Ahoj, neustále mi to vypíná explorer. log z hjt:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:43, on 2008-10-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS.0\system32\CTsvcCDA.EXE
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\WINDOWS.0\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS.0\explorer.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Jan_2\Plocha\Programy\Clean\Hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/8SEENUS020100/FRWCompleteAddIns
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: (no name) - {DD3EC823-D3A1-48B3-A18A-A1958795A18A} - C:\WINDOWS.0\system32\ssqOEWMd.dll
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS.0\SiSUSBrg.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS.0\UpdReg.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5177247953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5177481953
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-493a2124009ba347.spaces.live ... nPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{95A1834B-035F-4E95-A4EB-203971E44BAA}: NameServer = 217.197.158.17
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DFC39DF-A0B2-49EB-AF9D-C40184E88E93}: NameServer = 192.168.154.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{C78501D8-6CD9-4807-840F-BC68F5756F52}: NameServer = 192.168.154.33
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O20 - Winlogon Notify: ssqOEWMd - C:\WINDOWS.0\SYSTEM32\ssqOEWMd.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS.0\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS.0\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS.0\system32\PnkBstrA.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
--
End of file - 8964 bytes
Prosím kontrolu logu
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43293
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím kontrolu logu
Vítej na fóru PC-HELP!
Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah + nový log z HJT+ mrkni se jestli ti pod Startem nechybí nějaké ikony, zobrazují se ti disky pod Tento počítač....
Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah + nový log z HJT+ mrkni se jestli ti pod Startem nechybí nějaké ikony, zobrazují se ti disky pod Tento počítač....
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím kontrolu logu
Při zapnutí nouzového režimu se PC restartuje (při výběru profilů).
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43293
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím kontrolu logu
Zkusíme nejprve toto:
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím kontrolu logu
Malwarebytes' Anti-Malware 1.30
Verze databáze: 1333
Windows 5.1.2600 Service Pack 2
2008-10-28 20:02:39
mbam-log-2008-10-28 (20-02-34).txt
Typ skenu: Rychlý sken
Objektu skenováno: 80691
Uplynulý cas: 23 minute(s), 33 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 2
Infikované klíce registru: 15
Infikované hodnoty registru: 2
Infikované položky dat registru: 0
Infikované složky: 22
Infikované soubory: 25
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
C:\WINDOWS.0\system32\qoMeCsSj.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS.0\system32\ssqOEWMd.dll (Trojan.Vundo.H) -> No action taken.
Infikované klíce registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6acb6038-f421-49ea-83ea-2eafeee34a96} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6acb6038-f421-49ea-83ea-2eafeee34a96} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dd3ec823-d3a1-48b3-a18a-a1958795a18a} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqoewmd (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{dd3ec823-d3a1-48b3-a18a-a1958795a18a} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{dd3ec823-d3a1-48b3-a18a-a1958795a18a} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c1c6426b-fb16-4123-acbe-74d94fb0e663} (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6acb6038-f421-49ea-83ea-2eafeee34a96} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{82ff7464-5dba-446a-a866-910ba53ca152} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcvf8j0egnf (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{dd3ec823-d3a1-48b3-a18a-a1958795a18a} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhcvf8j0egnf (Rogue.AntivirusXP2008) -> No action taken.
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf\Quarantine (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf\Quarantine\Packages (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf\Quarantine (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf\Quarantine\Packages (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.
Infikované soubory:
C:\WINDOWS.0\system32\qoMeCsSj.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS.0\system32\jSsCeMoq.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS.0\system32\jSsCeMoq.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS.0\system32\ssqOEWMd.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS.0\system32\vtUmKCTn.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS.0\system32\nTCKmUtv.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS.0\system32\nTCKmUtv.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS.0\system32\cbXNEUMd.dll (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\Jan_2\Local Settings\Temporary Internet Files\Content.IE5\F8YDGPQR\cntr[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Jan_2\Local Settings\Temporary Internet Files\Content.IE5\FY6S5CXS\cntr[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Martin\Local Settings\Temporary Internet Files\Content.IE5\JL9N5498\cntr[1] (Trojan.Vundo) -> No action taken.
C:\WINDOWS.0\hosts (Trojan.Agent) -> No action taken.
C:\WINDOWS.0\system32\phcrf8j0egnf.bmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS.0\system32\wini10871.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS.0\system32\swqzdtj.dll (Trojan.Zlob) -> No action taken.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> No action taken.
C:\Documents and Settings\Šárka.RODINA-\Local Settings\Temp\bneD.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Šárka.RODINA-\Local Settings\Temp\wrdwn2 (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Šárka.RODINA-\Local Settings\Temp\wrdwn3 (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Šárka.RODINA-\Local Settings\Temp\wrdwn4 (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Šárka.RODINA-\Local Settings\Temp\wrdwn7 (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Šárka.RODINA-\Local Settings\Temp\wrdwn8 (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Šárka.RODINA-\Local Settings\Temp\wrdwn9 (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Jan_2\Oblíbené položky\Online Security Test.url (Rogue.Link) -> No action taken.
C:\WINDOWS.0\system32\drivers\etc\services (Heuristics.Reserved.Word.Exploit) -> No action taken.
Verze databáze: 1333
Windows 5.1.2600 Service Pack 2
2008-10-28 20:02:39
mbam-log-2008-10-28 (20-02-34).txt
Typ skenu: Rychlý sken
Objektu skenováno: 80691
Uplynulý cas: 23 minute(s), 33 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 2
Infikované klíce registru: 15
Infikované hodnoty registru: 2
Infikované položky dat registru: 0
Infikované složky: 22
Infikované soubory: 25
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
C:\WINDOWS.0\system32\qoMeCsSj.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS.0\system32\ssqOEWMd.dll (Trojan.Vundo.H) -> No action taken.
Infikované klíce registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6acb6038-f421-49ea-83ea-2eafeee34a96} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6acb6038-f421-49ea-83ea-2eafeee34a96} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dd3ec823-d3a1-48b3-a18a-a1958795a18a} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqoewmd (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{dd3ec823-d3a1-48b3-a18a-a1958795a18a} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{dd3ec823-d3a1-48b3-a18a-a1958795a18a} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c1c6426b-fb16-4123-acbe-74d94fb0e663} (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6acb6038-f421-49ea-83ea-2eafeee34a96} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{82ff7464-5dba-446a-a866-910ba53ca152} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcvf8j0egnf (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{dd3ec823-d3a1-48b3-a18a-a1958795a18a} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhcvf8j0egnf (Rogue.AntivirusXP2008) -> No action taken.
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf\Quarantine (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf\Quarantine\Packages (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf\Quarantine (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf\Quarantine\Packages (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.
Infikované soubory:
C:\WINDOWS.0\system32\qoMeCsSj.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS.0\system32\jSsCeMoq.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS.0\system32\jSsCeMoq.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS.0\system32\ssqOEWMd.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS.0\system32\vtUmKCTn.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS.0\system32\nTCKmUtv.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS.0\system32\nTCKmUtv.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS.0\system32\cbXNEUMd.dll (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\Jan_2\Local Settings\Temporary Internet Files\Content.IE5\F8YDGPQR\cntr[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Jan_2\Local Settings\Temporary Internet Files\Content.IE5\FY6S5CXS\cntr[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Martin\Local Settings\Temporary Internet Files\Content.IE5\JL9N5498\cntr[1] (Trojan.Vundo) -> No action taken.
C:\WINDOWS.0\hosts (Trojan.Agent) -> No action taken.
C:\WINDOWS.0\system32\phcrf8j0egnf.bmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS.0\system32\wini10871.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS.0\system32\swqzdtj.dll (Trojan.Zlob) -> No action taken.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> No action taken.
C:\Documents and Settings\Šárka.RODINA-\Local Settings\Temp\bneD.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Šárka.RODINA-\Local Settings\Temp\wrdwn2 (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Šárka.RODINA-\Local Settings\Temp\wrdwn3 (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Šárka.RODINA-\Local Settings\Temp\wrdwn4 (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Šárka.RODINA-\Local Settings\Temp\wrdwn7 (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Šárka.RODINA-\Local Settings\Temp\wrdwn8 (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Šárka.RODINA-\Local Settings\Temp\wrdwn9 (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Jan_2\Oblíbené položky\Online Security Test.url (Rogue.Link) -> No action taken.
C:\WINDOWS.0\system32\drivers\etc\services (Heuristics.Reserved.Word.Exploit) -> No action taken.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43293
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím kontrolu logu
. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit log + nový log z HJT.
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit log + nový log z HJT.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím kontrolu logu
Malwarebytes' Anti-Malware 1.30
Verze databáze: 1333
Windows 5.1.2600 Service Pack 2
2008-10-28 20:37:12
mbam-log-2008-10-28 (20-37-12).txt
Typ skenu: Rychlý sken
Objektu skenováno: 80644
Uplynulý cas: 19 minute(s), 40 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 2
Infikované klíce registru: 15
Infikované hodnoty registru: 2
Infikované položky dat registru: 0
Infikované složky: 22
Infikované soubory: 25
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
C:\WINDOWS.0\system32\qoMeCsSj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS.0\system32\ssqOEWMd.dll (Trojan.Vundo.H) -> Delete on reboot.
Infikované klíce registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6acb6038-f421-49ea-83ea-2eafeee34a96} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6acb6038-f421-49ea-83ea-2eafeee34a96} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dd3ec823-d3a1-48b3-a18a-a1958795a18a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqoewmd (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{dd3ec823-d3a1-48b3-a18a-a1958795a18a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6acb6038-f421-49ea-83ea-2eafeee34a96} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{dd3ec823-d3a1-48b3-a18a-a1958795a18a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c1c6426b-fb16-4123-acbe-74d94fb0e663} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{82ff7464-5dba-446a-a866-910ba53ca152} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcvf8j0egnf (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{dd3ec823-d3a1-48b3-a18a-a1958795a18a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhcvf8j0egnf (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
Infikované soubory:
C:\WINDOWS.0\system32\qoMeCsSj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS.0\system32\jSsCeMoq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\jSsCeMoq.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\ssqOEWMd.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS.0\system32\vtUmKCTn.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\nTCKmUtv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\nTCKmUtv.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\cbXNEUMd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jan_2\Local Settings\Temporary Internet Files\Content.IE5\F8YDGPQR\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jan_2\Local Settings\Temporary Internet Files\Content.IE5\FY6S5CXS\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Martin\Local Settings\Temporary Internet Files\Content.IE5\JL9N5498\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS.0\hosts (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\phcrf8j0egnf.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\wini10871.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\swqzdtj.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Šárka.RODINA-\Local Settings\Temp\bneD.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Šárka.RODINA-\Local Settings\Temp\wrdwn2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Šárka.RODINA-\Local Settings\Temp\wrdwn3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Šárka.RODINA-\Local Settings\Temp\wrdwn4 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Šárka.RODINA-\Local Settings\Temp\wrdwn7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Šárka.RODINA-\Local Settings\Temp\wrdwn8 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Šárka.RODINA-\Local Settings\Temp\wrdwn9 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jan_2\Oblíbené položky\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\drivers\etc\services (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
Verze databáze: 1333
Windows 5.1.2600 Service Pack 2
2008-10-28 20:37:12
mbam-log-2008-10-28 (20-37-12).txt
Typ skenu: Rychlý sken
Objektu skenováno: 80644
Uplynulý cas: 19 minute(s), 40 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 2
Infikované klíce registru: 15
Infikované hodnoty registru: 2
Infikované položky dat registru: 0
Infikované složky: 22
Infikované soubory: 25
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
C:\WINDOWS.0\system32\qoMeCsSj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS.0\system32\ssqOEWMd.dll (Trojan.Vundo.H) -> Delete on reboot.
Infikované klíce registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6acb6038-f421-49ea-83ea-2eafeee34a96} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6acb6038-f421-49ea-83ea-2eafeee34a96} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dd3ec823-d3a1-48b3-a18a-a1958795a18a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqoewmd (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{dd3ec823-d3a1-48b3-a18a-a1958795a18a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6acb6038-f421-49ea-83ea-2eafeee34a96} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{dd3ec823-d3a1-48b3-a18a-a1958795a18a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c1c6426b-fb16-4123-acbe-74d94fb0e663} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{82ff7464-5dba-446a-a866-910ba53ca152} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcvf8j0egnf (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{dd3ec823-d3a1-48b3-a18a-a1958795a18a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhcvf8j0egnf (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jan_2\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\rhcvf8j0egnf\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
Infikované soubory:
C:\WINDOWS.0\system32\qoMeCsSj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS.0\system32\jSsCeMoq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\jSsCeMoq.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\ssqOEWMd.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS.0\system32\vtUmKCTn.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\nTCKmUtv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\nTCKmUtv.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\cbXNEUMd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jan_2\Local Settings\Temporary Internet Files\Content.IE5\F8YDGPQR\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jan_2\Local Settings\Temporary Internet Files\Content.IE5\FY6S5CXS\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Martin\Local Settings\Temporary Internet Files\Content.IE5\JL9N5498\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS.0\hosts (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\phcrf8j0egnf.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\wini10871.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\swqzdtj.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Šárka.RODINA-\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Šárka.RODINA-\Local Settings\Temp\bneD.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Šárka.RODINA-\Local Settings\Temp\wrdwn2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Šárka.RODINA-\Local Settings\Temp\wrdwn3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Šárka.RODINA-\Local Settings\Temp\wrdwn4 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Šárka.RODINA-\Local Settings\Temp\wrdwn7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Šárka.RODINA-\Local Settings\Temp\wrdwn8 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Šárka.RODINA-\Local Settings\Temp\wrdwn9 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jan_2\Oblíbené položky\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\drivers\etc\services (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
Re: Prosím kontrolu logu
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:47, on 2008-10-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS.0\system32\CTsvcCDA.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS.0\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Opera\Opera.exe
F:\Hry\Jan\H\Dokumenty\Nepoužívané odkazy plochy\QIP\infium.exe
C:\Documents and Settings\Jan_2\Plocha\Programy\Clean\Hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/8SEENUS020100/FRWCompleteAddIns
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS.0\SiSUSBrg.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS.0\UpdReg.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5177247953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5177481953
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-493a2124009ba347.spaces.live ... nPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{95A1834B-035F-4E95-A4EB-203971E44BAA}: NameServer = 217.197.158.17
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DFC39DF-A0B2-49EB-AF9D-C40184E88E93}: NameServer = 192.168.154.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{C78501D8-6CD9-4807-840F-BC68F5756F52}: NameServer = 192.168.154.33
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS.0\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS.0\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS.0\system32\PnkBstrA.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
--
End of file - 8777 bytes
Scan saved at 20:47, on 2008-10-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS.0\system32\CTsvcCDA.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS.0\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Opera\Opera.exe
F:\Hry\Jan\H\Dokumenty\Nepoužívané odkazy plochy\QIP\infium.exe
C:\Documents and Settings\Jan_2\Plocha\Programy\Clean\Hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/8SEENUS020100/FRWCompleteAddIns
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS.0\SiSUSBrg.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS.0\UpdReg.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS.0\system32\SHDOCVW.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5177247953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5177481953
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-493a2124009ba347.spaces.live ... nPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{95A1834B-035F-4E95-A4EB-203971E44BAA}: NameServer = 217.197.158.17
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DFC39DF-A0B2-49EB-AF9D-C40184E88E93}: NameServer = 192.168.154.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{C78501D8-6CD9-4807-840F-BC68F5756F52}: NameServer = 192.168.154.33
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS.0\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS.0\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS.0\system32\PnkBstrA.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
--
End of file - 8777 bytes
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43293
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím kontrolu logu
Zkus ještě jednou ten SDFix, kdyby nešel:
Vypni rez . ochranu u Avastu.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Podívám se zítra.
Vypni rez . ochranu u Avastu.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Podívám se zítra.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím kontrolu logu
ComboFix 08-10-28.01 - Jan_2 2008-10-28 21:11:34.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.670 [GMT 1:00]
Spuštěný z: C:\Documents and Settings\Jan_2\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Šárka.RODINA-\Dokumenty\ICQ Lite\267188287\Nuny_341651495\Profesoři\_desktop.ini
C:\SETUP.BAT
C:\WINDOWS.0\dembat.tm
C:\WINDOWS.0\emdat.tm
C:\WINDOWS.0\system32\bsnzafqa.bin
C:\WINDOWS.0\system32\cfg.dat
C:\WINDOWS.0\system32\mdm.exe
C:\WINDOWS.0\system32\UEgOVGgh.ini
C:\WINDOWS.0\system32\UEgOVGgh.ini2
C:\WINDOWS.0\system32\unsvchosts.lzma
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-09-28 do 2008-10-28 )))))))))))))))))))))))))))))))
.
2065-05-22 19:17 . 1998-05-07 10:57 143,872 --a------ C:\WINDOWS.0\system32\iacenc.dll
2065-05-22 19:17 . 2065-05-22 19:17 56,832 --------- C:\WINDOWS.0\system32\iyvu9_32.dll
2008-12-05 19:09 . 2008-12-05 19:09 <DIR> d-------- C:\Program Files\JoWooD Productions Software AG
2008-12-04 10:13 . 2008-12-04 10:23 43,520 --a------ C:\WINDOWS.0\system32\CmdLineExt03.dll
2008-10-28 19:37 . 2008-10-28 19:37 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-28 19:37 . 2008-10-28 19:37 <DIR> d-------- C:\Documents and Settings\Jan_2\Data aplikací\Malwarebytes
2008-10-28 19:37 . 2008-10-28 19:37 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\Malwarebytes
2008-10-28 19:37 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS.0\system32\drivers\mbamswissarmy.sys
2008-10-28 19:37 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS.0\system32\drivers\mbam.sys
2008-10-28 19:08 . 2008-10-28 19:08 <DIR> d--hs---- C:\FOUND.016
2008-10-28 18:55 . 2008-10-27 00:01 <DIR> d-------- C:\SDFix
2008-10-28 17:12 . 2008-10-28 21:01 568 --a------ C:\WINDOWS.0\system32\drivers\fwdrv.err
2008-10-28 17:08 . 2008-10-28 17:08 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-10-28 14:27 . 2008-10-28 14:27 <DIR> d--hs---- C:\FOUND.015
2008-10-28 13:07 . 2008-10-28 17:24 344 --ahs---- C:\WINDOWS.0\system32\oYGiPqru.ini
2008-10-28 12:24 . 2008-10-28 12:24 <DIR> d--hs---- C:\FOUND.014
2008-10-28 11:17 . 2008-10-28 11:17 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\SecTaskMan
2008-10-28 10:13 . 2008-10-28 10:13 253,625 --a------ C:\Documents and Settings\Sarkaaa AD-1868.Civ4SavedGame
2008-10-28 08:14 . 2008-10-28 08:14 <DIR> d-------- C:\Documents and Settings\ćuRKA~1.ROD
2008-10-27 18:00 . 2008-10-27 18:00 320,425 --a------ C:\Documents and Settings\sarkaaa AD-1986.Civ4SavedGame
2008-10-26 10:47 . 2008-10-26 10:47 270,615 --a------ C:\Documents and Settings\sarkaaa AD-1920.Civ4SavedGame
2008-10-25 10:45 . 2008-10-25 10:45 178,111 --a------ C:\Documents and Settings\sarkaaa AD-1280.Civ4SavedGame
2008-10-22 14:05 . 2008-10-22 14:05 204,954 --a------ C:\Documents and Settings\Sarka AD-1020.Civ4SavedGame
2008-10-22 13:31 . 2008-10-22 13:31 206,325 --a------ C:\Documents and Settings\S'arus AD-1340.Civ4SavedGame
2008-10-20 17:27 . 2008-10-20 17:27 335,706 --a------ C:\Documents and Settings\S'arka AD-2008.Civ4SavedGame
2008-10-20 15:22 . 2008-10-20 15:22 <DIR> d-------- C:\Program Files\Testy Autoškola
2008-10-19 18:18 . 2008-10-19 18:18 298,666 --a------ C:\Documents and Settings\S'arka AD-1964.Civ4SavedGame
2008-10-19 10:28 . 2008-10-19 10:29 210,188 --a------ C:\Documents and Settings\S'arka AD-1670.Civ4SavedGame
2008-10-18 19:26 . 2008-10-18 19:26 135,305 --a------ C:\Documents and Settings\S'arka AD-0325.Civ4SavedGame
2008-10-12 09:44 . 2008-10-12 09:44 <DIR> d-------- C:\Program Files\Teacher
2008-10-11 17:40 . 2008-10-11 17:40 694,346 --a------ C:\Documents and Settings\S'arka AD-1984.Civ4SavedGame
2008-10-11 10:45 . 2008-10-11 10:45 455,423 --a------ C:\Documents and Settings\S'arka AD-1705.Civ4SavedGame
2008-10-11 09:40 . 2008-10-11 10:31 424,269 --a------ C:\Documents and Settings\S'arka AD-0820.Civ4SavedGame
2008-10-10 19:26 . 2008-10-10 19:26 262,379 --a------ C:\Documents and Settings\S'arka BC-0075.Civ4SavedGame
2008-10-06 07:52 . 2008-10-07 20:30 541,211 --a------ C:\Documents and Settings\Sarka AD-1939.Civ4SavedGame
2008-10-05 11:30 . 2008-10-05 11:30 <DIR> d-------- C:\Documents and Settings\Jan_2\Data aplikací\Lineage Utils
2008-10-05 11:29 . 2008-10-05 11:29 <DIR> d-------- C:\Program Files\LineAge Utils
2008-10-05 10:35 . 2008-10-05 10:35 479,082 --a------ C:\Documents and Settings\Sarka AD-1918.Civ4SavedGame
2008-10-04 10:47 . 2008-10-04 10:47 344,186 --a------ C:\Documents and Settings\Sarka AD-1515.Civ4SavedGame
2008-10-03 19:26 . 2008-10-03 19:26 286,052 --a------ C:\Documents and Settings\Sarka AD-0780.Civ4SavedGame
2008-10-03 19:09 . 2008-10-03 19:09 265,490 --a------ C:\Documents and Settings\Sarka AD-0520.Civ4SavedGame
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-04 21:26 2,829 ----a-w C:\WINDOWS.0\War3Unin.pif
2008-12-04 21:26 126,976 ----a-w C:\WINDOWS.0\War3Unin.exe
2008-10-26 19:45 138,136 ----a-w C:\WINDOWS.0\system32\drivers\PnkBstrK.sys
2008-10-26 19:45 111,928 ----a-w C:\WINDOWS.0\system32\PnkBstrB.exe
2008-08-24 14:32 81,920 ----a-w C:\WINDOWS.0\system32\OpenAL32.dll
2008-08-24 14:32 233,472 ----a-w C:\WINDOWS.0\system32\wrap_oal.dll
2008-07-31 09:41 68,616 ----a-w C:\WINDOWS.0\system32\XAPOFX1_1.dll
2008-07-31 09:41 238,088 ----a-w C:\WINDOWS.0\system32\xactengine3_2.dll
2008-07-31 09:40 509,448 ----a-w C:\WINDOWS.0\system32\XAudio2_2.dll
2007-03-06 16:14 1,218,696 ---ha-w C:\Documents and Settings\webspell\webspell4[1].01.01.zip
2003-11-30 14:31 842 ----a-w C:\Program Files\options.cfg
2002-07-26 16:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
2002-06-24 14:46 3,360 ------w C:\WINDOWS.0\inf\OTHER\cmiainfo.sys
2006-07-09 06:12 11,270 --sha-w C:\WINDOWS.0\system32\KGyGaAvL.sys
2006-02-11 08:55 56 --sh--r C:\WINDOWS.0\system32\4F4F9D4257.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"ctfmon.exe"="C:\WINDOWS.0\system32\ctfmon.exe" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS.0\SiSUSBrg.exe" [2002-07-12 106496]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-06-06 40960]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"UpdReg"="C:\WINDOWS.0\UpdReg.EXE" [2000-05-11 90112]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"CTSysVol"="C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]
C:\Documents and Settings\ć rka.RODINA-\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.2.lnk.disabled [2007-05-28 785]
C:\Documents and Settings\Jan_2\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk.disabled [2007-07-15 897]
C:\Documents and Settings\All Users.WINDOWS.0\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk.disabled [2007-05-25 1670]
Microsoft Office.lnk.disabled [2006-05-01 1640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoAutoTrayNotify"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= C:\WINDOWS.0\system32\ir32_32.dll
"vidc.iv32"= C:\WINDOWS.0\system32\ir32_32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NVSvc"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"STYLEXP"=C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe /onboot
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB0_0_0 -reboot 1
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
"NeroFilterCheck"=C:\WINDOWS.0\system32\NeroCheck.exe
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS.0\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 fwdrv;Firewall Driver;C:\WINDOWS.0\system32\drivers\fwdrv.sys [2007-02-20 302000]
R1 khips;Kerio HIPS Driver;C:\WINDOWS.0\system32\drivers\khips.sys [2007-02-20 71088]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS.0\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 SVKP;SVKP;C:\WINDOWS.0\system32\SVKP.sys [2006-04-30 2368]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS.0\system32\DRIVERS\psched.sys [2004-08-03 69120]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS.0\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S3 ASUSHWIO;ASUSHWIO;C:\WINDOWS.0\system32\drivers\ASUSHWIO.sys [ ]
S3 npkycryp;npkycryp;F:\Hry\Lineage II - Kamael CT1\system\npkycryp.sys [ ]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
.
Obsah adresáře 'Naplánované úlohy'
2008-10-28 C:\WINDOWS.0\Tasks\A1D92D2C91CAA938.job
- c:\docume~1\jan_2\dataap~1\realhe~1\Idle64upload.exe []
2008-10-22 C:\WINDOWS.0\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe []
2008-12-07 C:\WINDOWS.0\Tasks\User_Feed_Synchronization-{E4C8D7AB-6A62-4060-A20D-7B571BACF88D}.job
- C:\WINDOWS.0\system32\msfeedssync.exe [2007-08-13 18:36]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
MSConfigStartUp-ICQ Lite - C:\Program Files\ICQLite\ICQLite.exe
.
------- Doplňkový sken -------
.
FireFox -: Profile - C:\Documents and Settings\Jan_2\Data aplikací\Mozilla\Firefox\Profiles\4sg77h6a.default\
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-28 21:21:07
Windows 5.1.2600 Service Pack 2 FAT NTAPI
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
C:\sccfg.sys 32768 bytes
sken byl úspešně dokončen
skryté soubory: 1
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
C:\PROGRAM FILES\TGTSOFT\STYLEXP\STYLEXPSERVICE.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\WINDOWS.0\SYSTEM32\CTSVCCDA.EXE
C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL.1\MSSQL\BINN\SQLSERVR.EXE
C:\WINDOWS.0\SYSTEM32\PNKBSTRA.EXE
C:\PROGRAM FILES\MICROSOFT SQL SERVER\90\SHARED\SQLBROWSER.EXE
C:\PROGRAM FILES\MICROSOFT SQL SERVER\90\SHARED\SQLWRITER.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\IPOD\BIN\IPODSERVICE.EXE
C:\WINDOWS.0\SYSTEM32\IMAPI.EXE
.
**************************************************************************
.
Celkový čas: 2008-10-28 21:25:44 - počítač byl restartován [Jan_2]
ComboFix-quarantined-files.txt 2008-10-28 20:25:34
Před spuštěním: 6,368,067,584
Po spuštění: 7,190,740,992
210 --- E O F --- 2008-08-20 01:51:30
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.670 [GMT 1:00]
Spuštěný z: C:\Documents and Settings\Jan_2\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Šárka.RODINA-\Dokumenty\ICQ Lite\267188287\Nuny_341651495\Profesoři\_desktop.ini
C:\SETUP.BAT
C:\WINDOWS.0\dembat.tm
C:\WINDOWS.0\emdat.tm
C:\WINDOWS.0\system32\bsnzafqa.bin
C:\WINDOWS.0\system32\cfg.dat
C:\WINDOWS.0\system32\mdm.exe
C:\WINDOWS.0\system32\UEgOVGgh.ini
C:\WINDOWS.0\system32\UEgOVGgh.ini2
C:\WINDOWS.0\system32\unsvchosts.lzma
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-09-28 do 2008-10-28 )))))))))))))))))))))))))))))))
.
2065-05-22 19:17 . 1998-05-07 10:57 143,872 --a------ C:\WINDOWS.0\system32\iacenc.dll
2065-05-22 19:17 . 2065-05-22 19:17 56,832 --------- C:\WINDOWS.0\system32\iyvu9_32.dll
2008-12-05 19:09 . 2008-12-05 19:09 <DIR> d-------- C:\Program Files\JoWooD Productions Software AG
2008-12-04 10:13 . 2008-12-04 10:23 43,520 --a------ C:\WINDOWS.0\system32\CmdLineExt03.dll
2008-10-28 19:37 . 2008-10-28 19:37 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-28 19:37 . 2008-10-28 19:37 <DIR> d-------- C:\Documents and Settings\Jan_2\Data aplikací\Malwarebytes
2008-10-28 19:37 . 2008-10-28 19:37 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\Malwarebytes
2008-10-28 19:37 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS.0\system32\drivers\mbamswissarmy.sys
2008-10-28 19:37 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS.0\system32\drivers\mbam.sys
2008-10-28 19:08 . 2008-10-28 19:08 <DIR> d--hs---- C:\FOUND.016
2008-10-28 18:55 . 2008-10-27 00:01 <DIR> d-------- C:\SDFix
2008-10-28 17:12 . 2008-10-28 21:01 568 --a------ C:\WINDOWS.0\system32\drivers\fwdrv.err
2008-10-28 17:08 . 2008-10-28 17:08 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-10-28 14:27 . 2008-10-28 14:27 <DIR> d--hs---- C:\FOUND.015
2008-10-28 13:07 . 2008-10-28 17:24 344 --ahs---- C:\WINDOWS.0\system32\oYGiPqru.ini
2008-10-28 12:24 . 2008-10-28 12:24 <DIR> d--hs---- C:\FOUND.014
2008-10-28 11:17 . 2008-10-28 11:17 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\SecTaskMan
2008-10-28 10:13 . 2008-10-28 10:13 253,625 --a------ C:\Documents and Settings\Sarkaaa AD-1868.Civ4SavedGame
2008-10-28 08:14 . 2008-10-28 08:14 <DIR> d-------- C:\Documents and Settings\ćuRKA~1.ROD
2008-10-27 18:00 . 2008-10-27 18:00 320,425 --a------ C:\Documents and Settings\sarkaaa AD-1986.Civ4SavedGame
2008-10-26 10:47 . 2008-10-26 10:47 270,615 --a------ C:\Documents and Settings\sarkaaa AD-1920.Civ4SavedGame
2008-10-25 10:45 . 2008-10-25 10:45 178,111 --a------ C:\Documents and Settings\sarkaaa AD-1280.Civ4SavedGame
2008-10-22 14:05 . 2008-10-22 14:05 204,954 --a------ C:\Documents and Settings\Sarka AD-1020.Civ4SavedGame
2008-10-22 13:31 . 2008-10-22 13:31 206,325 --a------ C:\Documents and Settings\S'arus AD-1340.Civ4SavedGame
2008-10-20 17:27 . 2008-10-20 17:27 335,706 --a------ C:\Documents and Settings\S'arka AD-2008.Civ4SavedGame
2008-10-20 15:22 . 2008-10-20 15:22 <DIR> d-------- C:\Program Files\Testy Autoškola
2008-10-19 18:18 . 2008-10-19 18:18 298,666 --a------ C:\Documents and Settings\S'arka AD-1964.Civ4SavedGame
2008-10-19 10:28 . 2008-10-19 10:29 210,188 --a------ C:\Documents and Settings\S'arka AD-1670.Civ4SavedGame
2008-10-18 19:26 . 2008-10-18 19:26 135,305 --a------ C:\Documents and Settings\S'arka AD-0325.Civ4SavedGame
2008-10-12 09:44 . 2008-10-12 09:44 <DIR> d-------- C:\Program Files\Teacher
2008-10-11 17:40 . 2008-10-11 17:40 694,346 --a------ C:\Documents and Settings\S'arka AD-1984.Civ4SavedGame
2008-10-11 10:45 . 2008-10-11 10:45 455,423 --a------ C:\Documents and Settings\S'arka AD-1705.Civ4SavedGame
2008-10-11 09:40 . 2008-10-11 10:31 424,269 --a------ C:\Documents and Settings\S'arka AD-0820.Civ4SavedGame
2008-10-10 19:26 . 2008-10-10 19:26 262,379 --a------ C:\Documents and Settings\S'arka BC-0075.Civ4SavedGame
2008-10-06 07:52 . 2008-10-07 20:30 541,211 --a------ C:\Documents and Settings\Sarka AD-1939.Civ4SavedGame
2008-10-05 11:30 . 2008-10-05 11:30 <DIR> d-------- C:\Documents and Settings\Jan_2\Data aplikací\Lineage Utils
2008-10-05 11:29 . 2008-10-05 11:29 <DIR> d-------- C:\Program Files\LineAge Utils
2008-10-05 10:35 . 2008-10-05 10:35 479,082 --a------ C:\Documents and Settings\Sarka AD-1918.Civ4SavedGame
2008-10-04 10:47 . 2008-10-04 10:47 344,186 --a------ C:\Documents and Settings\Sarka AD-1515.Civ4SavedGame
2008-10-03 19:26 . 2008-10-03 19:26 286,052 --a------ C:\Documents and Settings\Sarka AD-0780.Civ4SavedGame
2008-10-03 19:09 . 2008-10-03 19:09 265,490 --a------ C:\Documents and Settings\Sarka AD-0520.Civ4SavedGame
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-04 21:26 2,829 ----a-w C:\WINDOWS.0\War3Unin.pif
2008-12-04 21:26 126,976 ----a-w C:\WINDOWS.0\War3Unin.exe
2008-10-26 19:45 138,136 ----a-w C:\WINDOWS.0\system32\drivers\PnkBstrK.sys
2008-10-26 19:45 111,928 ----a-w C:\WINDOWS.0\system32\PnkBstrB.exe
2008-08-24 14:32 81,920 ----a-w C:\WINDOWS.0\system32\OpenAL32.dll
2008-08-24 14:32 233,472 ----a-w C:\WINDOWS.0\system32\wrap_oal.dll
2008-07-31 09:41 68,616 ----a-w C:\WINDOWS.0\system32\XAPOFX1_1.dll
2008-07-31 09:41 238,088 ----a-w C:\WINDOWS.0\system32\xactengine3_2.dll
2008-07-31 09:40 509,448 ----a-w C:\WINDOWS.0\system32\XAudio2_2.dll
2007-03-06 16:14 1,218,696 ---ha-w C:\Documents and Settings\webspell\webspell4[1].01.01.zip
2003-11-30 14:31 842 ----a-w C:\Program Files\options.cfg
2002-07-26 16:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
2002-06-24 14:46 3,360 ------w C:\WINDOWS.0\inf\OTHER\cmiainfo.sys
2006-07-09 06:12 11,270 --sha-w C:\WINDOWS.0\system32\KGyGaAvL.sys
2006-02-11 08:55 56 --sh--r C:\WINDOWS.0\system32\4F4F9D4257.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"ctfmon.exe"="C:\WINDOWS.0\system32\ctfmon.exe" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS.0\SiSUSBrg.exe" [2002-07-12 106496]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-06-06 40960]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"UpdReg"="C:\WINDOWS.0\UpdReg.EXE" [2000-05-11 90112]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"CTSysVol"="C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]
C:\Documents and Settings\ć rka.RODINA-\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.2.lnk.disabled [2007-05-28 785]
C:\Documents and Settings\Jan_2\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk.disabled [2007-07-15 897]
C:\Documents and Settings\All Users.WINDOWS.0\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk.disabled [2007-05-25 1670]
Microsoft Office.lnk.disabled [2006-05-01 1640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoAutoTrayNotify"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= C:\WINDOWS.0\system32\ir32_32.dll
"vidc.iv32"= C:\WINDOWS.0\system32\ir32_32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NVSvc"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"STYLEXP"=C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe /onboot
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB0_0_0 -reboot 1
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
"NeroFilterCheck"=C:\WINDOWS.0\system32\NeroCheck.exe
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS.0\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 fwdrv;Firewall Driver;C:\WINDOWS.0\system32\drivers\fwdrv.sys [2007-02-20 302000]
R1 khips;Kerio HIPS Driver;C:\WINDOWS.0\system32\drivers\khips.sys [2007-02-20 71088]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS.0\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 SVKP;SVKP;C:\WINDOWS.0\system32\SVKP.sys [2006-04-30 2368]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS.0\system32\DRIVERS\psched.sys [2004-08-03 69120]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS.0\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S3 ASUSHWIO;ASUSHWIO;C:\WINDOWS.0\system32\drivers\ASUSHWIO.sys [ ]
S3 npkycryp;npkycryp;F:\Hry\Lineage II - Kamael CT1\system\npkycryp.sys [ ]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
.
Obsah adresáře 'Naplánované úlohy'
2008-10-28 C:\WINDOWS.0\Tasks\A1D92D2C91CAA938.job
- c:\docume~1\jan_2\dataap~1\realhe~1\Idle64upload.exe []
2008-10-22 C:\WINDOWS.0\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe []
2008-12-07 C:\WINDOWS.0\Tasks\User_Feed_Synchronization-{E4C8D7AB-6A62-4060-A20D-7B571BACF88D}.job
- C:\WINDOWS.0\system32\msfeedssync.exe [2007-08-13 18:36]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
MSConfigStartUp-ICQ Lite - C:\Program Files\ICQLite\ICQLite.exe
.
------- Doplňkový sken -------
.
FireFox -: Profile - C:\Documents and Settings\Jan_2\Data aplikací\Mozilla\Firefox\Profiles\4sg77h6a.default\
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-28 21:21:07
Windows 5.1.2600 Service Pack 2 FAT NTAPI
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
C:\sccfg.sys 32768 bytes
sken byl úspešně dokončen
skryté soubory: 1
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
C:\PROGRAM FILES\TGTSOFT\STYLEXP\STYLEXPSERVICE.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\WINDOWS.0\SYSTEM32\CTSVCCDA.EXE
C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL.1\MSSQL\BINN\SQLSERVR.EXE
C:\WINDOWS.0\SYSTEM32\PNKBSTRA.EXE
C:\PROGRAM FILES\MICROSOFT SQL SERVER\90\SHARED\SQLBROWSER.EXE
C:\PROGRAM FILES\MICROSOFT SQL SERVER\90\SHARED\SQLWRITER.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\IPOD\BIN\IPODSERVICE.EXE
C:\WINDOWS.0\SYSTEM32\IMAPI.EXE
.
**************************************************************************
.
Celkový čas: 2008-10-28 21:25:44 - počítač byl restartován [Jan_2]
ComboFix-quarantined-files.txt 2008-10-28 20:25:34
Před spuštěním: 6,368,067,584
Po spuštění: 7,190,740,992
210 --- E O F --- 2008-08-20 01:51:30
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43293
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím kontrolu logu
Najdi a smaž: C:\SDFix
Toto dej otestovat na Virustotal:
c:\docume~1\jan_2\dataap~1\realhe~1\Idle64upload.exe
C:\WINDOWS.0\system32\4F4F9D4257.sys
Vlož sem pak výsledky.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Toto dej otestovat na Virustotal:
c:\docume~1\jan_2\dataap~1\realhe~1\Idle64upload.exe
C:\WINDOWS.0\system32\4F4F9D4257.sys
Vlož sem pak výsledky.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Kód: Vybrat vše
File::
C:\FOUND.016
C:\FOUND.015
C:\WINDOWS.0\system32\oYGiPqru.ini
C:\FOUND.014
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím kontrolu logu
c:\docume~1\jan_2\dataap~1\realhe~1\Idle64upload.exe - nenašel sem?
Soubor 4F4F9D4257.sys přijatý 2008.10.29 10:56:20 (CET)
Současný stav: Dokončeno
Výsledek: 0/36 (0%)
Soubor 4F4F9D4257.sys přijatý 2008.10.29 10:56:20 (CET)
Současný stav: Dokončeno
Výsledek: 0/36 (0%)
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 1 host