Vyslednej Log z Anti-Malware
Malwarebytes' Anti-Malware 1.36
Verze databáze: 2014
Windows 5.1.2600 Service Pack 2
20.4.2009 23:11:14
mbam-log-2009-04-20 (23-11-14).txt
Typ skenu: Úplný sken (C:\|)
Objektu skenováno: 184370
Uplynulý cas: 1 hour(s), 13 minute(s), 19 second(s)
Infikované procesy pameti: 7
Infikované pametové moduly: 1
Infikované klíce registru: 21
Infikované hodnoty registru: 7
Infikované položky dat registru: 4
Infikované složky: 2
Infikované soubory: 31
Infikované procesy pameti:
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\afisicx.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\danik\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\sopidkc.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\system32\tdctxte.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\system32\3361\SVCHOST.EXE (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\dhcp\svchost.exe (Trojan.Agent) -> Unloaded process successfully.
Infikované pametové moduly:
c:\WINDOWS\system32\6to4v32.dll (Dialer) -> Delete on reboot.
Infikované klíce registru:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\6to4 (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\6to4 (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\at1394 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\at1394 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\at1394 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Protect (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdctxte (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdctxte (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdctxte (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dhcpsrv (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\dhcpsrv (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dhcpsrv (Trojan.Agent) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svc (Spyware.OnlineGamer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\services\del (Malware.Trace) -> Quarantined and deleted successfully.
Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Dropper) -> Data: c:\windows\system32\hhupd.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Spyware.OnlineGamer) -> Data: c:\progra~1\thunmail\testabd.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\hhupd.exe,C:\WINDOWS\system32\hhupd.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infikované složky:
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556 (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\ThunMail (Spyware.OnlineGamer) -> Quarantined and deleted successfully.
Infikované soubory:
c:\WINDOWS\system32\6to4v32.dll (Dialer) -> Delete on reboot.
C:\Program Files\ThunMail\testabd.ex_ (Trojan.Agent2) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B0112BD-15AB-4871-9499-1CB57E667697}\RP5\A0002722.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B0112BD-15AB-4871-9499-1CB57E667697}\RP5\A0003135.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B0112BD-15AB-4871-9499-1CB57E667697}\RP5\A0003139.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4B0112BD-15AB-4871-9499-1CB57E667697}\RP5\A0003145.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Danicek\reader_s.exe (Virus.Virut) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hhupd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\at1394.sys (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tpszxyd.sys (Backdoor.Refpron) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Iasv32.dll (Dialer) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\6to4v32.dll (Dialer) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\at1394.sys (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\reader_s.exe (Virus.Virut) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\Desktop.ini (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\ThunMail\testabd.dll (Spyware.OnlineGamer) -> Quarantined and deleted successfully.
C:\Program Files\ThunMail\testabd.exe (Spyware.OnlineGamer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Danielius\Plocha\Cheap Software.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Danielius\Plocha\MP3 Download.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3361\SVCHOST.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\afisicx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dncyool64.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\danik\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sopidkc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\w.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcxool64.sys (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdctxte.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\dhcp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
-----------------------------------------------------------------------------------------------------------------------------------------
a tady Log z Combo Fix
ComboFix 09-04-19.01 - danik 20.04.2009 23:18.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.2047.1746 [GMT 2:00]
Spuštěný z: c:\documents and settings\danik\Dokumenty\ComboFix.exe
* Vytvořen nový Bod Obnovení
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Danielius\Data aplikací\BITS
c:\documents and settings\Danielius\Data aplikací\BITS\BITS.ini
c:\documents and settings\Danielius\Data aplikací\BITS\DHTTable.dat
c:\documents and settings\Danielius\Data aplikací\BITS\ProxyList.ini
c:\windows\Install.txt
c:\windows\system32\bversion.dll
c:\windows\system32\IPHACTION.dll
c:\windows\system32\IpSvchostF.dll
c:\windows\system32\riphy.dll
.
---- Předchozí spuštění -------
.
c:\documents and settings\Danielius\Nabˇdka Start\Cheap Pharmacy Online.url
c:\documents and settings\Danielius\Nabˇdka Start\Search Online.url
c:\documents and settings\Danielius\Nabˇdka Start\SMS TRAP.url
c:\documents and settings\Danielius\Nabˇdka Start\VIP Casino.url
c:\documents and settings\Danielius\Oblˇben‚ polo§ky\Cheap Pharmacy Online.url
c:\documents and settings\Danielius\Oblˇben‚ polo§ky\Search Online.url
c:\documents and settings\Danielius\Oblˇben‚ polo§ky\SMS TRAP.url
c:\documents and settings\Danielius\Oblˇben‚ polo§ky\VIP Casino.url
c:\documents and settings\Danielius\Plocha\Cheap Pharmacy Online.url
c:\documents and settings\Danielius\Plocha\Search Online.url
c:\documents and settings\Danielius\Plocha\SMS TRAP.url
c:\documents and settings\Danielius\Plocha\VIP Casino.url
c:\windows\ios.dat
c:\windows\system32\c.ico
c:\windows\system32\m.ico
c:\windows\system32\p.ico
c:\windows\system32\s.ico
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6TO4
-------\Legacy_AFISICX
-------\Legacy_AT1394
-------\Legacy_DHCPSRV
-------\Legacy_PROTECT
-------\Legacy_SOPIDKC
-------\Legacy_TDCTXTE
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-20 do 2009-04-20 )))))))))))))))))))))))))))))))
.
2009-04-20 21:23 . 2009-04-20 21:23 0 ------w c:\windows\system32\IpSvchostF.dll
2009-04-20 16:38 . 2009-04-20 16:38 -------- d-----w c:\program files\Trend Micro
2009-04-20 16:24 . 2009-04-20 16:24 -------- d-----w c:\documents and settings\danik\Data aplikací\Malwarebytes
2009-04-20 16:24 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-20 16:24 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-20 16:24 . 2009-04-20 16:24 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-20 16:24 . 2009-04-20 16:24 -------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2009-04-20 15:55 . 2009-04-20 15:55 -------- d--h--w C:\PEBakcup
2009-04-20 15:49 . 2009-04-20 16:00 -------- d-----w C:\PcwBak
2009-04-20 15:49 . 2009-04-20 16:04 -------- d-----w c:\program files\PC Washer
2009-04-20 14:17 . 2002-01-05 09:37 344064 ----a-w c:\windows\system32\msvcr70.dll
2009-04-20 14:17 . 2002-01-05 03:40 487424 ----a-w c:\windows\system32\msvcp70.dll
2009-04-20 14:17 . 2009-04-20 14:17 -------- d-----w c:\program files\AML Products
2009-04-20 14:17 . 2002-06-06 14:13 1077344 ----a-w c:\windows\system32\mscomctl.ocx
2009-04-20 14:17 . 2002-01-05 04:48 974848 ----a-w c:\windows\system32\mfc70.dll
2009-04-20 14:17 . 2000-05-22 14:58 608448 ----a-w c:\windows\system32\comctl32.ocx
2009-04-20 14:17 . 1998-12-24 18:23 40960 ----a-w c:\windows\system32\VBAME.DLL
2009-04-20 14:03 . 2009-04-20 14:05 46640 ----a-w c:\windows\system32\msln.exe
2009-04-20 14:00 . 2009-04-20 14:07 -------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\Norton
2009-04-20 13:46 . 2009-04-20 14:09 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-20 13:45 . 2009-04-20 14:07 -------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\Symantec
2009-04-20 13:45 . 2009-04-20 14:07 -------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\NortonInstaller
2009-04-19 14:36 . 2009-04-19 14:36 -------- d-----w c:\documents and settings\LocalService.NT AUTHORITY.002\Local Settings\Data aplikací\Identities
2009-04-18 22:58 . 2009-04-18 22:58 -------- d-----w c:\program files\ICQ6Toolbar
2009-04-18 22:58 . 2009-04-18 22:58 -------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\ICQ
2009-04-18 22:57 . 2009-04-18 22:59 -------- d-----w c:\documents and settings\danik\Data aplikací\ICQ
2009-04-18 22:57 . 2009-04-18 22:59 -------- d-----w c:\program files\ICQ6.5
2009-04-18 04:23 . 2009-04-18 04:23 -------- d-----w c:\documents and settings\Danicek\Local Settings\Application Data\Opera
2009-04-17 12:29 . 2009-04-17 12:29 394 ----a-w c:\windows\system32\MRT.INI
2009-04-15 18:43 . 2009-03-27 08:03 215465 ----a-w c:\windows\system32\nvapps.nvb
2009-04-15 18:41 . 2009-04-15 18:41 -------- d-----w C:\NVIDIA
2009-04-15 17:53 . 2007-07-19 22:57 267112 ----a-w c:\windows\system32\xactengine2_9.dll
2009-04-15 13:18 . 2009-04-15 13:18 -------- d-----w c:\program files\7-Zip
2009-04-14 16:31 . 2003-02-21 11:42 348160 ----a-w c:\windows\system\msvcr71.dll
2009-04-13 14:55 . 2009-04-13 14:55 -------- d-----w c:\documents and settings\danik\Local Settings\Data aplikací\Identities
2009-04-12 02:39 . 2009-04-12 02:39 -------- d-----w c:\program files\WinPcap
2009-04-12 02:18 . 2009-04-12 02:18 -------- d-----w c:\program files\LanqiEngine
2009-04-12 02:18 . 2009-04-12 02:18 735232 ----a-w c:\windows\system32\AdvOcr.dll
2009-04-11 22:20 . 2009-04-19 13:45 61440 ----a-w c:\windows\system32\tcpd.exe
2009-04-11 22:20 . 2009-04-11 22:20 982016 ----a-w c:\windows\system32\kernel32_check.dll
2009-04-11 22:20 . 2009-04-11 22:20 20480 ----a-w c:\windows\system32\AUTMGR.EXE
2009-04-11 22:19 . 2009-04-19 13:45 10240 ----a-w c:\windows\system32\Packer.dll
2009-04-11 22:19 . 2009-04-11 22:19 172032 ----a-w c:\windows\system32\tcpcon.dll
2009-04-11 22:19 . 2009-04-11 22:19 108336 ----a-w c:\windows\system32\MSWINSCK.OCX
2009-04-11 22:19 . 2009-04-20 21:11 -------- d-----w c:\windows\dhcp
2009-04-11 22:18 . 2009-04-10 13:00 21704 ----a-w c:\windows\system32\kk.exe
2009-04-11 01:02 . 2008-06-20 10:44 138368 ----a-w c:\windows\system32\drivers\afd.sys
2009-04-11 01:02 . 2006-03-02 12:00 144896 ----a-w c:\windows\system32\schannel.dll
2009-04-11 01:02 . 2006-03-02 12:00 2150400 ----a-w c:\windows\system32\ntoskrnl.exe
2009-04-11 01:02 . 2006-03-02 12:00 2017280 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-04-11 01:01 . 2006-03-02 12:00 200064 ----a-w c:\windows\system32\drivers\rmcast.sys
2009-04-11 01:01 . 2006-03-02 12:00 451456 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2009-04-11 01:01 . 2006-03-02 12:00 336256 ----a-w c:\windows\system32\drivers\srv.sys
2009-04-11 01:00 . 2006-03-02 12:00 1835904 ----a-w c:\windows\system32\win32k.sys
2009-04-11 01:00 . 2006-03-02 12:00 359040 ----a-w c:\windows\system32\drivers\tcpip.sys
2009-04-11 01:00 . 2006-03-02 12:00 223616 ----a-w c:\windows\system32\drivers\tcpip6.sys
2009-04-10 22:16 . 2009-04-10 22:16 -------- d-sh--w c:\documents and settings\LocalService.NT AUTHORITY.003
2009-04-10 22:16 . 2009-04-10 22:16 -------- d-----w c:\documents and settings\LocalService.NT AUTHORITY.003\Local Settings\Application Data\Microsoft
2009-04-10 22:11 . 2009-04-10 22:11 -------- d-----w c:\documents and settings\NetworkService.NT AUTHORITY.003\Local Settings\Application Data\Microsoft
2009-04-10 22:11 . 2009-04-10 22:11 -------- d-sh--w c:\documents and settings\NetworkService.NT AUTHORITY.003
2009-04-10 22:06 . 2009-04-10 22:06 -------- d-----w c:\documents and settings\Default User.WINDOWS.0\Local Settings\Application Data\Microsoft
2009-04-10 22:05 . 2009-04-10 22:05 -------- d-sh--w c:\documents and settings\All Users.WINDOWS.0\DRM
2009-04-10 18:04 . 2009-04-10 18:04 -------- d-----w c:\documents and settings\danik\Data aplikací\Ashampoo
2009-04-10 18:04 . 2009-04-20 16:24 -------- d-----w c:\documents and settings\All Users.WINDOWS\Plocha
2009-04-10 18:04 . 2009-04-10 18:04 -------- d-----w c:\documents and settings\danik\Local Settings\Data aplikací\ashampoo
2009-04-10 18:04 . 2009-04-10 18:04 -------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\ashampoo
2009-04-10 18:03 . 2009-04-10 18:03 -------- d-----w c:\program files\Ashampoo
2009-04-10 14:49 . 2009-04-20 21:17 -------- d--h--w c:\documents and settings\Default User.WINDOWS.0
2009-04-10 14:49 . 2009-04-10 22:05 -------- d-----w c:\documents and settings\All Users.WINDOWS.0
2009-04-10 14:42 . 2009-04-20 15:39 -------- d-----w C:\WINDOWS.0
2009-04-10 05:29 . 2009-04-10 05:29 -------- d-----w c:\documents and settings\danik\Local Settings\Data aplikací\Opera
2009-04-10 05:27 . 2009-04-10 05:27 -------- d-----w c:\documents and settings\danik\Data aplikací\InstallShield
2009-04-10 05:24 . 2009-04-10 05:24 12328 ----a-w c:\documents and settings\danik\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2009-04-10 05:24 . 2009-04-10 05:24 -------- d-----w c:\documents and settings\danik\Data aplikací\vlc
2009-04-10 05:23 . 2009-04-13 21:53 -------- d-----w c:\documents and settings\danik\Data aplikací\dvdcss
2009-04-10 05:23 . 2009-04-10 14:38 -------- d-----r c:\documents and settings\All Users.WINDOWS\Dokumenty
2009-04-10 05:22 . 2009-04-10 05:22 940794 ----a-w c:\windows\system32\LoopyMusic.wav
2009-04-10 05:22 . 2009-04-10 05:22 146650 ----a-w c:\windows\system32\BuzzingBee.wav
2009-04-10 05:22 . 2009-04-20 16:24 -------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací
2009-04-10 05:22 . 2009-04-10 05:22 -------- d-----w c:\documents and settings\All Users.WINDOWS\Šablony
2009-04-10 05:21 . 2009-03-31 22:05 -------- d--h--w c:\documents and settings\danik\Okolní tiskárny
2009-04-10 05:21 . 2009-03-31 22:05 -------- d--h--w c:\documents and settings\danik\Okolní síť
2009-04-10 05:21 . 2009-03-31 22:05 -------- d-----r c:\documents and settings\danik\Nabídka Start
2009-04-10 05:21 . 2009-03-31 20:12 -------- d--h--w c:\documents and settings\danik\Šablony
2009-04-10 05:21 . 2009-04-20 21:11 -------- d-----w c:\documents and settings\danik
2009-04-01 21:50 . 2009-04-20 21:23 208826 ----a-w c:\windows\system32\nvapps.xml
2009-04-01 21:50 . 2009-03-27 08:03 453152 ----a-w c:\windows\system32\nvudisp.exe
2009-04-01 21:50 . 2009-03-27 08:03 19054 ----a-w c:\windows\system32\nvdisp.nvu
2009-04-01 21:48 . 2004-08-17 13:49 4096 ----a-w c:\windows\system32\ksuser.dll
2009-04-01 21:47 . 2009-04-01 21:47 335872 ----a-w c:\windows\HideWin.exe
2009-04-01 21:47 . 2007-01-12 14:54 520192 ----a-w c:\windows\RtlExUpd.dll
2009-03-31 22:10 . 2001-08-17 21:59 3072 ----a-w c:\windows\system32\drivers\audstub.sys
2009-03-31 22:09 . 2004-08-17 15:43 58240 ----a-w c:\windows\system32\drivers\redbook.sys
2009-03-31 22:09 . 2004-08-03 22:31 20992 ----a-w c:\windows\system32\drivers\RTL8139.sys
2009-03-31 22:09 . 2004-08-17 15:49 75264 ----a-w c:\windows\system32\usbui.dll
2009-03-31 22:04 . 2009-04-20 21:17 -------- d--h--w c:\documents and settings\Default User.WINDOWS
2009-03-31 22:03 . 2009-03-31 20:19 261 ----a-w c:\windows\system32\$winnt$.inf
2009-03-31 20:21 . 2009-04-19 14:36 -------- d-----w c:\documents and settings\LocalService.NT AUTHORITY.002\Data aplikací
2009-03-31 20:21 . 2009-04-14 16:43 -------- d-----w c:\documents and settings\LocalService.NT AUTHORITY.002\Local Settings\Data aplikací\Microsoft
2009-03-31 20:21 . 2009-03-31 20:21 -------- d-sh--w c:\documents and settings\LocalService.NT AUTHORITY.002
2009-03-31 20:20 . 2009-03-31 20:20 -------- d-----w c:\documents and settings\NetworkService.NT AUTHORITY.002\Local Settings\Data aplikací\Microsoft
2009-03-31 20:20 . 2009-03-31 20:20 -------- d-----w c:\documents and settings\NetworkService.NT AUTHORITY.002\Data aplikací
2009-03-31 20:20 . 2009-03-31 20:20 -------- d-sh--w c:\documents and settings\NetworkService.NT AUTHORITY.002
2009-03-31 20:18 . 2006-03-02 12:00 98304 -c--a-w c:\windows\system32\dllcache\msir3jp.dll
2009-03-31 20:17 . 2006-03-02 12:00 66082 -c--a-w c:\windows\system32\dllcache\c_20290.nls
2009-03-31 20:15 . 2009-03-31 20:15 488 ---ha-r c:\windows\system32\WindowsLogon.manifest
2009-03-31 20:15 . 2009-03-31 20:15 488 ---ha-r c:\windows\system32\logonui.exe.manifest
2009-03-31 20:15 . 2009-03-31 20:15 749 ---ha-r c:\windows\WindowsShell.Manifest
2009-03-31 20:15 . 2009-03-31 20:15 749 ---ha-r c:\windows\system32\wuaucpl.cpl.manifest
2009-03-31 20:15 . 2009-03-31 20:15 749 ---ha-r c:\windows\system32\sapi.cpl.manifest
2009-03-31 20:15 . 2009-03-31 20:15 749 ---ha-r c:\windows\system32\nwc.cpl.manifest
2009-03-31 20:15 . 2009-03-31 20:15 749 ---ha-r c:\windows\system32\ncpa.cpl.manifest
2009-03-31 20:15 . 2009-03-31 20:15 749 ---ha-r c:\windows\system32\cdplayer.exe.manifest
2009-03-31 20:15 . 2006-03-02 12:00 4399505 -c--a-w c:\windows\system32\dllcache\nls302en.lex
2009-03-31 20:13 . 2009-03-31 20:13 37 ----a-w c:\windows\vbaddin.ini
2009-03-31 20:13 . 2009-03-31 20:13 36 ----a-w c:\windows\vb.ini
2009-03-31 16:17 . 2009-03-31 16:17 -------- d-----w c:\program files\Alwil Software
2009-03-31 13:58 . 2009-03-31 16:10 -------- d-----w c:\documents and settings\LocalService.NT AUTHORITY.001\Local Settings\Data aplikací\Microsoft
2009-03-31 13:58 . 2009-03-31 13:58 -------- d-sh--w c:\documents and settings\LocalService.NT AUTHORITY.001
2009-03-31 13:58 . 2009-03-31 13:58 -------- d-----w c:\documents and settings\LocalService.NT AUTHORITY.001\Data aplikací
2009-03-31 13:38 . 2009-03-31 13:38 -------- d-----w c:\documents and settings\NetworkService.NT AUTHORITY.001\Local Settings\Data aplikací\Microsoft
2009-03-31 13:38 . 2009-03-31 13:38 -------- d-----w c:\documents and settings\NetworkService.NT AUTHORITY.001\Data aplikací
2009-03-31 13:38 . 2009-03-31 13:38 -------- d-sh--w c:\documents and settings\NetworkService.NT AUTHORITY.001
2009-03-30 20:08 . 2009-04-20 21:11 -------- d-----w c:\windows\system32\3361
2009-03-30 02:18 . 2009-03-30 20:07 -------- d-----w c:\program files\P2Pcontrol
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-20 15:39 . 2007-04-26 12:45 -------- d-----w c:\program files\Avanquest update
2009-04-19 13:46 . 2006-03-02 12:00 213376 ----a-w c:\windows\system32\drivers\ndis.sys
2009-04-17 12:28 . 2009-04-17 12:28 262 ----a-w C:\gadhq2g.log
2009-04-15 18:44 . 2009-01-31 21:24 -------- d-----w c:\program files\AGEIA Technologies
2009-04-10 22:19 . 2009-04-01 21:48 -------- d-----w c:\program files\Realtek
2009-04-10 05:27 . 2009-01-30 17:49 -------- d-----w c:\program files\ZyXEL
2009-04-01 21:49 . 2006-03-02 12:00 46196 ----a-w c:\windows\system32\perfc005.dat
2009-04-01 21:49 . 2006-03-02 12:00 309990 ----a-w c:\windows\system32\perfh005.dat
2009-03-31 21:49 . 2009-03-31 20:16 76487 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-31 20:14 . 2009-03-31 20:14 21812 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-31 16:06 . 2007-03-27 10:22 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-29 20:20 . 2007-03-10 23:43 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-29 19:28 . 2009-03-08 01:49 -------- d-----w c:\program files\Rockstar Games2
2009-03-27 20:46 . 2009-02-01 02:40 -------- d-----w c:\program files\Java
2009-03-27 06:14 . 2009-04-01 21:49 453152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-03-16 12:18 . 2009-04-15 17:54 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-03-16 12:18 . 2009-04-15 17:54 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-03-16 12:18 . 2009-04-15 17:54 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-03-16 12:18 . 2009-04-15 17:54 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-03-15 04:08 . 2009-03-15 04:08 -------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-03-12 16:28 . 2009-03-12 16:27 -------- d-----w c:\program files\Common Files\Teleca Shared
2009-03-12 16:27 . 2009-03-12 16:27 -------- d-----w c:\program files\Common Files\Sony Ericsson Shared
2009-03-09 13:27 . 2009-04-15 17:54 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-03-09 13:27 . 2009-04-15 17:54 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-03-09 13:27 . 2009-04-15 17:54 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-03-03 22:47 . 2007-03-12 22:06 -------- d-----w c:\program files\Opera
2009-03-03 15:39 . 2009-02-21 15:53 2908 ----a-w C:\aaw7boot.log
2009-03-01 00:10 . 2009-03-01 00:09 -------- d-----w c:\documents and settings\Danielius\Data aplikací\fretsonfire
2009-02-28 01:46 . 2009-02-28 01:46 -------- d-----w c:\documents and settings\Danielius\Data aplikací\InstallShield Installation Information
2009-02-28 01:24 . 2009-02-28 01:18 -------- d-----w c:\documents and settings\Danielius\Data aplikací\DAEMON Tools Lite
2009-02-28 01:24 . 2009-02-28 01:24 -------- d-----w c:\documents and settings\Danielius\Data aplikací\DAEMON Tools Pro
2009-02-28 01:24 . 2009-02-28 01:24 -------- d-----w c:\documents and settings\Danielius\Data aplikací\DAEMON Tools
2009-02-28 00:45 . 2009-02-28 00:45 1371185 ----a-w C:\wrar380cz.exe
2009-02-23 23:27 . 2009-02-11 14:22 -------- d-----w c:\documents and settings\Danielius\Data aplikací\dvdcss
2009-02-21 03:37 . 2009-02-20 18:47 62912 ----a-w c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Data aplikací\FontCache3.0.0.0.dat
2009-02-20 18:55 . 2009-01-31 23:26 13504 ----a-w c:\documents and settings\Danielius\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2009-02-20 18:47 . 2009-02-20 18:47 -------- d-----w c:\program files\MSBuild
2009-02-20 18:44 . 2009-02-20 18:44 -------- d-----w c:\program files\Reference Assemblies
2009-02-09 07:42 . 2009-02-09 07:42 2919117 ----a-r C:\ComboFix.exe
2009-02-01 10:33 . 2006-03-02 12:00 250576 --sha-r C:\ntldr
.
------- Sigcheck -------
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\ab04a73630759d84a46114bfca20f64c\ndis.sys
[-] 2009-04-19 13:46 213376 FF85EBD2AD3679254CF251136C62D764 c:\windows\system32\dllcache\ndis.sys
[-] 2009-04-19 13:46 213376 0DF6D5181722BB65C6DE60C96884F60B c:\windows\system32\drivers\ndis.sys
[-] 2006-03-02 12:00 1051648 4D81BDC1590403D7F415DA4A37444A09 c:\windows\explorer.exe
[-] 2006-03-02 12:00 1051648 7B998E8DD902190D771530CEB5BCBBFD c:\windows\system32\dllcache\explorer.exe
[-] 2006-03-02 12:00 34304 45C54D8B7EF97F4934F8131294BF74E5 c:\windows\system32\ctfmon.exe
[-] 2006-03-02 12:00 34304 3801A980125DB083553ECE7147D51CDB c:\windows\system32\dllcache\ctfmon.exe
[-] 2008-04-14 03:22 76800 4AE52A3ED124B3CE95BC863600939B14 c:\windows\SoftwareDistribution\Download\ab04a73630759d84a46114bfca20f64c\spoolsv.exe
[-] 2006-03-02 12:00 76800 0FEC2AE8AD649040C2E696A87CEE035A c:\windows\system32\spoolsv.exe
[-] 2006-03-02 12:00 76800 3AD39738C38644AFE68CC270A475F04F c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 03:22 45056 D1191070416223C85701AAC081771F8D c:\windows\SoftwareDistribution\Download\ab04a73630759d84a46114bfca20f64c\userinit.exe
[-] 2006-03-02 12:00 43520 B82298DA6C1E94200A917CA014099191 c:\windows\system32\userinit.exe
[-] 2006-03-02 12:00 43520 49EC6FB67B677F58D3E5D837878599B5 c:\windows\system32\dllcache\userinit.exe
[-] 2009-04-15 10:13 982016 601AECF6B4CBC99B1F30EA3355E7EFB2 c:\windows\system32\kernel32.dll
[7] 2006-03-02 12:00 982016 98DA079F61265BC26D4587E280B79F30 c:\windows\system32\dllcache\kernel32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZyXEL G-202.exe"="c:\program files\ZyXEL\ZyXEL G-202 Wireless Adapter Utility\ZyXEL G-202.exe" [2007-04-04 10911744]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 34304]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\ZyXEL\\ZyXEL G-202 Wireless Adapter Utility\\ZyXEL G-202.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
R1 ghi5c6c;ghi5c6c; [x]
R1 qrt63e2;qrt63e2; [x]
R1 rta0e43;rta0e43; [x]
R3 restore;restore; [x]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064]
S3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2006-03-02 69120]
S3 ZDCNDIS5;ZDCNDIS5 NDIS Protocol Driver;c:\windows\system32\ZDCNDIS5.SYS [2007-04-03 19072]
S3 ZY202_XP;ZyXEL 802.11g XG202 1211 Driver;c:\windows\system32\DRIVERS\WlanUZXP.sys [2007-04-03 437760]
.
.
------- Doplňkový sken -------
.
uStart Page =
hxxp://www.centrum.cz/skinit/icq/uInternet Connection Wizard,ShellNext =
hxxp://www.hotmail.com/.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-04-20 23:30
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenFile
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\tcpcon.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\temp\BNC.tmp
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Celkový čas: 2009-04-20 23:33 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-04-20 21:33
Před spuštěním: Volných bajtů: 10 152 538 112
Po spuštění: Volných bajtů: 12 911 058 944
298 --- E O F --- 2009-04-20 13:27