Logfile of HijackThis v1.99.1
Scan saved at 20:49:58, on 31.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Převod do PDF\PrnPack.exe
C:\WINDOWS\system32\moxhpegh.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\DOCUME~1\KUBEČEK\LOCALS~1\TEMP\_tc\tester.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2004652A-4CCE-4EA5-A49E-FEEBF2A2BA8B} - C:\WINDOWS\system32\jkkhghe.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb106\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {F3D3459F-3122-4A2C-A88A-801A0C873471} - C:\WINDOWS\system32\yayww.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb106\Dealio.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [PrintPack dispatcher] "C:\Program Files\Převod do PDF\PrnPack.exe" /server
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb106\res\DealioSearch.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\WINDOWS\system32\Print602.dll
O9 - Extra 'Tools' menuitem: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\WINDOWS\system32\Print602.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.stumbleupon.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwa ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: jkkhghe - C:\WINDOWS\SYSTEM32\jkkhghe.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winilc32 - C:\WINDOWS\SYSTEM32\winilc32.dll
O20 - Winlogon Notify: yayww - C:\WINDOWS\system32\yayww.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\moxhpegh.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
prosba o ctrlu logu, vypíná se mi kompík
A Vundo nákaza.
1. Postupuj dle tohoto návodu
Použij toho Vundofix-a
Akorát je ten návod psaný na starou verzi takže mám k tomu dvě připomínky:
1.Hned jak to spustíš tak klikni na Scan for Vundo
2.Je možné že se VundoFix po restartu znovu automaticky spustí, znamená, že některé infikované soubory, které našel, nemohly být smazány.A v tom případě opakuj postup s Vundofixem znovu.
A dej sem log z VundoFixu umístěný na C:\VundoFix.txt
2. Stáhni si HijackThis a ulož ho do samostatného adresáře.
Spusť h,o objeví se ti okno tak dole uprosřed klikni na tlačítko - Main Menu
A poté až se ti objeví menu tak klikni na Do a system scan and save a logfile
A počkej po chvilce by se ti mělo objevit okno Poznámkového bloku kde bude výpis HJT tak ho sem zkopíruj.
Předtím však než si stáhneš novou verzi tak smaž tu starou.
3. Použij ComboFixe:
Stáhni si ComboFix, ulož ho na plochu zavři všechna spuštěná okna a spusť ho.
Postupuj dle pokynů během aplikování ComboFixu neklikej do zobrazujícího se okna může se stát totiž že to proces zastaví.
Po skončení se vytvoří log tak sem zkopíruj jeho obsah.
(Je možné že se počítač restartuje, bude to kvůli tomu že ComboFix našel infikované soubory aby je smazal tak se restartuje PC)
Pro spusťění ComboFixu je nutné mít práva administrátora.
Jinak je ComboFixův log umístěný na C:\ComboFix.txt
1. Postupuj dle tohoto návodu
Použij toho Vundofix-a
Akorát je ten návod psaný na starou verzi takže mám k tomu dvě připomínky:
1.Hned jak to spustíš tak klikni na Scan for Vundo
2.Je možné že se VundoFix po restartu znovu automaticky spustí, znamená, že některé infikované soubory, které našel, nemohly být smazány.A v tom případě opakuj postup s Vundofixem znovu.
A dej sem log z VundoFixu umístěný na C:\VundoFix.txt
2. Stáhni si HijackThis a ulož ho do samostatného adresáře.
Spusť h,o objeví se ti okno tak dole uprosřed klikni na tlačítko - Main Menu
A poté až se ti objeví menu tak klikni na Do a system scan and save a logfile
A počkej po chvilce by se ti mělo objevit okno Poznámkového bloku kde bude výpis HJT tak ho sem zkopíruj.
Předtím však než si stáhneš novou verzi tak smaž tu starou.
3. Použij ComboFixe:
Stáhni si ComboFix, ulož ho na plochu zavři všechna spuštěná okna a spusť ho.
Postupuj dle pokynů během aplikování ComboFixu neklikej do zobrazujícího se okna může se stát totiž že to proces zastaví.
Po skončení se vytvoří log tak sem zkopíruj jeho obsah.
(Je možné že se počítač restartuje, bude to kvůli tomu že ComboFix našel infikované soubory aby je smazal tak se restartuje PC)
Pro spusťění ComboFixu je nutné mít práva administrátora.
Jinak je ComboFixův log umístěný na C:\ComboFix.txt
Log z Vundofix:
VundoFix V6.5.4
Checking Java version...
Scan started at 10:44:49 1.9.2007
Listing files found while scanning....
C:\WINDOWS\system32\wwyay.bak1
C:\WINDOWS\system32\wwyay.bak2
C:\WINDOWS\system32\wwyay.ini
C:\WINDOWS\system32\wwyay.ini2
C:\WINDOWS\system32\wwyay.tmp
C:\WINDOWS\system32\yayww.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\wwyay.bak1
C:\WINDOWS\system32\wwyay.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\wwyay.bak2
C:\WINDOWS\system32\wwyay.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\wwyay.ini
C:\WINDOWS\system32\wwyay.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\wwyay.ini2
C:\WINDOWS\system32\wwyay.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\wwyay.tmp
C:\WINDOWS\system32\wwyay.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\yayww.dll
C:\WINDOWS\system32\yayww.dll Has been deleted!
Performing Repairs to the registry.
Done!
Log z HiJackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54:58, on 1.9.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Převod do PDF\PrnPack.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\moxhpegh.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
D:\Instalace\Antivirové programy a prostředky\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2004652A-4CCE-4EA5-A49E-FEEBF2A2BA8B} - C:\WINDOWS\system32\jkkhghe.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb106\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\xwamlohw.dll (file missing)
O2 - BHO: (no name) - {D463E00C-AB13-4DC1-89E6-1F58AC37F8C4} - C:\WINDOWS\system32\yayww.dll (file missing)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb106\Dealio.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [PrintPack dispatcher] "C:\Program Files\Převod do PDF\PrnPack.exe" /server
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb106\res\DealioSearch.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\WINDOWS\system32\Print602.dll
O9 - Extra 'Tools' menuitem: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\WINDOWS\system32\Print602.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.stumbleupon.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwa ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: jkkhghe - jkkhghe.dll (file missing)
O20 - Winlogon Notify: winilc32 - winilc32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\moxhpegh.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
--
End of file - 6493 bytes
Log z ComboFix:
ComboFix 07-08-30.3 - "Kubeźek" 2007-09-01 12:02:55.1 - FAT32x86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.94 [GMT 2:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL
C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
C:\Program Files\myglobalsearch\bar\Cache\0007B707
C:\Program Files\myglobalsearch\bar\Cache\004570CF
C:\Program Files\myglobalsearch\bar\Cache\0047C9FD.bin
C:\Program Files\myglobalsearch\bar\Cache\0047E735.bin
C:\Program Files\myglobalsearch\bar\Cache\0047EBDD.bin
C:\Program Files\myglobalsearch\bar\Cache\files.ini
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm
C:\Program Files\video activex access
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\moxhpegh.exe
C:\WINDOWS\system32\wkotshyx.exe
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-08-01 to 2007-09-01 )))))))))))))))))))))))))))))))
2007-09-01 12:00 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-31 19:10 <DIR> d--hs---- C:\FOUND.003
2007-08-27 08:46 574,508 --a------ C:\WINDOWS\system32\yfdercgj.exe
2007-08-26 23:37 <DIR> d-------- C:\Program Files\PJsoft
2007-08-26 23:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-26 20:59 <DIR> d--hs---- C:\FOUND.002
2007-08-26 20:30 <DIR> d-------- C:\Program Files\OziExplorer
2007-08-26 15:00 <DIR> d-------- C:\Program Files\TomTom HOME
2007-08-26 11:53 299,520 --a------ C:\WINDOWS\uninst.exe
2007-08-25 19:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\GRETECH
2007-08-24 16:22 <DIR> d-------- C:\Program Files\Cyklotrasy
2007-08-24 11:38 <DIR> d--hs---- C:\FOUND.001
2007-08-23 10:16 <DIR> d--hs---- C:\FOUND.000
2007-08-16 22:42 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-08-16 22:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Skype
2007-08-16 16:48 <DIR> d-------- C:\Program Files\Digital Locker Assistant
2007-08-05 10:42 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-08-05 10:42 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-05 10:42 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-08-05 10:42 1,992 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-02 23:55 3,497,984 --a------ C:\WINDOWS\system32\cdintf300.dll
2007-08-02 23:55 22,016 --a------ C:\WINDOWS\system32\borlndmm.dll
2007-08-02 23:55 17,744 --a------ C:\WINDOWS\system32\MON602.DLL
2007-08-02 23:55 1,843,200 --a------ C:\WINDOWS\system32\acXMLParser.dll
2007-08-02 23:55 1,642,496 --a------ C:\WINDOWS\system32\Print602.dll
2007-08-02 23:55 <DIR> d-------- C:\Program Files\Common Files\soft602
2007-08-02 23:54 <DIR> d-------- C:\Program Files\Pýevod do PDF
2007-08-02 19:48 4,930,567 --a------ C:\WINDOWS\G23158_ESRI-Screensaver.SCR
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-25 21:31 --------- d-------- C:\Program Files\Aberger
2007-07-19 08:58 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-13 01:32 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-09 16:46 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-07-09 14:53 --------- d-------- C:\Program Files\MediaCoder
2007-07-06 11:06 --------- d-------- C:\Program Files\JAlbum7.2
2007-07-03 22:09 --------- d-------- C:\Program Files\Yahoo!
2007-07-03 22:05 --------- d-------- C:\Program Files\CCleaner
2007-07-03 11:19 --------- d-------- C:\Program Files\Common Files\Ahead
2007-07-03 11:17 --------- d-------- C:\Program Files\Ahead
2007-06-27 16:10 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 16:09 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 16:09 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 16:09 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 16:09 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 16:09 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 16:09 44544 --a------ C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 16:09 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 16:09 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 16:09 232960 --a------ C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 16:09 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 16:09 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 16:09 105984 --a------ C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 16:09 102400 --a------ C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 16:08 384512 --a------ C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 16:08 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 16:08 230400 --a------ C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 16:08 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 16:08 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 16:08 124928 --a------ C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 10:27 63488 --a------ C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 10:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 10:26 625152 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 09:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 15:23 1033728 --a------ C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 15:23 1033728 --a------ C:\WINDOWS\explorer.exe
2007-06-11 23:51 10834944 --a------ C:\WINDOWS\system32\dllcache\wmp.dll
--------- C:\Program Files\Převod do PDF
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D463E00C-AB13-4DC1-89E6-1F58AC37F8C4}]
C:\WINDOWS\system32\yayww.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-04-02 14:16]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-21 22:37]
"au"="C:\Program Files\Dealio\DealioAU.exe" [2007-06-27 12:46]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 20:12]
"PrintPack dispatcher"="C:\Program Files\Převod do PDF\PrnPack.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-06 12:43]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkhghe]
jkkhghe.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winilc32]
winilc32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Genuine]
rundll32.exe "C:\WINDOWS\system32\alelwrte.dll",realset
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]
rundll32.exe "C:\WINDOWS\system32\sqrrvsba.dll",realset
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j5241539]
rundll32 C:\WINDOWS\system32\j5241539.dll sook
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
R2 InCDsrvR;InCD Helper (read only);C:\Program Files\Ahead\InCD\InCDsrv.exe -r
R3 atirage;atirage;C:\WINDOWS\system32\DRIVERS\atiragem.sys
R3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 rtl8029;Realtek RTL8029(AS)-based PCI Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8029.SYS
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
FastUserSwitchingCompatibility
HidServ
LanmanServer
LanmanWorkstation
Messenger
Nla
NWCWorkstation
Schedule
Seclogon
SRService
Themes
TrkWks
W32Time
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bd5e761-2eec-11dc-988a-00304f0ec1b1}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(0)\command- Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41bc5188-efee-11db-97f0-00304f0ec1b1}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(0)\command- Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c961b130-e113-11db-97c9-00304f0ec1b1}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(0)\command- Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5523950-2a4e-11dc-9881-00304f0ec1b1}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(0)\command- Recycled\ctfmon.exe
Contents of the 'Scheduled Tasks' folder
2007-08-27 09:30:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-01 12:12:04
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-09-01 12:16:15 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-01 12:16
--- E O F ---
VundoFix V6.5.4
Checking Java version...
Scan started at 10:44:49 1.9.2007
Listing files found while scanning....
C:\WINDOWS\system32\wwyay.bak1
C:\WINDOWS\system32\wwyay.bak2
C:\WINDOWS\system32\wwyay.ini
C:\WINDOWS\system32\wwyay.ini2
C:\WINDOWS\system32\wwyay.tmp
C:\WINDOWS\system32\yayww.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\wwyay.bak1
C:\WINDOWS\system32\wwyay.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\wwyay.bak2
C:\WINDOWS\system32\wwyay.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\wwyay.ini
C:\WINDOWS\system32\wwyay.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\wwyay.ini2
C:\WINDOWS\system32\wwyay.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\wwyay.tmp
C:\WINDOWS\system32\wwyay.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\yayww.dll
C:\WINDOWS\system32\yayww.dll Has been deleted!
Performing Repairs to the registry.
Done!
Log z HiJackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54:58, on 1.9.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Převod do PDF\PrnPack.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\moxhpegh.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
D:\Instalace\Antivirové programy a prostředky\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2004652A-4CCE-4EA5-A49E-FEEBF2A2BA8B} - C:\WINDOWS\system32\jkkhghe.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb106\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\xwamlohw.dll (file missing)
O2 - BHO: (no name) - {D463E00C-AB13-4DC1-89E6-1F58AC37F8C4} - C:\WINDOWS\system32\yayww.dll (file missing)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb106\Dealio.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [PrintPack dispatcher] "C:\Program Files\Převod do PDF\PrnPack.exe" /server
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb106\res\DealioSearch.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\WINDOWS\system32\Print602.dll
O9 - Extra 'Tools' menuitem: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\WINDOWS\system32\Print602.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.stumbleupon.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwa ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: jkkhghe - jkkhghe.dll (file missing)
O20 - Winlogon Notify: winilc32 - winilc32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\moxhpegh.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
--
End of file - 6493 bytes
Log z ComboFix:
ComboFix 07-08-30.3 - "Kubeźek" 2007-09-01 12:02:55.1 - FAT32x86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.94 [GMT 2:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL
C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
C:\Program Files\myglobalsearch\bar\Cache\0007B707
C:\Program Files\myglobalsearch\bar\Cache\004570CF
C:\Program Files\myglobalsearch\bar\Cache\0047C9FD.bin
C:\Program Files\myglobalsearch\bar\Cache\0047E735.bin
C:\Program Files\myglobalsearch\bar\Cache\0047EBDD.bin
C:\Program Files\myglobalsearch\bar\Cache\files.ini
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm
C:\Program Files\video activex access
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\moxhpegh.exe
C:\WINDOWS\system32\wkotshyx.exe
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-08-01 to 2007-09-01 )))))))))))))))))))))))))))))))
2007-09-01 12:00 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-31 19:10 <DIR> d--hs---- C:\FOUND.003
2007-08-27 08:46 574,508 --a------ C:\WINDOWS\system32\yfdercgj.exe
2007-08-26 23:37 <DIR> d-------- C:\Program Files\PJsoft
2007-08-26 23:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-26 20:59 <DIR> d--hs---- C:\FOUND.002
2007-08-26 20:30 <DIR> d-------- C:\Program Files\OziExplorer
2007-08-26 15:00 <DIR> d-------- C:\Program Files\TomTom HOME
2007-08-26 11:53 299,520 --a------ C:\WINDOWS\uninst.exe
2007-08-25 19:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\GRETECH
2007-08-24 16:22 <DIR> d-------- C:\Program Files\Cyklotrasy
2007-08-24 11:38 <DIR> d--hs---- C:\FOUND.001
2007-08-23 10:16 <DIR> d--hs---- C:\FOUND.000
2007-08-16 22:42 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-08-16 22:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Skype
2007-08-16 16:48 <DIR> d-------- C:\Program Files\Digital Locker Assistant
2007-08-05 10:42 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-08-05 10:42 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-05 10:42 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-08-05 10:42 1,992 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-02 23:55 3,497,984 --a------ C:\WINDOWS\system32\cdintf300.dll
2007-08-02 23:55 22,016 --a------ C:\WINDOWS\system32\borlndmm.dll
2007-08-02 23:55 17,744 --a------ C:\WINDOWS\system32\MON602.DLL
2007-08-02 23:55 1,843,200 --a------ C:\WINDOWS\system32\acXMLParser.dll
2007-08-02 23:55 1,642,496 --a------ C:\WINDOWS\system32\Print602.dll
2007-08-02 23:55 <DIR> d-------- C:\Program Files\Common Files\soft602
2007-08-02 23:54 <DIR> d-------- C:\Program Files\Pýevod do PDF
2007-08-02 19:48 4,930,567 --a------ C:\WINDOWS\G23158_ESRI-Screensaver.SCR
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-25 21:31 --------- d-------- C:\Program Files\Aberger
2007-07-19 08:58 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-13 01:32 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-09 16:46 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-07-09 14:53 --------- d-------- C:\Program Files\MediaCoder
2007-07-06 11:06 --------- d-------- C:\Program Files\JAlbum7.2
2007-07-03 22:09 --------- d-------- C:\Program Files\Yahoo!
2007-07-03 22:05 --------- d-------- C:\Program Files\CCleaner
2007-07-03 11:19 --------- d-------- C:\Program Files\Common Files\Ahead
2007-07-03 11:17 --------- d-------- C:\Program Files\Ahead
2007-06-27 16:10 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 16:09 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 16:09 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 16:09 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 16:09 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 16:09 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 16:09 44544 --a------ C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 16:09 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 16:09 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 16:09 232960 --a------ C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 16:09 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 16:09 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 16:09 105984 --a------ C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 16:09 102400 --a------ C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 16:08 384512 --a------ C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 16:08 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 16:08 230400 --a------ C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 16:08 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 16:08 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 16:08 124928 --a------ C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 10:27 63488 --a------ C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 10:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 10:26 625152 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 09:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 15:23 1033728 --a------ C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 15:23 1033728 --a------ C:\WINDOWS\explorer.exe
2007-06-11 23:51 10834944 --a------ C:\WINDOWS\system32\dllcache\wmp.dll
--------- C:\Program Files\Převod do PDF
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D463E00C-AB13-4DC1-89E6-1F58AC37F8C4}]
C:\WINDOWS\system32\yayww.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-04-02 14:16]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-21 22:37]
"au"="C:\Program Files\Dealio\DealioAU.exe" [2007-06-27 12:46]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 20:12]
"PrintPack dispatcher"="C:\Program Files\Převod do PDF\PrnPack.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-06 12:43]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkhghe]
jkkhghe.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winilc32]
winilc32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Genuine]
rundll32.exe "C:\WINDOWS\system32\alelwrte.dll",realset
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]
rundll32.exe "C:\WINDOWS\system32\sqrrvsba.dll",realset
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j5241539]
rundll32 C:\WINDOWS\system32\j5241539.dll sook
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
R2 InCDsrvR;InCD Helper (read only);C:\Program Files\Ahead\InCD\InCDsrv.exe -r
R3 atirage;atirage;C:\WINDOWS\system32\DRIVERS\atiragem.sys
R3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 rtl8029;Realtek RTL8029(AS)-based PCI Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8029.SYS
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
FastUserSwitchingCompatibility
HidServ
LanmanServer
LanmanWorkstation
Messenger
Nla
NWCWorkstation
Schedule
Seclogon
SRService
Themes
TrkWks
W32Time
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bd5e761-2eec-11dc-988a-00304f0ec1b1}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(0)\command- Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41bc5188-efee-11db-97f0-00304f0ec1b1}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(0)\command- Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c961b130-e113-11db-97c9-00304f0ec1b1}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(0)\command- Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5523950-2a4e-11dc-9881-00304f0ec1b1}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(0)\command- Recycled\ctfmon.exe
Contents of the 'Scheduled Tasks' folder
2007-08-27 09:30:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-01 12:12:04
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-09-01 12:16:15 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-01 12:16
--- E O F ---
Při této akci je nutné mít ComboFix na ploše již by jsi ho tam měl mít stažený.
1. Spusť Notepad (Poznámkový blok) a vlož do něj celý text z toho bílého políčka:
Pak dej Soubor (File) -> Uložit jako (Save As) -> jak je Název souboru (File name) tak do toho řádku napiš: CFScript.txt
Typ souboru (Save as type) tak tam vyber *všechny soubory (*all files)
A ulož ho na plochu.
2. Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení čistícího procesu a případném restartu počítače by se ti měl zobrazit log. Jinak umístěný C:\ComboFix.txt
- Tak sem zkopíruj celý jeho obsah.
Tento soubor zkontroluj na Virustotalu:
C:\WINDOWS\G23158_ESRI-Screensaver.SCR
A vlož sem výsledek.
Pro lepší nalezení si zapni - Zobrazovat skryté a systémové soubory.
3. Udělej toto:
+ sem vlož nový log z HJT.
1. Spusť Notepad (Poznámkový blok) a vlož do něj celý text z toho bílého políčka:
Kód: Vybrat vše
File::
C:\WINDOWS\system32\yfdercgj.exe
C:\WINDOWS\system32\alelwrte.dll
C:\WINDOWS\system32\sqrrvsba.dll
C:\WINDOWS\system32\j5241539.dll
C:\WINDOWS\SYSTEM32\winilc32.dll
C:\WINDOWS\SYSTEM32\jkkhghe.dll
Folder::
C:\FOUND.003
C:\FOUND.001
C:\FOUND.000
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D463E00C-AB13-4DC1-89E6-1F58AC37F8C4}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkhghe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winilc32]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Genuine]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j5241539]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bd5e761-2eec-11dc-988a-00304f0ec1b1}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41bc5188-efee-11db-97f0-00304f0ec1b1}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c961b130-e113-11db-97c9-00304f0ec1b1}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5523950-2a4e-11dc-9881-00304f0ec1b1}]Pak dej Soubor (File) -> Uložit jako (Save As) -> jak je Název souboru (File name) tak do toho řádku napiš: CFScript.txt
Typ souboru (Save as type) tak tam vyber *všechny soubory (*all files)
A ulož ho na plochu.
2. Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení čistícího procesu a případném restartu počítače by se ti měl zobrazit log. Jinak umístěný C:\ComboFix.txt
- Tak sem zkopíruj celý jeho obsah.
Tento soubor zkontroluj na Virustotalu:
C:\WINDOWS\G23158_ESRI-Screensaver.SCR
A vlož sem výsledek.
Pro lepší nalezení si zapni - Zobrazovat skryté a systémové soubory.
3. Udělej toto:
fredik píše:Spusť Poznámkový blok (Notepad): Start -> Spustit.. otevře se ti okno a do něj napiš notepad a dej Ok.
Otevře se ti poznámkový blok a do něj zkopíruj tento tučně označený text:
If Exist ctflog.txt del /q ctflog.txt
Dir /S/A-D "%Systemdrive%\ctfmon.exe" >>ctflog.txt
Notepad ctflog.txt
Del /q ctflog.txt
Zvol v menu záložku Soubor -> Uložit jako... a natav/vyplň tyto údaje
Název souboru: ctffind.bat
Uložit jako typ: Všechny soubory
Ulož soubor někam na disk a spusť ho. Po chvíli hledání se zobrazí nové okno s výsledky, zkopíruj sem prosím celý jeho obsah.
+ sem vlož nový log z HJT.
ComboFix
ComboFix 07-08-30.3 - "Kubeźek" 2007-09-03 9:48:20.2 - FAT32x86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.70 [GMT 2:00]
Command switches used :: C:\Documents and Settings\Kubeźek\Plocha\CFScript.txt
* Created a new restore point
FILE::
C:\WINDOWS\system32\yfdercgj.exe
C:\WINDOWS\system32\alelwrte.dll
C:\WINDOWS\system32\sqrrvsba.dll
C:\WINDOWS\system32\j5241539.dll
C:\WINDOWS\SYSTEM32\winilc32.dll
C:\WINDOWS\SYSTEM32\jkkhghe.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\FOUND.000
C:\FOUND.000\FILE0000.CHK
C:\FOUND.000\FILE0001.CHK
C:\FOUND.001
C:\FOUND.001\FILE0000.CHK
C:\FOUND.001\FILE0001.CHK
C:\FOUND.003
C:\FOUND.003\FILE0000.CHK
C:\FOUND.003\FILE0001.CHK
C:\FOUND.003\FILE0002.CHK
C:\FOUND.003\FILE0003.CHK
C:\WINDOWS\system32\yfdercgj.exe
((((((((((((((((((((((((( Files Created from 2007-08-03 to 2007-09-03 )))))))))))))))))))))))))))))))
2007-09-03 09:30 <DIR> d-------- C:\WINDOWS\LastGood
2007-09-02 17:04 <DIR> d-------- C:\Program Files\Lizardtech
2007-09-02 15:39 676 --a------ C:\WINDOWS\im32st.dat
2007-09-01 15:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\PC Suite
2007-09-01 15:31 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-09-01 15:31 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-09-01 13:00 <DIR> d-------- C:\Program Files\DIFX
2007-09-01 12:59 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-09-01 12:58 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-09-01 12:58 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-09-01 12:58 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-09-01 12:58 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-09-01 12:58 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-09-01 12:58 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE
2007-09-01 12:57 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-09-01 12:57 <DIR> d-------- C:\Program Files\Nokia
2007-09-01 12:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Installations
2007-09-01 12:00 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-26 23:37 <DIR> d-------- C:\Program Files\Info Mapa 11
2007-08-26 23:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-26 20:59 <DIR> d--hs---- C:\FOUND.002
2007-08-26 20:30 <DIR> d-------- C:\Program Files\OziExplorer
2007-08-26 15:00 <DIR> d-------- C:\Program Files\TomTom HOME
2007-08-26 11:53 299,520 --a------ C:\WINDOWS\uninst.exe
2007-08-25 19:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\GRETECH
2007-08-24 16:22 <DIR> d-------- C:\Program Files\Cyklotrasy
2007-08-16 22:42 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-08-16 22:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Skype
2007-08-16 16:48 <DIR> d-------- C:\Program Files\Digital Locker Assistant
2007-08-05 10:42 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-08-05 10:42 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-05 10:42 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-08-05 10:42 1,992 --a------ C:\WINDOWS\system32\tmp.reg
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-03 00:24 4930567 --a------ C:\WINDOWS\G23158_ESRI-Screensaver.SCR
2007-08-02 23:55 --------- d-------- C:\Program Files\Common Files\soft602
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-25 21:31 --------- d-------- C:\Program Files\Aberger
2007-07-23 15:35 1642496 --a------ C:\WINDOWS\system32\Print602.dll
2007-07-19 08:58 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-13 01:32 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-09 16:46 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-07-09 14:53 --------- d-------- C:\Program Files\MediaCoder
2007-07-06 11:06 --------- d-------- C:\Program Files\JAlbum7.2
2007-07-03 22:09 --------- d-------- C:\Program Files\Yahoo!
2007-07-03 22:05 --------- d-------- C:\Program Files\CCleaner
2007-07-03 11:19 --------- d-------- C:\Program Files\Common Files\Ahead
2007-07-03 11:17 --------- d-------- C:\Program Files\Ahead
2007-06-27 16:10 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 16:09 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 16:09 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 16:09 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 16:09 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 16:09 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 16:09 44544 --a------ C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 16:09 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 16:09 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 16:09 232960 --a------ C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 16:09 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 16:09 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 16:09 105984 --a------ C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 16:09 102400 --a------ C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 16:08 384512 --a------ C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 16:08 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 16:08 230400 --a------ C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 16:08 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 16:08 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 16:08 124928 --a------ C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 10:27 63488 --a------ C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 10:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 10:26 625152 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 09:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-21 17:56 3497984 --a------ C:\WINDOWS\system32\cdintf300.dll
2007-06-21 17:56 1843200 --a------ C:\WINDOWS\system32\acXMLParser.dll
2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 15:23 1033728 --a------ C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 15:23 1033728 --a------ C:\WINDOWS\explorer.exe
2007-06-11 23:51 10834944 --a------ C:\WINDOWS\system32\dllcache\wmp.dll
2007-06-08 08:11 831048 --a------ C:\WINDOWS\system32\WudfUpdate_01005.dll
--------- C:\Program Files\Převod do PDF
((((((((((((((((((((((((((((( snapshot_2007-09-01_121454.24 )))))))))))))))))))))))))))))))))))))))))
----a-w 23,856 2006-09-16 01:02:34 C:\WINDOWS\system32\spupdsvc.exe
----a-w 1,060,864 2003-03-18 19:20:00 C:\WINDOWS\system32\mfc71.dll
----a-w 1,047,552 2003-03-18 19:12:12 C:\WINDOWS\system32\mfc71u.dll
------w 14,640 2006-09-16 01:02:34 C:\WINDOWS\system32\spmsg.dll
----a-r 203,264 2007-03-29 21:00:40 C:\WINDOWS\system32\CddbCdda.dll
------w 142,848 2006-09-15 21:30:06 C:\WINDOWS\system32\WudfHost.exe
------w 55,296 2006-09-15 21:30:16 C:\WINDOWS\system32\WudfSvc.dll
------w 308,224 2006-09-15 21:30:16 C:\WINDOWS\system32\WUDFx.dll
------w 87,040 2006-09-15 21:30:16 C:\WINDOWS\system32\WUDFCoinstaller.dll
------w 163,840 2006-09-15 20:29:54 C:\WINDOWS\system32\WudfPlatform.dll
------w 76,544 2006-09-15 20:29:52 C:\WINDOWS\system32\drivers\WudfPf.sys
------w 82,688 2006-09-15 20:30:10 C:\WINDOWS\system32\drivers\WudfRd.sys
----a-w 528,384 2007-06-08 07:30:14 C:\WINDOWS\system32\drivers\UMDF\PCCSWpdDriver.dll
----a-w 137,216 2007-02-22 09:15:56 C:\WINDOWS\system32\DRVSTORE\nmwcd_F3FA2468AF360A65811B287DD7A88CB715CF7275\nmwcd.sys
----a-w 65,536 2007-02-22 09:15:12 C:\WINDOWS\system32\DRVSTORE\nmwcd_F3FA2468AF360A65811B287DD7A88CB715CF7275\nmwcdcocls.dll
----a-w 90,624 2007-02-22 09:15:12 C:\WINDOWS\system32\DRVSTORE\nmwcd_F3FA2468AF360A65811B287DD7A88CB715CF7275\nmwcdcls.dll
----a-w 8,320 2007-02-22 09:15:14 C:\WINDOWS\system32\DRVSTORE\nmwcdc_F3FA2468AF360A65811B287DD7A88CB715CF7275\nmwcdc.sys
----a-w 12,288 2007-02-22 09:15:14 C:\WINDOWS\system32\DRVSTORE\nmwcdm2k_F3FA2468AF360A65811B287DD7A88CB715CF7275\nmwcdcm.sys
----a-w 12,288 2007-02-22 09:15:14 C:\WINDOWS\system32\DRVSTORE\nmwcdcj_F3FA2468AF360A65811B287DD7A88CB715CF7275\nmwcdcj.sys
----a-w 831,048 2007-06-08 06:11:12 C:\WINDOWS\system32\DRVSTORE\pccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4\WudfUpdate_01005.dll
----a-w 528,384 2007-06-08 07:30:14 C:\WINDOWS\system32\DRVSTORE\pccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4\PCCSWpdDriver.dll
----a-w 757,552 2007-09-01 13:37:12 C:\WINDOWS\Temp\WDF7CC.tmp\Microsoft User-Mode Driver Framework Install-v1.0-WinXP.exe
----a-r 3,262 2007-09-01 10:59:06 C:\WINDOWS\Installer\{11964613-805F-432D-A12B-169554B793E7}\ARPPRODUCTICON.exe
----a-r 10,134 2007-09-01 11:00:58 C:\WINDOWS\Installer\{99A40651-0BC2-4095-8F9A-A40FAB224FEF}\ARPPRODUCTICON.exe
----a-r 15,086 2007-09-01 13:33:26 C:\WINDOWS\Installer\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\ARPPRODUCTICON.exe
----a-w 3,496 2007-09-03 07:30:32 C:\WINDOWS\SoftwareDistribution\EventCache\{0B2FA066-1A96-4482-978E-E4784AFFAE79}.bin
------w 95,344 2006-09-28 18:13:26 C:\WINDOWS\$NtUninstallWudf01005$\wudfcoinstaller.dll
------w 146,432 2006-09-28 16:56:38 C:\WINDOWS\$NtUninstallWudf01005$\wudfhost.exe
------w 165,376 2006-09-28 16:56:16 C:\WINDOWS\$NtUninstallWudf01005$\wudfplatform.dll
------w 55,808 2006-09-28 16:56:14 C:\WINDOWS\$NtUninstallWudf01005$\wudfsvc.dll
------w 316,416 2006-09-28 16:56:38 C:\WINDOWS\$NtUninstallWudf01005$\wudfx.dll
------w 77,568 2006-09-28 16:55:50 C:\WINDOWS\$NtUninstallWudf01005$\wudfpf.sys
------w 82,944 2006-09-28 17:00:34 C:\WINDOWS\$NtUninstallWudf01005$\wudfrd.sys
------w 379,184 2006-09-16 01:02:36 C:\WINDOWS\$NtUninstallWudf01005$\spuninst\updspapi.dll
------w 221,488 2006-09-16 01:02:34 C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe
------w 70,656 2006-09-15 20:30:12 C:\WINDOWS\$NtUninstallWudf01005$\spuninst\WudfCustom.dll
----a-w 23,856 2006-09-25 15:58:48 C:\WINDOWS\system32\spupdsvc.exe
------w 146,432 2006-09-28 16:56:38 C:\WINDOWS\system32\WudfHost.exe
------w 55,808 2006-09-28 16:56:14 C:\WINDOWS\system32\WudfSvc.dll
------w 316,416 2006-09-28 16:56:38 C:\WINDOWS\system32\WUDFx.dll
------w 95,344 2006-09-28 18:13:26 C:\WINDOWS\system32\WUDFCoinstaller.dll
------w 165,376 2006-09-28 16:56:16 C:\WINDOWS\system32\WudfPlatform.dll
------w 14,640 2006-09-25 15:58:48 C:\WINDOWS\system32\spmsg.dll
------w 77,568 2006-09-28 16:55:50 C:\WINDOWS\system32\drivers\WudfPf.sys
------w 82,944 2006-09-28 17:00:34 C:\WINDOWS\system32\drivers\WudfRd.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-04-02 14:16]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-21 22:37]
"au"="C:\Program Files\Dealio\DealioAU.exe" [2007-06-27 12:46]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 20:12]
"PrintPack dispatcher"="C:\Program Files\Převod do PDF\PrnPack.exe" []
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-06 12:43]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
R2 InCDsrvR;InCD Helper (read only);C:\Program Files\Ahead\InCD\InCDsrv.exe -r
R3 atirage;atirage;C:\WINDOWS\system32\DRIVERS\atiragem.sys
R3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 rtl8029;Realtek RTL8029(AS)-based PCI Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8029.SYS
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
Contents of the 'Scheduled Tasks' folder
2007-08-27 09:30:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-03 09:55:35
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-09-03 9:59:08
C:\ComboFix-quarantined-files.txt ... 2007-09-03 09:59
C:\ComboFix2.txt ... 2007-09-01 12:16
--- E O F ---
Virustotal
Soubor G23158_ESRI-Screensaver.SCR přijatý 2007.09.03 09:50:33 (CET)
Současný stav: Dokončeno
Výsledek: 0/32 (0%)
Formátované
Vytisknout výsledky Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2007.9.1.0 2007.09.03 -
AntiVir 7.4.1.66 2007.09.03 -
Authentium 4.93.8 2007.09.02 -
Avast 4.7.1029.0 2007.09.02 -
AVG 7.5.0.484 2007.09.02 -
BitDefender 7.2 2007.09.03 -
CAT-QuickHeal 9.00 2007.09.01 -
ClamAV 0.91.2 2007.09.03 -
DrWeb 4.33 2007.09.03 -
eSafe 7.0.15.0 2007.09.02 -
eTrust-Vet 31.1.5100 2007.08.31 -
Ewido 4.0 2007.09.02 -
FileAdvisor 1 2007.09.03 -
Fortinet 3.11.0.0 2007.09.03 -
F-Prot 4.3.2.48 2007.09.02 -
F-Secure 6.70.13030.0 2007.09.03 -
Ikarus T3.1.1.12 2007.09.03 -
Kaspersky 4.0.2.24 2007.09.03 -
McAfee 5110 2007.08.31 -
Microsoft 1.2803 2007.09.03 -
NOD32v2 2498 2007.09.03 -
Norman 5.80.02 2007.09.02 -
Panda 9.0.0.4 2007.09.02 -
Prevx1 V2 2007.09.03 -
Rising 19.39.01.00 2007.09.03 -
Sophos 4.21.0 2007.09.03 -
Sunbelt 2.2.907.0 2007.08.31 -
Symantec 10 2007.09.03 -
TheHacker 6.1.9.175 2007.09.02 -
VBA32 3.12.2.3 2007.09.01 -
VirusBuster 4.3.26:9 2007.09.02 -
Webwasher-Gateway 6.0.1 2007.09.03 -
Rozšiřující informace
File size: 4930567 bytes
MD5: 692ec69adcf217f72b9b6f7063b5d4da
SHA1: c870ccb28919c69b470c08afb28cc612d1cb92aa
ctffind
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 3C44-C662.
Věpis adres ýe C:\WINDOWS\system32
17.08.2004 15:49 15˙360 ctfmon.exe
1 soubor…, 15˙360 bajt…
Věpis adres ýe C:\WINDOWS\system32\dllcache
17.08.2004 15:49 15˙360 ctfmon.exe
1 soubor…, 15˙360 bajt…
Poźet soubor… v seznamu:
2 soubor…, 30˙720 bajt…
Adres ý…: 0, Volněch bajt…: 6˙259˙597˙312
HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:53, on 2007-09-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Převod do PDF\PrnPack.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Nokia\Nokia PC Suite 6\ApplicationInstaller.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
D:\Instalace\Antivirové programy a prostředky\HijackThis\HiJackThis.exe
C:\WINDOWS\system32\cmd.exe
C:\ComboFix\swreg.cfexe
C:\WINDOWS\system32\findstr.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb106\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {D463E00C-AB13-4DC1-89E6-1F58AC37F8C4} - C:\WINDOWS\system32\yayww.dll (file missing)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb106\Dealio.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [PrintPack dispatcher] "C:\Program Files\Převod do PDF\PrnPack.exe" /server
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb106\res\DealioSearch.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\WINDOWS\system32\Print602.dll
O9 - Extra 'Tools' menuitem: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\WINDOWS\system32\Print602.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.stumbleupon.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwa ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: jkkhghe - jkkhghe.dll (file missing)
O20 - Winlogon Notify: winilc32 - winilc32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 6731 bytes
ComboFix 07-08-30.3 - "Kubeźek" 2007-09-03 9:48:20.2 - FAT32x86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.70 [GMT 2:00]
Command switches used :: C:\Documents and Settings\Kubeźek\Plocha\CFScript.txt
* Created a new restore point
FILE::
C:\WINDOWS\system32\yfdercgj.exe
C:\WINDOWS\system32\alelwrte.dll
C:\WINDOWS\system32\sqrrvsba.dll
C:\WINDOWS\system32\j5241539.dll
C:\WINDOWS\SYSTEM32\winilc32.dll
C:\WINDOWS\SYSTEM32\jkkhghe.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\FOUND.000
C:\FOUND.000\FILE0000.CHK
C:\FOUND.000\FILE0001.CHK
C:\FOUND.001
C:\FOUND.001\FILE0000.CHK
C:\FOUND.001\FILE0001.CHK
C:\FOUND.003
C:\FOUND.003\FILE0000.CHK
C:\FOUND.003\FILE0001.CHK
C:\FOUND.003\FILE0002.CHK
C:\FOUND.003\FILE0003.CHK
C:\WINDOWS\system32\yfdercgj.exe
((((((((((((((((((((((((( Files Created from 2007-08-03 to 2007-09-03 )))))))))))))))))))))))))))))))
2007-09-03 09:30 <DIR> d-------- C:\WINDOWS\LastGood
2007-09-02 17:04 <DIR> d-------- C:\Program Files\Lizardtech
2007-09-02 15:39 676 --a------ C:\WINDOWS\im32st.dat
2007-09-01 15:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\PC Suite
2007-09-01 15:31 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-09-01 15:31 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-09-01 13:00 <DIR> d-------- C:\Program Files\DIFX
2007-09-01 12:59 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-09-01 12:58 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-09-01 12:58 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-09-01 12:58 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-09-01 12:58 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-09-01 12:58 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-09-01 12:58 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE
2007-09-01 12:57 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-09-01 12:57 <DIR> d-------- C:\Program Files\Nokia
2007-09-01 12:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Installations
2007-09-01 12:00 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-26 23:37 <DIR> d-------- C:\Program Files\Info Mapa 11
2007-08-26 23:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-26 20:59 <DIR> d--hs---- C:\FOUND.002
2007-08-26 20:30 <DIR> d-------- C:\Program Files\OziExplorer
2007-08-26 15:00 <DIR> d-------- C:\Program Files\TomTom HOME
2007-08-26 11:53 299,520 --a------ C:\WINDOWS\uninst.exe
2007-08-25 19:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\GRETECH
2007-08-24 16:22 <DIR> d-------- C:\Program Files\Cyklotrasy
2007-08-16 22:42 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-08-16 22:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Skype
2007-08-16 16:48 <DIR> d-------- C:\Program Files\Digital Locker Assistant
2007-08-05 10:42 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-08-05 10:42 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-05 10:42 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-08-05 10:42 1,992 --a------ C:\WINDOWS\system32\tmp.reg
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-03 00:24 4930567 --a------ C:\WINDOWS\G23158_ESRI-Screensaver.SCR
2007-08-02 23:55 --------- d-------- C:\Program Files\Common Files\soft602
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-25 21:31 --------- d-------- C:\Program Files\Aberger
2007-07-23 15:35 1642496 --a------ C:\WINDOWS\system32\Print602.dll
2007-07-19 08:58 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-13 01:32 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-09 16:46 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-07-09 14:53 --------- d-------- C:\Program Files\MediaCoder
2007-07-06 11:06 --------- d-------- C:\Program Files\JAlbum7.2
2007-07-03 22:09 --------- d-------- C:\Program Files\Yahoo!
2007-07-03 22:05 --------- d-------- C:\Program Files\CCleaner
2007-07-03 11:19 --------- d-------- C:\Program Files\Common Files\Ahead
2007-07-03 11:17 --------- d-------- C:\Program Files\Ahead
2007-06-27 16:10 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 16:09 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 16:09 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 16:09 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 16:09 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 16:09 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 16:09 44544 --a------ C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 16:09 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 16:09 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 16:09 232960 --a------ C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 16:09 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 16:09 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 16:09 105984 --a------ C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 16:09 102400 --a------ C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 16:08 384512 --a------ C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 16:08 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 16:08 230400 --a------ C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 16:08 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 16:08 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 16:08 124928 --a------ C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 10:27 63488 --a------ C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 10:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 10:26 625152 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 09:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-21 17:56 3497984 --a------ C:\WINDOWS\system32\cdintf300.dll
2007-06-21 17:56 1843200 --a------ C:\WINDOWS\system32\acXMLParser.dll
2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 15:23 1033728 --a------ C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 15:23 1033728 --a------ C:\WINDOWS\explorer.exe
2007-06-11 23:51 10834944 --a------ C:\WINDOWS\system32\dllcache\wmp.dll
2007-06-08 08:11 831048 --a------ C:\WINDOWS\system32\WudfUpdate_01005.dll
--------- C:\Program Files\Převod do PDF
((((((((((((((((((((((((((((( snapshot_2007-09-01_121454.24 )))))))))))))))))))))))))))))))))))))))))
----a-w 23,856 2006-09-16 01:02:34 C:\WINDOWS\system32\spupdsvc.exe
----a-w 1,060,864 2003-03-18 19:20:00 C:\WINDOWS\system32\mfc71.dll
----a-w 1,047,552 2003-03-18 19:12:12 C:\WINDOWS\system32\mfc71u.dll
------w 14,640 2006-09-16 01:02:34 C:\WINDOWS\system32\spmsg.dll
----a-r 203,264 2007-03-29 21:00:40 C:\WINDOWS\system32\CddbCdda.dll
------w 142,848 2006-09-15 21:30:06 C:\WINDOWS\system32\WudfHost.exe
------w 55,296 2006-09-15 21:30:16 C:\WINDOWS\system32\WudfSvc.dll
------w 308,224 2006-09-15 21:30:16 C:\WINDOWS\system32\WUDFx.dll
------w 87,040 2006-09-15 21:30:16 C:\WINDOWS\system32\WUDFCoinstaller.dll
------w 163,840 2006-09-15 20:29:54 C:\WINDOWS\system32\WudfPlatform.dll
------w 76,544 2006-09-15 20:29:52 C:\WINDOWS\system32\drivers\WudfPf.sys
------w 82,688 2006-09-15 20:30:10 C:\WINDOWS\system32\drivers\WudfRd.sys
----a-w 528,384 2007-06-08 07:30:14 C:\WINDOWS\system32\drivers\UMDF\PCCSWpdDriver.dll
----a-w 137,216 2007-02-22 09:15:56 C:\WINDOWS\system32\DRVSTORE\nmwcd_F3FA2468AF360A65811B287DD7A88CB715CF7275\nmwcd.sys
----a-w 65,536 2007-02-22 09:15:12 C:\WINDOWS\system32\DRVSTORE\nmwcd_F3FA2468AF360A65811B287DD7A88CB715CF7275\nmwcdcocls.dll
----a-w 90,624 2007-02-22 09:15:12 C:\WINDOWS\system32\DRVSTORE\nmwcd_F3FA2468AF360A65811B287DD7A88CB715CF7275\nmwcdcls.dll
----a-w 8,320 2007-02-22 09:15:14 C:\WINDOWS\system32\DRVSTORE\nmwcdc_F3FA2468AF360A65811B287DD7A88CB715CF7275\nmwcdc.sys
----a-w 12,288 2007-02-22 09:15:14 C:\WINDOWS\system32\DRVSTORE\nmwcdm2k_F3FA2468AF360A65811B287DD7A88CB715CF7275\nmwcdcm.sys
----a-w 12,288 2007-02-22 09:15:14 C:\WINDOWS\system32\DRVSTORE\nmwcdcj_F3FA2468AF360A65811B287DD7A88CB715CF7275\nmwcdcj.sys
----a-w 831,048 2007-06-08 06:11:12 C:\WINDOWS\system32\DRVSTORE\pccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4\WudfUpdate_01005.dll
----a-w 528,384 2007-06-08 07:30:14 C:\WINDOWS\system32\DRVSTORE\pccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4\PCCSWpdDriver.dll
----a-w 757,552 2007-09-01 13:37:12 C:\WINDOWS\Temp\WDF7CC.tmp\Microsoft User-Mode Driver Framework Install-v1.0-WinXP.exe
----a-r 3,262 2007-09-01 10:59:06 C:\WINDOWS\Installer\{11964613-805F-432D-A12B-169554B793E7}\ARPPRODUCTICON.exe
----a-r 10,134 2007-09-01 11:00:58 C:\WINDOWS\Installer\{99A40651-0BC2-4095-8F9A-A40FAB224FEF}\ARPPRODUCTICON.exe
----a-r 15,086 2007-09-01 13:33:26 C:\WINDOWS\Installer\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\ARPPRODUCTICON.exe
----a-w 3,496 2007-09-03 07:30:32 C:\WINDOWS\SoftwareDistribution\EventCache\{0B2FA066-1A96-4482-978E-E4784AFFAE79}.bin
------w 95,344 2006-09-28 18:13:26 C:\WINDOWS\$NtUninstallWudf01005$\wudfcoinstaller.dll
------w 146,432 2006-09-28 16:56:38 C:\WINDOWS\$NtUninstallWudf01005$\wudfhost.exe
------w 165,376 2006-09-28 16:56:16 C:\WINDOWS\$NtUninstallWudf01005$\wudfplatform.dll
------w 55,808 2006-09-28 16:56:14 C:\WINDOWS\$NtUninstallWudf01005$\wudfsvc.dll
------w 316,416 2006-09-28 16:56:38 C:\WINDOWS\$NtUninstallWudf01005$\wudfx.dll
------w 77,568 2006-09-28 16:55:50 C:\WINDOWS\$NtUninstallWudf01005$\wudfpf.sys
------w 82,944 2006-09-28 17:00:34 C:\WINDOWS\$NtUninstallWudf01005$\wudfrd.sys
------w 379,184 2006-09-16 01:02:36 C:\WINDOWS\$NtUninstallWudf01005$\spuninst\updspapi.dll
------w 221,488 2006-09-16 01:02:34 C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe
------w 70,656 2006-09-15 20:30:12 C:\WINDOWS\$NtUninstallWudf01005$\spuninst\WudfCustom.dll
----a-w 23,856 2006-09-25 15:58:48 C:\WINDOWS\system32\spupdsvc.exe
------w 146,432 2006-09-28 16:56:38 C:\WINDOWS\system32\WudfHost.exe
------w 55,808 2006-09-28 16:56:14 C:\WINDOWS\system32\WudfSvc.dll
------w 316,416 2006-09-28 16:56:38 C:\WINDOWS\system32\WUDFx.dll
------w 95,344 2006-09-28 18:13:26 C:\WINDOWS\system32\WUDFCoinstaller.dll
------w 165,376 2006-09-28 16:56:16 C:\WINDOWS\system32\WudfPlatform.dll
------w 14,640 2006-09-25 15:58:48 C:\WINDOWS\system32\spmsg.dll
------w 77,568 2006-09-28 16:55:50 C:\WINDOWS\system32\drivers\WudfPf.sys
------w 82,944 2006-09-28 17:00:34 C:\WINDOWS\system32\drivers\WudfRd.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-04-02 14:16]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-21 22:37]
"au"="C:\Program Files\Dealio\DealioAU.exe" [2007-06-27 12:46]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 20:12]
"PrintPack dispatcher"="C:\Program Files\Převod do PDF\PrnPack.exe" []
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-06 12:43]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
R2 InCDsrvR;InCD Helper (read only);C:\Program Files\Ahead\InCD\InCDsrv.exe -r
R3 atirage;atirage;C:\WINDOWS\system32\DRIVERS\atiragem.sys
R3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 rtl8029;Realtek RTL8029(AS)-based PCI Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8029.SYS
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
Contents of the 'Scheduled Tasks' folder
2007-08-27 09:30:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-03 09:55:35
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-09-03 9:59:08
C:\ComboFix-quarantined-files.txt ... 2007-09-03 09:59
C:\ComboFix2.txt ... 2007-09-01 12:16
--- E O F ---
Virustotal
Soubor G23158_ESRI-Screensaver.SCR přijatý 2007.09.03 09:50:33 (CET)
Současný stav: Dokončeno
Výsledek: 0/32 (0%)
Formátované
Vytisknout výsledky Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2007.9.1.0 2007.09.03 -
AntiVir 7.4.1.66 2007.09.03 -
Authentium 4.93.8 2007.09.02 -
Avast 4.7.1029.0 2007.09.02 -
AVG 7.5.0.484 2007.09.02 -
BitDefender 7.2 2007.09.03 -
CAT-QuickHeal 9.00 2007.09.01 -
ClamAV 0.91.2 2007.09.03 -
DrWeb 4.33 2007.09.03 -
eSafe 7.0.15.0 2007.09.02 -
eTrust-Vet 31.1.5100 2007.08.31 -
Ewido 4.0 2007.09.02 -
FileAdvisor 1 2007.09.03 -
Fortinet 3.11.0.0 2007.09.03 -
F-Prot 4.3.2.48 2007.09.02 -
F-Secure 6.70.13030.0 2007.09.03 -
Ikarus T3.1.1.12 2007.09.03 -
Kaspersky 4.0.2.24 2007.09.03 -
McAfee 5110 2007.08.31 -
Microsoft 1.2803 2007.09.03 -
NOD32v2 2498 2007.09.03 -
Norman 5.80.02 2007.09.02 -
Panda 9.0.0.4 2007.09.02 -
Prevx1 V2 2007.09.03 -
Rising 19.39.01.00 2007.09.03 -
Sophos 4.21.0 2007.09.03 -
Sunbelt 2.2.907.0 2007.08.31 -
Symantec 10 2007.09.03 -
TheHacker 6.1.9.175 2007.09.02 -
VBA32 3.12.2.3 2007.09.01 -
VirusBuster 4.3.26:9 2007.09.02 -
Webwasher-Gateway 6.0.1 2007.09.03 -
Rozšiřující informace
File size: 4930567 bytes
MD5: 692ec69adcf217f72b9b6f7063b5d4da
SHA1: c870ccb28919c69b470c08afb28cc612d1cb92aa
ctffind
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 3C44-C662.
Věpis adres ýe C:\WINDOWS\system32
17.08.2004 15:49 15˙360 ctfmon.exe
1 soubor…, 15˙360 bajt…
Věpis adres ýe C:\WINDOWS\system32\dllcache
17.08.2004 15:49 15˙360 ctfmon.exe
1 soubor…, 15˙360 bajt…
Poźet soubor… v seznamu:
2 soubor…, 30˙720 bajt…
Adres ý…: 0, Volněch bajt…: 6˙259˙597˙312
HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:53, on 2007-09-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Převod do PDF\PrnPack.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Nokia\Nokia PC Suite 6\ApplicationInstaller.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
D:\Instalace\Antivirové programy a prostředky\HijackThis\HiJackThis.exe
C:\WINDOWS\system32\cmd.exe
C:\ComboFix\swreg.cfexe
C:\WINDOWS\system32\findstr.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb106\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {D463E00C-AB13-4DC1-89E6-1F58AC37F8C4} - C:\WINDOWS\system32\yayww.dll (file missing)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb106\Dealio.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [PrintPack dispatcher] "C:\Program Files\Převod do PDF\PrnPack.exe" /server
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb106\res\DealioSearch.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\WINDOWS\system32\Print602.dll
O9 - Extra 'Tools' menuitem: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\WINDOWS\system32\Print602.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.stumbleupon.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwa ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: jkkhghe - jkkhghe.dll (file missing)
O20 - Winlogon Notify: winilc32 - winilc32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 6731 bytes
Složku jsem smazal, nový log je zde, a díky za trpělivost 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:04:57, on 3.9.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Převod do PDF\PrnPack.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Nokia\Nokia PC Suite 6\ApplicationInstaller.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\DC++\StrongDC.exe
D:\Instalace\Antivirové programy a prostředky\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb106\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb106\Dealio.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [PrintPack dispatcher] "C:\Program Files\Převod do PDF\PrnPack.exe" /server
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb106\res\DealioSearch.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\WINDOWS\system32\Print602.dll
O9 - Extra 'Tools' menuitem: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\WINDOWS\system32\Print602.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.stumbleupon.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwa ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 6333 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:04:57, on 3.9.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Převod do PDF\PrnPack.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Nokia\Nokia PC Suite 6\ApplicationInstaller.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\DC++\StrongDC.exe
D:\Instalace\Antivirové programy a prostředky\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb106\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb106\Dealio.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [PrintPack dispatcher] "C:\Program Files\Převod do PDF\PrnPack.exe" /server
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb106\res\DealioSearch.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\WINDOWS\system32\Print602.dll
O9 - Extra 'Tools' menuitem: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\WINDOWS\system32\Print602.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.stumbleupon.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwa ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 6333 bytes
Log je v pořádku.
Smaž CFScript.txt a ComboFix - jsou uloženi na ploše.
Smaž také tento program - ctffind.bat a jeho log ctflog.txt - na disku je musíš najít kam jsi je uložil.
Stáhni si T-Cleaner a spusť ho.
Poté co program odvede svou práci tak můžeš smazat i T-Cleaner.bat
A to je vše pokud nemáš problémy.
Smaž CFScript.txt a ComboFix - jsou uloženi na ploše.
Smaž také tento program - ctffind.bat a jeho log ctflog.txt - na disku je musíš najít kam jsi je uložil.
Stáhni si T-Cleaner a spusť ho.
Poté co program odvede svou práci tak můžeš smazat i T-Cleaner.bat
A to je vše pokud nemáš problémy.
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 95 hostů