00 . 2004-08-17 14:49 827392 ----a-w- g:\windows\system32\wininet.dll
2009-06-29 15:59 . 2004-08-17 14:49 78336 ----a-w- g:\windows\system32\ieencode.dll
2009-06-29 15:59 . 2004-08-17 14:49 17408 ----a-w- g:\windows\system32\corpol.dll
2009-06-25 08:27 . 2004-08-17 14:49 54272 ----a-w- g:\windows\system32\wdigest.dll
2009-06-25 08:27 . 2004-08-17 14:49 56832 ----a-w- g:\windows\system32\secur32.dll
2009-06-25 08:27 . 2004-08-17 14:49 147456 ----a-w- g:\windows\system32\schannel.dll
2009-06-25 08:27 . 2004-08-17 14:49 136192 ----a-w- g:\windows\system32\msv1_0.dll
2009-06-25 08:27 . 2004-08-17 14:49 729088 ----a-w- g:\windows\system32\lsasrv.dll
2009-06-25 08:27 . 2004-08-17 14:49 301568 ----a-w- g:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-08-03 21:59 92928 ----a-w- g:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:40 . 2004-08-17 14:49 119808 ----a-w- g:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2001-10-25 12:00 81920 ----a-w- g:\windows\system32\fontsub.dll
2009-06-15 10:45 . 2004-08-17 14:49 78336 ----a-w- g:\windows\system32\telnet.exe
2009-06-15 10:45 . 2004-08-17 14:49 81408 ----a-w- g:\windows\system32\tlntsess.exe
2009-06-10 14:15 . 2004-08-17 14:49 84992 ----a-w- g:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2008-04-18 18:33 2066432 ----a-w- g:\windows\system32\mstscax.dll
2009-06-10 06:16 . 2004-08-17 14:49 132096 ----a-w- g:\windows\system32\wkssvc.dll
2009-06-10 06:16 . 2004-08-17 14:49 132096 ----a-w- g:\windows\system32\wkssvc(2).dll
2009-06-03 19:11 . 2004-08-17 14:49 1293824 ----a-w- g:\windows\system32\quartz.dll
2009-01-25 12:57 . 2009-01-25 12:57 28672 ----a-w- g:\program files\mozilla firefox\components\GooglePlusVideosXPCOM.dll
2008-10-19 09:58 . 2008-10-19 09:58 49152 ----a-w- g:\program files\mozilla firefox\components\SiteVacuumXPCOM.dll
.
------- Sigcheck -------
[-] 2004-08-17 14:49 541696 96112B362A1F419384CE57E5D92C6267 g:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 03:22 547328 471341D353962A35DA3C6324D59D09C4 g:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 03:22 547328 471341D353962A35DA3C6324D59D09C4 g:\windows\system32\winlogon.exe
[7] 2008-04-14 03:22 507904 CDDB1F8E1AEA356F3AD106F2CF9B7FEA g:\windows\VistaMizer\old\winlogon.exe
[-] 2009-01-17 18:46 1552384 137A31C90841DB6EF71ABE912E72121E g:\windows\explorer.exe
[-] 2007-06-13 13:11 1033728 9B32416BD5988C97B6397CE0B02CAF97 g:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 13:23 1551872 3AC47EAC2BD0B93621B55DCD4C547956 g:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-17 14:49 1032704 53114D57AB73A406AC7F602227781A99 g:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 03:22 1552384 137A31C90841DB6EF71ABE912E72121E g:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 03:22 1034240 27AFD587C462E280EE046B8CCA3C2CD1 g:\windows\VistaMizer\old\explorer.exe
[-] 2004-08-17 14:49 25088 5050A0B550CCF3FFBC3DAD33524A4DC1 g:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-14 03:22 25088 D8152865F2A59D765AF8317E38AA5FB4 g:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 03:22 25088 D8152865F2A59D765AF8317E38AA5FB4 g:\windows\system32\ctfmon.exe
[7] 2008-04-14 03:22 15360 A756B8F0F7BAFBA6DFE39F7D169F2519 g:\windows\VistaMizer\old\ctfmon.exe
[-] 2004-08-17 14:49 1405440 B26D8B14BFA74CE9C3E3031DDA8DCB6B g:\windows\$NtServicePackUninstall$\comres.dll
[-] 2008-04-14 03:21 1405440 3EF79D1F5B06B29B3C317DFFB8BE0F8F g:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 03:21 1405440 3EF79D1F5B06B29B3C317DFFB8BE0F8F g:\windows\system32\comres.dll
[7] 2008-04-14 03:21 806912 E7B375DFFB68A16659CA66474A280C47 g:\windows\VistaMizer\old\comres.dll
[-] 2006-08-25 15:51 724992 D40513CF64FB1BFDE53A1D346CB95299 g:\windows\$NtServicePackUninstall$\comctl32.dll
[7] 2004-08-17 14:49 611328 876C658C44F2BF4AF050E5534A9F066F g:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2008-04-14 03:21 724992 B06B1E696E8B0117EFF67D91E83574AB g:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 03:21 724992 B06B1E696E8B0117EFF67D91E83574AB g:\windows\system32\comctl32.dll
[7] 2008-04-14 03:21 617472 4F993463DC5F3F80D77A3D34D7BFBFED g:\windows\VistaMizer\old\comctl32.dll
[7] 2004-08-18 12:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 g:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2004-08-18 12:00 1050624 F76B3003366A205E05AFC0D034C7D3E9 g:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2006-08-25 15:51 1054208 6CB1BAC5FA7E692B63C3D5AAA348E76A g:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[7] 2008-04-14 03:07 1054208 D7B7AE36A2EBA312AC4B53862019B3F5 g:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 g:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF g:\windows\$NtServicePackUninstall$\ntfs.sys
[7] 2004-08-03 22:15 574592 B78BE402C3F63DD55521F73876951CDD g:\windows\$NtUninstallKB930916$\ntfs.sys
[7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA g:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2009-08-12 18:26 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 g:\windows\system32\dllcache\ntfs.sys
[-] 2009-08-12 18:26 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 g:\windows\system32\drivers\ntfs.sys
g:\windows\system32\drivers\beep.sys ... chybí !!
.
((((((((((((((((((((((((((((( SnapShot@2009-08-13_15.51.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-13 16:46 . 2009-08-13 16:46 16384 g:\windows\Temp\Perflib_Perfdata_5f4.dat
+ 2009-08-13 16:47 . 2009-08-13 16:47 16384 g:\windows\Temp\Perflib_Perfdata_188.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}"= "g:\program files\Softonic_English_TC\tbSof1.dll" [2009-03-27 1883672]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "g:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]
[HKEY_CLASSES_ROOT\clsid\{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4FF5F6EA-FFAF-43E5-9A01-361C0893C3E8}"= "g:\program files\Softonic_English_TC\tbSof1.dll" [2009-03-27 1883672]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "g:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]
[HKEY_CLASSES_ROOT\clsid\{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Svátky a výročí"="g:\documents and settings\Karajev\Plocha\Svátky a výročí\Vyroci.exe" [1998-04-14 485888]
"SmartClock"="g:\program files\SmartClock\SmartClock.exe" [2002-11-02 177664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="g:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Windows Defender"="g:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="g:\windows\system32\CTFMON.EXE" [2008-04-14 25088]
g:\documents and settings\Karajev\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ikowin32.exe [2008-4-14 24064]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0aswBoot.exe /M:4ebdbc2a
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\G:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=g:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=g:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vkservice"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="g:\program files\Common Files\Ahead\lib\NMBgMonitor.exe"
"CTFMON.EXE"=g:\windows\system32\ctfmon.exe
"365dni"=g:\program files\365dníNET\365dniNET.exe
"Google Update"="g:\documents and settings\Karajev\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
"SpybotSD TeaTimer"=g:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Easy-PrintToolBox"=g:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
"igfxtray"=g:\windows\system32\igfxtray.exe
"igfxhkcmd"=g:\windows\system32\hkcmd.exe
"NeroFilterCheck"=g:\windows\system32\NeroCheck.exe
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"TkBellExe"="g:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"VirusKeeper"=g:\program files\AxBx\VirusKeeper 2009 Pro Trial\VirusKeeper.exe
"SiteVacuum"=g:\program files\EasySearch\SiteVacuumClient.exe
"SunJavaUpdateSched"="g:\program files\Java\jre6\bin\jusched.exe"
"braviax"=
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"g:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"g:\\Program Files\\SDC212\\StrongDC.exe"=
"g:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"g:\\WINDOWS\\system32\\mmc.exe"=
"g:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\explorer.exe"=
"g:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"g:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
R1 aswSP;avast! Self Protection;g:\windows\system32\drivers\aswSP.sys [25.1.2009 14:10 114768]
R2 aswFsBlk;aswFsBlk;g:\windows\system32\drivers\aswFsBlk.sys [25.1.2009 14:10 20560]
R2 WinDefend;Windows Defender;g:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
S3 CrystalSysInfo;CrystalSysInfo;g:\program files\MediaCoder\SysInfo.sys [25.9.2007 16:59 15152]
S4 vkservice;VirusKeeper antivirus/antispyware;g:\program files\AxBx\VirusKeeper 2009 Pro Trial\vk_service.exe --> g:\program files\AxBx\VirusKeeper 2009 Pro Trial\vk_service.exe [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2009-07-10 g:\windows\Tasks\1-Click Maintenance.job
- g:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]
2009-08-13 g:\windows\Tasks\MP Scheduled Scan.job
- g:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Doplňkový sken -------
.
mStart Page = hxxp://www.google.com
FF - ProfilePath - g:\documents and settings\Karajev\Data aplikací\Mozilla\Firefox\Profiles\clbey63a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... ie7&query=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - About:Blank
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - component: g:\program files\Mozilla Firefox\components\GooglePlusVideosXPCOM.dll
FF - component: g:\program files\Mozilla Firefox\components\SiteVacuumXPCOM.dll
FF - plugin: g:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - g:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
g:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-13 18:56
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(532)
g:\windows\system32\SETUPAPI.dll
g:\windows\system32\sfc_os.dll
g:\windows\system32\COMRes.dll
g:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(588)
g:\windows\system32\SETUPAPI.dll
.
Celkový čas: 2009-08-13 18:59
ComboFix-quarantined-files.txt 2009-08-13 16:59
ComboFix2.txt 2009-08-13 15:54
Před spuštěním: Volných bajtů: 10 328 666 112
Po spuštění: Volných bajtů: 10 283 409 408
239 --- E O F --- 2009-08-12 23:16
ComboFix 09-08-10.06 - Karajev 13.08.2009 18:52.2.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1015.627 [GMT 2:00]
Spuštěný z: g:\documents and settings\Karajev\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090812-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: VirusKeeper 2009 Pro antivirus *On-access scanning enabled* (Updated) {165EE528-D666-4745-B14E-AA998BBEC191}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
g:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
g:\windows\system32\braviax.exe
g:\windows\system32\wisdstr.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-13 do 2009-08-13 )))))))))))))))))))))))))))))))
.
2009-08-13 16:02 . 2009-08-13 16:02 -------- d-----w- G:\rsit
2009-08-13 16:02 . 2009-08-13 16:02 -------- d-----w- g:\program files\trend micro
2009-08-13 15:32 . 2009-08-13 15:32 -------- d-----w- G:\PC_Antispyware2010
2009-08-13 15:32 . 2009-08-13 15:33 -------- d-----w- g:\program files\PC_Antispyware2010
2009-08-12 22:48 . 2009-08-12 22:48 -------- d-----w- g:\windows\system32\wbem\Repository
2009-08-12 20:36 . 2004-08-18 12:00 221184 ----a-w- g:\windows\system32\wmpns.dll
2009-08-12 19:12 . 2009-08-12 22:04 146 ----a-w- g:\documents and settings\Karajev\delself.bat
2009-08-12 18:27 . 2001-10-25 12:00 2944 -c--a-w- g:\windows\system32\dllcache\null.sys
2009-08-12 18:27 . 2001-10-25 12:00 2944 ----a-w- g:\windows\system32\drivers\null.sys
2009-08-12 18:26 . 2009-08-12 18:26 619584 -c--a-w- g:\windows\system32\dllcache\ntfs.sys
2009-08-12 18:25 . 2009-08-12 18:25 26686 ----a-w- g:\windows\system32\msword98.exe
2009-08-12 18:25 . 2009-08-12 18:25 26686 ----a-w- g:\documents and settings\Karajev\msword98.exe
2009-08-12 17:11 . 2009-07-10 13:28 1315328 -c----w- g:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 205312 -c----w- g:\windows\system32\dllcache\mswebdvd.dll
2009-07-17 19:04 . 2009-07-17 19:04 58880 -c----w- g:\windows\system32\dllcache\atl.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-12 18:26 . 2004-08-03 22:15 619584 ----a-w- g:\windows\system32\drivers\ntfs.sys
2009-08-05 09:01 . 2004-08-17 14:49 205312 ----a-w- g:\windows\system32\mswebdvd.dll
2009-08-01 20:53 . 2008-07-07 18:55 -------- d-----w- g:\program files\Microsoft Silverlight
2009-07-17 19:04 . 2009-07-17 19:04 58880 ----a-w- g:\windows\system32\SETAD.tmp
2009-07-17 19:04 . 2004-08-17 14:49 58880 ----a-w- g:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-17 14:49 286208 ----a-w- g:\windows\system32\wmpdxm.dll
2009-06-29 16:00 . 2004-08-17 14:49 827392 ----a-w- g:\windows\system32\wininet.dll
2009-06-29 15:59 . 2004-08-17 14:49 78336 ----a-w- g:\windows\system32\ieencode.dll
2009-06-29 15:59 . 2004-08-17 14:49 17408 ----a-w- g:\windows\system32\corpol.dll
2009-06-25 08:27 . 2004-08-17 14:49 54272 ----a-w- g:\windows\system32\wdigest.dll
2009-06-25 08:27 . 2004-08-17 14:49 56832 ----a-w- g:\windows\system32\secur32.dll
2009-06-25 08:27 . 2004-08-17 14:49 147456 ----a-w- g:\windows\system32\schannel.dll
2009-06-25 08:27 . 2004-08-17 14:49 136192 ----a-w- g:\windows\system32\msv1_0.dll
2009-06-25 08:27 . 2004-08-17 14:49 729088 ----a-w- g:\windows\system32\lsasrv.dll
2009-06-25 08:27 . 2004-08-17 14:49 301568 ----a-w- g:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-08-03 21:59 92928 ----a-w- g:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:40 . 2004-08-17 14:49 119808 ----a-w- g:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2001-10-25 12:00 81920 ----a-w- g:\windows\system32\fontsub.dll
2009-06-15 10:45 . 2004-08-17 14:49 78336 ----a-w- g:\windows\system32\telnet.exe
2009-06-15 10:45 . 2004-08-17 14:49 81408 ----a-w- g:\windows\system32\tlntsess.exe
2009-06-10 14:15 . 2004-08-17 14:49 84992 ----a-w- g:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2008-04-18 18:33 2066432 ----a-w- g:\windows\system32\mstscax.dll
2009-06-10 06:16 . 2004-08-17 14:49 132096 ----a-w- g:\windows\system32\wkssvc.dll
2009-06-10 06:16 . 2004-08-17 14:49 132096 ----a-w- g:\windows\system32\wkssvc(2).dll
2009-06-03 19:11 . 2004-08-17 14:49 1293824 ----a-w- g:\windows\system32\quartz.dll
2009-01-25 12:57 . 2009-01-25 12:57 28672 ----a-w- g:\program files\mozilla firefox\components\GooglePlusVideosXPCOM.dll
2008-10-19 09:58 . 2008-10-19 09:58 49152 ----a-w- g:\program files\mozilla firefox\components\SiteVacuumXPCOM.dll
.
------- Sigcheck -------
[-] 2004-08-17 14:49 541696 96112B362A1F419384CE57E5D92C6267 g:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 03:22 547328 471341D353962A35DA3C6324D59D09C4 g:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 03:22 547328 471341D353962A35DA3C6324D59D09C4 g:\windows\system32\winlogon.exe
[7] 2008-04-14 03:22 507904 CDDB1F8E1AEA356F3AD106F2CF9B7FEA g:\windows\VistaMizer\old\winlogon.exe
[-] 2009-01-17 18:46 1552384 137A31C90841DB6EF71ABE912E72121E g:\windows\explorer.exe
[-] 2007-06-13 13:11 1033728 9B32416BD5988C97B6397CE0B02CAF97 g:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 13:23 1551872 3AC47EAC2BD0B93621B55DCD4C547956 g:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-17 14:49 1032704 53114D57AB73A406AC7F602227781A99 g:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 03:22 1552384 137A31C90841DB6EF71ABE912E72121E g:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 03:22 1034240 27AFD587C462E280EE046B8CCA3C2CD1 g:\windows\VistaMizer\old\explorer.exe
[-] 2004-08-17 14:49 25088 5050A0B550CCF3FFBC3DAD33524A4DC1 g:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-14 03:22 25088 D8152865F2A59D765AF8317E38AA5FB4 g:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 03:22 25088 D8152865F2A59D765AF8317E38AA5FB4 g:\windows\system32\ctfmon.exe
[7] 2008-04-14 03:22 15360 A756B8F0F7BAFBA6DFE39F7D169F2519 g:\windows\VistaMizer\old\ctfmon.exe
[-] 2004-08-17 14:49 1405440 B26D8B14BFA74CE9C3E3031DDA8DCB6B g:\windows\$NtServicePackUninstall$\comres.dll
[-] 2008-04-14 03:21 1405440 3EF79D1F5B06B29B3C317DFFB8BE0F8F g:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 03:21 1405440 3EF79D1F5B06B29B3C317DFFB8BE0F8F g:\windows\system32\comres.dll
[7] 2008-04-14 03:21 806912 E7B375DFFB68A16659CA66474A280C47 g:\windows\VistaMizer\old\comres.dll
[-] 2006-08-25 15:51 724992 D40513CF64FB1BFDE53A1D346CB95299 g:\windows\$NtServicePackUninstall$\comctl32.dll
[7] 2004-08-17 14:49 611328 876C658C44F2BF4AF050E5534A9F066F g:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2008-04-14 03:21 724992 B06B1E696E8B0117EFF67D91E83574AB g:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 03:21 724992 B06B1E696E8B0117EFF67D91E83574AB g:\windows\system32\comctl32.dll
[7] 2008-04-14 03:21 617472 4F993463DC5F3F80D77A3D34D7BFBFED g:\windows\VistaMizer\old\comctl32.dll
[7] 2004-08-18 12:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 g:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2004-08-18 12:00 1050624 F76B3003366A205E05AFC0D034C7D3E9 g:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2006-08-25 15:51 1054208 6CB1BAC5FA7E692B63C3D5AAA348E76A g:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[7] 2008-04-14 03:07 1054208 D7B7AE36A2EBA312AC4B53862019B3F5 g:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 g:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF g:\windows\$NtServicePackUninstall$\ntfs.sys
[7] 2004-08-03 22:15 574592 B78BE402C3F63DD55521F73876951CDD g:\windows\$NtUninstallKB930916$\ntfs.sys
[7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA g:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2009-08-12 18:26 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 g:\windows\system32\dllcache\ntfs.sys
[-] 2009-08-12 18:26 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 g:\windows\system32\drivers\ntfs.sys
g:\windows\system32\drivers\beep.sys ... chybí !!
.
((((((((((((((((((((((((((((( SnapShot@2009-08-13_15.51.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-13 16:46 . 2009-08-13 16:46 16384 g:\windows\Temp\Perflib_Perfdata_5f4.dat
+ 2009-08-13 16:47 . 2009-08-13 16:47 16384 g:\windows\Temp\Perflib_Perfdata_188.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}"= "g:\program files\Softonic_English_TC\tbSof1.dll" [2009-03-27 1883672]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "g:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]
[HKEY_CLASSES_ROOT\clsid\{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4FF5F6EA-FFAF-43E5-9A01-361C0893C3E8}"= "g:\program files\Softonic_English_TC\tbSof1.dll" [2009-03-27 1883672]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "g:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]
[HKEY_CLASSES_ROOT\clsid\{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Svátky a výročí"="g:\documents and settings\Karajev\Plocha\Svátky a výročí\Vyroci.exe" [1998-04-14 485888]
"SmartClock"="g:\program files\SmartClock\SmartClock.exe" [2002-11-02 177664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="g:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Windows Defender"="g:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="g:\windows\system32\CTFMON.EXE" [2008-04-14 25088]
g:\documents and settings\Karajev\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ikowin32.exe [2008-4-14 24064]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0aswBoot.exe /M:4ebdbc2a
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\G:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=g:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=g:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vkservice"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="g:\program files\Common Files\Ahead\lib\NMBgMonitor.exe"
"CTFMON.EXE"=g:\windows\system32\ctfmon.exe
"365dni"=g:\program files\365dníNET\365dniNET.exe
"Google Update"="g:\documents and settings\Karajev\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
"SpybotSD TeaTimer"=g:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Easy-PrintToolBox"=g:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
"igfxtray"=g:\windows\system32\igfxtray.exe
"igfxhkcmd"=g:\windows\system32\hkcmd.exe
"NeroFilterCheck"=g:\windows\system32\NeroCheck.exe
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"TkBellExe"="g:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"VirusKeeper"=g:\program files\AxBx\VirusKeeper 2009 Pro Trial\VirusKeeper.exe
"SiteVacuum"=g:\program files\EasySearch\SiteVacuumClient.exe
"SunJavaUpdateSched"="g:\program files\Java\jre6\bin\jusched.exe"
"braviax"=
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"g:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"g:\\Program Files\\SDC212\\StrongDC.exe"=
"g:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"g:\\WINDOWS\\system32\\mmc.exe"=
"g:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\explorer.exe"=
"g:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"g:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
R1 aswSP;avast! Self Protection;g:\windows\system32\drivers\aswSP.sys [25.1.2009 14:10 114768]
R2 aswFsBlk;aswFsBlk;g:\windows\system32\drivers\aswFsBlk.sys [25.1.2009 14:10 20560]
R2 WinDefend;Windows Defender;g:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
S3 CrystalSysInfo;CrystalSysInfo;g:\program files\MediaCoder\SysInfo.sys [25.9.2007 16:59 15152]
S4 vkservice;VirusKeeper antivirus/antispyware;g:\program files\AxBx\VirusKeeper 2009 Pro Trial\vk_service.exe --> g:\program files\AxBx\VirusKeeper 2009 Pro Trial\vk_service.exe [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2009-07-10 g:\windows\Tasks\1-Click Maintenance.job
- g:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]
2009-08-13 g:\windows\Tasks\MP Scheduled Scan.job
- g:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Doplňkový sken -------
.
mStart Page = hxxp://www.google.com
FF - ProfilePath - g:\documents and settings\Karajev\Data aplikací\Mozilla\Firefox\Profiles\clbey63a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... ie7&query=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - About:Blank
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - component: g:\program files\Mozilla Firefox\components\GooglePlusVideosXPCOM.dll
FF - component: g:\program files\Mozilla Firefox\components\SiteVacuumXPCOM.dll
FF - plugin: g:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - g:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
g:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-13 18:56
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(532)
g:\windows\system32\SETUPAPI.dll
g:\windows\system32\sfc_os.dll
g:\windows\system32\COMRes.dll
g:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(588)
g:\windows\system32\SETUPAPI.dll
.
Celkový čas: 2009-08-13 18:59
ComboFix-quarantined-files.txt 2009-08-13 16:59
ComboFix2.txt 2009-08-13 15:54
Před spuštěním: Volných bajtů: 10 328 666 112
Po spuštění: Volných bajtů: 10 283 409 408
239 --- E O F --- 2009-08-12 23:16
