Ahoj, mám problém.
Asi před týdnem se mi do počítače dostal troyan, hlásí se jako troyan agent nebo double click. Podaždé se mi podaří najít všechny soubory, které infikoval, ale ne a ne najít souštějící soubor a pokud ho nějaký anti-spy najde, tak do prostě nesmaže. Už jsme zkusili skoro všechno. Vždycky se spustí samovolná instalace Security tool. Zkusili jsme Combo fix, avast, spy-bot, ad-aware, antimalwarebytes ale pokaždé se to znovu obnoví, zmizí plocha, prostě to klekne.
Zkpíruji ti sem texťák.
ComboFix 09-08-10.01 - Prdka 28.10.2009 14:29.5.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1015.298 [GMT 1:00]
Spuštěný z: c:\documents and settings\Danielka\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091027-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-28 do 2009-10-28 )))))))))))))))))))))))))))))))
.
2009-10-28 13:21 . 2008-04-14 12:00 152576 -c--a-w- c:\windows\system32\dllcache\bnts.dll
2009-10-28 13:18 . 2009-10-28 13:27 0 ----a-w- c:\windows\system32\w32apiw.dll
2009-10-28 13:16 . 2009-10-28 13:16 -------- d-----w- c:\program files\NKProds
2009-10-28 13:08 . 2009-10-28 13:12 -------- d-----w- c:\program files\Cookie Killer
2009-10-28 13:01 . 2009-10-28 13:01 -------- d-----w- c:\program files\Duplicate Cleaner
2009-10-28 10:47 . 2009-10-28 10:47 -------- d-----w- c:\program files\CCleaner
2009-10-28 10:35 . 2009-08-17 17:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-28 10:35 . 2009-08-17 17:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-28 10:34 . 2009-08-17 17:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-10-28 10:34 . 2009-08-17 17:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-28 10:34 . 2009-08-17 17:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-10-28 10:34 . 2009-08-17 17:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-10-28 10:34 . 2009-08-17 17:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-28 10:34 . 2009-08-17 17:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-28 10:34 . 2009-08-17 17:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-28 10:34 . 2009-10-28 10:34 -------- d-----w- c:\program files\Alwil Software
2009-10-27 20:48 . 2009-10-27 20:48 -------- d-----w- c:\program files\ESET
2009-10-27 16:55 . 2009-10-27 16:28 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-27 16:28 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-27 16:28 . 2009-10-27 16:28 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-27 16:22 . 2009-10-27 19:54 -------- d-----w- c:\program files\Google
2009-10-27 07:00 . 2009-10-27 07:00 58944 ----a-w- c:\windows\system32\restor32a.exe
2009-10-23 13:36 . 2009-10-23 13:36 18807 ----a-w- c:\program files\Common Files\tufiviqoh.dat
2009-10-23 13:36 . 2009-10-23 13:36 17903 ----a-w- c:\windows\yfyrowif.com
2009-10-23 13:36 . 2009-10-23 13:36 16729 ----a-w- c:\windows\kojipidar.com
2009-10-23 13:01 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-23 13:01 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-23 13:01 . 2009-10-23 13:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-23 12:47 . 2009-10-23 12:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-23 11:24 . 2009-10-23 11:24 18131 ----a-w- c:\program files\Common Files\ityvyj.dat
2009-10-23 11:16 . 2009-10-28 10:16 -------- d-----w- c:\program files\Avast4
2009-10-10 18:19 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-10-10 18:19 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-10-10 18:19 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-10-10 18:19 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-10-10 18:19 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-10 18:19 . 2009-10-10 18:19 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-10-03 17:16 . 2009-10-03 17:16 -------- d-----w- c:\windows\Hewlett-Packard
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-28 13:17 . 2009-02-04 14:53 83098 ----a-w- c:\windows\system32\perfc005.dat
2009-10-28 13:17 . 2009-02-04 14:53 438402 ----a-w- c:\windows\system32\perfh005.dat
2009-10-27 16:21 . 2009-04-25 23:20 -------- d-----w- c:\program files\Lavasoft
2009-10-27 16:11 . 2009-04-25 23:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-23 13:36 . 2009-10-23 13:36 18557 ----a-w- c:\program files\Common Files\cude.lib
2009-10-23 13:36 . 2009-10-23 13:36 15059 ----a-w- c:\program files\Common Files\awog.db
2009-10-03 17:16 . 2009-05-05 17:47 -------- d-----w- c:\program files\HP
2009-09-11 14:19 . 2009-02-04 14:53 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:05 . 2009-02-04 14:53 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:58 . 2009-02-04 14:53 916480 ------w- c:\windows\system32\wininet.dll
2009-08-27 18:42 . 2009-08-27 18:43 737280 ----a-w- c:\windows\iun6002.exe
2009-08-26 08:02 . 2009-02-04 14:53 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 17:24 . 2009-02-04 14:07 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2009-02-04 14:07 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2009-02-04 14:07 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2008-10-16 12:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2009-02-04 14:07 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2009-02-04 14:53 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2009-02-04 14:07 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2009-02-04 14:07 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2009-02-04 14:53 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:29 . 2008-04-14 08:06 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:29 . 2008-04-14 08:06 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2008-05-07 08:34 . 2009-02-04 17:29 15523560 ----a-w- c:\program files\U1 Setup.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-12 21898024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-12-04 114688]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-12-17 622592]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"sysgif32"="c:\windows\Temp\wpv241255703227.exe" [2009-10-28 23552]
"04812520"="c:\docume~1\ALLUSE~1\DATAAP~1\04812520\04812520.exe" [2009-10-28 1050660]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-09-18 16855040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Danielka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
zavupd32.exe [2008-4-14 17408]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-2-4 376832]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe rundll32.exe pqrs.tmo printer"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"restor32a"=c:\windows\system32\restor32a.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27.10.2009 17:28 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [28.10.2009 11:34 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.10.2009 11:34 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [4.2.2009 18:54 55136]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 12:17 1179232]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.4.2007 20:09 11032]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [4.2.2009 18:22 10752]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [4.2.2009 10:41 38400]
S2 gupdate1ca5721be0c60e0;Google Update Service (gupdate1ca5721be0c60e0);c:\program files\Google\Update\GoogleUpdate.exe [27.10.2009 17:22 133104]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\drivers\axtmvflt.sys [27.4.2009 18:41 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\drivers\axtmvmdm.sys [27.4.2009 18:41 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\drivers\axtmvprt.sys [27.4.2009 18:41 38784]
S3 fsssvc;Windows Live Zabezpečení rodiny;c:\program files\Windows Live\Family Safety\fsssvc.exe [8.12.2008 17:01 533344]
S3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [13.1.2009 12:31 25216]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-07-17 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]
2009-10-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:27]
2009-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-27 16:22]
2009-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-27 16:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-be ... canner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/200 ... ader55.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-28 14:31
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2009-10-28 14:33
ComboFix-quarantined-files.txt 2009-10-28 13:33
ComboFix2.txt 2009-10-28 10:32
Před spuštěním: Volných bajtů: 72 001 085 440
Po spuštění: Volných bajtů: 71 975 301 120
207 --- E O F --- 2009-10-14 11:08
spouštění security tool jako následek napadejí troyanem Vyřešeno
spouštění security tool jako následek napadejí troyanem
Naposledy upravil(a) jaja55 dne 28 říj 2009 14:37, celkem upraveno 1 x.
-
guest
- Pohlaví:
Re: spouštění security tool jako následek napadejí troyanem
Vítám Tě na PC-Help. Udělej log z Hijack This, vlož ho do příslušné sekce a požádej o kontrolu.
Re: spouštění security tool jako následek napadejí troyanem
A nestačí to jen z Combofixu?
Re: spouštění security tool jako následek napadejí troyanem
Tak tady posílám log z hijackthisu
ComboFix 09-08-10.01 - Prdka 28.10.2009 14:29.5.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1015.298 [GMT 1:00]
Spuštěný z: c:\documents and settings\Danielka\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091027-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-28 do 2009-10-28 )))))))))))))))))))))))))))))))
.
2009-10-28 13:21 . 2008-04-14 12:00 152576 -c--a-w- c:\windows\system32\dllcache\bnts.dll
2009-10-28 13:18 . 2009-10-28 13:27 0 ----a-w- c:\windows\system32\w32apiw.dll
2009-10-28 13:16 . 2009-10-28 13:16 -------- d-----w- c:\program files\NKProds
2009-10-28 13:08 . 2009-10-28 13:12 -------- d-----w- c:\program files\Cookie Killer
2009-10-28 13:01 . 2009-10-28 13:01 -------- d-----w- c:\program files\Duplicate Cleaner
2009-10-28 10:47 . 2009-10-28 10:47 -------- d-----w- c:\program files\CCleaner
2009-10-28 10:35 . 2009-08-17 17:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-28 10:35 . 2009-08-17 17:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-28 10:34 . 2009-08-17 17:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-10-28 10:34 . 2009-08-17 17:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-28 10:34 . 2009-08-17 17:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-10-28 10:34 . 2009-08-17 17:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-10-28 10:34 . 2009-08-17 17:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-28 10:34 . 2009-08-17 17:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-28 10:34 . 2009-08-17 17:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-28 10:34 . 2009-10-28 10:34 -------- d-----w- c:\program files\Alwil Software
2009-10-27 20:48 . 2009-10-27 20:48 -------- d-----w- c:\program files\ESET
2009-10-27 16:55 . 2009-10-27 16:28 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-27 16:28 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-27 16:28 . 2009-10-27 16:28 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-27 16:22 . 2009-10-27 19:54 -------- d-----w- c:\program files\Google
2009-10-27 07:00 . 2009-10-27 07:00 58944 ----a-w- c:\windows\system32\restor32a.exe
2009-10-23 13:36 . 2009-10-23 13:36 18807 ----a-w- c:\program files\Common Files\tufiviqoh.dat
2009-10-23 13:36 . 2009-10-23 13:36 17903 ----a-w- c:\windows\yfyrowif.com
2009-10-23 13:36 . 2009-10-23 13:36 16729 ----a-w- c:\windows\kojipidar.com
2009-10-23 13:01 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-23 13:01 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-23 13:01 . 2009-10-23 13:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-23 12:47 . 2009-10-23 12:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-23 11:24 . 2009-10-23 11:24 18131 ----a-w- c:\program files\Common Files\ityvyj.dat
2009-10-23 11:16 . 2009-10-28 10:16 -------- d-----w- c:\program files\Avast4
2009-10-10 18:19 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-10-10 18:19 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-10-10 18:19 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-10-10 18:19 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-10-10 18:19 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-10 18:19 . 2009-10-10 18:19 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-10-03 17:16 . 2009-10-03 17:16 -------- d-----w- c:\windows\Hewlett-Packard
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-28 13:17 . 2009-02-04 14:53 83098 ----a-w- c:\windows\system32\perfc005.dat
2009-10-28 13:17 . 2009-02-04 14:53 438402 ----a-w- c:\windows\system32\perfh005.dat
2009-10-27 16:21 . 2009-04-25 23:20 -------- d-----w- c:\program files\Lavasoft
2009-10-27 16:11 . 2009-04-25 23:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-23 13:36 . 2009-10-23 13:36 18557 ----a-w- c:\program files\Common Files\cude.lib
2009-10-23 13:36 . 2009-10-23 13:36 15059 ----a-w- c:\program files\Common Files\awog.db
2009-10-03 17:16 . 2009-05-05 17:47 -------- d-----w- c:\program files\HP
2009-09-11 14:19 . 2009-02-04 14:53 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:05 . 2009-02-04 14:53 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:58 . 2009-02-04 14:53 916480 ------w- c:\windows\system32\wininet.dll
2009-08-27 18:42 . 2009-08-27 18:43 737280 ----a-w- c:\windows\iun6002.exe
2009-08-26 08:02 . 2009-02-04 14:53 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 17:24 . 2009-02-04 14:07 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2009-02-04 14:07 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2009-02-04 14:07 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2008-10-16 12:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2009-02-04 14:07 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2009-02-04 14:53 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2009-02-04 14:07 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2009-02-04 14:07 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2009-02-04 14:53 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:29 . 2008-04-14 08:06 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:29 . 2008-04-14 08:06 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2008-05-07 08:34 . 2009-02-04 17:29 15523560 ----a-w- c:\program files\U1 Setup.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-12 21898024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-12-04 114688]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-12-17 622592]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"sysgif32"="c:\windows\Temp\wpv241255703227.exe" [2009-10-28 23552]
"04812520"="c:\docume~1\ALLUSE~1\DATAAP~1\04812520\04812520.exe" [2009-10-28 1050660]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-09-18 16855040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Danielka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
zavupd32.exe [2008-4-14 17408]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-2-4 376832]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe rundll32.exe pqrs.tmo printer"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"restor32a"=c:\windows\system32\restor32a.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27.10.2009 17:28 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [28.10.2009 11:34 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.10.2009 11:34 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [4.2.2009 18:54 55136]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 12:17 1179232]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.4.2007 20:09 11032]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [4.2.2009 18:22 10752]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [4.2.2009 10:41 38400]
S2 gupdate1ca5721be0c60e0;Google Update Service (gupdate1ca5721be0c60e0);c:\program files\Google\Update\GoogleUpdate.exe [27.10.2009 17:22 133104]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\drivers\axtmvflt.sys [27.4.2009 18:41 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\drivers\axtmvmdm.sys [27.4.2009 18:41 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\drivers\axtmvprt.sys [27.4.2009 18:41 38784]
S3 fsssvc;Windows Live Zabezpečení rodiny;c:\program files\Windows Live\Family Safety\fsssvc.exe [8.12.2008 17:01 533344]
S3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [13.1.2009 12:31 25216]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-07-17 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]
2009-10-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:27]
2009-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-27 16:22]
2009-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-27 16:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-be ... canner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/200 ... ader55.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-28 14:31
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2009-10-28 14:33
ComboFix-quarantined-files.txt 2009-10-28 13:33
ComboFix2.txt 2009-10-28 10:32
Před spuštěním: Volných bajtů: 72 001 085 440
Po spuštění: Volných bajtů: 71 975 301 120
207 --- E O F --- 2009-10-14 11:08
ComboFix 09-08-10.01 - Prdka 28.10.2009 14:29.5.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1015.298 [GMT 1:00]
Spuštěný z: c:\documents and settings\Danielka\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091027-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-28 do 2009-10-28 )))))))))))))))))))))))))))))))
.
2009-10-28 13:21 . 2008-04-14 12:00 152576 -c--a-w- c:\windows\system32\dllcache\bnts.dll
2009-10-28 13:18 . 2009-10-28 13:27 0 ----a-w- c:\windows\system32\w32apiw.dll
2009-10-28 13:16 . 2009-10-28 13:16 -------- d-----w- c:\program files\NKProds
2009-10-28 13:08 . 2009-10-28 13:12 -------- d-----w- c:\program files\Cookie Killer
2009-10-28 13:01 . 2009-10-28 13:01 -------- d-----w- c:\program files\Duplicate Cleaner
2009-10-28 10:47 . 2009-10-28 10:47 -------- d-----w- c:\program files\CCleaner
2009-10-28 10:35 . 2009-08-17 17:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-28 10:35 . 2009-08-17 17:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-28 10:34 . 2009-08-17 17:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-10-28 10:34 . 2009-08-17 17:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-28 10:34 . 2009-08-17 17:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-10-28 10:34 . 2009-08-17 17:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-10-28 10:34 . 2009-08-17 17:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-28 10:34 . 2009-08-17 17:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-28 10:34 . 2009-08-17 17:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-28 10:34 . 2009-10-28 10:34 -------- d-----w- c:\program files\Alwil Software
2009-10-27 20:48 . 2009-10-27 20:48 -------- d-----w- c:\program files\ESET
2009-10-27 16:55 . 2009-10-27 16:28 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-27 16:28 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-27 16:28 . 2009-10-27 16:28 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-27 16:22 . 2009-10-27 19:54 -------- d-----w- c:\program files\Google
2009-10-27 07:00 . 2009-10-27 07:00 58944 ----a-w- c:\windows\system32\restor32a.exe
2009-10-23 13:36 . 2009-10-23 13:36 18807 ----a-w- c:\program files\Common Files\tufiviqoh.dat
2009-10-23 13:36 . 2009-10-23 13:36 17903 ----a-w- c:\windows\yfyrowif.com
2009-10-23 13:36 . 2009-10-23 13:36 16729 ----a-w- c:\windows\kojipidar.com
2009-10-23 13:01 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-23 13:01 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-23 13:01 . 2009-10-23 13:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-23 12:47 . 2009-10-23 12:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-23 11:24 . 2009-10-23 11:24 18131 ----a-w- c:\program files\Common Files\ityvyj.dat
2009-10-23 11:16 . 2009-10-28 10:16 -------- d-----w- c:\program files\Avast4
2009-10-10 18:19 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-10-10 18:19 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-10-10 18:19 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-10-10 18:19 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-10-10 18:19 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-10 18:19 . 2009-10-10 18:19 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-10-03 17:16 . 2009-10-03 17:16 -------- d-----w- c:\windows\Hewlett-Packard
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-28 13:17 . 2009-02-04 14:53 83098 ----a-w- c:\windows\system32\perfc005.dat
2009-10-28 13:17 . 2009-02-04 14:53 438402 ----a-w- c:\windows\system32\perfh005.dat
2009-10-27 16:21 . 2009-04-25 23:20 -------- d-----w- c:\program files\Lavasoft
2009-10-27 16:11 . 2009-04-25 23:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-23 13:36 . 2009-10-23 13:36 18557 ----a-w- c:\program files\Common Files\cude.lib
2009-10-23 13:36 . 2009-10-23 13:36 15059 ----a-w- c:\program files\Common Files\awog.db
2009-10-03 17:16 . 2009-05-05 17:47 -------- d-----w- c:\program files\HP
2009-09-11 14:19 . 2009-02-04 14:53 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:05 . 2009-02-04 14:53 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:58 . 2009-02-04 14:53 916480 ------w- c:\windows\system32\wininet.dll
2009-08-27 18:42 . 2009-08-27 18:43 737280 ----a-w- c:\windows\iun6002.exe
2009-08-26 08:02 . 2009-02-04 14:53 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 17:24 . 2009-02-04 14:07 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2009-02-04 14:07 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2009-02-04 14:07 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2008-10-16 12:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2009-02-04 14:07 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2009-02-04 14:53 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2009-02-04 14:07 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2009-02-04 14:07 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2009-02-04 14:53 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:29 . 2008-04-14 08:06 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:29 . 2008-04-14 08:06 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2008-05-07 08:34 . 2009-02-04 17:29 15523560 ----a-w- c:\program files\U1 Setup.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-12 21898024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-12-04 114688]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-12-17 622592]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"sysgif32"="c:\windows\Temp\wpv241255703227.exe" [2009-10-28 23552]
"04812520"="c:\docume~1\ALLUSE~1\DATAAP~1\04812520\04812520.exe" [2009-10-28 1050660]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-09-18 16855040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Danielka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
zavupd32.exe [2008-4-14 17408]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-2-4 376832]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe rundll32.exe pqrs.tmo printer"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"restor32a"=c:\windows\system32\restor32a.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27.10.2009 17:28 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [28.10.2009 11:34 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.10.2009 11:34 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [4.2.2009 18:54 55136]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 12:17 1179232]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.4.2007 20:09 11032]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [4.2.2009 18:22 10752]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [4.2.2009 10:41 38400]
S2 gupdate1ca5721be0c60e0;Google Update Service (gupdate1ca5721be0c60e0);c:\program files\Google\Update\GoogleUpdate.exe [27.10.2009 17:22 133104]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\drivers\axtmvflt.sys [27.4.2009 18:41 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\drivers\axtmvmdm.sys [27.4.2009 18:41 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\drivers\axtmvprt.sys [27.4.2009 18:41 38784]
S3 fsssvc;Windows Live Zabezpečení rodiny;c:\program files\Windows Live\Family Safety\fsssvc.exe [8.12.2008 17:01 533344]
S3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [13.1.2009 12:31 25216]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-07-17 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]
2009-10-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:27]
2009-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-27 16:22]
2009-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-27 16:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-be ... canner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/200 ... ader55.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-28 14:31
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2009-10-28 14:33
ComboFix-quarantined-files.txt 2009-10-28 13:33
ComboFix2.txt 2009-10-28 10:32
Před spuštěním: Volných bajtů: 72 001 085 440
Po spuštění: Volných bajtů: 71 975 301 120
207 --- E O F --- 2009-10-14 11:08
-
MaxDamageCZ
- Level 2.5
- Příspěvky: 355
- Registrován: červenec 09
- Bydliště: Ostrava
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: spouštění security tool jako následek napadejí troyanem
to není hijackthis, co jsi poslal :-) to je zase combofix :-) zkopíruj ten log z HJT
AMD Athlon II X4 640 3.00Ghz Ram 4 GB, Win 7 64 bit, Grafika ATI Radeon HD 4600 series 1GB, HDD 600GB
Iphone 3g 16gb černý
Iphone 3g 16gb černý
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: spouštění security tool jako následek napadejí troyanem
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
Stáhni si program OTM (by OldTimer)
http://www.edisk.cz/stahni/07995/OTMove ... .39KB.html
a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE
- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.
Odinstaluj Malwarebytes' Anti-Malware
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
A ten HJT , jak píše MaxDamageCZ přede mnou sem vlož taky.
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
Stáhni si program OTM (by OldTimer)
http://www.edisk.cz/stahni/07995/OTMove ... .39KB.html
a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE
Kód: Vybrat vše
:Processes
explorer.exe
:Services
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sysgif32"=-
"04812520"=-
:Files
c:\windows\system32\restor32a.exe
c:\program files\Common Files\tufiviqoh.dat
c:\windows\yfyrowif.com
c:\windows\kojipidar.com
c:\program files\Common Files\ityvyj.dat
c:\windows\iun6002.exe
c:\windows\Temp\wpv241255703227.exe
c:\docume~1\ALLUSE~1\DATAAP~1\04812520\04812520.exe
c:\documents and settings\Danielka\Nabˇdka Start\Programy\Po spuçtŘnˇ\zavupd32.exe
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.
Odinstaluj Malwarebytes' Anti-Malware
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
A ten HJT , jak píše MaxDamageCZ přede mnou sem vlož taky.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: spouštění security tool jako následek napadejí troyanem
Tak zatím posílám log z OTM
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\sysgif32 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\04812520 deleted successfully.
========== FILES ==========
c:\windows\system32\restor32a.exe moved successfully.
c:\program files\Common Files\tufiviqoh.dat moved successfully.
c:\windows\yfyrowif.com moved successfully.
c:\windows\kojipidar.com moved successfully.
c:\program files\Common Files\ityvyj.dat moved successfully.
c:\windows\iun6002.exe moved successfully.
File/Folder c:\windows\Temp\wpv241255703227.exe not found.
File/Folder c:\docume~1\ALLUSE~1\DATAAP~1\04812520\04812520.exe not found.
File/Folder c:\documents and settings\Danielka\Nabˇdka Start\Programy\Po spuçtŘnˇ\zavupd32.exe not found.
========== COMMANDS ==========
File delete failed. C:\WINDOWS\TEMP\Perflib_Perfdata_618.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\TEMP\~DF42D.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\TEMP\~DF43A.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\TEMP\~DF503.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\TEMP\~DF50E.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\Q5B6PPC5\OTMoveIt.rar_376.39KB[2].html scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\N0D2QYUT\ads[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\6KEOIGVW\ads[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\6KEOIGVW\viewtopic[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\3UE93SCU\ads[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_618.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF42D.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF43A.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF43AA.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF503.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF50E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF5EB3.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DFE20C.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully
OTM by OldTimer - Version 2.1.0.1 log created on 10282009_160946
Files moved on Reboot...
File C:\WINDOWS\TEMP\Perflib_Perfdata_618.dat not found!
File C:\WINDOWS\TEMP\~DF42D.tmp not found!
File C:\WINDOWS\TEMP\~DF43A.tmp not found!
File C:\WINDOWS\TEMP\~DF503.tmp not found!
File C:\WINDOWS\TEMP\~DF50E.tmp not found!
C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\Q5B6PPC5\OTMoveIt.rar_376.39KB[2].html moved successfully.
C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\N0D2QYUT\ads[2].htm moved successfully.
C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\6KEOIGVW\ads[2].htm moved successfully.
C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\6KEOIGVW\viewtopic[1].htm moved successfully.
C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\3UE93SCU\ads[1].htm moved successfully.
C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File C:\WINDOWS\temp\~DF43AA.tmp not found!
File C:\WINDOWS\temp\~DF5EB3.tmp not found!
File C:\WINDOWS\temp\~DFE20C.tmp not found!
Registry entries deleted on Reboot...
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\sysgif32 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\04812520 deleted successfully.
========== FILES ==========
c:\windows\system32\restor32a.exe moved successfully.
c:\program files\Common Files\tufiviqoh.dat moved successfully.
c:\windows\yfyrowif.com moved successfully.
c:\windows\kojipidar.com moved successfully.
c:\program files\Common Files\ityvyj.dat moved successfully.
c:\windows\iun6002.exe moved successfully.
File/Folder c:\windows\Temp\wpv241255703227.exe not found.
File/Folder c:\docume~1\ALLUSE~1\DATAAP~1\04812520\04812520.exe not found.
File/Folder c:\documents and settings\Danielka\Nabˇdka Start\Programy\Po spuçtŘnˇ\zavupd32.exe not found.
========== COMMANDS ==========
File delete failed. C:\WINDOWS\TEMP\Perflib_Perfdata_618.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\TEMP\~DF42D.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\TEMP\~DF43A.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\TEMP\~DF503.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\TEMP\~DF50E.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\Q5B6PPC5\OTMoveIt.rar_376.39KB[2].html scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\N0D2QYUT\ads[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\6KEOIGVW\ads[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\6KEOIGVW\viewtopic[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\3UE93SCU\ads[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_618.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF42D.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF43A.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF43AA.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF503.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF50E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF5EB3.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DFE20C.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully
OTM by OldTimer - Version 2.1.0.1 log created on 10282009_160946
Files moved on Reboot...
File C:\WINDOWS\TEMP\Perflib_Perfdata_618.dat not found!
File C:\WINDOWS\TEMP\~DF42D.tmp not found!
File C:\WINDOWS\TEMP\~DF43A.tmp not found!
File C:\WINDOWS\TEMP\~DF503.tmp not found!
File C:\WINDOWS\TEMP\~DF50E.tmp not found!
C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\Q5B6PPC5\OTMoveIt.rar_376.39KB[2].html moved successfully.
C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\N0D2QYUT\ads[2].htm moved successfully.
C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\6KEOIGVW\ads[2].htm moved successfully.
C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\6KEOIGVW\viewtopic[1].htm moved successfully.
C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\3UE93SCU\ads[1].htm moved successfully.
C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File C:\WINDOWS\temp\~DF43AA.tmp not found!
File C:\WINDOWS\temp\~DF5EB3.tmp not found!
File C:\WINDOWS\temp\~DFE20C.tmp not found!
Registry entries deleted on Reboot...
Re: spouštění security tool jako následek napadejí troyanem
Tak tady log HJK:)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:16:15, on 28.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\4DZX0Q8G\mbam-setup[1].exe
C:\WINDOWS\TEMP\is-CNMIQ.tmp\mbam-setup[1].tmp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe pqrs.tmo printer
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: zavupd32.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-be ... canner.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Update Service (gupdate1ca5721be0c60e0) (gupdate1ca5721be0c60e0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 8791 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:16:15, on 28.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\4DZX0Q8G\mbam-setup[1].exe
C:\WINDOWS\TEMP\is-CNMIQ.tmp\mbam-setup[1].tmp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe pqrs.tmo printer
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: zavupd32.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-be ... canner.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Update Service (gupdate1ca5721be0c60e0) (gupdate1ca5721be0c60e0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 8791 bytes
Re: spouštění security tool jako následek napadejí troyanem
Tak poslední log z Malwarebytes Anti-Malware
Malwarebytes' Anti-Malware 1.41
Database version: 3047
Windows 5.1.2600 Service Pack 3
28.10.2009 16:27:01
mbam-log-2009-10-28 (16-26-50).txt
Scan type: Quick Scan
Objects scanned: 96168
Time elapsed: 7 minute(s), 32 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\lizkavd (Trojan.FakeAlert) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe pqrs.tmo printer) Good: (Explorer.exe) -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Danielka\Nabídka Start\Programy\Po spuštění\zavupd32.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\adexizo.reg (Rogue.AntiVirusPro) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\ihupyh.reg (Rogue.AntiVirusPro) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\ofugahoxoz.reg (Rogue.AntiVirusPro) -> No action taken.
C:\Documents and Settings\Danielka\Nabídka Start\Programy\Security Tool.LNK (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Danielka\Data aplikací\wiaserva.log (Malware.Trace) -> No action taken.
Malwarebytes' Anti-Malware 1.41
Database version: 3047
Windows 5.1.2600 Service Pack 3
28.10.2009 16:27:01
mbam-log-2009-10-28 (16-26-50).txt
Scan type: Quick Scan
Objects scanned: 96168
Time elapsed: 7 minute(s), 32 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\lizkavd (Trojan.FakeAlert) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe pqrs.tmo printer) Good: (Explorer.exe) -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Danielka\Nabídka Start\Programy\Po spuštění\zavupd32.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\adexizo.reg (Rogue.AntiVirusPro) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\ihupyh.reg (Rogue.AntiVirusPro) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\ofugahoxoz.reg (Rogue.AntiVirusPro) -> No action taken.
C:\Documents and Settings\Danielka\Nabídka Start\Programy\Security Tool.LNK (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Danielka\Data aplikací\wiaserva.log (Malware.Trace) -> No action taken.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: spouštění security tool jako následek napadejí troyanem
. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit log z MbAM.
Stáhni si Symantec FixVirut (spustit v nouz. režimu!)
Poté:
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Vypni rez. ochranu u Avastu+deaktivuj Spybot
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy se spuštěním , zkus ho v nouz. režimu.
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit log z MbAM.
Stáhni si Symantec FixVirut (spustit v nouz. režimu!)
Poté:
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Kód: Vybrat vše
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe pqrs.tmo printer
O4 - Startup: zavupd32.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
Vypni rez. ochranu u Avastu+deaktivuj Spybot
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy se spuštěním , zkus ho v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: spouštění security tool jako následek napadejí troyanem
Tak jsem bohuzel nenasel v HJT F2 a O4 jinak ostní 2 jsem v pohodě smazal
Jinak tady je log z Comba
ComboFix 09-10-27.08 - Prdka 28.10.2009 18:04.7.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1015.575 [GMT 1:00]
Spuštěný z: c:\documents and settings\Danielka\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091028-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikacˇ\tiryzu.vbs
c:\documents and settings\All Users\Data aplikacˇ\urunoxi.vbs
c:\documents and settings\Danielka\Data aplikacˇ\gyza.bat
c:\documents and settings\Danielka\Data aplikacˇ\imir.bat
c:\documents and settings\Danielka\Data aplikacˇ\ohuhatyxo.vbs
c:\documents and settings\Danielka\Data aplikacˇ\otagudov.inf
c:\documents and settings\Danielka\Data aplikacˇ\vafyfad.vbs
c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\edenuzijov.bat
c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\kydepavag.inf
c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\ycidolejy.bat
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-28 do 2009-10-28 )))))))))))))))))))))))))))))))
.
2009-10-28 16:51 . 2009-10-28 16:51 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-10-28 16:25 . 2009-10-28 16:25 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-10-28 16:24 . 2009-02-04 17:24 -------- d-----w- c:\documents and settings\Administrator\Bluetooth Software
2009-10-28 16:24 . 2009-02-08 21:26 -------- d-----r- c:\documents and settings\Administrator\Dokumenty
2009-10-28 16:24 . 2009-02-04 17:37 -------- d--h--r- c:\documents and settings\Administrator\Data aplikací
2009-10-28 16:23 . 2009-02-08 20:47 -------- d-----r- c:\documents and settings\Administrator\Oblíbené položky
2009-10-28 16:23 . 2009-02-04 17:29 -------- d-----w- c:\documents and settings\Administrator\Plocha
2009-10-28 16:23 . 2009-02-04 15:00 -------- d--h--w- c:\documents and settings\Administrator\Okolní tiskárny
2009-10-28 16:23 . 2009-02-04 15:00 -------- d--h--w- c:\documents and settings\Administrator\Okolní síť
2009-10-28 16:23 . 2009-02-04 15:00 -------- d-----r- c:\documents and settings\Administrator\Nabídka Start
2009-10-28 16:23 . 2009-02-04 14:06 -------- d--h--w- c:\documents and settings\Administrator\Šablony
2009-10-28 16:23 . 2009-10-28 16:51 -------- d-----w- c:\documents and settings\Administrator
2009-10-28 15:17 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-28 15:17 . 2009-10-28 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-28 15:17 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-28 15:09 . 2009-10-28 15:09 -------- d-----w- C:\_OTM
2009-10-28 15:04 . 2009-06-10 06:42 389632 ----a-w- C:\OTM.exe
2009-10-28 13:42 . 2009-10-28 13:42 -------- d-----w- c:\program files\Trend Micro
2009-10-28 13:21 . 2008-04-14 12:00 152576 -c--a-w- c:\windows\system32\dllcache\bnts.dll
2009-10-28 13:16 . 2009-10-28 13:16 -------- d-----w- c:\program files\NKProds
2009-10-28 13:08 . 2009-10-28 13:12 -------- d-----w- c:\program files\Cookie Killer
2009-10-28 13:01 . 2009-10-28 13:01 -------- d-----w- c:\program files\Duplicate Cleaner
2009-10-28 10:47 . 2009-10-28 10:47 -------- d-----w- c:\program files\CCleaner
2009-10-28 10:35 . 2009-08-17 17:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-28 10:35 . 2009-08-17 17:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-28 10:34 . 2009-08-17 17:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-10-28 10:34 . 2009-08-17 17:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-28 10:34 . 2009-08-17 17:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-10-28 10:34 . 2009-08-17 17:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-10-28 10:34 . 2009-08-17 17:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-28 10:34 . 2009-08-17 17:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-28 10:34 . 2009-08-17 17:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-28 10:34 . 2009-10-28 10:34 -------- d-----w- c:\program files\Alwil Software
2009-10-27 20:48 . 2009-10-27 20:48 -------- d-----w- c:\program files\ESET
2009-10-27 16:55 . 2009-10-27 16:28 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-27 16:28 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-27 16:28 . 2009-10-27 16:28 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-27 16:22 . 2009-10-27 19:54 -------- d-----w- c:\program files\Google
2009-10-23 12:47 . 2009-10-23 12:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-23 11:16 . 2009-10-28 10:16 -------- d-----w- c:\program files\Avast4
2009-10-10 18:19 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-10-10 18:19 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-10-10 18:19 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-10-10 18:19 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-10-10 18:19 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-10 18:19 . 2009-10-10 18:19 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-10-03 17:16 . 2009-10-03 17:16 -------- d-----w- c:\windows\Hewlett-Packard
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-28 17:01 . 2009-02-04 14:53 83098 ----a-w- c:\windows\system32\perfc005.dat
2009-10-28 17:01 . 2009-02-04 14:53 438402 ----a-w- c:\windows\system32\perfh005.dat
2009-10-27 16:21 . 2009-04-25 23:20 -------- d-----w- c:\program files\Lavasoft
2009-10-27 16:11 . 2009-04-25 23:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-23 13:36 . 2009-10-23 13:36 18557 ----a-w- c:\program files\Common Files\cude.lib
2009-10-23 13:36 . 2009-10-23 13:36 15059 ----a-w- c:\program files\Common Files\awog.db
2009-10-03 17:16 . 2009-05-05 17:47 -------- d-----w- c:\program files\HP
2009-09-11 14:19 . 2009-02-04 14:53 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:05 . 2009-02-04 14:53 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:58 . 2009-02-04 14:53 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:02 . 2009-02-04 14:53 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 17:24 . 2009-02-04 14:07 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2009-02-04 14:07 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2009-02-04 14:07 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2008-10-16 12:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2009-02-04 14:07 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2009-02-04 14:53 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2009-02-04 14:07 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2009-02-04 14:07 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2009-02-04 14:53 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:29 . 2008-04-14 08:06 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:29 . 2008-04-14 08:06 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2008-05-07 08:34 . 2009-02-04 17:29 15523560 ----a-w- c:\program files\U1 Setup.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-12 21898024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-12-04 114688]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-12-17 622592]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-09-18 16855040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-2-4 376832]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"restor32a"=c:\windows\system32\restor32a.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27.10.2009 17:28 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [28.10.2009 11:34 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.10.2009 11:34 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [4.2.2009 18:54 55136]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.4.2007 20:09 11032]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [4.2.2009 18:22 10752]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [4.2.2009 10:41 38400]
S2 gupdate1ca5721be0c60e0;Google Update Service (gupdate1ca5721be0c60e0);c:\program files\Google\Update\GoogleUpdate.exe [27.10.2009 17:22 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 12:17 1179232]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\drivers\axtmvflt.sys [27.4.2009 18:41 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\drivers\axtmvmdm.sys [27.4.2009 18:41 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\drivers\axtmvprt.sys [27.4.2009 18:41 38784]
S3 fsssvc;Windows Live Zabezpečení rodiny;c:\program files\Windows Live\Family Safety\fsssvc.exe [8.12.2008 17:01 533344]
S3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [13.1.2009 12:31 25216]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - mbr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2009-07-17 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]
2009-10-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:27]
2009-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-27 16:22]
2009-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-27 16:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-be ... canner.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-28 18:10
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2009-10-28 18:12
ComboFix-quarantined-files.txt 2009-10-28 17:12
Před spuštěním: Volných bajtů: 72 354 762 752
Po spuštění: Volných bajtů: 72 327 413 760
- - End Of File - - 3FA3DE81CA21BCB1954FDF1126884710
Jinak tady je log z Comba
ComboFix 09-10-27.08 - Prdka 28.10.2009 18:04.7.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1015.575 [GMT 1:00]
Spuštěný z: c:\documents and settings\Danielka\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091028-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikacˇ\tiryzu.vbs
c:\documents and settings\All Users\Data aplikacˇ\urunoxi.vbs
c:\documents and settings\Danielka\Data aplikacˇ\gyza.bat
c:\documents and settings\Danielka\Data aplikacˇ\imir.bat
c:\documents and settings\Danielka\Data aplikacˇ\ohuhatyxo.vbs
c:\documents and settings\Danielka\Data aplikacˇ\otagudov.inf
c:\documents and settings\Danielka\Data aplikacˇ\vafyfad.vbs
c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\edenuzijov.bat
c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\kydepavag.inf
c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\ycidolejy.bat
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-28 do 2009-10-28 )))))))))))))))))))))))))))))))
.
2009-10-28 16:51 . 2009-10-28 16:51 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-10-28 16:25 . 2009-10-28 16:25 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-10-28 16:24 . 2009-02-04 17:24 -------- d-----w- c:\documents and settings\Administrator\Bluetooth Software
2009-10-28 16:24 . 2009-02-08 21:26 -------- d-----r- c:\documents and settings\Administrator\Dokumenty
2009-10-28 16:24 . 2009-02-04 17:37 -------- d--h--r- c:\documents and settings\Administrator\Data aplikací
2009-10-28 16:23 . 2009-02-08 20:47 -------- d-----r- c:\documents and settings\Administrator\Oblíbené položky
2009-10-28 16:23 . 2009-02-04 17:29 -------- d-----w- c:\documents and settings\Administrator\Plocha
2009-10-28 16:23 . 2009-02-04 15:00 -------- d--h--w- c:\documents and settings\Administrator\Okolní tiskárny
2009-10-28 16:23 . 2009-02-04 15:00 -------- d--h--w- c:\documents and settings\Administrator\Okolní síť
2009-10-28 16:23 . 2009-02-04 15:00 -------- d-----r- c:\documents and settings\Administrator\Nabídka Start
2009-10-28 16:23 . 2009-02-04 14:06 -------- d--h--w- c:\documents and settings\Administrator\Šablony
2009-10-28 16:23 . 2009-10-28 16:51 -------- d-----w- c:\documents and settings\Administrator
2009-10-28 15:17 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-28 15:17 . 2009-10-28 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-28 15:17 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-28 15:09 . 2009-10-28 15:09 -------- d-----w- C:\_OTM
2009-10-28 15:04 . 2009-06-10 06:42 389632 ----a-w- C:\OTM.exe
2009-10-28 13:42 . 2009-10-28 13:42 -------- d-----w- c:\program files\Trend Micro
2009-10-28 13:21 . 2008-04-14 12:00 152576 -c--a-w- c:\windows\system32\dllcache\bnts.dll
2009-10-28 13:16 . 2009-10-28 13:16 -------- d-----w- c:\program files\NKProds
2009-10-28 13:08 . 2009-10-28 13:12 -------- d-----w- c:\program files\Cookie Killer
2009-10-28 13:01 . 2009-10-28 13:01 -------- d-----w- c:\program files\Duplicate Cleaner
2009-10-28 10:47 . 2009-10-28 10:47 -------- d-----w- c:\program files\CCleaner
2009-10-28 10:35 . 2009-08-17 17:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-28 10:35 . 2009-08-17 17:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-28 10:34 . 2009-08-17 17:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-10-28 10:34 . 2009-08-17 17:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-28 10:34 . 2009-08-17 17:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-10-28 10:34 . 2009-08-17 17:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-10-28 10:34 . 2009-08-17 17:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-28 10:34 . 2009-08-17 17:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-28 10:34 . 2009-08-17 17:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-28 10:34 . 2009-10-28 10:34 -------- d-----w- c:\program files\Alwil Software
2009-10-27 20:48 . 2009-10-27 20:48 -------- d-----w- c:\program files\ESET
2009-10-27 16:55 . 2009-10-27 16:28 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-27 16:28 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-27 16:28 . 2009-10-27 16:28 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-27 16:22 . 2009-10-27 19:54 -------- d-----w- c:\program files\Google
2009-10-23 12:47 . 2009-10-23 12:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-23 11:16 . 2009-10-28 10:16 -------- d-----w- c:\program files\Avast4
2009-10-10 18:19 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-10-10 18:19 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-10-10 18:19 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-10-10 18:19 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-10-10 18:19 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-10 18:19 . 2009-10-10 18:19 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-10-03 17:16 . 2009-10-03 17:16 -------- d-----w- c:\windows\Hewlett-Packard
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-28 17:01 . 2009-02-04 14:53 83098 ----a-w- c:\windows\system32\perfc005.dat
2009-10-28 17:01 . 2009-02-04 14:53 438402 ----a-w- c:\windows\system32\perfh005.dat
2009-10-27 16:21 . 2009-04-25 23:20 -------- d-----w- c:\program files\Lavasoft
2009-10-27 16:11 . 2009-04-25 23:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-23 13:36 . 2009-10-23 13:36 18557 ----a-w- c:\program files\Common Files\cude.lib
2009-10-23 13:36 . 2009-10-23 13:36 15059 ----a-w- c:\program files\Common Files\awog.db
2009-10-03 17:16 . 2009-05-05 17:47 -------- d-----w- c:\program files\HP
2009-09-11 14:19 . 2009-02-04 14:53 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:05 . 2009-02-04 14:53 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:58 . 2009-02-04 14:53 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:02 . 2009-02-04 14:53 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 17:24 . 2009-02-04 14:07 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2009-02-04 14:07 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2009-02-04 14:07 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2008-10-16 12:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2009-02-04 14:07 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2009-02-04 14:53 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2009-02-04 14:07 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2009-02-04 14:07 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2009-02-04 14:53 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:29 . 2008-04-14 08:06 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:29 . 2008-04-14 08:06 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2008-05-07 08:34 . 2009-02-04 17:29 15523560 ----a-w- c:\program files\U1 Setup.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-12 21898024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-12-04 114688]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-12-17 622592]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-09-18 16855040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-2-4 376832]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"restor32a"=c:\windows\system32\restor32a.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27.10.2009 17:28 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [28.10.2009 11:34 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.10.2009 11:34 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [4.2.2009 18:54 55136]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.4.2007 20:09 11032]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [4.2.2009 18:22 10752]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [4.2.2009 10:41 38400]
S2 gupdate1ca5721be0c60e0;Google Update Service (gupdate1ca5721be0c60e0);c:\program files\Google\Update\GoogleUpdate.exe [27.10.2009 17:22 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 12:17 1179232]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\drivers\axtmvflt.sys [27.4.2009 18:41 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\drivers\axtmvmdm.sys [27.4.2009 18:41 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\drivers\axtmvprt.sys [27.4.2009 18:41 38784]
S3 fsssvc;Windows Live Zabezpečení rodiny;c:\program files\Windows Live\Family Safety\fsssvc.exe [8.12.2008 17:01 533344]
S3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [13.1.2009 12:31 25216]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - mbr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2009-07-17 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]
2009-10-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:27]
2009-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-27 16:22]
2009-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-27 16:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-be ... canner.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-28 18:10
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2009-10-28 18:12
ComboFix-quarantined-files.txt 2009-10-28 17:12
Před spuštěním: Volných bajtů: 72 354 762 752
Po spuštění: Volných bajtů: 72 327 413 760
- - End Of File - - 3FA3DE81CA21BCB1954FDF1126884710
Re: spouštění security tool jako následek napadejí troyanem
jeste jednou HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:30:52, on 28.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\igfxext.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-be ... canner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Update Service (gupdate1ca5721be0c60e0) (gupdate1ca5721be0c60e0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 7737 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:30:52, on 28.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\igfxext.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-be ... canner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Update Service (gupdate1ca5721be0c60e0) (gupdate1ca5721be0c60e0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 7737 bytes
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 2 hosti