čau dělal jsem to v HiJackThis... dělám to poprvé nevím oc víc napsat
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:47:25, on 7.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\AVG\AVG9\avgchsvx.exe
d:\Program Files\AVG\AVG9\avgrsx.exe
d:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
d:\Program Files\AVG\AVG9\avgwdsvc.exe
d:\Program Files\AVG\AVG9\avgfws9.exe
d:\Program Files\Java\jre6\bin\jqs.exe
d:\Program Files\CDBurnerXP\NMSAccessU.exe
d:\Program Files\AVG\AVG9\avgam.exe
C:\WINDOWS\system32\nvsvc32.exe
d:\Program Files\AVG\AVG9\avgnsx.exe
d:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
D:\Program Files\DEAMON Tools\daemon.exe
D:\PROGRA~1\AVG\AVG9\avgtray.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\ICQ7.1\ICQ.exe
C:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\MI3AA1~1\rapimgr.exe
d:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\msiexec.exe
D:\Program Files\Microsoft Office\Office12\POWERPNT.EXE
D:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - d:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - d:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - d:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - d:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - d:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "d:\Program Files\DEAMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG9_TRAY] d:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ICQ] "D:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\system32\svchost.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\system32\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2052111302-789336058-1801674531-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Bez HESLA!!!')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - S-1-5-21-2052111302-789336058-1801674531-1005 Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Bez HESLA!!!')
O4 - S-1-5-21-2052111302-789336058-1801674531-1005 User Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Bez HESLA!!!')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - D:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - D:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: d:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - d:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - d:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - d:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - d:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - d:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 9797 bytes
prosím o kontrolu logu Vyřešeno
prosím o kontrolu logu Vyřešeno
Naposledy upravil(a) mike007 dne 08 čer 2010 00:01, celkem upraveno 1 x.
Důvod: Opraven překlep v názvu tématu
Důvod: Opraven překlep v názvu tématu
Re: prosím o kontrolo
Ahoj,
Spustíš program HJT
-klikni na tlačítko Do a system scan and save a logfile
-Vyběhne tabulka, na začátku každého řádku je čtvereček.
-U řádku , který jsem označila, dáš do čtverečku
fajfku
-nakonec zmáčkneš tlačítko Fix checked
************************************************
Stahni ATF Cleaner http://www.slunecnice.cz/sw/atf-cleaner/
- Na záložce main zaškrtni All users temp a potvrď Empty selected
*********************************************
Stáhni na plochu ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Před použitím vypni všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
-Zavři všechna aktivní okna a spusť ho pod učtem s právy administrátora
- Po spuštění se zobrazí podmínky použití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování, se vytvoří log C:\ComboFix.txt, zkopíruj celý jeho obsah sem.
Spustíš program HJT
-klikni na tlačítko Do a system scan and save a logfile
-Vyběhne tabulka, na začátku každého řádku je čtvereček.
-U řádku , který jsem označila, dáš do čtverečku
fajfku
Kód: Vybrat vše
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - d:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\system32\svchost.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\system32\svchost.exe
-nakonec zmáčkneš tlačítko Fix checked
************************************************
Stahni ATF Cleaner http://www.slunecnice.cz/sw/atf-cleaner/
- Na záložce main zaškrtni All users temp a potvrď Empty selected
*********************************************
Stáhni na plochu ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Před použitím vypni všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
-Zavři všechna aktivní okna a spusť ho pod učtem s právy administrátora
- Po spuštění se zobrazí podmínky použití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování, se vytvoří log C:\ComboFix.txt, zkopíruj celý jeho obsah sem.
Re: prosím o kontrolu logu
nevadí když jsem po ukončení HiJackThis PC restartoval a až tedka jsem udela to v tom ComboFixu?
Re: prosím o kontrolu logu
ComboFix 10-06-07.03 - martin 08.06.2010 18:01:09.1.2 - FAT32x86
Spuštěný z: c:\documents and settings\martin\Plocha\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\data
c:\data\WINDOWSDEFENDER.EXE
C:\MediaTube_ver1.1573.1.exe
C:\StarCodec_ver1.5897.0.exe
C:\update.exe
c:\windows\system32\system32
c:\windows\system32\system32\WDB\creaturecache.wdb
c:\windows\system32\system32\WDB\gameobjectcache.wdb
c:\windows\system32\system32\WDB\itemcache.wdb
c:\windows\system32\system32\WDB\itemnamecache.wdb
c:\windows\system32\system32\WDB\itemtextcache.wdb
c:\windows\system32\system32\WDB\npccache.wdb
c:\windows\system32\system32\WDB\pagetextcache.wdb
c:\windows\system32\system32\WDB\questcache.wdb
c:\windows\system32\system32\WDB\wowcache.wdb
c:\windows\system32\vbzlib1.dll
c:\windows\UA000106.DLL
C:\wmcodec_update.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-08 do 2010-06-08 )))))))))))))))))))))))))))))))
.
2010-06-07 19:25 . 2010-06-07 19:25 -------- d-----w- d:\program files\CCleaner
2010-06-07 18:16 . 2010-06-07 18:16 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-06 20:44 . 2009-09-24 05:50 545 ----a-w- c:\windows\UC.PIF
2010-06-06 20:44 . 2009-09-24 05:50 545 ----a-w- c:\windows\RAR.PIF
2010-06-06 20:44 . 2009-09-24 05:50 545 ----a-w- c:\windows\PKZIP.PIF
2010-06-06 20:44 . 2009-09-24 05:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-06-06 20:44 . 2009-09-24 05:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-06-06 20:44 . 2009-09-24 05:50 545 ----a-w- c:\windows\LHA.PIF
2010-06-06 20:44 . 2009-09-24 05:50 545 ----a-w- c:\windows\ARJ.PIF
2010-06-01 13:26 . 2010-06-01 13:26 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-06-01 13:26 . 2010-06-01 13:26 -------- d-----w- d:\program files\Hamachi
2010-05-31 19:26 . 2010-05-31 19:26 -------- d-----w- d:\program files\GomPlayer
2010-05-30 11:21 . 2010-06-07 20:37 -------- d-----w- d:\program files\Ask.com
2010-05-27 19:57 . 2010-05-27 19:57 -------- d-sh--w- c:\documents and settings\Bez HESLA!!!\PrivacIE
2010-05-26 21:54 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-05-26 21:54 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-05-26 20:25 . 2010-05-26 20:25 -------- d-sh--w- c:\documents and settings\Bez HESLA!!!\IETldCache
2010-05-26 20:22 . 2010-05-26 20:22 -------- d-sh--w- c:\documents and settings\Guest\IETldCache
2010-05-26 20:13 . 2008-04-14 10:52 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-05-26 20:13 . 2010-05-26 20:13 -------- d-----w- c:\documents and settings\Ostatní
2010-05-22 09:26 . 2010-05-22 09:28 -------- d-----w- d:\program files\ICQ7.1
2010-05-19 13:52 . 2010-05-19 13:52 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-19 13:52 . 2010-05-19 13:52 -------- d-----w- d:\program files\Java
2010-05-15 06:33 . 2010-05-15 06:33 -------- d-----w- d:\program files\SystemRequirementsLab
2010-05-15 06:33 . 2010-05-15 06:33 -------- d-----w- c:\documents and settings\martin\SystemRequirementsLab
2010-05-11 18:50 . 2010-05-11 18:50 -------- d-----w- d:\program files\Common Files\DirectX
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-05 12:32 . 2010-02-21 12:47 -------- d-----w- d:\program files\HRY
2010-06-04 09:32 . 2001-10-25 16:00 88276 ----a-w- c:\windows\system32\perfc005.dat
2010-06-04 09:32 . 2001-10-25 16:00 470640 ----a-w- c:\windows\system32\perfh005.dat
2010-06-04 09:28 . 2010-02-21 14:33 -------- d-----w- d:\program files\Microsoft.NET
2010-06-01 09:11 . 2010-04-22 17:59 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-01 09:11 . 2010-04-22 17:59 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-01 09:04 . 2010-04-10 15:03 -------- d-----w- d:\program files\Common Files\Blizzard Entertainment
2010-05-27 20:32 . 2010-02-21 14:34 -------- d-----w- d:\program files\Microsoft Works
2010-05-22 09:27 . 2010-02-21 08:25 -------- d--h--w- d:\program files\InstallShield Installation Information
2010-05-09 15:25 . 2010-05-09 11:46 -------- d-----w- d:\program files\Common Files\Adobe
2010-05-08 19:12 . 2010-02-21 12:48 -------- d-----w- d:\program files\Opera
2010-05-04 16:50 . 2010-05-04 16:50 -------- d-----w- d:\program files\Windows Media Components
2010-04-23 15:49 . 2010-04-23 15:26 -------- d-----w- d:\program files\DivX
2010-04-22 18:19 . 2010-04-22 18:19 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-22 18:19 . 2010-04-22 17:59 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-04-22 18:19 . 2010-04-22 17:59 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-22 18:19 . 2010-04-22 17:58 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-04-22 18:19 . 2010-04-22 17:58 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-04-22 18:19 . 2010-04-22 17:59 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-04-22 18:14 . 2010-02-21 08:49 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-04-22 17:58 . 2010-04-22 17:58 -------- d-----w- d:\program files\AVG
2010-04-17 16:23 . 2010-02-21 11:44 -------- d-----w- d:\program files\CDBurnerXP
2010-04-15 13:10 . 2010-02-23 18:16 -------- d-----w- d:\program files\hp deskjet 3320 series
2010-04-14 15:07 . 2010-04-14 15:07 -------- d-----w- d:\program files\Common Files\Stardock
2010-04-14 15:07 . 2010-04-14 15:07 -------- d-----w- d:\program files\Stardock
2010-04-10 17:07 . 2010-04-10 17:07 -------- d-----w- d:\program files\Torrent
2010-04-01 11:53 . 2010-04-01 11:53 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-04-01 11:53 . 2010-04-01 11:53 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-18 11:16 . 2010-03-18 11:16 771424 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2010-03-18 11:16 . 2010-03-18 11:16 70472 ----a-w- c:\windows\system32\dxva2.dll
2010-03-18 11:16 . 2010-03-18 11:16 486216 ----a-w- c:\windows\system32\evr.dll
2010-03-18 08:09 . 2010-03-18 08:09 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-18 08:09 . 2010-03-18 08:09 49488 ----a-w- c:\windows\system32\netfxperf.dll
2010-03-18 08:09 . 2010-03-18 08:09 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-03-18 08:09 . 2010-03-18 08:09 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-03-17 16:10 . 2010-03-17 16:10 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
.
------- Sigcheck -------
[-] 2009-02-14 . E0E050F87EDFACF9BEA04EA25E933E8C . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="d:\program files\ICQ7.1\ICQ.exe" [2010-05-22 133368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"Windows Defender"="d:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-16 8491008]
"nwiz"="nwiz.exe" [2007-09-16 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-16 81920]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-07-10 188416]
"DAEMON Tools-1033"="d:\program files\DEAMON Tools\daemon.exe" [2004-08-22 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-22 18:19 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\KWorld MultiMedia\\HyperMedia\\LiveUpdate\\LiveUpdate.exe"=
"d:\\Program Files\\Opera\\opera.exe"=
"d:\\Program Files\\HRY\\Valve\\hl.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\program files\Microsoft ActiveSync\rapimgr.exe"= d:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"d:\program files\Microsoft ActiveSync\wcescomm.exe"= d:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"d:\program files\Microsoft ActiveSync\WCESMgr.exe"= d:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"d:\\Program Files\\HRY\\Valve\\hlds.exe"=
"d:\\Program Files\\Torrent\\uTorrent.exe"=
"d:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"d:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"d:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"d:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"d:\\Program Files\\ICQ7.1\\ICQ.exe"=
"d:\\Program Files\\ICQ7.1\\aolload.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 WinDefend;Windows Defender;d:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2010-04-22 30104]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSxx.sys [2010-04-22 25096]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-04-22 52872]
S0 d347bus;d347bus;c:\windows\system32\DRIVERS\d347bus.sys [2004-08-22 155136]
S0 d347prt;d347prt;c:\windows\System32\Drivers\d347prt.sys [2004-08-22 5248]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-04-22 216200]
S1 AvgTdiX;AVG Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-01 242896]
S2 avg9wd;AVG WatchDog;d:\program files\AVG\AVG9\avgwdsvc.exe [2010-04-22 308064]
S2 avgfws9;AVG Firewall;d:\program files\AVG\AVG9\avgfws9.exe [2010-06-01 2331544]
S2 AVGIDSAgent;AVG9IDSAgent;d:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
S3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2010-02-21 1025920]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2010-04-22 30104]
S3 AVGIDSDriverxpx;AVG9IDSDriver;d:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [2010-04-22 122376]
S3 AVGIDSFilterxpx;AVG9IDSFilter;d:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [2010-04-22 30216]
S3 AVGIDSShimxpx;AVG9IDSShim;d:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [2010-04-22 26120]
.
Obsah adresáře 'Naplánované úlohy'
2010-06-07 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- d:\program files\Ask.com\UpdateTask.exe [2009-07-10 15:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.facebook.com/
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - d:\program files\ICQ7.1\ICQ.exe
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-svchost - c:\windows\system32\system32\svchost.exe
ActiveSetup-{1AQ84DQR-JJ11-76J2-T08Y-2DOX280BY4LV} - c:\windows\system32\system32\svchost.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-08 18:10
Windows 5.1.2600 Service Pack 3 FAT NTAPI
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x85610D40]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbf28
\Driver\ACPI -> ACPI.sys @ 0xf7418cb8
\Driver\atapi -> 0x85610d40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf72eebb0
PacketIndicateHandler -> NDIS.sys @ 0xf72fba21
SendHandler -> NDIS.sys @ 0xf72d987b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
Celkový čas: 2010-06-08 18:12:27
ComboFix-quarantined-files.txt 2010-06-08 16:12
Před spuštěním: 9 315 172 352
Po spuštění: 9 305 587 712
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noexecute=alwaysoff
- - End Of File - - 45B176FE736442A0470D19FFDCE9AEDC
Spuštěný z: c:\documents and settings\martin\Plocha\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\data
c:\data\WINDOWSDEFENDER.EXE
C:\MediaTube_ver1.1573.1.exe
C:\StarCodec_ver1.5897.0.exe
C:\update.exe
c:\windows\system32\system32
c:\windows\system32\system32\WDB\creaturecache.wdb
c:\windows\system32\system32\WDB\gameobjectcache.wdb
c:\windows\system32\system32\WDB\itemcache.wdb
c:\windows\system32\system32\WDB\itemnamecache.wdb
c:\windows\system32\system32\WDB\itemtextcache.wdb
c:\windows\system32\system32\WDB\npccache.wdb
c:\windows\system32\system32\WDB\pagetextcache.wdb
c:\windows\system32\system32\WDB\questcache.wdb
c:\windows\system32\system32\WDB\wowcache.wdb
c:\windows\system32\vbzlib1.dll
c:\windows\UA000106.DLL
C:\wmcodec_update.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-08 do 2010-06-08 )))))))))))))))))))))))))))))))
.
2010-06-07 19:25 . 2010-06-07 19:25 -------- d-----w- d:\program files\CCleaner
2010-06-07 18:16 . 2010-06-07 18:16 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-06 20:44 . 2009-09-24 05:50 545 ----a-w- c:\windows\UC.PIF
2010-06-06 20:44 . 2009-09-24 05:50 545 ----a-w- c:\windows\RAR.PIF
2010-06-06 20:44 . 2009-09-24 05:50 545 ----a-w- c:\windows\PKZIP.PIF
2010-06-06 20:44 . 2009-09-24 05:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-06-06 20:44 . 2009-09-24 05:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-06-06 20:44 . 2009-09-24 05:50 545 ----a-w- c:\windows\LHA.PIF
2010-06-06 20:44 . 2009-09-24 05:50 545 ----a-w- c:\windows\ARJ.PIF
2010-06-01 13:26 . 2010-06-01 13:26 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-06-01 13:26 . 2010-06-01 13:26 -------- d-----w- d:\program files\Hamachi
2010-05-31 19:26 . 2010-05-31 19:26 -------- d-----w- d:\program files\GomPlayer
2010-05-30 11:21 . 2010-06-07 20:37 -------- d-----w- d:\program files\Ask.com
2010-05-27 19:57 . 2010-05-27 19:57 -------- d-sh--w- c:\documents and settings\Bez HESLA!!!\PrivacIE
2010-05-26 21:54 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-05-26 21:54 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-05-26 20:25 . 2010-05-26 20:25 -------- d-sh--w- c:\documents and settings\Bez HESLA!!!\IETldCache
2010-05-26 20:22 . 2010-05-26 20:22 -------- d-sh--w- c:\documents and settings\Guest\IETldCache
2010-05-26 20:13 . 2008-04-14 10:52 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-05-26 20:13 . 2010-05-26 20:13 -------- d-----w- c:\documents and settings\Ostatní
2010-05-22 09:26 . 2010-05-22 09:28 -------- d-----w- d:\program files\ICQ7.1
2010-05-19 13:52 . 2010-05-19 13:52 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-19 13:52 . 2010-05-19 13:52 -------- d-----w- d:\program files\Java
2010-05-15 06:33 . 2010-05-15 06:33 -------- d-----w- d:\program files\SystemRequirementsLab
2010-05-15 06:33 . 2010-05-15 06:33 -------- d-----w- c:\documents and settings\martin\SystemRequirementsLab
2010-05-11 18:50 . 2010-05-11 18:50 -------- d-----w- d:\program files\Common Files\DirectX
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-05 12:32 . 2010-02-21 12:47 -------- d-----w- d:\program files\HRY
2010-06-04 09:32 . 2001-10-25 16:00 88276 ----a-w- c:\windows\system32\perfc005.dat
2010-06-04 09:32 . 2001-10-25 16:00 470640 ----a-w- c:\windows\system32\perfh005.dat
2010-06-04 09:28 . 2010-02-21 14:33 -------- d-----w- d:\program files\Microsoft.NET
2010-06-01 09:11 . 2010-04-22 17:59 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-01 09:11 . 2010-04-22 17:59 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-01 09:04 . 2010-04-10 15:03 -------- d-----w- d:\program files\Common Files\Blizzard Entertainment
2010-05-27 20:32 . 2010-02-21 14:34 -------- d-----w- d:\program files\Microsoft Works
2010-05-22 09:27 . 2010-02-21 08:25 -------- d--h--w- d:\program files\InstallShield Installation Information
2010-05-09 15:25 . 2010-05-09 11:46 -------- d-----w- d:\program files\Common Files\Adobe
2010-05-08 19:12 . 2010-02-21 12:48 -------- d-----w- d:\program files\Opera
2010-05-04 16:50 . 2010-05-04 16:50 -------- d-----w- d:\program files\Windows Media Components
2010-04-23 15:49 . 2010-04-23 15:26 -------- d-----w- d:\program files\DivX
2010-04-22 18:19 . 2010-04-22 18:19 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-22 18:19 . 2010-04-22 17:59 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-04-22 18:19 . 2010-04-22 17:59 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-22 18:19 . 2010-04-22 17:58 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-04-22 18:19 . 2010-04-22 17:58 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-04-22 18:19 . 2010-04-22 17:59 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-04-22 18:14 . 2010-02-21 08:49 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-04-22 17:58 . 2010-04-22 17:58 -------- d-----w- d:\program files\AVG
2010-04-17 16:23 . 2010-02-21 11:44 -------- d-----w- d:\program files\CDBurnerXP
2010-04-15 13:10 . 2010-02-23 18:16 -------- d-----w- d:\program files\hp deskjet 3320 series
2010-04-14 15:07 . 2010-04-14 15:07 -------- d-----w- d:\program files\Common Files\Stardock
2010-04-14 15:07 . 2010-04-14 15:07 -------- d-----w- d:\program files\Stardock
2010-04-10 17:07 . 2010-04-10 17:07 -------- d-----w- d:\program files\Torrent
2010-04-01 11:53 . 2010-04-01 11:53 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-04-01 11:53 . 2010-04-01 11:53 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-18 11:16 . 2010-03-18 11:16 771424 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2010-03-18 11:16 . 2010-03-18 11:16 70472 ----a-w- c:\windows\system32\dxva2.dll
2010-03-18 11:16 . 2010-03-18 11:16 486216 ----a-w- c:\windows\system32\evr.dll
2010-03-18 08:09 . 2010-03-18 08:09 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-18 08:09 . 2010-03-18 08:09 49488 ----a-w- c:\windows\system32\netfxperf.dll
2010-03-18 08:09 . 2010-03-18 08:09 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-03-18 08:09 . 2010-03-18 08:09 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-03-17 16:10 . 2010-03-17 16:10 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
.
------- Sigcheck -------
[-] 2009-02-14 . E0E050F87EDFACF9BEA04EA25E933E8C . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="d:\program files\ICQ7.1\ICQ.exe" [2010-05-22 133368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"Windows Defender"="d:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-16 8491008]
"nwiz"="nwiz.exe" [2007-09-16 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-16 81920]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-07-10 188416]
"DAEMON Tools-1033"="d:\program files\DEAMON Tools\daemon.exe" [2004-08-22 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-22 18:19 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\KWorld MultiMedia\\HyperMedia\\LiveUpdate\\LiveUpdate.exe"=
"d:\\Program Files\\Opera\\opera.exe"=
"d:\\Program Files\\HRY\\Valve\\hl.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\program files\Microsoft ActiveSync\rapimgr.exe"= d:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"d:\program files\Microsoft ActiveSync\wcescomm.exe"= d:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"d:\program files\Microsoft ActiveSync\WCESMgr.exe"= d:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"d:\\Program Files\\HRY\\Valve\\hlds.exe"=
"d:\\Program Files\\Torrent\\uTorrent.exe"=
"d:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"d:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"d:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"d:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"d:\\Program Files\\ICQ7.1\\ICQ.exe"=
"d:\\Program Files\\ICQ7.1\\aolload.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 WinDefend;Windows Defender;d:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2010-04-22 30104]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSxx.sys [2010-04-22 25096]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-04-22 52872]
S0 d347bus;d347bus;c:\windows\system32\DRIVERS\d347bus.sys [2004-08-22 155136]
S0 d347prt;d347prt;c:\windows\System32\Drivers\d347prt.sys [2004-08-22 5248]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-04-22 216200]
S1 AvgTdiX;AVG Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-01 242896]
S2 avg9wd;AVG WatchDog;d:\program files\AVG\AVG9\avgwdsvc.exe [2010-04-22 308064]
S2 avgfws9;AVG Firewall;d:\program files\AVG\AVG9\avgfws9.exe [2010-06-01 2331544]
S2 AVGIDSAgent;AVG9IDSAgent;d:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
S3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2010-02-21 1025920]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2010-04-22 30104]
S3 AVGIDSDriverxpx;AVG9IDSDriver;d:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [2010-04-22 122376]
S3 AVGIDSFilterxpx;AVG9IDSFilter;d:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [2010-04-22 30216]
S3 AVGIDSShimxpx;AVG9IDSShim;d:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [2010-04-22 26120]
.
Obsah adresáře 'Naplánované úlohy'
2010-06-07 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- d:\program files\Ask.com\UpdateTask.exe [2009-07-10 15:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.facebook.com/
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - d:\program files\ICQ7.1\ICQ.exe
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-svchost - c:\windows\system32\system32\svchost.exe
ActiveSetup-{1AQ84DQR-JJ11-76J2-T08Y-2DOX280BY4LV} - c:\windows\system32\system32\svchost.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-08 18:10
Windows 5.1.2600 Service Pack 3 FAT NTAPI
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x85610D40]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbf28
\Driver\ACPI -> ACPI.sys @ 0xf7418cb8
\Driver\atapi -> 0x85610d40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf72eebb0
PacketIndicateHandler -> NDIS.sys @ 0xf72fba21
SendHandler -> NDIS.sys @ 0xf72d987b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
Celkový čas: 2010-06-08 18:12:27
ComboFix-quarantined-files.txt 2010-06-08 16:12
Před spuštěním: 9 315 172 352
Po spuštění: 9 305 587 712
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noexecute=alwaysoff
- - End Of File - - 45B176FE736442A0470D19FFDCE9AEDC
Re: prosím o kontrolu logu
Jak to teď vypadá s počítačem, změnilo se něco?
Odinstaluj všechny virtuální jednotky (Daemon nebo alcohol)
Stáhni SPTD http://www.duplexsecure.com/en/downloads
-vyber verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-ulož na plochu a spusť
- zvol možnost Uninstall
- restart PC
----------------------------
Stahni Gmer http://www.gmer.net/gmer.zip
-rozbal ho a spusť
-po prvním rychlém skenu klikni na tlačítko Save, uloží se log, který mi sem zkopíruješ.
-v pravém sloupci označ všechny položky fajfkou ve čtverečku a klikni na tlačítko scan
-až se sken dokončí, opět tlačítkem Save ulož log, který sem vložíš.
--------------------------
Stáhni MBR
http://www2.gmer.net/mbr/mbr.exe
-ulož ho na plochu
- start-spustit
do okénka zkopíruj
"%userprofile%\plocha\mbr" -t
ok
- na ploše by se měl objevit log, vlož ho zde
Odinstaluj všechny virtuální jednotky (Daemon nebo alcohol)
Stáhni SPTD http://www.duplexsecure.com/en/downloads
-vyber verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-ulož na plochu a spusť
- zvol možnost Uninstall
- restart PC
----------------------------
Stahni Gmer http://www.gmer.net/gmer.zip
-rozbal ho a spusť
-po prvním rychlém skenu klikni na tlačítko Save, uloží se log, který mi sem zkopíruješ.
-v pravém sloupci označ všechny položky fajfkou ve čtverečku a klikni na tlačítko scan
-až se sken dokončí, opět tlačítkem Save ulož log, který sem vložíš.
--------------------------
Stáhni MBR
http://www2.gmer.net/mbr/mbr.exe
-ulož ho na plochu
- start-spustit
do okénka zkopíruj
"%userprofile%\plocha\mbr" -t
ok
- na ploše by se měl objevit log, vlož ho zde
Re: prosím o kontrolu logu
no zatím jsem moc nepocítil že by se něco změnilo. ale určitě jo.
hned jak to dodělám tak ti to sem hodím.
hned jak to dodělám tak ti to sem hodím.
Re: prosím o kontrolu logu
hm.. počkej když spustím SPTD tak tam nemůžu zvolit možnost Uninstall.. (SCRN:http://img38.imageshack.us/f/beznzvuut.png/)
Re: prosím o kontrolu logu
Nevadí, pokračujte dál
Re: prosím o kontrolu logu
mam dat install nebo mam spustit Gmer
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 96 hostů