Ahoj, bohužel Kaspersky Onlline scener nešel, nešla databáze
tady je log
ComboFix 09-10-28.08 - Prdka 29.10.2009 15:50.11.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1015.311 [GMT 1:00]
Spuštěný z: c:\documents and settings\Danielka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Danielka\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 091028-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\program files\U1 Setup.exe"
"c:\windows\temp\Perflib_Perfdata_574.dat"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikacˇ\tiryzu.vbs
c:\documents and settings\All Users\Data aplikacˇ\urunoxi.vbs
c:\documents and settings\Danielka\Data aplikacˇ\gyza.bat
c:\documents and settings\Danielka\Data aplikacˇ\imir.bat
c:\documents and settings\Danielka\Data aplikacˇ\ohuhatyxo.vbs
c:\documents and settings\Danielka\Data aplikacˇ\otagudov.inf
c:\documents and settings\Danielka\Data aplikacˇ\vafyfad.vbs
c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\edenuzijov.bat
c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\kydepavag.inf
c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\ycidolejy.bat
c:\program files\U1 Setup.exe
c:\windows\TEMP\install_flash_player.exe
c:\windows\temp\Perflib_Perfdata_574.dat . . . . nemohl být smazán
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-28 do 2009-10-29 )))))))))))))))))))))))))))))))
.
2009-10-29 14:12 . 2009-10-29 14:12 -------- d-----w- c:\windows\Sun
2009-10-29 14:12 . 2009-10-29 14:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-29 14:12 . 2009-10-29 14:12 -------- d-----w- c:\program files\Java
2009-10-28 19:42 . 2009-10-28 19:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-28 16:51 . 2009-10-28 16:51 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-10-28 16:25 . 2009-10-28 16:25 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-10-28 16:24 . 2009-02-04 17:24 -------- d-----w- c:\documents and settings\Administrator\Bluetooth Software
2009-10-28 16:24 . 2009-02-08 21:26 -------- d-----r- c:\documents and settings\Administrator\Dokumenty
2009-10-28 16:24 . 2009-02-04 17:37 -------- d--h--r- c:\documents and settings\Administrator\Data aplikací
2009-10-28 16:23 . 2009-02-08 20:47 -------- d-----r- c:\documents and settings\Administrator\Oblíbené položky
2009-10-28 16:23 . 2009-02-04 17:29 -------- d-----w- c:\documents and settings\Administrator\Plocha
2009-10-28 16:23 . 2009-02-04 15:00 -------- d--h--w- c:\documents and settings\Administrator\Okolní tiskárny
2009-10-28 16:23 . 2009-02-04 15:00 -------- d--h--w- c:\documents and settings\Administrator\Okolní síť
2009-10-28 16:23 . 2009-02-04 15:00 -------- d-----r- c:\documents and settings\Administrator\Nabídka Start
2009-10-28 16:23 . 2009-02-04 14:06 -------- d--h--w- c:\documents and settings\Administrator\Šablony
2009-10-28 16:23 . 2009-10-28 16:51 -------- d-----w- c:\documents and settings\Administrator
2009-10-28 15:17 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-28 15:17 . 2009-10-28 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-28 15:17 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-28 15:09 . 2009-10-28 15:09 -------- d-----w- C:\_OTM
2009-10-28 15:04 . 2009-06-10 06:42 389632 ----a-w- C:\OTM.exe
2009-10-28 13:42 . 2009-10-28 13:42 -------- d-----w- c:\program files\Trend Micro
2009-10-28 13:21 . 2008-04-14 12:00 152576 -c--a-w- c:\windows\system32\dllcache\bnts.dll
2009-10-28 13:16 . 2009-10-28 13:16 -------- d-----w- c:\program files\NKProds
2009-10-28 13:08 . 2009-10-28 13:12 -------- d-----w- c:\program files\Cookie Killer
2009-10-28 10:47 . 2009-10-28 10:47 -------- d-----w- c:\program files\CCleaner
2009-10-28 10:35 . 2009-08-17 17:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-28 10:35 . 2009-08-17 17:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-28 10:34 . 2009-08-17 17:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-10-28 10:34 . 2009-08-17 17:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-28 10:34 . 2009-08-17 17:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-10-28 10:34 . 2009-08-17 17:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-10-28 10:34 . 2009-08-17 17:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-28 10:34 . 2009-08-17 17:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-28 10:34 . 2009-08-17 17:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-28 10:34 . 2009-10-28 10:34 -------- d-----w- c:\program files\Alwil Software
2009-10-27 20:48 . 2009-10-27 20:48 -------- d-----w- c:\program files\ESET
2009-10-27 16:28 . 2009-10-27 16:28 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-27 16:22 . 2009-10-27 19:54 -------- d-----w- c:\program files\Google
2009-10-23 12:47 . 2009-10-23 12:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-23 11:16 . 2009-10-28 10:16 -------- d-----w- c:\program files\Avast4
2009-10-10 18:19 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-10-10 18:19 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-10-10 18:19 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-10-10 18:19 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-10-10 18:19 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-10 18:19 . 2009-10-10 18:19 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-10-03 17:16 . 2009-10-03 17:16 -------- d-----w- c:\windows\Hewlett-Packard
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-29 09:00 . 2009-02-04 14:53 83098 ----a-w- c:\windows\system32\perfc005.dat
2009-10-29 09:00 . 2009-02-04 14:53 438402 ----a-w- c:\windows\system32\perfh005.dat
2009-10-28 19:49 . 2009-04-25 23:20 -------- d-----w- c:\program files\Lavasoft
2009-10-28 19:41 . 2009-04-25 23:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-23 13:36 . 2009-10-23 13:36 18557 ----a-w- c:\program files\Common Files\cude.lib
2009-10-23 13:36 . 2009-10-23 13:36 15059 ----a-w- c:\program files\Common Files\awog.db
2009-10-03 17:16 . 2009-05-05 17:47 -------- d-----w- c:\program files\HP
2009-09-11 14:19 . 2009-02-04 14:53 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:05 . 2009-02-04 14:53 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:58 . 2009-02-04 14:53 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:02 . 2009-02-04 14:53 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 17:24 . 2009-02-04 14:07 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2009-02-04 14:07 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2009-02-04 14:07 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2008-10-16 12:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2009-02-04 14:07 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2009-02-04 14:53 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2009-02-04 14:07 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2009-02-04 14:07 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2009-02-04 14:53 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:29 . 2008-04-14 08:06 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:29 . 2008-04-14 08:06 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-10-28_17.11.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-29 15:00 . 2009-10-29 15:00 22263 c:\windows\temp\Turkish.bin
+ 2009-10-29 15:00 . 2009-10-29 15:00 16962 c:\windows\temp\TradChin.bin
+ 2009-10-29 15:00 . 2009-10-29 15:00 21987 c:\windows\temp\Thai.bin
+ 2009-10-29 15:00 . 2009-10-29 15:00 24099 c:\windows\temp\SWEDISH.bin
+ 2009-10-29 15:00 . 2009-10-29 15:00 27764 c:\windows\temp\Spanish.bin
+ 2009-10-29 15:00 . 2009-10-29 15:00 16420 c:\windows\temp\SimChin.bin
+ 2009-10-29 15:00 . 2009-10-29 15:00 26136 c:\windows\temp\Russian.bin
+ 2009-10-29 15:00 . 2009-10-29 15:00 26271 c:\windows\temp\Portuguese.bin
+ 2009-10-29 15:00 . 2009-10-29 15:00 25082 c:\windows\temp\Portuguese(Brazil).bin
+ 2009-10-29 15:00 . 2009-10-29 15:00 24232 c:\windows\temp\Polish.bin
+ 2009-10-29 14:59 . 2009-10-29 14:59 16384 c:\windows\temp\Perflib_Perfdata_7d8.dat
+ 2009-10-29 14:59 . 2009-10-29 14:59 16384 c:\windows\temp\Perflib_Perfdata_574.dat
+ 2009-10-29 15:00 . 2009-10-29 15:00 21975 c:\windows\temp\Norwegian.bin
+ 2009-10-29 15:00 . 2009-10-29 15:00 20145 c:\windows\temp\Korean.bin
+ 2009-10-29 15:00 . 2009-10-29 15:00 24340 c:\windows\temp\Japanese.bin
+ 2009-10-29 15:00 . 2009-10-29 15:00 27465 c:\windows\temp\Italian.bin
+ 2009-10-29 15:00 . 2009-10-29 15:00 26094 c:\windows\temp\Hungarian.bin
+ 2009-10-29 15:00 . 2009-10-29 15:00 19564 c:\windows\temp\Hebrew.bin
+ 2009-10-29 15:00 . 2009-10-29 15:00 25093 c:\windows\temp\Greek.bin
+ 2009-10-29 15:00 . 2009-10-29 15:00 25764 c:\windows\temp\German.bin
+ 2009-10-29 15:00 . 2009-10-29 15:00 27246 c:\windows\temp\French.bin
+ 2009-10-29 15:00 . 2009-10-29 15:00 22868 c:\windows\temp\Finnish.bin
+ 2009-10-29 15:00 . 2009-10-29 15:00 21944 c:\windows\temp\English.bin
+ 2009-10-29 15:00 . 2009-10-29 15:00 25758 c:\windows\temp\Dutch.bin
+ 2009-10-29 15:00 . 2009-10-29 15:00 22794 c:\windows\temp\Danish.bin
+ 2009-10-29 15:00 . 2009-10-29 15:00 24321 c:\windows\temp\Czech.bin
+ 2009-10-29 15:00 . 2009-10-29 15:00 20991 c:\windows\temp\Arabic.bin
+ 2009-02-04 14:53 . 2009-10-29 09:00 71708 c:\windows\system32\perfc009.dat
- 2009-02-04 14:53 . 2009-10-28 17:01 71708 c:\windows\system32\perfc009.dat
+ 2009-10-29 13:21 . 2009-10-29 13:21 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-10-28 19:42 . 2009-10-28 19:42 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-10-28 19:42 . 2009-10-28 19:42 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-10-28 19:42 . 2009-10-28 19:42 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
+ 2009-10-29 15:00 . 2009-10-12 20:24 158960 c:\windows\temp\SSUPDATE.EXE
+ 2009-02-04 14:53 . 2009-10-29 09:00 441772 c:\windows\system32\perfh009.dat
- 2009-02-04 14:53 . 2009-10-28 17:01 441772 c:\windows\system32\perfh009.dat
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-10-29 14:12 . 2009-10-29 14:12 149280 c:\windows\system32\javaws.exe
+ 2009-10-29 14:12 . 2009-10-29 14:12 145184 c:\windows\system32\javaw.exe
+ 2009-10-29 14:12 . 2009-10-29 14:12 145184 c:\windows\system32\java.exe
+ 2009-10-19 16:27 . 2009-10-19 16:27 401008 c:\windows\Downloaded Program Files\fslauncher.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-10-28 19:42 . 2009-10-28 19:42 1583616 c:\windows\Installer\5ed144.msi
+ 2009-10-29 14:12 . 2009-10-29 14:12 1757696 c:\windows\Installer\121672b.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-12 21898024]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-12 2000112]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-12-04 114688]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-12-17 622592]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-29 149280]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-09-18 16855040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-2-4 376832]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [28.10.2009 11:34 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12.10.2009 21:24 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.10.2009 21:24 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.10.2009 11:34 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [4.2.2009 18:54 55136]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.4.2007 20:09 11032]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [4.2.2009 18:22 10752]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [4.2.2009 10:41 38400]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12.10.2009 21:24 7408]
S2 gupdate1ca5721be0c60e0;Google Update Service (gupdate1ca5721be0c60e0);c:\program files\Google\Update\GoogleUpdate.exe [27.10.2009 17:22 133104]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\drivers\axtmvflt.sys [27.4.2009 18:41 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\drivers\axtmvmdm.sys [27.4.2009 18:41 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\drivers\axtmvprt.sys [27.4.2009 18:41 38784]
S3 fsssvc;Windows Live Zabezpečení rodiny;c:\program files\Windows Live\Family Safety\fsssvc.exe [8.12.2008 17:01 533344]
S3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [13.1.2009 12:31 25216]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - mbr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2009-07-17 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]
2009-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-27 16:22]
2009-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-27 16:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-be ... canner.cab
.
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(724)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
- - - - - - - > 'explorer.exe'(1996)
c:\windows\system32\btmmhook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2009-10-29 16:04 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-10-29 15:03
ComboFix2.txt 2009-10-29 09:32
ComboFix3.txt 2009-10-28 20:12
ComboFix4.txt 2009-10-28 18:03
ComboFix5.txt 2009-10-29 14:49
Před spuštěním: Volných bajtů: 72 101 761 024
Po spuštění: Volných bajtů: 72 155 930 624
- - End Of File - - EEE8831EEBEB227AF2088F91659EBAE1
spouštění security tool jako následek napadejí troyanem Vyřešeno
Re: spouštění security tool jako následek napadejí troyanem
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:07:03, on 29.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-s ... uncher.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-be ... canner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Update Service (gupdate1ca5721be0c60e0) (gupdate1ca5721be0c60e0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 8993 bytes
Scan saved at 16:07:03, on 29.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-s ... uncher.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-be ... canner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Update Service (gupdate1ca5721be0c60e0) (gupdate1ca5721be0c60e0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 8993 bytes
Re: spouštění security tool jako následek napadejí troyanem
Tak bohuzel, to co jsem měl otestovat ve Virustotal jsem nenašel.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: spouštění security tool jako následek napadejí troyanem
Stáhni si ( už máš..)program OTM (by OldTimer)
a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE
- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.
Toto znáš, k čemu to patří:
c:\windows\temp\Turkish.bin atd. ??
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko u nezobrazovat systémové soubory.
Toto otestuj na Virustotal
c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
c:\windows\Installer\5ed144.msi
c:\windows\Installer\121672b.msi
Vlož sem pak odkazy výsledků.
Stáhni si :Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit, smazat, přesunout nebo přejmenovat
Pak zase Combofix ( pořád se tam vrací nákazy..)
a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE
Kód: Vybrat vše
:Processes
explorer.exe
:Services
:Reg
:Files
c:\program files\Common Files\cude.lib
c:\program files\Common Files\awog.db
c:\windows\temp\Perflib_Perfdata_574.dat
c:\windows\temp\Perflib_Perfdata_7d8.dat
c:\windows\system32\perfc009.dat
c:\windows\system32\perfc009.dat
c:\windows\temp\SSUPDATE.EXE
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.
Toto znáš, k čemu to patří:
c:\windows\temp\Turkish.bin atd. ??
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko u nezobrazovat systémové soubory.
Toto otestuj na Virustotal
c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
c:\windows\Installer\5ed144.msi
c:\windows\Installer\121672b.msi
Vlož sem pak odkazy výsledků.
Stáhni si :Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit, smazat, přesunout nebo přejmenovat
Pak zase Combofix ( pořád se tam vrací nákazy..)
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: spouštění security tool jako následek napadejí troyanem
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
c:\program files\Common Files\cude.lib moved successfully.
c:\program files\Common Files\awog.db moved successfully.
File move failed. c:\windows\temp\Perflib_Perfdata_574.dat scheduled to be moved on reboot.
File move failed. c:\windows\temp\Perflib_Perfdata_7d8.dat scheduled to be moved on reboot.
c:\windows\system32\perfc009.dat moved successfully.
File/Folder c:\windows\system32\perfc009.dat not found.
File/Folder c:\windows\temp\SSUPDATE.EXE not found.
========== COMMANDS ==========
File delete failed. C:\WINDOWS\TEMP\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\TEMP\hsperfdata_Prdka\200 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\TEMP\Perflib_Perfdata_574.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\TEMP\Perflib_Perfdata_7d8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\TEMP\~DFBEE7.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\TEMP\~DFBEF2.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\TEMP\~DFC1B5.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\TEMP\~DFC1C0.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\9S3BP8VG\seznam_cz[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\775341YY\ads[10].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\775341YY\ads[11].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\hsperfdata_Prdka\200 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_574.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7d8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF56E3.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF68A7.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF9B8D.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DFBEE7.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DFBEF2.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DFC1B5.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DFC1C0.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully
OTM by OldTimer - Version 2.1.0.1 log created on 10292009_173157
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
c:\program files\Common Files\cude.lib moved successfully.
c:\program files\Common Files\awog.db moved successfully.
File move failed. c:\windows\temp\Perflib_Perfdata_574.dat scheduled to be moved on reboot.
File move failed. c:\windows\temp\Perflib_Perfdata_7d8.dat scheduled to be moved on reboot.
c:\windows\system32\perfc009.dat moved successfully.
File/Folder c:\windows\system32\perfc009.dat not found.
File/Folder c:\windows\temp\SSUPDATE.EXE not found.
========== COMMANDS ==========
File delete failed. C:\WINDOWS\TEMP\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\TEMP\hsperfdata_Prdka\200 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\TEMP\Perflib_Perfdata_574.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\TEMP\Perflib_Perfdata_7d8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\TEMP\~DFBEE7.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\TEMP\~DFBEF2.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\TEMP\~DFC1B5.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\TEMP\~DFC1C0.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\9S3BP8VG\seznam_cz[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\775341YY\ads[10].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\775341YY\ads[11].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\hsperfdata_Prdka\200 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_574.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7d8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF56E3.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF68A7.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF9B8D.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DFBEE7.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DFBEF2.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DFC1B5.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DFC1C0.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully
OTM by OldTimer - Version 2.1.0.1 log created on 10292009_173157
Re: spouštění security tool jako následek napadejí troyanem
Tonu fakt nerozumin
Toto znáš, k čemu to patří:
c:\windows\temp\Turkish.bin atd. ??
posílám odkazy
http://www.virustotal.com/cs/analisis/d ... 1255284683
http://www.virustotal.com/cs/analisis/c ... 1256834430
http://www.virustotal.com/cs/analisis/9 ... 1256834439
http://www.virustotal.com/cs/analisis/3 ... 1256834499
http://www.virustotal.com/cs/analisis/0 ... 1256834553
http://www.virustotal.com/cs/analisis/2 ... 1256834654
Toto znáš, k čemu to patří:
c:\windows\temp\Turkish.bin atd. ??
posílám odkazy
http://www.virustotal.com/cs/analisis/d ... 1255284683
http://www.virustotal.com/cs/analisis/c ... 1256834430
http://www.virustotal.com/cs/analisis/9 ... 1256834439
http://www.virustotal.com/cs/analisis/3 ... 1256834499
http://www.virustotal.com/cs/analisis/0 ... 1256834553
http://www.virustotal.com/cs/analisis/2 ... 1256834654
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: spouštění security tool jako následek napadejí troyanem
Dávalas na virustotal klik vždy na otestovat znovu?
Nevím k čemu to patří , ty jazyky , zkus ho dát taky na VT:
c:\windows\temp\Turkish.bin
Zkus ten Dr. Web CureIt
Nevím k čemu to patří , ty jazyky , zkus ho dát taky na VT:
c:\windows\temp\Turkish.bin
Zkus ten Dr. Web CureIt
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: spouštění security tool jako následek napadejí troyanem
ten jazyk nejde namapovat, není tam
DR.WEB nic nenašel
DR.WEB nic nenašel
Re: spouštění security tool jako následek napadejí troyanem
jo a na VT jsem vždy dával oskenovat znovu
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: spouštění security tool jako následek napadejí troyanem
Stáhni AVP Tools
na svojí plochu.
Zaškrtni :
System Memory
Startup Objects
Disk Boot Sectors.
My Computer.
Also any other drives (Removable that you may have)
Pokračuj podle instrukcí.Poté vlož log .(save log)
na svojí plochu.
Zaškrtni :
System Memory
Startup Objects
Disk Boot Sectors.
My Computer.
Also any other drives (Removable that you may have)
Pokračuj podle instrukcí.Poté vlož log .(save log)
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: spouštění security tool jako následek napadejí troyanem
ComboFix 09-10-28.08 - Prdka 29.10.2009 18:27.12.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1015.300 [GMT 1:00]
Spuštěný z: c:\documents and settings\Danielka\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091028-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikacˇ\tiryzu.vbs
c:\documents and settings\All Users\Data aplikacˇ\urunoxi.vbs
c:\documents and settings\Danielka\Data aplikacˇ\gyza.bat
c:\documents and settings\Danielka\Data aplikacˇ\imir.bat
c:\documents and settings\Danielka\Data aplikacˇ\ohuhatyxo.vbs
c:\documents and settings\Danielka\Data aplikacˇ\otagudov.inf
c:\documents and settings\Danielka\Data aplikacˇ\vafyfad.vbs
c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\edenuzijov.bat
c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\kydepavag.inf
c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\ycidolejy.bat
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-28 do 2009-10-29 )))))))))))))))))))))))))))))))
.
2009-10-29 17:03 . 2009-10-29 17:03 -------- d-----w- c:\documents and settings\Danielka\DoctorWeb
2009-10-29 14:12 . 2009-10-29 14:12 -------- d-----w- c:\windows\Sun
2009-10-29 14:12 . 2009-10-29 14:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-29 14:12 . 2009-10-29 14:12 -------- d-----w- c:\program files\Java
2009-10-28 19:42 . 2009-10-28 19:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-28 16:51 . 2009-10-28 16:51 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-10-28 16:25 . 2009-10-28 16:25 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-10-28 16:24 . 2009-02-04 17:24 -------- d-----w- c:\documents and settings\Administrator\Bluetooth Software
2009-10-28 16:24 . 2009-02-08 21:26 -------- d-----r- c:\documents and settings\Administrator\Dokumenty
2009-10-28 16:24 . 2009-02-04 17:37 -------- d--h--r- c:\documents and settings\Administrator\Data aplikací
2009-10-28 16:23 . 2009-02-08 20:47 -------- d-----r- c:\documents and settings\Administrator\Oblíbené položky
2009-10-28 16:23 . 2009-02-04 17:29 -------- d-----w- c:\documents and settings\Administrator\Plocha
2009-10-28 16:23 . 2009-02-04 15:00 -------- d--h--w- c:\documents and settings\Administrator\Okolní tiskárny
2009-10-28 16:23 . 2009-02-04 15:00 -------- d--h--w- c:\documents and settings\Administrator\Okolní síť
2009-10-28 16:23 . 2009-02-04 15:00 -------- d-----r- c:\documents and settings\Administrator\Nabídka Start
2009-10-28 16:23 . 2009-02-04 14:06 -------- d--h--w- c:\documents and settings\Administrator\Šablony
2009-10-28 16:23 . 2009-10-28 16:51 -------- d-----w- c:\documents and settings\Administrator
2009-10-28 15:17 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-28 15:17 . 2009-10-28 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-28 15:17 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-28 15:09 . 2009-10-28 15:09 -------- d-----w- C:\_OTM
2009-10-28 15:04 . 2009-06-10 06:42 389632 ----a-w- C:\OTM.exe
2009-10-28 13:42 . 2009-10-28 13:42 -------- d-----w- c:\program files\Trend Micro
2009-10-28 13:21 . 2008-04-14 12:00 152576 -c--a-w- c:\windows\system32\dllcache\bnts.dll
2009-10-28 13:16 . 2009-10-28 13:16 -------- d-----w- c:\program files\NKProds
2009-10-28 13:08 . 2009-10-28 13:12 -------- d-----w- c:\program files\Cookie Killer
2009-10-28 10:47 . 2009-10-28 10:47 -------- d-----w- c:\program files\CCleaner
2009-10-28 10:35 . 2009-08-17 17:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-28 10:35 . 2009-08-17 17:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-28 10:34 . 2009-08-17 17:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-10-28 10:34 . 2009-08-17 17:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-28 10:34 . 2009-08-17 17:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-10-28 10:34 . 2009-08-17 17:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-10-28 10:34 . 2009-08-17 17:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-28 10:34 . 2009-08-17 17:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-28 10:34 . 2009-08-17 17:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-28 10:34 . 2009-10-28 10:34 -------- d-----w- c:\program files\Alwil Software
2009-10-27 20:48 . 2009-10-27 20:48 -------- d-----w- c:\program files\ESET
2009-10-27 16:28 . 2009-10-27 16:28 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-27 16:22 . 2009-10-27 19:54 -------- d-----w- c:\program files\Google
2009-10-23 12:47 . 2009-10-23 12:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-23 11:16 . 2009-10-28 10:16 -------- d-----w- c:\program files\Avast4
2009-10-10 18:19 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-10-10 18:19 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-10-10 18:19 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-10-10 18:19 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-10-10 18:19 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-10 18:19 . 2009-10-10 18:19 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-10-03 17:16 . 2009-10-03 17:16 -------- d-----w- c:\windows\Hewlett-Packard
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-29 17:27 . 2009-10-29 17:27 529496 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-10-29 17:27 . 2009-02-04 14:53 83098 ----a-w- c:\windows\system32\perfc005.dat
2009-10-29 17:27 . 2009-02-04 14:53 438402 ----a-w- c:\windows\system32\perfh005.dat
2009-10-28 19:49 . 2009-04-25 23:20 -------- d-----w- c:\program files\Lavasoft
2009-10-28 19:41 . 2009-04-25 23:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-03 17:16 . 2009-05-05 17:47 -------- d-----w- c:\program files\HP
2009-09-11 14:19 . 2009-02-04 14:53 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:05 . 2009-02-04 14:53 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:58 . 2009-02-04 14:53 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:02 . 2009-02-04 14:53 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 17:24 . 2009-02-04 14:07 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2009-02-04 14:07 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2009-02-04 14:07 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2008-10-16 12:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2009-02-04 14:07 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2009-02-04 14:53 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2009-02-04 14:07 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2009-02-04 14:07 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2009-02-04 14:53 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:29 . 2008-04-14 08:06 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:29 . 2008-04-14 08:06 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-10-28_17.11.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-29 14:59 . 2009-10-29 14:59 16384 c:\windows\temp\Perflib_Perfdata_574.dat
- 2009-10-28 17:10 . 2009-10-28 17:10 53248 c:\windows\temp\catchme.dll
+ 2009-10-29 17:37 . 2009-10-29 17:37 53248 c:\windows\temp\catchme.dll
+ 2009-10-29 13:21 . 2009-10-29 13:21 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-10-28 19:42 . 2009-10-28 19:42 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-10-28 19:42 . 2009-10-28 19:42 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-10-28 19:42 . 2009-10-28 19:42 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
+ 2009-02-04 14:53 . 2009-10-29 09:00 441772 c:\windows\system32\perfh009.dat
- 2009-02-04 14:53 . 2009-10-28 17:01 441772 c:\windows\system32\perfh009.dat
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-10-29 14:12 . 2009-10-29 14:12 149280 c:\windows\system32\javaws.exe
+ 2009-10-29 14:12 . 2009-10-29 14:12 145184 c:\windows\system32\javaw.exe
+ 2009-10-29 14:12 . 2009-10-29 14:12 145184 c:\windows\system32\java.exe
+ 2009-10-19 16:27 . 2009-10-19 16:27 401008 c:\windows\Downloaded Program Files\fslauncher.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-10-28 19:42 . 2009-10-28 19:42 1583616 c:\windows\Installer\5ed144.msi
+ 2009-10-29 14:12 . 2009-10-29 14:12 1757696 c:\windows\Installer\121672b.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-12 21898024]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-12 2000112]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-12-04 114688]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-12-17 622592]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-29 149280]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-09-18 16855040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-2-4 376832]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [28.10.2009 11:34 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12.10.2009 21:24 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.10.2009 21:24 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.10.2009 11:34 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [4.2.2009 18:54 55136]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.4.2007 20:09 11032]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [4.2.2009 18:22 10752]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [4.2.2009 10:41 38400]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12.10.2009 21:24 7408]
S2 gupdate1ca5721be0c60e0;Google Update Service (gupdate1ca5721be0c60e0);c:\program files\Google\Update\GoogleUpdate.exe [27.10.2009 17:22 133104]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\drivers\axtmvflt.sys [27.4.2009 18:41 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\drivers\axtmvmdm.sys [27.4.2009 18:41 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\drivers\axtmvprt.sys [27.4.2009 18:41 38784]
S3 fsssvc;Windows Live Zabezpečení rodiny;c:\program files\Windows Live\Family Safety\fsssvc.exe [8.12.2008 17:01 533344]
S3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [13.1.2009 12:31 25216]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - CLASSPNP_2
*Deregistered* - DwShield000050C4
*Deregistered* - mbr
*Deregistered* - PCIIDEX_2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2009-07-17 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]
2009-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-27 16:22]
2009-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-27 16:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-be ... canner.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-29 18:37
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(724)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\igfxdev.dll
.
Celkový čas: 2009-10-29 18:39
ComboFix-quarantined-files.txt 2009-10-29 17:39
ComboFix2.txt 2009-10-29 15:04
ComboFix3.txt 2009-10-29 09:32
ComboFix4.txt 2009-10-28 20:12
ComboFix5.txt 2009-10-29 17:26
Před spuštěním: Volných bajtů: 72 163 184 640
Po spuštění: Volných bajtů: 72 171 765 760
- - End Of File - - 65B4F9EAFD71ED995FA046498E04988F
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1015.300 [GMT 1:00]
Spuštěný z: c:\documents and settings\Danielka\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091028-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikacˇ\tiryzu.vbs
c:\documents and settings\All Users\Data aplikacˇ\urunoxi.vbs
c:\documents and settings\Danielka\Data aplikacˇ\gyza.bat
c:\documents and settings\Danielka\Data aplikacˇ\imir.bat
c:\documents and settings\Danielka\Data aplikacˇ\ohuhatyxo.vbs
c:\documents and settings\Danielka\Data aplikacˇ\otagudov.inf
c:\documents and settings\Danielka\Data aplikacˇ\vafyfad.vbs
c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\edenuzijov.bat
c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\kydepavag.inf
c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\ycidolejy.bat
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-28 do 2009-10-29 )))))))))))))))))))))))))))))))
.
2009-10-29 17:03 . 2009-10-29 17:03 -------- d-----w- c:\documents and settings\Danielka\DoctorWeb
2009-10-29 14:12 . 2009-10-29 14:12 -------- d-----w- c:\windows\Sun
2009-10-29 14:12 . 2009-10-29 14:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-29 14:12 . 2009-10-29 14:12 -------- d-----w- c:\program files\Java
2009-10-28 19:42 . 2009-10-28 19:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-28 16:51 . 2009-10-28 16:51 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-10-28 16:25 . 2009-10-28 16:25 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-10-28 16:24 . 2009-02-04 17:24 -------- d-----w- c:\documents and settings\Administrator\Bluetooth Software
2009-10-28 16:24 . 2009-02-08 21:26 -------- d-----r- c:\documents and settings\Administrator\Dokumenty
2009-10-28 16:24 . 2009-02-04 17:37 -------- d--h--r- c:\documents and settings\Administrator\Data aplikací
2009-10-28 16:23 . 2009-02-08 20:47 -------- d-----r- c:\documents and settings\Administrator\Oblíbené položky
2009-10-28 16:23 . 2009-02-04 17:29 -------- d-----w- c:\documents and settings\Administrator\Plocha
2009-10-28 16:23 . 2009-02-04 15:00 -------- d--h--w- c:\documents and settings\Administrator\Okolní tiskárny
2009-10-28 16:23 . 2009-02-04 15:00 -------- d--h--w- c:\documents and settings\Administrator\Okolní síť
2009-10-28 16:23 . 2009-02-04 15:00 -------- d-----r- c:\documents and settings\Administrator\Nabídka Start
2009-10-28 16:23 . 2009-02-04 14:06 -------- d--h--w- c:\documents and settings\Administrator\Šablony
2009-10-28 16:23 . 2009-10-28 16:51 -------- d-----w- c:\documents and settings\Administrator
2009-10-28 15:17 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-28 15:17 . 2009-10-28 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-28 15:17 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-28 15:09 . 2009-10-28 15:09 -------- d-----w- C:\_OTM
2009-10-28 15:04 . 2009-06-10 06:42 389632 ----a-w- C:\OTM.exe
2009-10-28 13:42 . 2009-10-28 13:42 -------- d-----w- c:\program files\Trend Micro
2009-10-28 13:21 . 2008-04-14 12:00 152576 -c--a-w- c:\windows\system32\dllcache\bnts.dll
2009-10-28 13:16 . 2009-10-28 13:16 -------- d-----w- c:\program files\NKProds
2009-10-28 13:08 . 2009-10-28 13:12 -------- d-----w- c:\program files\Cookie Killer
2009-10-28 10:47 . 2009-10-28 10:47 -------- d-----w- c:\program files\CCleaner
2009-10-28 10:35 . 2009-08-17 17:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-28 10:35 . 2009-08-17 17:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-28 10:34 . 2009-08-17 17:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-10-28 10:34 . 2009-08-17 17:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-28 10:34 . 2009-08-17 17:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-10-28 10:34 . 2009-08-17 17:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-10-28 10:34 . 2009-08-17 17:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-28 10:34 . 2009-08-17 17:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-28 10:34 . 2009-08-17 17:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-28 10:34 . 2009-10-28 10:34 -------- d-----w- c:\program files\Alwil Software
2009-10-27 20:48 . 2009-10-27 20:48 -------- d-----w- c:\program files\ESET
2009-10-27 16:28 . 2009-10-27 16:28 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-27 16:22 . 2009-10-27 19:54 -------- d-----w- c:\program files\Google
2009-10-23 12:47 . 2009-10-23 12:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-23 11:16 . 2009-10-28 10:16 -------- d-----w- c:\program files\Avast4
2009-10-10 18:19 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-10-10 18:19 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-10-10 18:19 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-10-10 18:19 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-10-10 18:19 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-10 18:19 . 2009-10-10 18:19 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-10-03 17:16 . 2009-10-03 17:16 -------- d-----w- c:\windows\Hewlett-Packard
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-29 17:27 . 2009-10-29 17:27 529496 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-10-29 17:27 . 2009-02-04 14:53 83098 ----a-w- c:\windows\system32\perfc005.dat
2009-10-29 17:27 . 2009-02-04 14:53 438402 ----a-w- c:\windows\system32\perfh005.dat
2009-10-28 19:49 . 2009-04-25 23:20 -------- d-----w- c:\program files\Lavasoft
2009-10-28 19:41 . 2009-04-25 23:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-03 17:16 . 2009-05-05 17:47 -------- d-----w- c:\program files\HP
2009-09-11 14:19 . 2009-02-04 14:53 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:05 . 2009-02-04 14:53 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:58 . 2009-02-04 14:53 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:02 . 2009-02-04 14:53 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 17:24 . 2009-02-04 14:07 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2009-02-04 14:07 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2009-02-04 14:07 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2008-10-16 12:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2009-02-04 14:07 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2009-02-04 14:53 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2009-02-04 14:07 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2009-02-04 14:07 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2009-02-04 14:53 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:29 . 2008-04-14 08:06 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:29 . 2008-04-14 08:06 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-10-28_17.11.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-29 14:59 . 2009-10-29 14:59 16384 c:\windows\temp\Perflib_Perfdata_574.dat
- 2009-10-28 17:10 . 2009-10-28 17:10 53248 c:\windows\temp\catchme.dll
+ 2009-10-29 17:37 . 2009-10-29 17:37 53248 c:\windows\temp\catchme.dll
+ 2009-10-29 13:21 . 2009-10-29 13:21 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-10-28 19:42 . 2009-10-28 19:42 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-10-28 19:42 . 2009-10-28 19:42 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-10-28 19:42 . 2009-10-28 19:42 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
+ 2009-02-04 14:53 . 2009-10-29 09:00 441772 c:\windows\system32\perfh009.dat
- 2009-02-04 14:53 . 2009-10-28 17:01 441772 c:\windows\system32\perfh009.dat
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-10-29 14:12 . 2009-10-29 14:12 149280 c:\windows\system32\javaws.exe
+ 2009-10-29 14:12 . 2009-10-29 14:12 145184 c:\windows\system32\javaw.exe
+ 2009-10-29 14:12 . 2009-10-29 14:12 145184 c:\windows\system32\java.exe
+ 2009-10-19 16:27 . 2009-10-19 16:27 401008 c:\windows\Downloaded Program Files\fslauncher.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-10-28 19:42 . 2009-10-28 19:42 1583616 c:\windows\Installer\5ed144.msi
+ 2009-10-29 14:12 . 2009-10-29 14:12 1757696 c:\windows\Installer\121672b.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-12 21898024]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-12 2000112]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-12-04 114688]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-12-17 622592]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-29 149280]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-09-18 16855040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-2-4 376832]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [28.10.2009 11:34 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12.10.2009 21:24 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.10.2009 21:24 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.10.2009 11:34 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [4.2.2009 18:54 55136]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.4.2007 20:09 11032]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [4.2.2009 18:22 10752]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [4.2.2009 10:41 38400]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12.10.2009 21:24 7408]
S2 gupdate1ca5721be0c60e0;Google Update Service (gupdate1ca5721be0c60e0);c:\program files\Google\Update\GoogleUpdate.exe [27.10.2009 17:22 133104]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\drivers\axtmvflt.sys [27.4.2009 18:41 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\drivers\axtmvmdm.sys [27.4.2009 18:41 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\drivers\axtmvprt.sys [27.4.2009 18:41 38784]
S3 fsssvc;Windows Live Zabezpečení rodiny;c:\program files\Windows Live\Family Safety\fsssvc.exe [8.12.2008 17:01 533344]
S3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [13.1.2009 12:31 25216]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - CLASSPNP_2
*Deregistered* - DwShield000050C4
*Deregistered* - mbr
*Deregistered* - PCIIDEX_2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2009-07-17 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]
2009-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-27 16:22]
2009-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-27 16:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-be ... canner.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-29 18:37
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(724)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\igfxdev.dll
.
Celkový čas: 2009-10-29 18:39
ComboFix-quarantined-files.txt 2009-10-29 17:39
ComboFix2.txt 2009-10-29 15:04
ComboFix3.txt 2009-10-29 09:32
ComboFix4.txt 2009-10-28 20:12
ComboFix5.txt 2009-10-29 17:26
Před spuštěním: Volných bajtů: 72 163 184 640
Po spuštění: Volných bajtů: 72 171 765 760
- - End Of File - - 65B4F9EAFD71ED995FA046498E04988F
Re: spouštění security tool jako následek napadejí troyanem
Ten virus removal je na hrozne dlouho, pise mi to cas dokonceni az v pul jedenacty, takze sem pak zkopiruju log.
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 1 host