Nutně prosím o kontrolu logu Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Zamčeno
Uživatelský avatar
PetrBlade
Level 2
Level 2
Příspěvky: 165
Registrován: červenec 09
Bydliště: Cheb
Pohlaví: Muž
Stav:
Offline

Nutně prosím o kontrolu logu  Vyřešeno

Příspěvekod PetrBlade » 20 pro 2009 11:21

Počítač mi oddělává nějakej Win32/Polip virus, prosím o radu

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:16:44, on 20.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Documents and Settings\user\reader_s.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Microsoft Office\Office\1029\OLFSNT40.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Slovník\slovnik.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\CalcFire\CalcFire.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Ejector\Ejector.exe
C:\Program Files\GameMinimizer\GameMinimizer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\NumLocker\NumLocker.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\atheros\acu .exe
c:\program files\motorola\smserial\sm56hlpr .exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
c:\program files\windows defender\msascui .exe
c:\program files\cyberlink\powerdvd9\pdvd9serv .exe
c:\windows\system32\csimplayer .exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\docume~1\user\locals~1\temp\wmpscfgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui .exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\cyberlink\shared files\brs .exe
c:\docume~1\user\locals~1\temp\wmpscfgs.exe
c:\program files\java\jre6\bin\jusched .exe
c:\docume~1\user\locals~1\temp\wmpscfgs.exe
c:\WINDOWS\system32\MDM.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\user\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\user\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [Mouse Tachometer] C:\Program Files\Mouse Tachometer\Mouse Tachometer.exe --hide
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Calc32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\ccdrive32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\user\reader_s.exe
O4 - HKCU\..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
O4 - HKCU\..\Run: [CsimPlayer] "c:\windows\system32\csimplayer .exe"
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\ccdrive32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?')
O4 - HKUS\S-1-5-21-1177238915-2139871995-1417001333-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1177238915-2139871995-1417001333-1003\..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (User '?')
O4 - HKUS\S-1-5-21-1177238915-2139871995-1417001333-1003\..\Run: [CsimPlayer] "c:\windows\system32\csimplayer .exe" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-21-1177238915-2139871995-1417001333-1003 Startup: CalcFire.lnk = C:\Program Files\CalcFire\CalcFire.exe (User '?')
O4 - S-1-5-21-1177238915-2139871995-1417001333-1003 Startup: Ejector.lnk = C:\Program Files\Ejector\Ejector.exe (User '?')
O4 - S-1-5-21-1177238915-2139871995-1417001333-1003 Startup: GameMinimizer.lnk = C:\Program Files\GameMinimizer\GameMinimizer.exe (User '?')
O4 - S-1-5-21-1177238915-2139871995-1417001333-1003 Startup: ihaupd32.exe (User '?')
O4 - S-1-5-21-1177238915-2139871995-1417001333-1003 Startup: NumLocker.lnk = C:\Program Files\NumLocker\NumLocker.exe (User '?')
O4 - S-1-5-21-1177238915-2139871995-1417001333-1003 Startup: updxsp32.exe (User '?')
O4 - Startup: CalcFire.lnk = C:\Program Files\CalcFire\CalcFire.exe
O4 - Startup: Ejector.lnk = C:\Program Files\Ejector\Ejector.exe
O4 - Startup: GameMinimizer.lnk = C:\Program Files\GameMinimizer\GameMinimizer.exe
O4 - Startup: ihaupd32.exe
O4 - Startup: NumLocker.lnk = C:\Program Files\NumLocker\NumLocker.exe
O4 - Startup: updxsp32.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Port pro program Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1029\OLFSNT40.EXE
O4 - Global Startup: Slovník.lnk = ?
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Konfigurační služba Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate1ca0b14fadacc18) (gupdate1ca0b14fadacc18) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\system32\msiexec.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 12711 bytes
Nahoru
Reklama
Top
Uživatelský avatar
PetrBlade
Level 2
Level 2
Příspěvky: 165
Registrován: červenec 09
Bydliště: Cheb
Pohlaví: Muž
Stav:
Offline

Re: Nutně prosím o kontrolu logu

Příspěvekod PetrBlade » 20 pro 2009 13:14

Už nefunguje ani internet :nervous:
Mám jednu utilitku, která mi sice napadené exe soubory vyléčí, ale za chvíli se mi napdnou další a další .exe
PLS, co mám fixnout, fakt to hoří :bomb:
Nahoru
pitimir
Level 3.5
Level 3.5
Příspěvky: 850
Registrován: srpen 09
Pohlaví: Muž
Stav:
Offline

Re: Nutně prosím o kontrolu logu

Příspěvekod pitimir » 20 pro 2009 15:12

Nazdar, vyzera to na pekny humus, prinajhorsom je ten fileinfector Virut.
Dalsie ukony rob probim v nudzovom rezime, v normale by to PC nemuselo zvladnut:

Stiahni ComboFix, najlepsie na plochu. Vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall. Spust program cez ucet s administratorskymi pravami a postupuj podla instrukcii. Cely sken bude trvat cca 10 minut. Pocas neho moze byt PC restartovane. Log, ktory ComboFix vytvori, najdes na adrese "C:\ComboFix.txt".
Ten vloz sem.

Pozor: Kym ComboFix nevytvori log, na nic neklikat, nic nestlacat !!
Nemam rad amaterizmus...

A adresat odkazu to vie :)
Nahoru
Uživatelský avatar
PetrBlade
Level 2
Level 2
Příspěvky: 165
Registrován: červenec 09
Bydliště: Cheb
Pohlaví: Muž
Stav:
Offline

Re: Nutně prosím o kontrolu logu

Příspěvekod PetrBlade » 20 pro 2009 18:23

Byl to boj (doslova), ale nakonec se vytvořil:

ComboFix 09-12-19.01 - user 20.12.2009 18:07:19.1.2 - x86
Spuštěný z: F:\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\user\LOCALS~1\Temp\sshnas.dll
c:\documents and settings\user\alcmtr .exe
c:\documents and settings\user\alcmtr.exe
c:\documents and settings\user\csimplayer .exe
c:\documents and settings\user\CsimPlayer.exe
c:\documents and settings\user\Local Settings\Temporary Internet Files\_tm1194.tmp
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\bg.jpg
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\CurrentVersion.xml
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data\ProductInfo.mx
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\ExtractZipFile.zip
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\icon.ico
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\tdf.dat
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\248d6576afce4ee94af42d7350131106.gif
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\24a70fb875fab686b6b3c217612bc07c.gif
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\2afcf6f3f2e19cc42d7f72f3b18b26ef.gif
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\50bffa6936b3e661971a58e3c8bdf4cb.gif
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\default1.dat
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.dat
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.gif
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Cursor.mx
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_DailyVideo.mx
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Game.mx
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Glitter.mx
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Logo.mx
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Option.mx
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Recipe.mx
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Ringtone.mx
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Screensaver.mx
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Search.mx
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley.mx
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_Config.mx
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_TellAFriend.mx
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Wallpaper.mx
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Web.mx
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\pixel.mx
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ProductInfo.mx
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\profile.mx
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\SearchEngineList.mx
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\tbcore.mx
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ToolbarLayout.mx
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentre.mx
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentreBk.mx
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLDynamic.mx
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLStatic.mx
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\About.mg
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Component_ComboBox.mg
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Cursor.mg
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Cursor.png
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_DailyVideo.mg
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Game.mg
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Glitter.mg
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Glitter.png
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Logo.mg
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Option.mg
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Recipe.mg
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Ringtone.mg
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Screensaver.mg
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Search.mg
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.mg
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.png
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Wallpaper.mg
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Web.mg
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDefault.png
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.bmp
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.png
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay18.bmp
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay20.bmp
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.bmp
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.png
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters18.bmp
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters20.bmp
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnOption.png
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.bmp
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.png
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley18.bmp
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley20.bmp
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.bmp
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.png
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd18.bmp
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd20.bmp
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.bmp
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.png
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink18.bmp
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink20.bmp
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin1.skf
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin2.skf
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin3.skf
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin4.skf
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin.skf
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin_s.skf
c:\documents and settings\user\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\ToastSkin.skf
c:\documents and settings\user\Local Settings\Temporary Internet Files\stb06759.tmp
c:\documents and settings\user\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\user\reader_s .exe
c:\documents and settings\user\reader_s.exe
c:\documents and settings\user\rthdcpl .exe
c:\documents and settings\user\rthdcpl.exe
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1811
c:\recycler\S-1-5-21-4368643464-9928309348-790109261-6292
c:\recycler\S-1-5-21-4463993349-0982458591-043259357-1889
c:\recycler\S-1-5-21-4679895369-4479159769-045448978-8497
c:\recycler\S-1-5-21-4874567852-0568650821-143516423-0706
c:\recycler\S-1-5-21-7448591790-2438538712-432992315-1065
c:\recycler\S-1-5-21-8220096414-9370721507-864158501-0909
c:\recycler\S-1-5-21-8496429244-7648202579-984873227-9888
c:\windows\ccdrive32.exe
c:\windows\msa.exe
c:\windows\msb.exe
c:\windows\msc.exe
c:\windows\msd.exe
c:\windows\system32\alcmtr .exe
c:\windows\system32\alcmtr.exe
c:\windows\system32\csimplayer .exe
c:\windows\system32\csimplayer .exe
c:\windows\system32\CsimPlayer.exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\nerocheck .exe
c:\windows\system32\reader_s .exe
c:\windows\system32\reader_s.exe
c:\windows\system32\regedit .exe
c:\windows\system32\rthdcpl .exe
c:\windows\system32\rthdcpl.exe
c:\windows\system32\sshnas.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

Nakažená kopie c:\windows\system32\drivers\cdrom.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\system volume information\_restore{36761FB5-51ED-411D-AA1D-AB341A8A5F3F}\RP237\A0037135.sys

Nakažená kopie c:\windows\system32\drivers\ndis.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\system volume information\_restore{36761FB5-51ED-411D-AA1D-AB341A8A5F3F}\RP237\A0037185.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Service_SSHNAS


((((((((((((((((((((((((( Soubory vytvořené od 2009-11-20 do 2009-12-20 )))))))))))))))))))))))))))))))
.

2009-12-20 17:07 . 2009-12-20 17:07 4 ----a-w- c:\program files\f .exe59203.dat
2009-12-20 15:27 . 2009-12-20 15:27 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2009-12-20 12:38 . 2009-12-20 13:40 -------- d-----w- c:\program files\Advanced GIF Animator
2009-12-20 10:56 . 2009-12-20 10:56 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-12-20 08:58 . 2009-12-20 15:27 0 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2009-12-20 08:58 . 2009-12-20 17:15 722432 ----a-w- c:\windows\system32\drivers\agwusscf.sys
2009-12-15 20:37 . 2009-12-15 20:37 -------- d-----w- c:\program files\Veetle
2009-12-04 12:46 . 2009-12-04 12:47 -------- d-----w- c:\program files\Any to Icon
2009-11-23 19:51 . 2009-11-23 19:51 -------- d-----w- c:\program files\SpaceMonger
2009-11-23 14:10 . 2009-11-23 14:10 -------- d-----w- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-20 17:16 . 2009-07-19 23:06 -------- d-----w- c:\program files\Mouse Tachometer
2009-12-20 17:15 . 2009-06-02 12:12 34816 ----a-w- c:\windows\system32\nerocheck.exe
2009-12-20 17:15 . 2009-06-02 11:36 -------- d-----w- c:\program files\Atheros
2009-12-20 17:15 . 2009-12-20 17:15 34816 ----a-w- c:\documents and settings\user\rthdcpl.exe
2009-12-20 17:15 . 2009-10-12 21:57 -------- d-----w- c:\program files\Windows Sidebar
2009-12-20 17:06 . 2009-06-02 12:12 34816 ----a-w- c:\windows\system32\nerocheck .exe
2009-12-20 15:25 . 2008-09-08 09:20 573440 ----a-w- c:\windows\system32\Ati2evxx.exe
2009-12-20 15:21 . 2008-04-14 06:52 137216 ----a-w- c:\windows\system32\taskmgr.exe
2009-12-20 15:17 . 2008-04-14 06:52 390144 ----a-w- c:\windows\system32\cmd.exe
2009-12-20 15:17 . 2008-04-14 06:52 515072 ----a-w- c:\windows\system32\logonui.exe
2009-12-20 15:16 . 2008-04-14 06:52 220672 ----a-w- c:\windows\system32\logon.scr
2009-12-20 15:16 . 2008-04-14 06:52 56832 ----a-w- c:\windows\system32\rasphone.exe
2009-12-20 15:16 . 2009-06-02 06:19 185856 ----a-w- c:\windows\system32\accwiz.exe
2009-12-20 15:16 . 2008-04-14 06:52 147968 ----a-w- c:\windows\regedit.exe
2009-12-20 15:12 . 1998-09-04 05:09 119400 ----a-w- c:\windows\system32\MDM.EXE
2009-12-20 14:44 . 2009-06-02 13:24 -------- d-----w- c:\program files\Windows Defender
2009-12-20 12:38 . 2009-07-04 22:33 -------- d-----w- c:\program files\FLV Player
2009-12-20 12:38 . 2009-10-17 16:52 -------- d-----w- c:\program files\Total Video Player
2009-12-20 12:38 . 2009-06-18 16:41 -------- d-----w- c:\program files\7-Zip
2009-12-20 12:38 . 2009-07-04 22:43 -------- d-----w- c:\program files\Palm Reader
2009-12-20 10:17 . 2009-07-01 22:11 -------- d-----w- c:\program files\CDex
2009-12-20 10:15 . 2009-07-01 21:17 -------- d-----w- c:\program files\Calendar Magic
2009-12-20 10:15 . 2009-08-26 00:14 -------- d-----w- c:\program files\ATTO Disk Benchmark
2009-12-20 10:09 . 2009-07-01 22:28 -------- d-----w- c:\program files\GSpot
2009-12-20 09:06 . 2008-04-13 22:50 212224 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-12-20 08:56 . 2009-06-12 15:57 -------- d-----w- c:\program files\FreeRapid Downloader
2009-12-17 12:08 . 2009-07-22 21:39 -------- d-----w- c:\program files\Google
2009-12-16 17:21 . 2009-10-09 19:50 -------- d-----w- c:\program files\Eclipse
2009-12-15 16:35 . 2001-10-25 11:00 82840 ----a-w- c:\windows\system32\perfc005.dat
2009-12-15 16:35 . 2001-10-25 11:00 437574 ----a-w- c:\windows\system32\perfh005.dat
2009-12-11 22:40 . 2009-07-02 13:26 -------- d-----w- c:\program files\Flash Saver
2009-12-05 10:43 . 2009-06-02 06:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-03 19:57 . 2009-06-02 12:06 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-21 16:03 . 2008-04-14 06:51 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-18 13:05 . 2009-07-04 21:52 -------- d-----w- c:\program files\BSplayerPro
2009-11-15 13:39 . 2009-06-26 10:12 -------- d-----w- c:\program files\VideoLAN
2009-11-14 12:42 . 2009-07-04 22:06 -------- d-----w- c:\program files\GoldWave
2009-11-05 20:39 . 2009-11-05 20:39 -------- d-----w- c:\program files\CheckFlash
2009-11-03 22:31 . 2009-06-02 12:00 -------- d-----w- c:\program files\Java
2009-11-02 19:42 . 2009-10-03 10:08 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 21:28 . 2009-10-29 21:27 -------- d-----w- c:\program files\DivX
2009-10-29 21:27 . 2009-10-29 21:27 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-10-29 07:43 . 2008-04-14 06:52 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-25 23:15 . 2009-10-25 23:13 -------- d-----w- c:\program files\WebcamMax
2009-10-25 23:05 . 2009-10-22 09:53 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-10-25 23:05 . 2009-10-25 23:04 -------- d-----w- c:\program files\DVDFab 6
2009-10-25 22:32 . 2009-07-04 22:17 -------- d-----w- c:\program files\Common Files\Apple
2009-10-21 05:40 . 2008-04-14 06:52 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2008-04-14 06:51 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-13 22:23 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2008-04-14 06:51 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2008-04-14 06:51 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2008-04-14 06:51 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 03:17 . 2009-06-02 12:28 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-25 16:42 . 2009-10-29 21:27 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-09-25 16:42 . 2009-10-29 21:27 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-09-25 16:42 . 2009-10-29 21:27 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-09-25 16:42 . 2009-10-29 21:27 129784 ------w- c:\windows\system32\pxafs.dll
2009-09-25 16:42 . 2009-10-29 21:27 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-09-25 16:42 . 2009-10-29 21:27 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
1999-04-07 13:39 . 1999-04-07 13:39 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-08 22:53 . 1998-12-08 22:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-08 22:53 . 1998-12-08 22:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-08 22:53 . 1998-12-08 22:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-08 22:53 . 1998-12-08 22:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-08 22:53 . 1998-12-08 22:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

Kód: Vybrat vše

<pre>
c:\program files\Alcohol Soft\Alcohol 120\axcmd .exe
c:\program files\Atheros\acu .exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\clistart .exe
c:\program files\CyberLink\PowerDVD9\pdvd9serv .exe
c:\program files\CyberLink\PowerDVD9\Language\language .exe
c:\program files\CyberLink\Shared files\brs .exe
c:\program files\ESET\ESET NOD32 Antivirus\egui .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\Messenger\msmsgs .exe
c:\program files\Motorola\SMSERIAL\sm56hlpr .exe
c:\program files\Mouse Tachometer\mouse tachometer .exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\itsecmng .exe
c:\program files\Windows Defender\msascui .exe
c:\program files\Windows Sidebar\sidebar .exe
c:\windows\system32\nerocheck .exe
</pre>


------- Sigcheck -------

[-] 2009-12-20 . 1DF7F42665C94B825322FAE71721130D . 212224 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys
[-] 2009-12-20 . 1DF7F42665C94B825322FAE71721130D . 212224 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys


[-] 2008-11-11 . 3DEED53637CE215D77B12F456B8FBB9B . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

c:\windows\System32\wscntfy.exe ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2009-12-20 34816]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-12-20 34816]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-12-20 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-20 34816]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-09 16851968]
"ACU"="c:\program files\Atheros\ACU.exe" [2009-12-20 34816]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-12-20 34816]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2009-12-20 34816]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-12-20 34816]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-12-20 34816]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-12-20 34816]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-12-20 34816]
"Mouse Tachometer"="c:\program files\Mouse Tachometer\Mouse Tachometer.exe" [2009-12-20 34816]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-20 34816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]

c:\documents and settings\user\Nabˇdka Start\Programy\Po spuçtŘnˇ\
CalcFire.lnk - c:\program files\CalcFire\CalcFire.exe [2008-9-4 283529]
Ejector.lnk - c:\program files\Ejector\Ejector.exe [2008-8-22 244601]
GameMinimizer.lnk - c:\program files\GameMinimizer\GameMinimizer.exe [2008-9-20 280221]
ihaupd32.exe [2008-4-14 32768]
NumLocker.lnk - c:\program files\NumLocker\NumLocker.exe [2008-8-23 230891]
updxsp32.exe [2008-4-14 34304]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-1-6 2360648]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Port pro program Symantec Fax Starter Edition.lnk - c:\program files\Microsoft Office\Office\1029\OLFSNT40.EXE [1999-4-7 46080]
Slovnˇk.lnk - c:\program files\Slovnˇk\slovnik.exe [2009-6-23 656384]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 gupdate1ca0b14fadacc18;Služba Google Update (gupdate1ca0b14fadacc18);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-22 133104]
R3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-06-14 721904]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/07/02 13:35];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-05-07 19:05 87536]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-02-03 162816]


--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - UBHELPER
*Deregistered* - agwusscf
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &Save Flash In This Page by Flash Saver - c:\progra~1\FLASHS~1\save.htm
FF - ProfilePath - c:\documents and settings\user\Data aplikací\Mozilla\Firefox\Profiles\fw7c4e9j.default\
FF - prefs.js: browser.search.selectedEngine - Qip поиск
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://www.google.cz/search?hl=cs&q=
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 9666
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 9666
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-7-Zip - c:\7-zip\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-20 18:14
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\documents and settings\user\Nabídka Start\Programy\Po spuštění\updxsp32.exe 34304 bytes executable
c:\windows\system32\nerocheck .exe 34816 bytes executable

sken byl úspešně dokončen
skryté soubory: 2

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe >>UNKNOWN [0x8A124530]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> atapi.sys @ 0xf74a0852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
NDIS: Atheros AR5007EG Wireless Network Adapter -> SendCompleteHandler -> NDIS.sys @ 0x8a10cbd4
PacketIndicateHandler -> NDIS.sys @ 0x8a118a21
SendHandler -> NDIS.sys @ 0x8a10cd44
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\agwusscf]

.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1177238915-2139871995-1417001333-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:7e,6d,9b,fa,a2,3a,1d,e3,f5,98,3a,c8,fd,b6,7b,72,74,3a,6a,3f,58,4a,b5,
c8,73,ce,c9,7f,88,52,07,fd,9a,94,83,4d,d9,2d,50,66,81,5f,ac,50,75,b8,72,36,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-1177238915-2139871995-1417001333-1003\Software\SecuROM\License information*]
"datasecu"=hex:18,89,78,46,fb,c4,02,63,5b,f8,f6,97,17,68,8d,e4,9b,64,a2,bc,a9,
d9,13,84,a6,4f,d2,6a,8b,d6,9a,41,4d,b0,b4,1f,97,82,7a,1a,b3,a6,a4,38,4d,8e,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(5104)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\program files\Slovník\slovnik.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\windows\system32\MDM.EXE
c:\docume~1\user\locals~1\temp\wmpscfgs.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\internet explorer\wmpscfgs.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
c:\docume~1\user\locals~1\temp\wmpscfgs.exe
c:\windows\system32\msfeedssync.exe
.
**************************************************************************
.
Celkový čas: 2009-12-20 18:19:04 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-20 17:19

Před spuštěním: 9 489 924 096
Po spuštění: 9 847 197 696

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noexecute=alwaysoff

- - End Of File - - 5F5AB0E8D1EBC8A3D082F2AEE7C46E47
Nahoru
pitimir
Level 3.5
Level 3.5
Příspěvky: 850
Registrován: srpen 09
Pohlaví: Muž
Stav:
Offline

Re: Nutně prosím o kontrolu logu

Příspěvekod pitimir » 21 pro 2009 15:34

Fuuuu...velmi pekne...mas tam vsetko mozne, od Vunda cez infikovane systemove subory az po rootkity...

Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:

Kód: Vybrat vše

KillAll::
File::
c:\program files\f .exe59203.dat
c:\windows\system32\fjhdyfhsn.bat
c:\documents and settings\user\Nabídka Start\Programy\Po spuštění\ihaupd32.exe
c:\documents and settings\user\Nabídka Start\Programy\Po spuštění\updxsp32.exe

Rootkit::
c:\windows\system32\drivers\agwusscf.sys

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\agwusscf]

Driver::
agwusscf

RenV::
c:\windows\system32\nerocheck .exe

MIA::
c:\windows\System32\wscntfy.exe

Restore::
c:\windows\system32\sfcfiles.dll
c:\windows\system32\drivers\ndis.sys

SRPeek::
c:\windows\system32\sfcfiles.dll
c:\windows\system32\drivers\ndis.sys
c:\windows\System32\wscntfy.exe

DDS::
uStart Page = about:blank
uDefault_Search_URL = hxxp://search.qip.ru
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip

FireFox::
FF - ProfilePath - c:\documents and settings\user\Data aplikací\Mozilla\Firefox\Profiles\fw7c4e9j.default\
FF - prefs.js: browser.search.selectedEngine - Qip поиск
FF - prefs.js: browser.startup.homepage - about:blank

StepDel::

Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.

Obrázek

Program script spracuje a spravi novy log.


Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.
Nemam rad amaterizmus...

A adresat odkazu to vie :)
Nahoru
Uživatelský avatar
PetrBlade
Level 2
Level 2
Příspěvky: 165
Registrován: červenec 09
Bydliště: Cheb
Pohlaví: Muž
Stav:
Offline

Re: Nutně prosím o kontrolu logu

Příspěvekod PetrBlade » 22 pro 2009 23:20

Asi to vzdávám. Vůbec nejde internet, respektive složka Síťová připojení je prázdná a ani firewall nejde nastavit.
Hold ho budu muset přeinstalovat...
Díky za rady, ale tohle byl moc sviňskej virus :evil:
Nahoru
pitimir
Level 3.5
Level 3.5
Příspěvky: 850
Registrován: srpen 09
Pohlaví: Muž
Stav:
Offline

Re: Nutně prosím o kontrolu logu

Příspěvekod pitimir » 23 pro 2009 10:25

No tymto skriptom by sme haved znacne preriedili...ale budiz, aj format je riesenie...

Inak mam jednu otazocku...kde si to chytil? Vzorka by potesila :)
Nemam rad amaterizmus...

A adresat odkazu to vie :)
Nahoru
Uživatelský avatar
PetrBlade
Level 2
Level 2
Příspěvky: 165
Registrován: červenec 09
Bydliště: Cheb
Pohlaví: Muž
Stav:
Offline

Re: Nutně prosím o kontrolu logu

Příspěvekod PetrBlade » 23 pro 2009 12:07

Tím skriptem mi nefunguje počítač :mad: , restartuje se, naběhne okno o neregulérním ukončení a pak se objeví na pár setin sekundy modrá smrt a počítač se znovu restartuje. Body obnovy ani ze 17.12 nepomohli, takže ovládám notebook pouze přes nouzový režim :huh: Díky :evil:
Nahoru
pitimir
Level 3.5
Level 3.5
Příspěvky: 850
Registrován: srpen 09
Pohlaví: Muž
Stav:
Offline

Re: Nutně prosím o kontrolu logu

Příspěvekod pitimir » 23 pro 2009 13:40

Za malo ;)
Pozri, pri velkych ci tazkych infekciach sa to stava a toto je jedna z prave tychto komplikovanejsich infekcii. Rootkity+Vundo+4chybajuce ci patchnute systemove subory, to je uz celkom pekna zbierka a netreba sa cudovat, ze nieco nevide podla planu.

Takze spust znova ComboFix v nudzovom rezime a hod mi sem log. Uvidime, kolko skody bolo spachanej, resp. kolko tam toho este ostalo.
Nemam rad amaterizmus...

A adresat odkazu to vie :)
Nahoru
Zamčeno

Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 67 hostů