Ten istý problém mám aj ja a neviem to ani za boha odstrániť,už uvažujem o preinštalovaní xp. Mám aj comboFix ale nevie mi ho zmazat.Ak môžte poradte ako na to....Dík za odpoved
ComboFix 08-03-14.4 - Ramon 2008-03-16 17:34:33.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1547 [GMT 1:00]
Running from: C:\Documents and Settings\Ramon\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ramon\Plocha\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\system32\drivers\core.cache.dsk
.
The following files were disabled during the run:
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\temp\tn3
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete
.
((((((((((((((((((((((((( Files Created from 2008-02-16 to 2008-03-16 )))))))))))))))))))))))))))))))
.
2008-03-16 17:37 . 2008-03-16 17:37 <DIR> d-------- C:\Temp\tn3
2008-03-16 17:36 . 2008-03-16 17:36 932 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
2008-03-16 16:42 . 2008-03-16 16:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-16 16:41 . 2008-03-16 16:41 <DIR> d-------- C:\Rustbfix
2008-03-12 20:37 . 2008-03-12 20:37 <DIR> d-------- C:\Program Files\Conduit
2008-03-12 20:37 . 2008-03-12 20:37 <DIR> d-------- C:\Program Files\BTjunkie
2008-03-02 17:57 . 2006-05-18 13:14 18,359 --a------ C:\WINDOWS\system32\Ntaccess.sys
2008-03-02 17:57 . 2004-07-23 16:09 13,368 --a------ C:\WINDOWS\system32\FlashVxd.vxd
2008-03-02 17:57 . 2007-12-14 09:21 9,216 --a------ C:\WINDOWS\system32\drivers\FlashSys.sys
2008-02-26 19:25 . 2008-02-26 19:27 10,856 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-02-26 19:19 . 2008-02-26 19:27 56 -r-hs---- C:\WINDOWS\system32\FFA978AFA4.sys
2008-02-26 18:57 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2008-02-26 18:56 . 2008-02-26 18:56 <DIR> d-------- C:\Documents and Settings\Ramon\.drdivx2
2008-02-23 08:20 . 2008-02-23 08:20 <DIR> d-------- C:\Program Files\iPod
2008-02-23 08:19 . 2008-02-23 08:19 <DIR> d-------- C:\Program Files\QuickTime
2008-02-20 10:44 . 2008-02-28 14:35 4,484 --a------ C:\WINDOWS\wdict32.INI
2008-02-16 20:22 . 2004-08-18 00:49 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-02-16 20:22 . 2001-10-24 12:25 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-02-16 17:28 . 2008-02-16 17:28 64,851 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-02-16 17:27 . 2008-02-16 17:27 5,760,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-02-16 17:24 . 2008-02-16 17:24 <DIR> d-------- C:\WINDOWS\BricoPacks
2008-02-16 17:24 . 2008-02-16 17:28 6,114 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 16:37 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2008-03-05 20:51 --------- d-----w C:\Program Files\Google
2008-03-05 20:36 --------- d-----w C:\Program Files\Realtek AC97
2008-03-02 16:57 --------- d-----w C:\Program Files\MSI
2008-03-02 16:54 --------- d-----w C:\Program Files\Setup Files
2008-03-01 21:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-01 21:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-01 21:07 --------- d-----w C:\Program Files\Marias
2008-02-26 13:48 --------- d-----w C:\Program Files\Easy CD & DVD Cover Creator
2008-02-14 21:11 691,545 ----a-w C:\WINDOWS\unins001.exe
2008-02-08 21:25 --------- d-----w C:\Program Files\Eset
2008-02-08 21:12 --------- d-----w C:\Program Files\Dream Aquarium
2008-02-02 21:07 669,002 ----a-w C:\WINDOWS\unins000.exe
2008-01-24 05:06 --------- d-----w C:\Program Files\Apple Software Update
2008-01-21 16:50 --------- d-----w C:\Program Files\Sony Ericsson
2008-01-21 16:50 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-01-21 16:49 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
2008-01-21 13:01 --------- d-----w C:\Program Files\CyberLink
2008-01-16 21:44 --------- d-----w C:\Program Files\Windows Defender
2007-06-13 13:23 770,048 --sh--r C:\WINDOWS\system32\alyzhr.exe
.
------- Sigcheck -------
2007-04-25 09:33 823808 54788092197f979ed036cc5a30f167a5 C:\WINDOWS\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
2007-06-27 15:14 824320 a374cf2ee24ea633d6243ed4460d6ac1 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
2007-10-11 00:41 825344 3c48d8efa3ffa68f7aeaaaffab6b9cb3 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-07 02:59 825344 32cc73f851f377b035a5b8216cac63ce C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2006-06-23 12:27 578048 4ab31c93495009d5a00aa38f4231f8ea C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2003-04-16 13:00 600064 d1a616d5337e344a0dd6c6df7733a6c3 C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\wininet.dll
2004-08-17 23:49 657408 50d263e3454e8357d13bb598129185ad C:\WINDOWS\ie7\wininet.dll
2006-11-07 20:03 818688 92995334f993e6e49c25c6d02ec04401 C:\WINDOWS\ie7updates\KB933566-IE7\wininet.dll
2007-04-25 08:43 822784 72423fa15617a2d6c4a6cee1e978f380 C:\WINDOWS\ie7updates\KB937143-IE7\wininet.dll
2007-06-27 15:10 823808 ad8142c3a9383f48545b7dbc1280cf28 C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-10-11 00:50 824832 c543cc3d7a05fb0d23107c89115811a0 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-07 03:14 815616 662eb164b33084e76c8a095825698880 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2007-12-07 03:14 815616 662eb164b33084e76c8a095825698880 C:\WINDOWS\system32\wininet.dll
2007-12-07 03:14 824832 e9b04b01d5a1ecc47b2e4364d171cf23 C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-13 14:23 975872 70192aa0fb59996148038b671eb5ade1 C:\WINDOWS\explorer.exe
2007-06-13 14:11 1033728 9b32416bd5988c97b6397ce0b02caf97 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2003-04-16 13:00 1004544 11d80755545cfb5eb9659ee88440eae2 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-17 23:49 1032704 53114d57ab73a406ac7f602227781a99 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 14:23 975872 70192aa0fb59996148038b671eb5ade1 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2007-06-13 14:23 1033728 ed7b460b142a32097b8a8f6ecc941815 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1a71246c-3eb0-4d6c-af77-3ab756017c3a}]
2008-03-12 15:39 1470488 --a------ C:\Program Files\BTjunkie\tbBTju.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1A71246C-3EB0-4D6C-AF77-3AB756017C3A}"= "C:\Program Files\BTjunkie\tbBTju.dll" [2008-03-12 15:39 1470488]
[HKEY_CLASSES_ROOT\clsid\{1a71246c-3eb0-4d6c-af77-3ab756017c3a}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{1A71246C-3EB0-4D6C-AF77-3AB756017C3A}"= C:\Program Files\BTjunkie\tbBTju.dll [2008-03-12 15:39 1470488]
[HKEY_CLASSES_ROOT\clsid\{1a71246c-3eb0-4d6c-af77-3ab756017c3a}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 23:49 15360]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-13 17:24 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 15:14 147456]
"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29 165784]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" [2005-09-21 21:34 294912]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 23:05 630784]
"UberIcon"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" [2006-05-21 08:43 180224]
"Microsoft Update Machine"="alyzhr.exe" [2007-06-13 14:23 770048 C:\WINDOWS\system32\alyzhr.exe]
"VistaStartMenu"="D:\Program Files\Transform XP to Vista\Vista Start Menu\VistaStartMenu.exe" [ ]
"YahooWidgetEngine.exe"="D:\Program Files\Transform XP to Vista\Yahoo! Widgets\Widgets\YahooWidgetEngine.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008]
"nwiz"="nwiz.exe" [2007-09-17 01:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40 155648]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07 81920]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"RemoteControl"="D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
"ACROMOUSE"="C:\Program Files\Tech\Office Program Selector\2.0\ACROMAPP.exe" [2005-04-29 03:31 554496]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [2007-01-17 17:01 496640]
"Microsoft Update Machine"="alyzhr.exe" [2007-06-13 14:23 770048 C:\WINDOWS\system32\alyzhr.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft Update Machine"="alyzhr.exe" [2007-06-13 14:23 770048 C:\WINDOWS\system32\alyzhr.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 23:49 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^Ramon^Nabídka Start^Programy^Po spuštění^Yahoo! Widget Engine.lnk]
backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2005-05-19 14:47 57344 D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 D:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
M:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
"StarWindService"=2 (0x2)
"RasAuto"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Creative WebCam Tray"=C:\Program Files\Creative\Shared Files\CamTray.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" silent
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinSys2"=C:\WINDOWS\system32\winsys2.exe
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
"Sony Ericsson PC Suite"="D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.4\\cnc3game.dat"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\Program Files\\Call of Duty\\CoDMP.exe"=
"D:\\Program Files\\Call of Duty\\CoDUOMP.exe"=
"D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=
"D:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 redbookk;redbookk;C:\WINDOWS\system32\drivers\redbookk.sys [2008-01-11 23:53]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 07:04]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08]
R3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-03 23:45]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 12:43]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 12:43]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 12:43]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-04-04 12:43]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-04-04 12:43]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 12:43]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 12:43]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 07:08]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58]
*Newly Created Service* - WEBNTACCESS
.
Contents of the 'Scheduled Tasks' folder
"2008-03-14 16:19:36 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-03-14 22:46:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-16 16:40:20 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-16 17:37:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2008-03-16 17:40:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-16 16:40:27
ComboFix2.txt 2008-03-16 16:27:02
ComboFix3.txt 2008-03-16 16:08:10
.
2008-03-13 19:52:45 --- E O F ---
Smitfraud.C.CoreService je tu zas
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: Smitfraud.C.CoreService je tu zas
Vítej na fóru
Nikdy nepoužívej skript pro ComboFix, který byl určený pro jiné PC!!!
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Vlož sem log, který
vyběhne v závěru čistícího procesu
+
Dej sem log z HijackThis
Nikdy nepoužívej skript pro ComboFix, který byl určený pro jiné PC!!!
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:
Kód: Vybrat vše
Driver::
redbookk
File::
C:\WINDOWS\system32\drivers\redbookk.sys
C:\WINDOWS\system32\alyzhr.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
Folder::
C:\Temp\tn3
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Update Machine"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Update Machine"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft Update Machine"=-Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Vlož sem log, který
vyběhne v závěru čistícího procesu
+
Dej sem log z HijackThis
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Re: Smitfraud.C.CoreService je tu zas
Díki a hneď to idem vyskúšať... 
Re: Smitfraud.C.CoreService je tu zas
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:10:45, on 16.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Tech\Office Program Selector\2.0\ACROMAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1529850
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: BTjunkie Toolbar - {1a71246c-3eb0-4d6c-af77-3ab756017c3a} - C:\Program Files\BTjunkie\tbBTju.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BTjunkie Toolbar - {1a71246c-3eb0-4d6c-af77-3ab756017c3a} - C:\Program Files\BTjunkie\tbBTju.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - M:\PROGRA~1\PCTRAN~1\PCTRAN~1\webie.dll (file missing)
O3 - Toolbar: BTjunkie Toolbar - {1a71246c-3eb0-4d6c-af77-3ab756017c3a} - C:\Program Files\BTjunkie\tbBTju.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ACROMOUSE] C:\Program Files\Tech\Office Program Selector\2.0\ACROMAPP.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] alyzhr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1051
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [UberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [VistaStartMenu] "D:\Program Files\Transform XP to Vista\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [YahooWidgetEngine.exe] "D:\Program Files\Transform XP to Vista\Yahoo! Widgets\Widgets\YahooWidgetEngine.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - M:\PROGRA~1\PCTRAN~1\PCTRAN~1\webie.dll (file missing)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - M:\PROGRA~1\PCTRAN~1\PCTRAN~1\webie.dll (file missing)
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - M:\PROGRA~1\PCTRAN~1\PCTRAN~1\webie.dll (file missing)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - M:\PROGRA~1\PCTRAN~1\PCTRAN~1\webie.dll (file missing)
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - M:\PROGRA~1\PCTRAN~1\PCTRAN~1\webie.dll (file missing)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - M:\PROGRA~1\PCTRAN~1\PCTRAN~1\webie.dll (file missing)
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - M:\PROGRA~1\PCTRAN~1\PCTRAN~1\webie.dll (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5527352703
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9702153187
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
--
End of file - 11515 bytes
Scan saved at 19:10:45, on 16.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Tech\Office Program Selector\2.0\ACROMAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1529850
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: BTjunkie Toolbar - {1a71246c-3eb0-4d6c-af77-3ab756017c3a} - C:\Program Files\BTjunkie\tbBTju.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BTjunkie Toolbar - {1a71246c-3eb0-4d6c-af77-3ab756017c3a} - C:\Program Files\BTjunkie\tbBTju.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - M:\PROGRA~1\PCTRAN~1\PCTRAN~1\webie.dll (file missing)
O3 - Toolbar: BTjunkie Toolbar - {1a71246c-3eb0-4d6c-af77-3ab756017c3a} - C:\Program Files\BTjunkie\tbBTju.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ACROMOUSE] C:\Program Files\Tech\Office Program Selector\2.0\ACROMAPP.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] alyzhr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1051
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [UberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [VistaStartMenu] "D:\Program Files\Transform XP to Vista\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [YahooWidgetEngine.exe] "D:\Program Files\Transform XP to Vista\Yahoo! Widgets\Widgets\YahooWidgetEngine.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - M:\PROGRA~1\PCTRAN~1\PCTRAN~1\webie.dll (file missing)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - M:\PROGRA~1\PCTRAN~1\PCTRAN~1\webie.dll (file missing)
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - M:\PROGRA~1\PCTRAN~1\PCTRAN~1\webie.dll (file missing)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - M:\PROGRA~1\PCTRAN~1\PCTRAN~1\webie.dll (file missing)
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - M:\PROGRA~1\PCTRAN~1\PCTRAN~1\webie.dll (file missing)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - M:\PROGRA~1\PCTRAN~1\PCTRAN~1\webie.dll (file missing)
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - M:\PROGRA~1\PCTRAN~1\PCTRAN~1\webie.dll (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5527352703
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9702153187
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
--
End of file - 11515 bytes
Re: Smitfraud.C.CoreService je tu zas
Vypadáto zatial v pohode,zatial sa mi ten prtús pri spustení IE alebo mozily neobjavil...
Re: Smitfraud.C.CoreService je tu zas
super asi je preč,lebo už dlhší čas behám po internete a ani raz sa nezobrazil.Ďakujem za pomoc a prejem všetko dobré redakcii
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: Smitfraud.C.CoreService je tu zas
Ten log z ComboFix po použití skriptu by nebyl?
Ještě nespěchej budeme upravovat některé věci. Teď tu chvíli nebudu ale po 20 hod. ti pak dopíši pokračování.
Ještě nespěchej budeme upravovat některé věci. Teď tu chvíli nebudu ale po 20 hod. ti pak dopíši pokračování.
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Re: Smitfraud.C.CoreService je tu zas
ComboFix 08-03-14.4 - Ramon 2008-03-16 19:00:04.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1472 [GMT 1:00]
Running from: C:\Documents and Settings\Ramon\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ramon\Plocha\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\system32\alyzhr.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\redbookk.sys
.
The following files were disabled during the run:
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\temp\tn3
C:\WINDOWS\system32\alyzhr.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\redbookk.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_REDBOOKK
-------\redbookk
((((((((((((((((((((((((( Files Created from 2008-02-16 to 2008-03-16 )))))))))))))))))))))))))))))))
.
2008-03-16 18:04 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-03-16 18:03 . 2008-03-16 18:13 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-03-16 16:42 . 2008-03-16 16:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-16 16:41 . 2008-03-16 16:41 <DIR> d-------- C:\Rustbfix
2008-03-12 20:37 . 2008-03-12 20:37 <DIR> d-------- C:\Program Files\Conduit
2008-03-12 20:37 . 2008-03-12 20:37 <DIR> d-------- C:\Program Files\BTjunkie
2008-03-02 17:57 . 2006-05-18 13:14 18,359 --a------ C:\WINDOWS\system32\Ntaccess.sys
2008-03-02 17:57 . 2004-07-23 16:09 13,368 --a------ C:\WINDOWS\system32\FlashVxd.vxd
2008-03-02 17:57 . 2007-12-14 09:21 9,216 --a------ C:\WINDOWS\system32\drivers\FlashSys.sys
2008-02-26 19:25 . 2008-02-26 19:27 10,856 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-02-26 19:19 . 2008-02-26 19:27 56 -r-hs---- C:\WINDOWS\system32\FFA978AFA4.sys
2008-02-26 18:57 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2008-02-26 18:56 . 2008-02-26 18:56 <DIR> d-------- C:\Documents and Settings\Ramon\.drdivx2
2008-02-23 08:20 . 2008-02-23 08:20 <DIR> d-------- C:\Program Files\iPod
2008-02-23 08:19 . 2008-02-23 08:19 <DIR> d-------- C:\Program Files\QuickTime
2008-02-20 10:44 . 2008-02-28 14:35 4,484 --a------ C:\WINDOWS\wdict32.INI
2008-02-16 20:22 . 2004-08-18 00:49 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-02-16 20:22 . 2001-10-24 12:25 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-02-16 17:28 . 2008-02-16 17:28 64,851 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-02-16 17:27 . 2008-02-16 17:27 5,760,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-02-16 17:24 . 2008-02-16 17:24 <DIR> d-------- C:\WINDOWS\BricoPacks
2008-02-16 17:24 . 2008-02-16 17:28 6,114 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 18:04 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2008-03-05 20:51 --------- d-----w C:\Program Files\Google
2008-03-05 20:36 --------- d-----w C:\Program Files\Realtek AC97
2008-03-02 16:57 --------- d-----w C:\Program Files\MSI
2008-03-02 16:54 --------- d-----w C:\Program Files\Setup Files
2008-03-01 21:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-01 21:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-01 21:07 --------- d-----w C:\Program Files\Marias
2008-02-26 13:48 --------- d-----w C:\Program Files\Easy CD & DVD Cover Creator
2008-02-14 21:11 691,545 ----a-w C:\WINDOWS\unins001.exe
2008-02-08 21:25 --------- d-----w C:\Program Files\Eset
2008-02-08 21:12 --------- d-----w C:\Program Files\Dream Aquarium
2008-02-02 21:07 669,002 ----a-w C:\WINDOWS\unins000.exe
2008-01-24 05:06 --------- d-----w C:\Program Files\Apple Software Update
2008-01-21 16:50 --------- d-----w C:\Program Files\Sony Ericsson
2008-01-21 16:50 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-01-21 16:49 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
2008-01-21 13:01 --------- d-----w C:\Program Files\CyberLink
2008-01-16 21:44 --------- d-----w C:\Program Files\Windows Defender
.
------- Sigcheck -------
2007-04-25 09:33 823808 54788092197f979ed036cc5a30f167a5 C:\WINDOWS\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
2007-06-27 15:14 824320 a374cf2ee24ea633d6243ed4460d6ac1 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
2007-10-11 00:41 825344 3c48d8efa3ffa68f7aeaaaffab6b9cb3 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-07 02:59 825344 32cc73f851f377b035a5b8216cac63ce C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2006-06-23 12:27 578048 4ab31c93495009d5a00aa38f4231f8ea C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2003-04-16 13:00 600064 d1a616d5337e344a0dd6c6df7733a6c3 C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\wininet.dll
2004-08-17 23:49 657408 50d263e3454e8357d13bb598129185ad C:\WINDOWS\ie7\wininet.dll
2006-11-07 20:03 818688 92995334f993e6e49c25c6d02ec04401 C:\WINDOWS\ie7updates\KB933566-IE7\wininet.dll
2007-04-25 08:43 822784 72423fa15617a2d6c4a6cee1e978f380 C:\WINDOWS\ie7updates\KB937143-IE7\wininet.dll
2007-06-27 15:10 823808 ad8142c3a9383f48545b7dbc1280cf28 C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-10-11 00:50 824832 c543cc3d7a05fb0d23107c89115811a0 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-07 03:14 815616 662eb164b33084e76c8a095825698880 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2007-12-07 03:14 815616 662eb164b33084e76c8a095825698880 C:\WINDOWS\system32\wininet.dll
2007-12-07 03:14 824832 e9b04b01d5a1ecc47b2e4364d171cf23 C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-13 14:23 975872 70192aa0fb59996148038b671eb5ade1 C:\WINDOWS\explorer.exe
2007-06-13 14:11 1033728 9b32416bd5988c97b6397ce0b02caf97 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2003-04-16 13:00 1004544 11d80755545cfb5eb9659ee88440eae2 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-17 23:49 1032704 53114d57ab73a406ac7f602227781a99 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 14:23 975872 70192aa0fb59996148038b671eb5ade1 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2007-06-13 14:23 1033728 ed7b460b142a32097b8a8f6ecc941815 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-03-16_17.07.52.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1a71246c-3eb0-4d6c-af77-3ab756017c3a}]
2008-03-12 15:39 1470488 --a------ C:\Program Files\BTjunkie\tbBTju.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1A71246C-3EB0-4D6C-AF77-3AB756017C3A}"= "C:\Program Files\BTjunkie\tbBTju.dll" [2008-03-12 15:39 1470488]
[HKEY_CLASSES_ROOT\clsid\{1a71246c-3eb0-4d6c-af77-3ab756017c3a}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{1A71246C-3EB0-4D6C-AF77-3AB756017C3A}"= C:\Program Files\BTjunkie\tbBTju.dll [2008-03-12 15:39 1470488]
[HKEY_CLASSES_ROOT\clsid\{1a71246c-3eb0-4d6c-af77-3ab756017c3a}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 23:49 15360]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-13 17:24 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 15:14 147456]
"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29 165784]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" [2005-09-21 21:34 294912]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 23:05 630784]
"UberIcon"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" [2006-05-21 08:43 180224]
"VistaStartMenu"="D:\Program Files\Transform XP to Vista\Vista Start Menu\VistaStartMenu.exe" [ ]
"YahooWidgetEngine.exe"="D:\Program Files\Transform XP to Vista\Yahoo! Widgets\Widgets\YahooWidgetEngine.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008]
"nwiz"="nwiz.exe" [2007-09-17 01:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40 155648]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07 81920]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"RemoteControl"="D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
"ACROMOUSE"="C:\Program Files\Tech\Office Program Selector\2.0\ACROMAPP.exe" [2005-04-29 03:31 554496]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [2007-01-17 17:01 496640]
"Microsoft Update Machine"="alyzhr.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 23:49 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^Ramon^Nabídka Start^Programy^Po spuštění^Yahoo! Widget Engine.lnk]
backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2005-05-19 14:47 57344 D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 D:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
M:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
"StarWindService"=2 (0x2)
"RasAuto"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Creative WebCam Tray"=C:\Program Files\Creative\Shared Files\CamTray.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" silent
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinSys2"=C:\WINDOWS\system32\winsys2.exe
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
"Sony Ericsson PC Suite"="D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.4\\cnc3game.dat"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\Program Files\\Call of Duty\\CoDMP.exe"=
"D:\\Program Files\\Call of Duty\\CoDUOMP.exe"=
"D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=
"D:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 07:04]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08]
R3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-03 23:45]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 12:43]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 12:43]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 12:43]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-04-04 12:43]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-04-04 12:43]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 12:43]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 12:43]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 07:08]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58]
.
Contents of the 'Scheduled Tasks' folder
"2008-03-14 16:19:36 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-03-14 22:46:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-16 18:06:57 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-16 19:04:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2008-03-16 19:07:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-16 18:07:05
ComboFix2.txt 2008-03-16 16:40:32
ComboFix3.txt 2008-03-16 16:27:02
ComboFix4.txt 2008-03-16 16:08:10
.
2008-03-13 19:52:45 --- E O F ---
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1472 [GMT 1:00]
Running from: C:\Documents and Settings\Ramon\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ramon\Plocha\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\system32\alyzhr.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\redbookk.sys
.
The following files were disabled during the run:
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\temp\tn3
C:\WINDOWS\system32\alyzhr.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\redbookk.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_REDBOOKK
-------\redbookk
((((((((((((((((((((((((( Files Created from 2008-02-16 to 2008-03-16 )))))))))))))))))))))))))))))))
.
2008-03-16 18:04 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-03-16 18:03 . 2008-03-16 18:13 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-03-16 16:42 . 2008-03-16 16:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-16 16:41 . 2008-03-16 16:41 <DIR> d-------- C:\Rustbfix
2008-03-12 20:37 . 2008-03-12 20:37 <DIR> d-------- C:\Program Files\Conduit
2008-03-12 20:37 . 2008-03-12 20:37 <DIR> d-------- C:\Program Files\BTjunkie
2008-03-02 17:57 . 2006-05-18 13:14 18,359 --a------ C:\WINDOWS\system32\Ntaccess.sys
2008-03-02 17:57 . 2004-07-23 16:09 13,368 --a------ C:\WINDOWS\system32\FlashVxd.vxd
2008-03-02 17:57 . 2007-12-14 09:21 9,216 --a------ C:\WINDOWS\system32\drivers\FlashSys.sys
2008-02-26 19:25 . 2008-02-26 19:27 10,856 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-02-26 19:19 . 2008-02-26 19:27 56 -r-hs---- C:\WINDOWS\system32\FFA978AFA4.sys
2008-02-26 18:57 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2008-02-26 18:56 . 2008-02-26 18:56 <DIR> d-------- C:\Documents and Settings\Ramon\.drdivx2
2008-02-23 08:20 . 2008-02-23 08:20 <DIR> d-------- C:\Program Files\iPod
2008-02-23 08:19 . 2008-02-23 08:19 <DIR> d-------- C:\Program Files\QuickTime
2008-02-20 10:44 . 2008-02-28 14:35 4,484 --a------ C:\WINDOWS\wdict32.INI
2008-02-16 20:22 . 2004-08-18 00:49 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-02-16 20:22 . 2001-10-24 12:25 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-02-16 17:28 . 2008-02-16 17:28 64,851 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-02-16 17:27 . 2008-02-16 17:27 5,760,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-02-16 17:24 . 2008-02-16 17:24 <DIR> d-------- C:\WINDOWS\BricoPacks
2008-02-16 17:24 . 2008-02-16 17:28 6,114 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 18:04 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2008-03-05 20:51 --------- d-----w C:\Program Files\Google
2008-03-05 20:36 --------- d-----w C:\Program Files\Realtek AC97
2008-03-02 16:57 --------- d-----w C:\Program Files\MSI
2008-03-02 16:54 --------- d-----w C:\Program Files\Setup Files
2008-03-01 21:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-01 21:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-01 21:07 --------- d-----w C:\Program Files\Marias
2008-02-26 13:48 --------- d-----w C:\Program Files\Easy CD & DVD Cover Creator
2008-02-14 21:11 691,545 ----a-w C:\WINDOWS\unins001.exe
2008-02-08 21:25 --------- d-----w C:\Program Files\Eset
2008-02-08 21:12 --------- d-----w C:\Program Files\Dream Aquarium
2008-02-02 21:07 669,002 ----a-w C:\WINDOWS\unins000.exe
2008-01-24 05:06 --------- d-----w C:\Program Files\Apple Software Update
2008-01-21 16:50 --------- d-----w C:\Program Files\Sony Ericsson
2008-01-21 16:50 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-01-21 16:49 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
2008-01-21 13:01 --------- d-----w C:\Program Files\CyberLink
2008-01-16 21:44 --------- d-----w C:\Program Files\Windows Defender
.
------- Sigcheck -------
2007-04-25 09:33 823808 54788092197f979ed036cc5a30f167a5 C:\WINDOWS\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
2007-06-27 15:14 824320 a374cf2ee24ea633d6243ed4460d6ac1 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
2007-10-11 00:41 825344 3c48d8efa3ffa68f7aeaaaffab6b9cb3 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-07 02:59 825344 32cc73f851f377b035a5b8216cac63ce C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2006-06-23 12:27 578048 4ab31c93495009d5a00aa38f4231f8ea C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2003-04-16 13:00 600064 d1a616d5337e344a0dd6c6df7733a6c3 C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\wininet.dll
2004-08-17 23:49 657408 50d263e3454e8357d13bb598129185ad C:\WINDOWS\ie7\wininet.dll
2006-11-07 20:03 818688 92995334f993e6e49c25c6d02ec04401 C:\WINDOWS\ie7updates\KB933566-IE7\wininet.dll
2007-04-25 08:43 822784 72423fa15617a2d6c4a6cee1e978f380 C:\WINDOWS\ie7updates\KB937143-IE7\wininet.dll
2007-06-27 15:10 823808 ad8142c3a9383f48545b7dbc1280cf28 C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-10-11 00:50 824832 c543cc3d7a05fb0d23107c89115811a0 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-07 03:14 815616 662eb164b33084e76c8a095825698880 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2007-12-07 03:14 815616 662eb164b33084e76c8a095825698880 C:\WINDOWS\system32\wininet.dll
2007-12-07 03:14 824832 e9b04b01d5a1ecc47b2e4364d171cf23 C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-13 14:23 975872 70192aa0fb59996148038b671eb5ade1 C:\WINDOWS\explorer.exe
2007-06-13 14:11 1033728 9b32416bd5988c97b6397ce0b02caf97 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2003-04-16 13:00 1004544 11d80755545cfb5eb9659ee88440eae2 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-17 23:49 1032704 53114d57ab73a406ac7f602227781a99 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 14:23 975872 70192aa0fb59996148038b671eb5ade1 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2007-06-13 14:23 1033728 ed7b460b142a32097b8a8f6ecc941815 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-03-16_17.07.52.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1a71246c-3eb0-4d6c-af77-3ab756017c3a}]
2008-03-12 15:39 1470488 --a------ C:\Program Files\BTjunkie\tbBTju.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1A71246C-3EB0-4D6C-AF77-3AB756017C3A}"= "C:\Program Files\BTjunkie\tbBTju.dll" [2008-03-12 15:39 1470488]
[HKEY_CLASSES_ROOT\clsid\{1a71246c-3eb0-4d6c-af77-3ab756017c3a}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{1A71246C-3EB0-4D6C-AF77-3AB756017C3A}"= C:\Program Files\BTjunkie\tbBTju.dll [2008-03-12 15:39 1470488]
[HKEY_CLASSES_ROOT\clsid\{1a71246c-3eb0-4d6c-af77-3ab756017c3a}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 23:49 15360]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-13 17:24 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 15:14 147456]
"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29 165784]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" [2005-09-21 21:34 294912]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 23:05 630784]
"UberIcon"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" [2006-05-21 08:43 180224]
"VistaStartMenu"="D:\Program Files\Transform XP to Vista\Vista Start Menu\VistaStartMenu.exe" [ ]
"YahooWidgetEngine.exe"="D:\Program Files\Transform XP to Vista\Yahoo! Widgets\Widgets\YahooWidgetEngine.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008]
"nwiz"="nwiz.exe" [2007-09-17 01:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40 155648]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07 81920]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"RemoteControl"="D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
"ACROMOUSE"="C:\Program Files\Tech\Office Program Selector\2.0\ACROMAPP.exe" [2005-04-29 03:31 554496]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [2007-01-17 17:01 496640]
"Microsoft Update Machine"="alyzhr.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 23:49 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^Ramon^Nabídka Start^Programy^Po spuštění^Yahoo! Widget Engine.lnk]
backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2005-05-19 14:47 57344 D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 D:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
M:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
"StarWindService"=2 (0x2)
"RasAuto"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Creative WebCam Tray"=C:\Program Files\Creative\Shared Files\CamTray.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" silent
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinSys2"=C:\WINDOWS\system32\winsys2.exe
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
"Sony Ericsson PC Suite"="D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.4\\cnc3game.dat"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\Program Files\\Call of Duty\\CoDMP.exe"=
"D:\\Program Files\\Call of Duty\\CoDUOMP.exe"=
"D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=
"D:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 07:04]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08]
R3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-03 23:45]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 12:43]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 12:43]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 12:43]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-04-04 12:43]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-04-04 12:43]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 12:43]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 12:43]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 07:08]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58]
.
Contents of the 'Scheduled Tasks' folder
"2008-03-14 16:19:36 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-03-14 22:46:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-16 18:06:57 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-16 19:04:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2008-03-16 19:07:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-16 18:07:05
ComboFix2.txt 2008-03-16 16:40:32
ComboFix3.txt 2008-03-16 16:27:02
ComboFix4.txt 2008-03-16 16:08:10
.
2008-03-13 19:52:45 --- E O F ---
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: Smitfraud.C.CoreService je tu zas
Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u (mezi comobofix a /u musí být mezera) a dej Ok.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Vzhledem k tomu že máš ESS, tak vypni rezidentní ochranu ve Windows Defender a ve Spybotu.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - M:\PROGRA~1\PCTRAN~1\PCTRAN~1\webie.dll (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Update Machine] alyzhr.exe
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - M:\PROGRA~1\PCTRAN~1\PCTRAN~1\webie.dll (file missing)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - M:\PROGRA~1\PCTRAN~1\PCTRAN~1\webie.dll (file missing)
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - M:\PROGRA~1\PCTRAN~1\PCTRAN~1\webie.dll (file missing)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - M:\PROGRA~1\PCTRAN~1\PCTRAN~1\webie.dll (file missing)
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - M:\PROGRA~1\PCTRAN~1\PCTRAN~1\webie.dll (file missing)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - M:\PROGRA~1\PCTRAN~1\PCTRAN~1\webie.dll (file missing)
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - M:\PROGRA~1\PCTRAN~1\PCTRAN~1\webie.dll (file missing)
po zaškrtnutí klikni na tlačítko Fix Checked
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Doporučil bych ti také aktualizovat Javu:
- Stáhni si poslení verzi Java Runtime Environment (JRE) 6 Update 5
- Posuň se dolů kde je napsáno Java Runtime Environment (JRE) 6 Update 5 a klikni na tlačítko Download
- Zatrhni možnost kde je napsáno: Accept License Agreement
- Stránka se ti znovu načte.
- Klikni na odkaz pro stažení: Windows Offline Installation, Multi-language a ulož si ho na disk
- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:
- Odinstaluj postupně po sobě případné všechny staré verze Javy
- Po skončení odinstalovaní restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u5-windows-i586-p.exe, který sis stáhl na začátku.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Stáhni si a spusť T-cleaner, odstraní zálohy a pozůstatky použitých programů.
Pokud nemáš problémy tak by to bylo vše.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Vzhledem k tomu že máš ESS, tak vypni rezidentní ochranu ve Windows Defender a ve Spybotu.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - M:\PROGRA~1\PCTRAN~1\PCTRAN~1\webie.dll (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Update Machine] alyzhr.exe
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - M:\PROGRA~1\PCTRAN~1\PCTRAN~1\webie.dll (file missing)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - M:\PROGRA~1\PCTRAN~1\PCTRAN~1\webie.dll (file missing)
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - M:\PROGRA~1\PCTRAN~1\PCTRAN~1\webie.dll (file missing)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - M:\PROGRA~1\PCTRAN~1\PCTRAN~1\webie.dll (file missing)
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - M:\PROGRA~1\PCTRAN~1\PCTRAN~1\webie.dll (file missing)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - M:\PROGRA~1\PCTRAN~1\PCTRAN~1\webie.dll (file missing)
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - M:\PROGRA~1\PCTRAN~1\PCTRAN~1\webie.dll (file missing)
po zaškrtnutí klikni na tlačítko Fix Checked
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Doporučil bych ti také aktualizovat Javu:
- Stáhni si poslení verzi Java Runtime Environment (JRE) 6 Update 5
- Posuň se dolů kde je napsáno Java Runtime Environment (JRE) 6 Update 5 a klikni na tlačítko Download
- Zatrhni možnost kde je napsáno: Accept License Agreement
- Stránka se ti znovu načte.
- Klikni na odkaz pro stažení: Windows Offline Installation, Multi-language a ulož si ho na disk
- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:
- J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2
- Odinstaluj postupně po sobě případné všechny staré verze Javy
- Po skončení odinstalovaní restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u5-windows-i586-p.exe, který sis stáhl na začátku.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Stáhni si a spusť T-cleaner, odstraní zálohy a pozůstatky použitých programů.
Pokud nemáš problémy tak by to bylo vše.
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Re: Smitfraud.C.CoreService je tu zas
Ďakujem za profesionálne rady a postup.Všetko je ok a pracuje tak ako má.Ďakujem
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 4 hosti