Dobrý den,už jsem zde viděl fórum na tento vir, ale stejne nevím co mám udělat. Po startu windowsu mi naběhne modrá obrazovka s pozadavkem odesláni SMS na nějaké tel. číslo. Posílám logy z různých programů. Děkuji za pomoc. Avast ani Trojan Remover nic nenašli .
Log MBAM:
Malwarebytes' Anti-Malware 1.41
Verze databáze: 2775
Windows 5.1.2600 Service Pack 3
6.10.2009 6:21:19
mbam-log-2009-10-06 (06-21-19).txt
Typ kontroly: Kompletní kontrola (C:\|D:\|)
Zkontrolované objekty: 417297
Uplynulý čas: 2 hour(s), 53 minute(s), 44 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)
LOG Combofix
ComboFix 09-10-04.01 - JHA 05.10.2009 15:41.2.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2768 [GMT 2:00]
Spuštěný z: c:\documents and settings\JHA\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091004-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-05 do 2009-10-05 )))))))))))))))))))))))))))))))
.
2009-10-05 13:31 . 2009-10-05 13:31 -------- d-sh--w- c:\documents and settings\JHA\PrivacIE
2009-09-29 11:29 . 2009-10-05 09:14 -------- d-----w- c:\program files\Trojan Remover
2009-09-24 18:43 . 2009-09-24 18:43 -------- d-sh--w- c:\documents and settings\JHA\IECompatCache
2009-09-24 18:26 . 2009-09-24 18:26 -------- d-----w- c:\windows\winapp
2009-09-24 18:26 . 2009-09-24 18:26 -------- d-----w- c:\program files\Electronic Arts
2009-09-21 06:08 . 2009-09-04 15:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-21 06:08 . 2009-09-04 15:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-21 06:08 . 2009-09-04 15:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-21 06:08 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-21 06:08 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-21 06:08 . 2009-09-04 15:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-21 06:08 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-20 16:58 . 2009-09-20 16:58 -------- d-sh--w- c:\documents and settings\JHA\IETldCache
2009-09-20 16:26 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-09-20 16:26 . 2009-09-20 19:41 -------- d-----w- c:\windows\ie8updates
2009-09-20 16:26 . 2009-07-03 16:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-09-20 16:26 . 2009-07-03 16:59 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-20 16:25 . 2009-09-20 16:26 -------- dc-h--w- c:\windows\ie8
2009-09-20 15:30 . 2009-09-20 15:30 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-20 15:30 . 2009-09-20 15:30 -------- d-----w- c:\windows\system32\AGEIA
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-05 13:38 . 2008-04-14 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2009-10-05 13:38 . 2008-04-14 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2009-10-05 13:34 . 2009-04-15 21:42 -------- d-----w- c:\program files\Fraps
2009-10-05 12:35 . 2009-04-15 21:18 -------- d-----w- c:\program files\Opera
2009-09-21 15:17 . 2009-04-15 20:37 -------- d-----w- c:\program files\ATI Technologies
2009-09-21 15:17 . 2009-04-15 20:40 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-09-20 17:07 . 2009-05-21 09:36 -------- d-----w- c:\program files\Java
2009-09-04 15:44 . 2009-05-27 12:33 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-08-17 16:10 . 2009-04-15 21:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-04-15 21:10 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-04-15 21:10 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-04-15 21:10 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-04-15 21:10 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-04-15 21:10 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-04-15 21:10 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-04-15 21:10 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-04-15 21:10 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-14 04:27 . 2008-06-03 06:20 4485632 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-08-14 02:28 . 2009-04-15 20:37 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-08-14 02:27 . 2008-06-03 03:21 345600 ----a-w- c:\windows\system32\ati2dvag.dll
2009-08-14 02:10 . 2008-06-03 03:11 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-08-14 02:10 . 2008-06-03 03:11 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-08-14 02:09 . 2008-06-03 03:11 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-08-14 02:09 . 2008-06-03 03:11 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-08-14 02:09 . 2008-06-03 03:11 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-08-14 02:08 . 2008-06-03 03:09 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-08-14 02:06 . 2008-06-03 03:08 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-08-14 02:00 . 2009-04-15 20:37 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-08-14 01:58 . 2008-06-03 02:59 3492576 ----a-w- c:\windows\system32\ati3duag.dll
2009-08-14 01:47 . 2009-03-16 20:04 12959744 ----a-w- c:\windows\system32\atioglxx.dll
2009-08-14 01:42 . 2008-06-03 02:48 2081920 ----a-w- c:\windows\system32\ativvaxx.dll
2009-08-14 01:42 . 2009-04-15 20:37 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-08-14 01:42 . 2009-04-15 20:37 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-08-14 01:25 . 2009-03-16 19:40 49664 ----a-w- c:\windows\system32\atimpc32.dll
2009-08-14 01:25 . 2008-06-03 02:33 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2009-08-14 01:21 . 2008-06-03 02:29 561152 ----a-w- c:\windows\system32\atikvmag.dll
2009-08-14 01:21 . 2009-03-16 19:35 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-08-14 01:20 . 2009-03-16 19:34 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-08-14 01:19 . 2009-03-16 19:33 3469312 ----a-w- c:\windows\system32\aticaldd.dll
2009-08-14 01:19 . 2008-06-03 02:28 163840 ----a-w- c:\windows\system32\atiadlxx.dll
2009-08-14 01:18 . 2008-06-03 02:28 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-08-14 01:17 . 2008-06-03 02:27 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-08-14 01:17 . 2008-06-03 03:04 376832 ----a-w- c:\windows\system32\atiok3x2.dll
2009-08-14 01:12 . 2008-06-03 02:21 614400 ----a-w- c:\windows\system32\ati2cqag.dll
2009-08-13 19:05 . 2009-04-15 20:37 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-08-08 19:33 . 2009-06-22 18:45 1328 ----a-w- c:\windows\desctemp.dat
2009-08-05 09:01 . 2008-04-14 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:36 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:36 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-25 03:23 . 2009-05-21 09:36 411368 -c--a-w- c:\windows\system32\deploytk.dll
2009-07-20 07:34 . 2009-07-20 07:34 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-07-17 19:04 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 15:09 . 2009-04-15 20:37 197654 ----a-w- c:\windows\system32\atiicdxx.dat
2009-07-13 21:43 . 2008-04-14 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-10-05_13.30.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-05 13:34 . 2009-10-05 13:34 16384 c:\windows\Temp\Perflib_Perfdata_628.dat
+ 2008-04-14 12:00 . 2009-10-05 13:38 67312 c:\windows\system32\perfc009.dat
- 2008-04-14 12:00 . 2009-10-05 09:18 67312 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2009-10-05 13:38 432356 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2009-10-05 09:18 432356 c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"QIP2005"="c:\program files\QIP\qip.exe" [2009-02-12 3276288]
"Fraps"="c:\program files\FRAPS\FRAPS.EXE" [2009-01-03 1031848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2006-02-17 163840]
"HotKey"="c:\program files\HotKey\hotkey.exe" [2006-03-07 81920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-08 524288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-03 16876032]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2008-06-18 77824]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\alcwzrd.exe [2008-06-19 2808832]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\JHA\Nabˇdka Start\Programy\Po spuçtŘnˇ\
system32.lnk - c:\windows\winapp\ssh.exe [2009-9-24 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\KN_StrongDC\\StrongDC.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15.4.2009 23:10 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15.4.2009 23:10 20560]
S2 SSPORT;SSPORT; [x]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.kn.vutbr.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\JHA\Data aplikací\Mozilla\Firefox\Profiles\7jq4ra04.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.vutbr.cz/
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-05 15:45
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2768)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2009-10-05 15:46
ComboFix-quarantined-files.txt 2009-10-05 13:46
ComboFix2.txt 2009-10-05 13:31
Před spuštěním: Volných bajtů: 23 587 364 864
Po spuštění: Volných bajtů: 23 552 733 184
172 --- E O F --- 2009-09-20 19:42
Log Hijack
Logfile of HijackThis v1.99.1
Scan saved at 16:42:26, on 5.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\HotKey\hotkey.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QIP\qip.exe
C:\PROGRAM FILES\FRAPS\FRAPS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\HotKey\OSD.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MATLAB\R2006a\webserver\bin\win32\matlabserver.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\PROGRA~1\Opera\opera.exe
C:\PROGRA~1\MOZILL~1\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Documents and Settings\JHA\Plocha\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kn.vutbr.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [HotKey] C:\Program Files\HotKey\hotkey.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Fraps] C:\PROGRAM FILES\FRAPS\FRAPS.EXE
O4 - Startup: system32.lnk = C:\WINDOWS\winapp\ssh.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program Files\MATLAB\R2006a\webserver\bin\win32\matlabserver.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
virus Trojan Vyřešeno
Re: virus Trojan
Ahoj.
Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:
Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.
Program script spracuje a spravi novy log.
Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.
A malo by byt po probleme
Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:
Kód: Vybrat vše
KillAll::
Registry::
c:\documents and settings\JHA\Nabídka Start\Programy\Po spuštění\system32.lnk
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
File::
c:\windows\winapp\ssh.exeUloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.
Program script spracuje a spravi novy log.
Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.
A malo by byt po probleme
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Re: virus Trojan
Dobrý den,udělal jsem,jak jste poradil.Počítač normálně nyní naběhne,jen při nabíhání mi vyskočí hláška Soubor: ssh.exe.vir nelze otevřít, jinak vše ok.
Log z Combofix:
ComboFix 09-10-04.01 - JHA 07.10.2009 18:09.3.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2685 [GMT 2:00]
Spuštěný z: c:\documents and settings\JHA\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\JHA\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1356 [VPS 091006-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\windows\winapp\ssh.exe"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\winapp\ssh.exe
c:\windows\WINPROD.DLL
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_WINDRIVER
-------\Service_WinDriver
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-07 do 2009-10-07 )))))))))))))))))))))))))))))))
.
2009-10-07 13:20 . 2009-10-07 13:57 -------- d-----w- C:\Temp
2009-10-06 17:29 . 2009-10-06 17:33 -------- d-----w- c:\program files\CCleaner
2009-10-05 16:34 . 2009-10-05 16:32 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-05 16:32 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-05 16:31 . 2009-10-05 16:31 -------- d-----w- c:\program files\Lavasoft
2009-10-05 16:28 . 2007-10-04 15:42 166912 ----a-w- c:\windows\system32\drivers\windrvr6.sys
2009-10-05 16:27 . 2009-10-05 16:27 -------- d-----w- c:\program files\Common Files\Freescale
2009-10-05 16:23 . 2009-10-05 16:23 -------- d-----w- c:\program files\Freescale
2009-10-05 13:31 . 2009-10-05 13:31 -------- d-sh--w- c:\documents and settings\JHA\PrivacIE
2009-09-29 11:29 . 2009-10-05 09:14 -------- d-----w- c:\program files\Trojan Remover
2009-09-24 18:43 . 2009-09-24 18:43 -------- d-sh--w- c:\documents and settings\JHA\IECompatCache
2009-09-24 18:26 . 2009-10-07 16:14 -------- d-----w- c:\windows\winapp
2009-09-24 18:26 . 2009-09-24 18:26 -------- d-----w- c:\program files\Electronic Arts
2009-09-21 06:08 . 2009-09-04 15:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-21 06:08 . 2009-09-04 15:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-21 06:08 . 2009-09-04 15:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-21 06:08 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-21 06:08 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-21 06:08 . 2009-09-04 15:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-21 06:08 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-20 16:58 . 2009-09-20 16:58 -------- d-sh--w- c:\documents and settings\JHA\IETldCache
2009-09-20 16:26 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-09-20 16:26 . 2009-09-20 19:41 -------- d-----w- c:\windows\ie8updates
2009-09-20 16:26 . 2009-07-03 16:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-09-20 16:26 . 2009-07-03 16:59 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-20 16:25 . 2009-09-20 16:26 -------- dc-h--w- c:\windows\ie8
2009-09-20 15:30 . 2009-09-20 15:30 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-20 15:30 . 2009-09-20 15:30 -------- d-----w- c:\windows\system32\AGEIA
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-07 16:16 . 2009-04-15 21:42 -------- d-----w- c:\program files\Fraps
2009-10-07 14:42 . 2009-04-15 21:18 -------- d-----w- c:\program files\Opera
2009-10-06 06:10 . 2008-04-14 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2009-10-06 06:10 . 2008-04-14 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2009-10-05 20:27 . 2009-04-16 06:32 -------- d-----w- c:\program files\KN_StrongDC
2009-10-05 16:21 . 2009-04-15 20:36 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-05 13:48 . 2009-04-16 06:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-21 15:17 . 2009-04-15 20:37 -------- d-----w- c:\program files\ATI Technologies
2009-09-21 15:17 . 2009-04-15 20:40 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-09-20 17:07 . 2009-05-21 09:36 -------- d-----w- c:\program files\Java
2009-09-15 10:59 . 2009-04-15 21:10 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 10:56 . 2009-04-15 21:10 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-15 10:56 . 2009-04-15 21:10 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-15 10:55 . 2009-04-15 21:10 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 10:55 . 2009-04-15 21:10 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 10:54 . 2009-04-15 21:10 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 10:54 . 2009-04-15 21:10 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 10:53 . 2009-04-15 21:10 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-15 10:53 . 2009-04-15 21:10 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-10 12:54 . 2009-04-16 06:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-04-16 06:27 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 15:44 . 2009-05-27 12:33 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-08-14 04:27 . 2008-06-03 06:20 4485632 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-08-14 02:28 . 2009-04-15 20:37 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-08-14 02:27 . 2008-06-03 03:21 345600 ----a-w- c:\windows\system32\ati2dvag.dll
2009-08-14 02:10 . 2008-06-03 03:11 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-08-14 02:10 . 2008-06-03 03:11 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-08-14 02:09 . 2008-06-03 03:11 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-08-14 02:09 . 2008-06-03 03:11 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-08-14 02:09 . 2008-06-03 03:11 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-08-14 02:08 . 2008-06-03 03:09 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-08-14 02:06 . 2008-06-03 03:08 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-08-14 02:00 . 2009-04-15 20:37 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-08-14 01:58 . 2008-06-03 02:59 3492576 ----a-w- c:\windows\system32\ati3duag.dll
2009-08-14 01:47 . 2009-03-16 20:04 12959744 ----a-w- c:\windows\system32\atioglxx.dll
2009-08-14 01:42 . 2008-06-03 02:48 2081920 ----a-w- c:\windows\system32\ativvaxx.dll
2009-08-14 01:42 . 2009-04-15 20:37 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-08-14 01:42 . 2009-04-15 20:37 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-08-14 01:25 . 2009-03-16 19:40 49664 ----a-w- c:\windows\system32\atimpc32.dll
2009-08-14 01:25 . 2008-06-03 02:33 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2009-08-14 01:21 . 2008-06-03 02:29 561152 ----a-w- c:\windows\system32\atikvmag.dll
2009-08-14 01:21 . 2009-03-16 19:35 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-08-14 01:20 . 2009-03-16 19:34 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-08-14 01:19 . 2009-03-16 19:33 3469312 ----a-w- c:\windows\system32\aticaldd.dll
2009-08-14 01:19 . 2008-06-03 02:28 163840 ----a-w- c:\windows\system32\atiadlxx.dll
2009-08-14 01:18 . 2008-06-03 02:28 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-08-14 01:17 . 2008-06-03 02:27 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-08-14 01:17 . 2008-06-03 03:04 376832 ----a-w- c:\windows\system32\atiok3x2.dll
2009-08-14 01:12 . 2008-06-03 02:21 614400 ----a-w- c:\windows\system32\ati2cqag.dll
2009-08-13 19:05 . 2009-04-15 20:37 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-08-08 19:33 . 2009-06-22 18:45 1328 ----a-w- c:\windows\desctemp.dat
2009-08-05 09:01 . 2008-04-14 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:36 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:36 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-25 03:23 . 2009-05-21 09:36 411368 -c--a-w- c:\windows\system32\deploytk.dll
2009-07-20 07:34 . 2009-07-20 07:34 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-07-17 19:04 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 15:09 . 2009-04-15 20:37 197654 ----a-w- c:\windows\system32\atiicdxx.dat
2009-07-13 21:43 . 2008-04-14 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"QIP2005"="c:\program files\QIP\qip.exe" [2009-02-12 3276288]
"Fraps"="c:\program files\FRAPS\FRAPS.EXE" [2009-01-03 1031848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2006-02-17 163840]
"HotKey"="c:\program files\HotKey\hotkey.exe" [2006-03-07 81920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-08 524288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-03 16876032]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2008-06-18 77824]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\alcwzrd.exe [2008-06-19 2808832]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\JHA\Nabˇdka Start\Programy\Po spuçtŘnˇ\
system32.lnk - c:\qoobox\Quarantine\C\WINDOWS\winapp\ssh.exe.vir [2009-9-24 28672]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\KN_StrongDC\\StrongDC.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5.10.2009 18:32 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15.4.2009 23:10 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15.4.2009 23:10 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3.7.2009 16:49 1028432]
S2 SSPORT;SSPORT; [x]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-10-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 16:32]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.kn.vutbr.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\JHA\Data aplikací\Mozilla\Firefox\Profiles\7jq4ra04.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.vutbr.cz/
FF - plugin: c:\progra~1\MOZILL~1\plugins\np-mswmp.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npdeploytk.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npnul32.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\NPOFFICE.DLL
FF - plugin: c:\progra~1\MOZILL~1\plugins\nppdf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-07 18:16
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(868)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1108)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Celkový čas: 2009-10-07 18:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-10-07 16:21
Před spuštěním: Volných bajtů: 23 301 050 368
Po spuštění: Volných bajtů: 23 502 274 560
216 --- E O F --- 2009-09-20 19:42
Log z Combofix:
ComboFix 09-10-04.01 - JHA 07.10.2009 18:09.3.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2685 [GMT 2:00]
Spuštěný z: c:\documents and settings\JHA\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\JHA\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1356 [VPS 091006-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\windows\winapp\ssh.exe"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\winapp\ssh.exe
c:\windows\WINPROD.DLL
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_WINDRIVER
-------\Service_WinDriver
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-07 do 2009-10-07 )))))))))))))))))))))))))))))))
.
2009-10-07 13:20 . 2009-10-07 13:57 -------- d-----w- C:\Temp
2009-10-06 17:29 . 2009-10-06 17:33 -------- d-----w- c:\program files\CCleaner
2009-10-05 16:34 . 2009-10-05 16:32 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-05 16:32 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-05 16:31 . 2009-10-05 16:31 -------- d-----w- c:\program files\Lavasoft
2009-10-05 16:28 . 2007-10-04 15:42 166912 ----a-w- c:\windows\system32\drivers\windrvr6.sys
2009-10-05 16:27 . 2009-10-05 16:27 -------- d-----w- c:\program files\Common Files\Freescale
2009-10-05 16:23 . 2009-10-05 16:23 -------- d-----w- c:\program files\Freescale
2009-10-05 13:31 . 2009-10-05 13:31 -------- d-sh--w- c:\documents and settings\JHA\PrivacIE
2009-09-29 11:29 . 2009-10-05 09:14 -------- d-----w- c:\program files\Trojan Remover
2009-09-24 18:43 . 2009-09-24 18:43 -------- d-sh--w- c:\documents and settings\JHA\IECompatCache
2009-09-24 18:26 . 2009-10-07 16:14 -------- d-----w- c:\windows\winapp
2009-09-24 18:26 . 2009-09-24 18:26 -------- d-----w- c:\program files\Electronic Arts
2009-09-21 06:08 . 2009-09-04 15:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-21 06:08 . 2009-09-04 15:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-21 06:08 . 2009-09-04 15:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-21 06:08 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-21 06:08 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-21 06:08 . 2009-09-04 15:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-21 06:08 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-20 16:58 . 2009-09-20 16:58 -------- d-sh--w- c:\documents and settings\JHA\IETldCache
2009-09-20 16:26 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-09-20 16:26 . 2009-09-20 19:41 -------- d-----w- c:\windows\ie8updates
2009-09-20 16:26 . 2009-07-03 16:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-09-20 16:26 . 2009-07-03 16:59 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-20 16:25 . 2009-09-20 16:26 -------- dc-h--w- c:\windows\ie8
2009-09-20 15:30 . 2009-09-20 15:30 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-20 15:30 . 2009-09-20 15:30 -------- d-----w- c:\windows\system32\AGEIA
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-07 16:16 . 2009-04-15 21:42 -------- d-----w- c:\program files\Fraps
2009-10-07 14:42 . 2009-04-15 21:18 -------- d-----w- c:\program files\Opera
2009-10-06 06:10 . 2008-04-14 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2009-10-06 06:10 . 2008-04-14 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2009-10-05 20:27 . 2009-04-16 06:32 -------- d-----w- c:\program files\KN_StrongDC
2009-10-05 16:21 . 2009-04-15 20:36 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-05 13:48 . 2009-04-16 06:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-21 15:17 . 2009-04-15 20:37 -------- d-----w- c:\program files\ATI Technologies
2009-09-21 15:17 . 2009-04-15 20:40 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-09-20 17:07 . 2009-05-21 09:36 -------- d-----w- c:\program files\Java
2009-09-15 10:59 . 2009-04-15 21:10 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 10:56 . 2009-04-15 21:10 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-15 10:56 . 2009-04-15 21:10 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-15 10:55 . 2009-04-15 21:10 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 10:55 . 2009-04-15 21:10 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 10:54 . 2009-04-15 21:10 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 10:54 . 2009-04-15 21:10 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 10:53 . 2009-04-15 21:10 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-15 10:53 . 2009-04-15 21:10 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-10 12:54 . 2009-04-16 06:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-04-16 06:27 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 15:44 . 2009-05-27 12:33 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-08-14 04:27 . 2008-06-03 06:20 4485632 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-08-14 02:28 . 2009-04-15 20:37 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-08-14 02:27 . 2008-06-03 03:21 345600 ----a-w- c:\windows\system32\ati2dvag.dll
2009-08-14 02:10 . 2008-06-03 03:11 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-08-14 02:10 . 2008-06-03 03:11 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-08-14 02:09 . 2008-06-03 03:11 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-08-14 02:09 . 2008-06-03 03:11 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-08-14 02:09 . 2008-06-03 03:11 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-08-14 02:08 . 2008-06-03 03:09 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-08-14 02:06 . 2008-06-03 03:08 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-08-14 02:00 . 2009-04-15 20:37 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-08-14 01:58 . 2008-06-03 02:59 3492576 ----a-w- c:\windows\system32\ati3duag.dll
2009-08-14 01:47 . 2009-03-16 20:04 12959744 ----a-w- c:\windows\system32\atioglxx.dll
2009-08-14 01:42 . 2008-06-03 02:48 2081920 ----a-w- c:\windows\system32\ativvaxx.dll
2009-08-14 01:42 . 2009-04-15 20:37 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-08-14 01:42 . 2009-04-15 20:37 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-08-14 01:25 . 2009-03-16 19:40 49664 ----a-w- c:\windows\system32\atimpc32.dll
2009-08-14 01:25 . 2008-06-03 02:33 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2009-08-14 01:21 . 2008-06-03 02:29 561152 ----a-w- c:\windows\system32\atikvmag.dll
2009-08-14 01:21 . 2009-03-16 19:35 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-08-14 01:20 . 2009-03-16 19:34 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-08-14 01:19 . 2009-03-16 19:33 3469312 ----a-w- c:\windows\system32\aticaldd.dll
2009-08-14 01:19 . 2008-06-03 02:28 163840 ----a-w- c:\windows\system32\atiadlxx.dll
2009-08-14 01:18 . 2008-06-03 02:28 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-08-14 01:17 . 2008-06-03 02:27 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-08-14 01:17 . 2008-06-03 03:04 376832 ----a-w- c:\windows\system32\atiok3x2.dll
2009-08-14 01:12 . 2008-06-03 02:21 614400 ----a-w- c:\windows\system32\ati2cqag.dll
2009-08-13 19:05 . 2009-04-15 20:37 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-08-08 19:33 . 2009-06-22 18:45 1328 ----a-w- c:\windows\desctemp.dat
2009-08-05 09:01 . 2008-04-14 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:36 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:36 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-25 03:23 . 2009-05-21 09:36 411368 -c--a-w- c:\windows\system32\deploytk.dll
2009-07-20 07:34 . 2009-07-20 07:34 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-07-17 19:04 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 15:09 . 2009-04-15 20:37 197654 ----a-w- c:\windows\system32\atiicdxx.dat
2009-07-13 21:43 . 2008-04-14 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"QIP2005"="c:\program files\QIP\qip.exe" [2009-02-12 3276288]
"Fraps"="c:\program files\FRAPS\FRAPS.EXE" [2009-01-03 1031848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2006-02-17 163840]
"HotKey"="c:\program files\HotKey\hotkey.exe" [2006-03-07 81920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-08 524288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-03 16876032]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2008-06-18 77824]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\alcwzrd.exe [2008-06-19 2808832]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\JHA\Nabˇdka Start\Programy\Po spuçtŘnˇ\
system32.lnk - c:\qoobox\Quarantine\C\WINDOWS\winapp\ssh.exe.vir [2009-9-24 28672]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\KN_StrongDC\\StrongDC.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5.10.2009 18:32 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15.4.2009 23:10 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15.4.2009 23:10 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3.7.2009 16:49 1028432]
S2 SSPORT;SSPORT; [x]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-10-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 16:32]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.kn.vutbr.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\JHA\Data aplikací\Mozilla\Firefox\Profiles\7jq4ra04.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.vutbr.cz/
FF - plugin: c:\progra~1\MOZILL~1\plugins\np-mswmp.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npdeploytk.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npnul32.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\NPOFFICE.DLL
FF - plugin: c:\progra~1\MOZILL~1\plugins\nppdf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-07 18:16
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(868)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1108)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Celkový čas: 2009-10-07 18:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-10-07 16:21
Před spuštěním: Volných bajtů: 23 301 050 368
Po spuštění: Volných bajtů: 23 502 274 560
216 --- E O F --- 2009-09-20 19:42
Re: virus Trojan
Super.
1) Docistime to:
2) Vloz log z HJT.
V pripade nezrovnalosti sa tu nachadza navod.
1) Docistime to:
- Odinstaluj Combofix:
Start -> Spustit -> (napis) combofix /u
- Pouzi T-Cleaner (ak by ho antivirus hlasil ako smejda, nic sa netreba bat, ide len o paranoju AV programu).
- Precisti PC CCleanerom (vratane registrov).
- Pouzi TFC (spust program a klikni na "Start". Pozor, PC moze byt restartovane).
2) Vloz log z HJT.
V pripade nezrovnalosti sa tu nachadza navod.
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Re: virus Trojan
Udělal jsem vše podle vašeho návodu,nyní už se zdí být vše ok. Pro kontrolu posílám log. Děkuji
Logfile of HijackThis v1.99.1
Scan saved at 19:16:02, on 7.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\HotKey\hotkey.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QIP\qip.exe
C:\PROGRAM FILES\FRAPS\FRAPS.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MATLAB\R2006a\webserver\bin\win32\matlabserver.exe
C:\PROGRA~1\HotKey\OSD.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Opera\opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\JHA\Plocha\HijackThis.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kn.vutbr.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [HotKey] C:\Program Files\HotKey\hotkey.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKCU\..\Run: [Fraps] C:\PROGRAM FILES\FRAPS\FRAPS.EXE
O4 - Startup: system32.lnk = C:\Qoobox\Quarantine\C\WINDOWS\winapp\ssh.exe.vir
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program Files\MATLAB\R2006a\webserver\bin\win32\matlabserver.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
Logfile of HijackThis v1.99.1
Scan saved at 19:16:02, on 7.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\HotKey\hotkey.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QIP\qip.exe
C:\PROGRAM FILES\FRAPS\FRAPS.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MATLAB\R2006a\webserver\bin\win32\matlabserver.exe
C:\PROGRA~1\HotKey\OSD.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Opera\opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\JHA\Plocha\HijackThis.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kn.vutbr.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [HotKey] C:\Program Files\HotKey\hotkey.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKCU\..\Run: [Fraps] C:\PROGRAM FILES\FRAPS\FRAPS.EXE
O4 - Startup: system32.lnk = C:\Qoobox\Quarantine\C\WINDOWS\winapp\ssh.exe.vir
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program Files\MATLAB\R2006a\webserver\bin\win32\matlabserver.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
Re: virus Trojan
Udělal jsem vše podle vašeho návodu,nyní už se zdí být vše ok. Pro kontrolu posílám log. Děkuji
Logfile of HijackThis v1.99.1
Scan saved at 19:16:02, on 7.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\HotKey\hotkey.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QIP\qip.exe
C:\PROGRAM FILES\FRAPS\FRAPS.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MATLAB\R2006a\webserver\bin\win32\matlabserver.exe
C:\PROGRA~1\HotKey\OSD.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Opera\opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\JHA\Plocha\HijackThis.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kn.vutbr.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [HotKey] C:\Program Files\HotKey\hotkey.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKCU\..\Run: [Fraps] C:\PROGRAM FILES\FRAPS\FRAPS.EXE
O4 - Startup: system32.lnk = C:\Qoobox\Quarantine\C\WINDOWS\winapp\ssh.exe.vir
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program Files\MATLAB\R2006a\webserver\bin\win32\matlabserver.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
Logfile of HijackThis v1.99.1
Scan saved at 19:16:02, on 7.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\HotKey\hotkey.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QIP\qip.exe
C:\PROGRAM FILES\FRAPS\FRAPS.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MATLAB\R2006a\webserver\bin\win32\matlabserver.exe
C:\PROGRA~1\HotKey\OSD.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Opera\opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\JHA\Plocha\HijackThis.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kn.vutbr.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [HotKey] C:\Program Files\HotKey\hotkey.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKCU\..\Run: [Fraps] C:\PROGRAM FILES\FRAPS\FRAPS.EXE
O4 - Startup: system32.lnk = C:\Qoobox\Quarantine\C\WINDOWS\winapp\ssh.exe.vir
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program Files\MATLAB\R2006a\webserver\bin\win32\matlabserver.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
Re: virus Trojan
Omlouvám se za dvojnásobné poslání téhož příspěvku.
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 2 hosti