Logfile of HijackThis v1.99.1
Scan saved at 16:50:33, on 16.9.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\AVIRA Desktop\AVGNT.EXE
C:\Program Files\AVIRA Desktop\AVESVC.EXE
C:\Program Files\AVIRA Desktop\AVGUARD.EXE
C:\Program Files\AVIRA Desktop\AVWUPSRV.EXE
C:\WINDOWS\System32\htrbfgvk.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\oodag.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVIRA Desktop\AVMAILC.EXE
C:\Program Files\Opera\Opera.exe
D:\Dokumenty\Martin\hijackthis\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVIRA Desktop\AVGNT.EXE" /min
O4 - HKLM\..\Run: [AVWUpd32] "C:\PROGRA~1\AVIRAD~1\Avwupd32.EXE" /min
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\System32\kjeababt.dll",forkonce
O4 - HKLM\..\RunServices: [Topic lnternat] lnternat.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Broken Internet access because of LSP provider 'avsda.dll' missing
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F5CC887-3626-417E-92CD-493FC359D6D5}: NameServer = 62.240.161.226,213.192.21.70
O17 - HKLM\System\CS1\Services\Tcpip\..\{1F5CC887-3626-417E-92CD-493FC359D6D5}: NameServer = 62.240.161.226,213.192.21.70
O17 - HKLM\System\CS2\Services\Tcpip\..\{1F5CC887-3626-417E-92CD-493FC359D6D5}: NameServer = 62.240.161.226,213.192.21.70
O23 - Service: AVE Service (AVEService) - AVIRA GmbH - C:\Program Files\AVIRA Desktop\AVESVC.EXE
O23 - Service: AVIRA Mail Security Service (AVIRAMailService) - AVIRA GmbH - C:\Program Files\AVIRA Desktop\AVMAILC.EXE
O23 - Service: AVIRA Service (AVIRAService) - AVIRA GmbH - C:\Program Files\AVIRA Desktop\AVGUARD.EXE
O23 - Service: AVIRA Update (AVWUpSrv) - AVIRA GmbH - C:\Program Files\AVIRA Desktop\AVWUPSRV.EXE
O23 - Service: DomainService - - C:\WINDOWS\System32\htrbfgvk.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
Prosim kontrolu logu
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Poznámka:
Používáš starší verzi HijackThis, stáhni si aktuální verzi zde a tu starou před použitím vymaž a dej sem pak nový log z HJT z nové verze.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Poznámka:
Používáš starší verzi HijackThis, stáhni si aktuální verzi zde a tu starou před použitím vymaž a dej sem pak nový log z HJT z nové verze.
ComboFix 07-09-21.2 - "Martin" 2007-09-21 16:46:28.1 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.260 [GMT 2:00]
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\check_LSA7.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\g32.txt
C:\WINDOWS\s32.txt
C:\WINDOWS\system32\0_exception.nls
C:\WINDOWS\system32\aaipjjdu.exe
C:\WINDOWS\system32\drivers\runtime2.sys
C:\WINDOWS\system32\drivers\secdrv.sys
C:\WINDOWS\system32\ewuskjkg.exe
C:\WINDOWS\system32\hggffgh.dll
C:\WINDOWS\system32\hjjlm.bak1
C:\WINDOWS\system32\hjjlm.bak2
C:\WINDOWS\system32\hjjlm.ini
C:\WINDOWS\system32\htrbfgvk.exe
C:\WINDOWS\system32\kqjgsaew.exe
C:\WINDOWS\system32\mdeafxte.exe
C:\WINDOWS\system32\mljjh.dll
C:\WINDOWS\system32\odomyfnt.exe
C:\WINDOWS\system32\ovuhgdfq.dll
C:\WINDOWS\system32\pchpapwq.exe
C:\WINDOWS\system32\rkncwusy.dll
C:\WINDOWS\system32\tvjuxfow.ini
C:\WINDOWS\system32\wofxujvt.dll
C:\WINDOWS\system32\ynrrslqo.exe
C:\WINDOWS\system32\ysuwcnkr.ini
C:\WINDOWS\ws386.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_ASPIMGR
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FWDRV.SYS
-------\LEGACY_RUNTIME
-------\LEGACY_RUNTIME2
-------\DomainService
-------\fwdrv.sys
-------\qqd.sys
-------\runtime
((((((((((((((((((((((((( Files Created from 2007-08-21 to 2007-09-21 )))))))))))))))))))))))))))))))
.
2007-09-21 16:46 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-20 17:44 83,008 --a------ C:\WINDOWS\system32\avphsibn.dll
2007-09-17 21:36 <DIR> d-------- C:\Temp
2007-09-16 20:45 <DIR> d-------- C:\K750_R1DB001_MAIN_EU_1_CL_RED49
2007-09-16 20:34 <DIR> d-------- C:\rest_K750_R1DB001
2007-09-16 20:25 <DIR> d-------- C:\My Backstreet
2007-09-16 20:11 <DIR> d-------- C:\rest_k750_R1BC002
2007-09-16 20:08 <DIR> d-------- C:\k750w800_r2e_dcu_49r
2007-09-16 17:03 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-09-16 16:57 19,424 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys
2007-09-16 16:57 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2007-09-16 16:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Last.fm
2007-09-12 16:16 0 --a------ C:\WINDOWS\system32\ntkrpamp.exe
2007-09-12 16:16 0 --a------ C:\WINDOWS\system32\ntkrnlmp.exe
2007-09-12 15:44 244,448 --a------ C:\WINDOWS\system32\fb24efdf.sys
2007-09-10 16:21 <DIR> d-------- C:\Program Files\Emgeton MiniMax
2007-09-01 21:21 41 ---h----- C:\WINDOWS\dsez5079.dat
2007-09-01 21:21 <DIR> d-------- C:\Program Files\PhotoFiltre Studio
2007-09-01 11:28 <DIR> d-------- C:\Program Files\CDex_150
2007-08-25 11:16 <DIR> d-------- C:\Program Files\Crawler
2007-08-21 11:37 <DIR> d-------- C:\Program Files\Sony Ericsson
2007-08-21 11:37 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2007-08-21 11:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Teleca
2007-08-21 11:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Sony Ericsson
2007-08-21 11:35 6,144 --a------ C:\WINDOWS\system32\drivers\k750cm.sys
2007-08-21 11:35 5,744 --a------ C:\WINDOWS\system32\drivers\k750wh.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-18 15:52 --------- d-------- C:\Program Files\Spyware Terminator
2007-09-16 17:03 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-09-16 17:03 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2007-09-16 16:07 --------- d-------- C:\Program Files\Last.fm
2007-09-15 11:41 --------- d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-09-13 15:25 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Spyware Terminator
2007-09-10 21:59 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-25 11:19 138624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-08-13 23:29 --------- d-------- C:\Program Files\ICQLite
2007-08-03 16:00 --------- d-------- C:\Program Files\Webteh
2007-08-03 15:56 --------- d-------- C:\Program Files\Combined Community Codec Pack
2007-08-02 15:58 --------- d-------- C:\Program Files\Ontrack
2007-07-28 14:58 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-07-28 14:58 --------- d-------- C:\Program Files\Brother
2007-07-28 14:57 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\InstallShield
2007-07-28 14:56 --------- d-------- C:\Program Files\ScanSoft
2007-07-28 14:56 --------- d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-07-28 14:56 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\ScanSoft
2007-07-28 14:56 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Brother
2007-07-24 17:26 --------- d-------- C:\Program Files\Opera
2007-07-24 16:46 --------- d-------- C:\Program Files\OO Software
2007-07-22 12:20 --------- d-------- C:\Program Files\Trillian
2007-07-21 16:10 --------- d-------- C:\Program Files\Winamp
2007-07-17 15:45 737280 --a------ C:\WINDOWS\iun6002.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-03-09 15:29]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-03-09 15:29]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-08-25 11:18]
"AVGCtrl"="C:\Program Files\AVIRA Desktop\AVGNT.exe" [2005-02-18 08:09]
"AVWUpd32"="C:\PROGRA~1\AVIRAD~1\Avwupd32.exe" [2004-09-02 15:29]
"SearchIndexer"="C:\WINDOWS\System32\avphsibn.dll" [2007-09-20 17:44]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Topic lnternat"=lnternat.exe
a log z HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:51, on 2007-09-21
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVIRA Desktop\AVESVC.EXE
C:\Program Files\AVIRA Desktop\AVGUARD.EXE
C:\Program Files\AVIRA Desktop\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\oodag.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVIRA Desktop\AVMAILC.EXE
C:\Program Files\AVIRA Desktop\AVGNT.EXE
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Martin\Plocha\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVIRA Desktop\AVGNT.EXE" /min
O4 - HKLM\..\Run: [AVWUpd32] "C:\PROGRA~1\AVIRAD~1\Avwupd32.EXE" /min
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\System32\avphsibn.dll",sitypnow
O4 - HKLM\..\RunServices: [Topic lnternat] lnternat.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F5CC887-3626-417E-92CD-493FC359D6D5}: NameServer = 62.240.161.226,213.192.21.70
O17 - HKLM\System\CS1\Services\Tcpip\..\{1F5CC887-3626-417E-92CD-493FC359D6D5}: NameServer = 62.240.161.226,213.192.21.70
O17 - HKLM\System\CS2\Services\Tcpip\..\{1F5CC887-3626-417E-92CD-493FC359D6D5}: NameServer = 62.240.161.226,213.192.21.70
O23 - Service: AVE Service (AVEService) - AVIRA GmbH - C:\Program Files\AVIRA Desktop\AVESVC.EXE
O23 - Service: AVIRA Mail Security Service (AVIRAMailService) - AVIRA GmbH - C:\Program Files\AVIRA Desktop\AVMAILC.EXE
O23 - Service: AVIRA Service (AVIRAService) - AVIRA GmbH - C:\Program Files\AVIRA Desktop\AVGUARD.EXE
O23 - Service: AVIRA Update (AVWUpSrv) - AVIRA GmbH - C:\Program Files\AVIRA Desktop\AVWUPSRV.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 4407 bytes
Diky za rady :)
Syst‚m Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.260 [GMT 2:00]
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\check_LSA7.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\g32.txt
C:\WINDOWS\s32.txt
C:\WINDOWS\system32\0_exception.nls
C:\WINDOWS\system32\aaipjjdu.exe
C:\WINDOWS\system32\drivers\runtime2.sys
C:\WINDOWS\system32\drivers\secdrv.sys
C:\WINDOWS\system32\ewuskjkg.exe
C:\WINDOWS\system32\hggffgh.dll
C:\WINDOWS\system32\hjjlm.bak1
C:\WINDOWS\system32\hjjlm.bak2
C:\WINDOWS\system32\hjjlm.ini
C:\WINDOWS\system32\htrbfgvk.exe
C:\WINDOWS\system32\kqjgsaew.exe
C:\WINDOWS\system32\mdeafxte.exe
C:\WINDOWS\system32\mljjh.dll
C:\WINDOWS\system32\odomyfnt.exe
C:\WINDOWS\system32\ovuhgdfq.dll
C:\WINDOWS\system32\pchpapwq.exe
C:\WINDOWS\system32\rkncwusy.dll
C:\WINDOWS\system32\tvjuxfow.ini
C:\WINDOWS\system32\wofxujvt.dll
C:\WINDOWS\system32\ynrrslqo.exe
C:\WINDOWS\system32\ysuwcnkr.ini
C:\WINDOWS\ws386.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_ASPIMGR
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FWDRV.SYS
-------\LEGACY_RUNTIME
-------\LEGACY_RUNTIME2
-------\DomainService
-------\fwdrv.sys
-------\qqd.sys
-------\runtime
((((((((((((((((((((((((( Files Created from 2007-08-21 to 2007-09-21 )))))))))))))))))))))))))))))))
.
2007-09-21 16:46 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-20 17:44 83,008 --a------ C:\WINDOWS\system32\avphsibn.dll
2007-09-17 21:36 <DIR> d-------- C:\Temp
2007-09-16 20:45 <DIR> d-------- C:\K750_R1DB001_MAIN_EU_1_CL_RED49
2007-09-16 20:34 <DIR> d-------- C:\rest_K750_R1DB001
2007-09-16 20:25 <DIR> d-------- C:\My Backstreet
2007-09-16 20:11 <DIR> d-------- C:\rest_k750_R1BC002
2007-09-16 20:08 <DIR> d-------- C:\k750w800_r2e_dcu_49r
2007-09-16 17:03 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-09-16 16:57 19,424 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys
2007-09-16 16:57 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2007-09-16 16:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Last.fm
2007-09-12 16:16 0 --a------ C:\WINDOWS\system32\ntkrpamp.exe
2007-09-12 16:16 0 --a------ C:\WINDOWS\system32\ntkrnlmp.exe
2007-09-12 15:44 244,448 --a------ C:\WINDOWS\system32\fb24efdf.sys
2007-09-10 16:21 <DIR> d-------- C:\Program Files\Emgeton MiniMax
2007-09-01 21:21 41 ---h----- C:\WINDOWS\dsez5079.dat
2007-09-01 21:21 <DIR> d-------- C:\Program Files\PhotoFiltre Studio
2007-09-01 11:28 <DIR> d-------- C:\Program Files\CDex_150
2007-08-25 11:16 <DIR> d-------- C:\Program Files\Crawler
2007-08-21 11:37 <DIR> d-------- C:\Program Files\Sony Ericsson
2007-08-21 11:37 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2007-08-21 11:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Teleca
2007-08-21 11:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Sony Ericsson
2007-08-21 11:35 6,144 --a------ C:\WINDOWS\system32\drivers\k750cm.sys
2007-08-21 11:35 5,744 --a------ C:\WINDOWS\system32\drivers\k750wh.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-18 15:52 --------- d-------- C:\Program Files\Spyware Terminator
2007-09-16 17:03 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-09-16 17:03 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2007-09-16 16:07 --------- d-------- C:\Program Files\Last.fm
2007-09-15 11:41 --------- d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-09-13 15:25 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Spyware Terminator
2007-09-10 21:59 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-25 11:19 138624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-08-13 23:29 --------- d-------- C:\Program Files\ICQLite
2007-08-03 16:00 --------- d-------- C:\Program Files\Webteh
2007-08-03 15:56 --------- d-------- C:\Program Files\Combined Community Codec Pack
2007-08-02 15:58 --------- d-------- C:\Program Files\Ontrack
2007-07-28 14:58 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-07-28 14:58 --------- d-------- C:\Program Files\Brother
2007-07-28 14:57 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\InstallShield
2007-07-28 14:56 --------- d-------- C:\Program Files\ScanSoft
2007-07-28 14:56 --------- d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-07-28 14:56 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\ScanSoft
2007-07-28 14:56 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Brother
2007-07-24 17:26 --------- d-------- C:\Program Files\Opera
2007-07-24 16:46 --------- d-------- C:\Program Files\OO Software
2007-07-22 12:20 --------- d-------- C:\Program Files\Trillian
2007-07-21 16:10 --------- d-------- C:\Program Files\Winamp
2007-07-17 15:45 737280 --a------ C:\WINDOWS\iun6002.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-03-09 15:29]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-03-09 15:29]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-08-25 11:18]
"AVGCtrl"="C:\Program Files\AVIRA Desktop\AVGNT.exe" [2005-02-18 08:09]
"AVWUpd32"="C:\PROGRA~1\AVIRAD~1\Avwupd32.exe" [2004-09-02 15:29]
"SearchIndexer"="C:\WINDOWS\System32\avphsibn.dll" [2007-09-20 17:44]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Topic lnternat"=lnternat.exe
a log z HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:51, on 2007-09-21
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVIRA Desktop\AVESVC.EXE
C:\Program Files\AVIRA Desktop\AVGUARD.EXE
C:\Program Files\AVIRA Desktop\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\oodag.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVIRA Desktop\AVMAILC.EXE
C:\Program Files\AVIRA Desktop\AVGNT.EXE
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Martin\Plocha\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVIRA Desktop\AVGNT.EXE" /min
O4 - HKLM\..\Run: [AVWUpd32] "C:\PROGRA~1\AVIRAD~1\Avwupd32.EXE" /min
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\System32\avphsibn.dll",sitypnow
O4 - HKLM\..\RunServices: [Topic lnternat] lnternat.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F5CC887-3626-417E-92CD-493FC359D6D5}: NameServer = 62.240.161.226,213.192.21.70
O17 - HKLM\System\CS1\Services\Tcpip\..\{1F5CC887-3626-417E-92CD-493FC359D6D5}: NameServer = 62.240.161.226,213.192.21.70
O17 - HKLM\System\CS2\Services\Tcpip\..\{1F5CC887-3626-417E-92CD-493FC359D6D5}: NameServer = 62.240.161.226,213.192.21.70
O23 - Service: AVE Service (AVEService) - AVIRA GmbH - C:\Program Files\AVIRA Desktop\AVESVC.EXE
O23 - Service: AVIRA Mail Security Service (AVIRAMailService) - AVIRA GmbH - C:\Program Files\AVIRA Desktop\AVMAILC.EXE
O23 - Service: AVIRA Service (AVIRAService) - AVIRA GmbH - C:\Program Files\AVIRA Desktop\AVGUARD.EXE
O23 - Service: AVIRA Update (AVWUpSrv) - AVIRA GmbH - C:\Program Files\AVIRA Desktop\AVWUPSRV.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 4407 bytes
Diky za rady :)
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:
Zvol možnost Uložit soubor jako, pojmenuj soubor CFScript.txt a zvol Uložit jako typ: Všechny soubory.
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
* * * * * * * * * * * * * * * * * * * * * * * * *
Nech zkontrolovat tyto soubory na VirusTotall a vlož sem výsledky.
C:\WINDOWS\system32\fb24efdf.sys
pokud by jsi ho nemohl najít tak do toho řádku na Virustotal vlož rovnou celou cestu.
* * * * * * * * * * * * * * * * * * * * * * * * *
Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
po zaškrtnutí klikni na tlačítko Fix Checked
PS: ten log z Combofix co jsi sem dal není celý, tak ho sem dej celý.
Zkopíruj do něj následující text označený zeleně:
Kód: Vybrat vše
File::
C:\WINDOWS\system32\avphsibn.dll
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchIndexer"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Topic lnternat"=-Zvol možnost Uložit soubor jako, pojmenuj soubor CFScript.txt a zvol Uložit jako typ: Všechny soubory.
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
* * * * * * * * * * * * * * * * * * * * * * * * *
Nech zkontrolovat tyto soubory na VirusTotall a vlož sem výsledky.
C:\WINDOWS\system32\fb24efdf.sys
pokud by jsi ho nemohl najít tak do toho řádku na Virustotal vlož rovnou celou cestu.
* * * * * * * * * * * * * * * * * * * * * * * * *
Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
po zaškrtnutí klikni na tlačítko Fix Checked
PS: ten log z Combofix co jsi sem dal není celý, tak ho sem dej celý.
ComboFix 07-09-21.2 - "Martin" 2007-09-21 18:37:29.2 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.293 [GMT 2:00]
Command switches used :: C:\Documents and Settings\Martin\Plocha\CFScript.txt
* Created a new restore point
FILE::
C:\WINDOWS\system32\avphsibn.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\avphsibn.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\nm
((((((((((((((((((((((((( Files Created from 2007-08-21 to 2007-09-21 )))))))))))))))))))))))))))))))
.
2007-09-21 16:46 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-17 21:36 <DIR> d-------- C:\Temp
2007-09-16 20:45 <DIR> d-------- C:\K750_R1DB001_MAIN_EU_1_CL_RED49
2007-09-16 20:34 <DIR> d-------- C:\rest_K750_R1DB001
2007-09-16 20:25 <DIR> d-------- C:\My Backstreet
2007-09-16 20:11 <DIR> d-------- C:\rest_k750_R1BC002
2007-09-16 20:08 <DIR> d-------- C:\k750w800_r2e_dcu_49r
2007-09-16 17:03 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-09-16 16:57 19,424 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys
2007-09-16 16:57 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2007-09-16 16:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Last.fm
2007-09-12 16:16 0 --a------ C:\WINDOWS\system32\ntkrpamp.exe
2007-09-12 16:16 0 --a------ C:\WINDOWS\system32\ntkrnlmp.exe
2007-09-12 15:44 244,448 --a------ C:\WINDOWS\system32\fb24efdf.sys
2007-09-10 16:21 <DIR> d-------- C:\Program Files\Emgeton MiniMax
2007-09-01 21:21 41 ---h----- C:\WINDOWS\dsez5079.dat
2007-09-01 21:21 <DIR> d-------- C:\Program Files\PhotoFiltre Studio
2007-09-01 11:28 <DIR> d-------- C:\Program Files\CDex_150
2007-08-25 11:16 <DIR> d-------- C:\Program Files\Crawler
2007-08-21 11:37 <DIR> d-------- C:\Program Files\Sony Ericsson
2007-08-21 11:37 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2007-08-21 11:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Teleca
2007-08-21 11:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Sony Ericsson
2007-08-21 11:35 6,144 --a------ C:\WINDOWS\system32\drivers\k750cm.sys
2007-08-21 11:35 5,744 --a------ C:\WINDOWS\system32\drivers\k750wh.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-18 15:52 --------- d-------- C:\Program Files\Spyware Terminator
2007-09-16 17:03 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-09-16 17:03 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2007-09-16 16:07 --------- d-------- C:\Program Files\Last.fm
2007-09-15 11:41 --------- d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-09-13 15:25 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Spyware Terminator
2007-09-12 15:43 2134506 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2007-09-12 15:43 2040170 --a------ C:\WINDOWS\system32\ntkrnlpa.exe
2007-09-10 21:59 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-25 11:19 138624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-08-13 23:29 --------- d-------- C:\Program Files\ICQLite
2007-08-03 16:00 --------- d-------- C:\Program Files\Webteh
2007-08-03 15:56 --------- d-------- C:\Program Files\Combined Community Codec Pack
2007-08-02 15:58 --------- d-------- C:\Program Files\Ontrack
2007-07-28 14:58 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-07-28 14:58 --------- d-------- C:\Program Files\Brother
2007-07-28 14:57 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\InstallShield
2007-07-28 14:56 --------- d-------- C:\Program Files\ScanSoft
2007-07-28 14:56 --------- d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-07-28 14:56 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\ScanSoft
2007-07-28 14:56 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Brother
2007-07-24 17:26 --------- d-------- C:\Program Files\Opera
2007-07-24 16:46 --------- d-------- C:\Program Files\OO Software
2007-07-22 12:20 --------- d-------- C:\Program Files\Trillian
2007-07-21 16:10 --------- d-------- C:\Program Files\Winamp
2007-07-17 17:11 180224 -rahs---- C:\WINDOWS\system32\lnternat.exe
2007-07-17 15:45 737280 --a------ C:\WINDOWS\iun6002.exe
.
((((((((((((((((((((((((((((( snapshot_2007-09-21_164826.70 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 16,384 2007-09-21 14:48:04 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2007-09-21 14:48:04 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 32,768 2007-09-21 14:48:04 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
----a-w 16,384 2007-09-18 17:47:08 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2007-09-18 17:47:08 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 32,768 2007-09-18 17:47:08 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-03-09 15:29]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-03-09 15:29]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-08-25 11:18]
"AVGCtrl"="C:\Program Files\AVIRA Desktop\AVGNT.exe" [2005-02-18 08:09]
"AVWUpd32"="C:\PROGRA~1\AVIRAD~1\Avwupd32.exe" [2004-09-02 15:29]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Last.fm Helper.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Martin^Nabídka Start^Programy^Po spuštění^BWMeter (2).lnk]
path=C:\Documents and Settings\Martin\Nabídka Start\Programy\Po spuštění\BWMeter (2).lnk
backup=C:\WINDOWS\pss\BWMeter (2).lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Martin^Nabídka Start^Programy^Po spuštění^BWMeter.lnk]
path=C:\Documents and Settings\Martin\Nabídka Start\Programy\Po spuštění\BWMeter.lnk
backup=C:\WINDOWS\pss\BWMeter.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\System32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"C:\Program Files\ICQLite\ICQLite.exe" -minimize
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShareSearcher]
C:\wsusupd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"D:\Hry\Steam\Steam.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
rundll32.exe "C:\WINDOWS\System32\wofxujvt.dll",forkonce
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Topic lnternat]
lnternat.exe
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
R2 AVEService;AVE Service;"C:\Program Files\AVIRA Desktop\AVESVC.EXE"
R2 AVIRAMailService;AVIRA Mail Security Service;"C:\Program Files\AVIRA Desktop\AVMAILC.EXE"
R2 AVIRAService;AVIRA Service;"C:\Program Files\AVIRA Desktop\AVGUARD.EXE"
R2 AVWUpSrv;AVIRA Update;"C:\Program Files\AVIRA Desktop\AVWUPSRV.EXE"
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 avgntdw;avgntdw;\??\C:\Program Files\AVIRA Desktop\AVGNTDW.SYS
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2007-09-21 15:15:55 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-21 18:39:12
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-21 18:39:47 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-21 18:39
.
--- E O F ---
Soubor fb24efdf.sys přijatý 2007.09.21 18:44:26 (CET)
Současný stav: Dokončeno
Výsledek: 1/32 (3.13%)
Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2007.9.22.0 2007.09.21 -
AntiVir 7.6.0.15 2007.09.21 -
Authentium 4.93.8 2007.09.21 -
Avast 4.7.1043.0 2007.09.20 -
AVG 7.5.0.485 2007.09.21 -
BitDefender 7.2 2007.09.21 -
CAT-QuickHeal 9.00 2007.09.21 -
ClamAV 0.91.2 2007.09.21 -
DrWeb 4.33 2007.09.21 -
eSafe 7.0.15.0 2007.09.19 -
eTrust-Vet 31.2.5153 2007.09.21 -
Ewido 4.0 2007.09.20 -
FileAdvisor 1 2007.09.21 -
Fortinet 3.11.0.0 2007.09.21 -
F-Prot 4.3.2.48 2007.09.21 -
F-Secure 6.70.13030.0 2007.09.21 -
Ikarus T3.1.1.12 2007.09.21 -
Kaspersky 4.0.2.24 2007.09.21 -
McAfee 5125 2007.09.21 -
Microsoft 1.2803 2007.09.21 -
NOD32v2 2544 2007.09.21 -
Norman 5.80.02 2007.09.21 -
Panda 9.0.0.4 2007.09.21 -
Prevx1 V2 2007.09.21 -
Rising 19.41.42.00 2007.09.21 -
Sophos 4.21.0 2007.09.21 -
Sunbelt 2.2.907.0 2007.09.20 -
Symantec 10 2007.09.21 -
TheHacker 6.2.5.064 2007.09.21 -
VBA32 3.12.2.4 2007.09.20 -
VirusBuster 4.3.26:9 2007.09.21 -
Webwasher-Gateway 6.0.1 2007.09.21 Win32.Malware.gen!82 (suspicious)
Syst‚m Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.293 [GMT 2:00]
Command switches used :: C:\Documents and Settings\Martin\Plocha\CFScript.txt
* Created a new restore point
FILE::
C:\WINDOWS\system32\avphsibn.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\avphsibn.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\nm
((((((((((((((((((((((((( Files Created from 2007-08-21 to 2007-09-21 )))))))))))))))))))))))))))))))
.
2007-09-21 16:46 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-17 21:36 <DIR> d-------- C:\Temp
2007-09-16 20:45 <DIR> d-------- C:\K750_R1DB001_MAIN_EU_1_CL_RED49
2007-09-16 20:34 <DIR> d-------- C:\rest_K750_R1DB001
2007-09-16 20:25 <DIR> d-------- C:\My Backstreet
2007-09-16 20:11 <DIR> d-------- C:\rest_k750_R1BC002
2007-09-16 20:08 <DIR> d-------- C:\k750w800_r2e_dcu_49r
2007-09-16 17:03 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-09-16 16:57 19,424 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys
2007-09-16 16:57 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2007-09-16 16:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Last.fm
2007-09-12 16:16 0 --a------ C:\WINDOWS\system32\ntkrpamp.exe
2007-09-12 16:16 0 --a------ C:\WINDOWS\system32\ntkrnlmp.exe
2007-09-12 15:44 244,448 --a------ C:\WINDOWS\system32\fb24efdf.sys
2007-09-10 16:21 <DIR> d-------- C:\Program Files\Emgeton MiniMax
2007-09-01 21:21 41 ---h----- C:\WINDOWS\dsez5079.dat
2007-09-01 21:21 <DIR> d-------- C:\Program Files\PhotoFiltre Studio
2007-09-01 11:28 <DIR> d-------- C:\Program Files\CDex_150
2007-08-25 11:16 <DIR> d-------- C:\Program Files\Crawler
2007-08-21 11:37 <DIR> d-------- C:\Program Files\Sony Ericsson
2007-08-21 11:37 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2007-08-21 11:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Teleca
2007-08-21 11:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Sony Ericsson
2007-08-21 11:35 6,144 --a------ C:\WINDOWS\system32\drivers\k750cm.sys
2007-08-21 11:35 5,744 --a------ C:\WINDOWS\system32\drivers\k750wh.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-18 15:52 --------- d-------- C:\Program Files\Spyware Terminator
2007-09-16 17:03 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-09-16 17:03 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2007-09-16 16:07 --------- d-------- C:\Program Files\Last.fm
2007-09-15 11:41 --------- d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-09-13 15:25 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Spyware Terminator
2007-09-12 15:43 2134506 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2007-09-12 15:43 2040170 --a------ C:\WINDOWS\system32\ntkrnlpa.exe
2007-09-10 21:59 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-25 11:19 138624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-08-13 23:29 --------- d-------- C:\Program Files\ICQLite
2007-08-03 16:00 --------- d-------- C:\Program Files\Webteh
2007-08-03 15:56 --------- d-------- C:\Program Files\Combined Community Codec Pack
2007-08-02 15:58 --------- d-------- C:\Program Files\Ontrack
2007-07-28 14:58 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-07-28 14:58 --------- d-------- C:\Program Files\Brother
2007-07-28 14:57 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\InstallShield
2007-07-28 14:56 --------- d-------- C:\Program Files\ScanSoft
2007-07-28 14:56 --------- d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-07-28 14:56 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\ScanSoft
2007-07-28 14:56 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Brother
2007-07-24 17:26 --------- d-------- C:\Program Files\Opera
2007-07-24 16:46 --------- d-------- C:\Program Files\OO Software
2007-07-22 12:20 --------- d-------- C:\Program Files\Trillian
2007-07-21 16:10 --------- d-------- C:\Program Files\Winamp
2007-07-17 17:11 180224 -rahs---- C:\WINDOWS\system32\lnternat.exe
2007-07-17 15:45 737280 --a------ C:\WINDOWS\iun6002.exe
.
((((((((((((((((((((((((((((( snapshot_2007-09-21_164826.70 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 16,384 2007-09-21 14:48:04 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2007-09-21 14:48:04 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 32,768 2007-09-21 14:48:04 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
----a-w 16,384 2007-09-18 17:47:08 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2007-09-18 17:47:08 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 32,768 2007-09-18 17:47:08 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-03-09 15:29]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-03-09 15:29]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-08-25 11:18]
"AVGCtrl"="C:\Program Files\AVIRA Desktop\AVGNT.exe" [2005-02-18 08:09]
"AVWUpd32"="C:\PROGRA~1\AVIRAD~1\Avwupd32.exe" [2004-09-02 15:29]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Last.fm Helper.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Martin^Nabídka Start^Programy^Po spuštění^BWMeter (2).lnk]
path=C:\Documents and Settings\Martin\Nabídka Start\Programy\Po spuštění\BWMeter (2).lnk
backup=C:\WINDOWS\pss\BWMeter (2).lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Martin^Nabídka Start^Programy^Po spuštění^BWMeter.lnk]
path=C:\Documents and Settings\Martin\Nabídka Start\Programy\Po spuštění\BWMeter.lnk
backup=C:\WINDOWS\pss\BWMeter.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\System32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"C:\Program Files\ICQLite\ICQLite.exe" -minimize
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShareSearcher]
C:\wsusupd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"D:\Hry\Steam\Steam.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
rundll32.exe "C:\WINDOWS\System32\wofxujvt.dll",forkonce
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Topic lnternat]
lnternat.exe
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
R2 AVEService;AVE Service;"C:\Program Files\AVIRA Desktop\AVESVC.EXE"
R2 AVIRAMailService;AVIRA Mail Security Service;"C:\Program Files\AVIRA Desktop\AVMAILC.EXE"
R2 AVIRAService;AVIRA Service;"C:\Program Files\AVIRA Desktop\AVGUARD.EXE"
R2 AVWUpSrv;AVIRA Update;"C:\Program Files\AVIRA Desktop\AVWUPSRV.EXE"
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 avgntdw;avgntdw;\??\C:\Program Files\AVIRA Desktop\AVGNTDW.SYS
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2007-09-21 15:15:55 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-21 18:39:12
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-21 18:39:47 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-21 18:39
.
--- E O F ---
Soubor fb24efdf.sys přijatý 2007.09.21 18:44:26 (CET)
Současný stav: Dokončeno
Výsledek: 1/32 (3.13%)
Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2007.9.22.0 2007.09.21 -
AntiVir 7.6.0.15 2007.09.21 -
Authentium 4.93.8 2007.09.21 -
Avast 4.7.1043.0 2007.09.20 -
AVG 7.5.0.485 2007.09.21 -
BitDefender 7.2 2007.09.21 -
CAT-QuickHeal 9.00 2007.09.21 -
ClamAV 0.91.2 2007.09.21 -
DrWeb 4.33 2007.09.21 -
eSafe 7.0.15.0 2007.09.19 -
eTrust-Vet 31.2.5153 2007.09.21 -
Ewido 4.0 2007.09.20 -
FileAdvisor 1 2007.09.21 -
Fortinet 3.11.0.0 2007.09.21 -
F-Prot 4.3.2.48 2007.09.21 -
F-Secure 6.70.13030.0 2007.09.21 -
Ikarus T3.1.1.12 2007.09.21 -
Kaspersky 4.0.2.24 2007.09.21 -
McAfee 5125 2007.09.21 -
Microsoft 1.2803 2007.09.21 -
NOD32v2 2544 2007.09.21 -
Norman 5.80.02 2007.09.21 -
Panda 9.0.0.4 2007.09.21 -
Prevx1 V2 2007.09.21 -
Rising 19.41.42.00 2007.09.21 -
Sophos 4.21.0 2007.09.21 -
Sunbelt 2.2.907.0 2007.09.20 -
Symantec 10 2007.09.21 -
TheHacker 6.2.5.064 2007.09.21 -
VBA32 3.12.2.4 2007.09.20 -
VirusBuster 4.3.26:9 2007.09.21 -
Webwasher-Gateway 6.0.1 2007.09.21 Win32.Malware.gen!82 (suspicious)
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Vytvoř si nový CFScript a tento krát do něj vlož toto:
Dej sem pak znovu log co se ti po proběhnutí zobrazí + nový log z HJT
Kód: Vybrat vše
File::
C:\wsusupd.exe
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShareSearcher]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Topic lnternat]Dej sem pak znovu log co se ti po proběhnutí zobrazí + nový log z HJT
ComboFix 07-09-21.2 - "Martin" 2007-09-22 11:41:19.3 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.264 [GMT 2:00]
* Created a new restore point
FILE::
C:\wsusupd.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\qqd.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\qqd.sys
((((((((((((((((((((((((( Files Created from 2007-08-22 to 2007-09-22 )))))))))))))))))))))))))))))))
.
2007-09-21 16:46 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-17 21:36 <DIR> d-------- C:\Temp
2007-09-16 20:45 <DIR> d-------- C:\K750_R1DB001_MAIN_EU_1_CL_RED49
2007-09-16 20:34 <DIR> d-------- C:\rest_K750_R1DB001
2007-09-16 20:25 <DIR> d-------- C:\My Backstreet
2007-09-16 20:11 <DIR> d-------- C:\rest_k750_R1BC002
2007-09-16 20:08 <DIR> d-------- C:\k750w800_r2e_dcu_49r
2007-09-16 17:03 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-09-16 16:57 19,424 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys
2007-09-16 16:57 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2007-09-16 16:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Last.fm
2007-09-12 16:16 0 --a------ C:\WINDOWS\system32\ntkrpamp.exe
2007-09-12 16:16 0 --a------ C:\WINDOWS\system32\ntkrnlmp.exe
2007-09-12 15:44 244,448 --a------ C:\WINDOWS\system32\fb24efdf.sys
2007-09-10 16:21 <DIR> d-------- C:\Program Files\Emgeton MiniMax
2007-09-01 21:21 41 ---h----- C:\WINDOWS\dsez5079.dat
2007-09-01 21:21 <DIR> d-------- C:\Program Files\PhotoFiltre Studio
2007-09-01 11:28 <DIR> d-------- C:\Program Files\CDex_150
2007-08-25 11:16 <DIR> d-------- C:\Program Files\Crawler
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-22 09:37 --------- d-------- C:\Program Files\Last.fm
2007-09-18 15:52 --------- d-------- C:\Program Files\Spyware Terminator
2007-09-16 17:03 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-09-16 17:03 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2007-09-16 16:45 --------- d-------- C:\Program Files\Sony Ericsson
2007-09-15 11:41 --------- d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-09-13 15:25 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Spyware Terminator
2007-09-12 15:43 2134506 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2007-09-12 15:43 2040170 --a------ C:\WINDOWS\system32\ntkrnlpa.exe
2007-09-10 21:59 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-25 11:19 138624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-08-21 11:37 --------- d-------- C:\Program Files\Common Files\Teleca Shared
2007-08-21 11:37 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Teleca
2007-08-21 11:37 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Sony Ericsson
2007-08-21 11:35 6144 --a------ C:\WINDOWS\system32\drivers\k750cm.sys
2007-08-21 11:35 5744 --a------ C:\WINDOWS\system32\drivers\k750wh.sys
2007-08-13 23:29 --------- d-------- C:\Program Files\ICQLite
2007-08-03 16:00 --------- d-------- C:\Program Files\Webteh
2007-08-03 15:56 --------- d-------- C:\Program Files\Combined Community Codec Pack
2007-08-02 15:58 --------- d-------- C:\Program Files\Ontrack
2007-07-28 14:58 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-07-28 14:58 --------- d-------- C:\Program Files\Brother
2007-07-28 14:57 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\InstallShield
2007-07-28 14:56 --------- d-------- C:\Program Files\ScanSoft
2007-07-28 14:56 --------- d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-07-28 14:56 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\ScanSoft
2007-07-28 14:56 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Brother
2007-07-24 17:26 --------- d-------- C:\Program Files\Opera
2007-07-24 16:46 --------- d-------- C:\Program Files\OO Software
2007-07-22 12:20 --------- d-------- C:\Program Files\Trillian
2007-07-17 17:11 180224 -rahs---- C:\WINDOWS\system32\lnternat.exe
2007-07-17 15:45 737280 --a------ C:\WINDOWS\iun6002.exe
.
((((((((((((((((((((((((((((( snapshot_2007-09-21_164826.70 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 16,384 2007-09-21 14:48:04 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2007-09-21 14:48:04 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 32,768 2007-09-21 14:48:04 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
----a-w 16,384 2007-09-18 17:47:08 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2007-09-18 17:47:08 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 32,768 2007-09-18 17:47:08 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-03-09 15:29]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-03-09 15:29]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-08-25 11:18]
"AVGCtrl"="C:\Program Files\AVIRA Desktop\AVGNT.exe" [2005-02-18 08:09]
"AVWUpd32"="C:\PROGRA~1\AVIRAD~1\Avwupd32.exe" [2004-09-02 15:29]
C:\DOCUME~1\ALLUSE~1\NABDKA~1\Programy\POSPUT~1\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-07-20 15:00:22]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Last.fm Helper.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Martin^Nabídka Start^Programy^Po spuštění^BWMeter (2).lnk]
path=C:\Documents and Settings\Martin\Nabídka Start\Programy\Po spuštění\BWMeter (2).lnk
backup=C:\WINDOWS\pss\BWMeter (2).lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Martin^Nabídka Start^Programy^Po spuštění^BWMeter.lnk]
path=C:\Documents and Settings\Martin\Nabídka Start\Programy\Po spuštění\BWMeter.lnk
backup=C:\WINDOWS\pss\BWMeter.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\System32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"C:\Program Files\ICQLite\ICQLite.exe" -minimize
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"D:\Hry\Steam\Steam.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
R2 AVEService;AVE Service;"C:\Program Files\AVIRA Desktop\AVESVC.EXE"
R2 AVIRAMailService;AVIRA Mail Security Service;"C:\Program Files\AVIRA Desktop\AVMAILC.EXE"
R2 AVIRAService;AVIRA Service;"C:\Program Files\AVIRA Desktop\AVGUARD.EXE"
R2 AVWUpSrv;AVIRA Update;"C:\Program Files\AVIRA Desktop\AVWUPSRV.EXE"
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 avgntdw;avgntdw;\??\C:\Program Files\AVIRA Desktop\AVGNTDW.SYS
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2007-09-21 15:15:55 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-22 11:43:29
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-22 11:43:59 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-22 11:43
C:\ComboFix2.txt ... 2007-09-21 18:39
.
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:42, on 22.9.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVIRA Desktop\AVESVC.EXE
C:\Program Files\AVIRA Desktop\AVGUARD.EXE
C:\Program Files\AVIRA Desktop\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\oodag.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVIRA Desktop\AVMAILC.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\AVIRA Desktop\AVGNT.EXE
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Martin\Plocha\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVIRA Desktop\AVGNT.EXE" /min
O4 - HKLM\..\Run: [AVWUpd32] "C:\PROGRA~1\AVIRAD~1\Avwupd32.EXE" /min
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F5CC887-3626-417E-92CD-493FC359D6D5}: NameServer = 62.240.161.226,213.192.21.70
O17 - HKLM\System\CS1\Services\Tcpip\..\{1F5CC887-3626-417E-92CD-493FC359D6D5}: NameServer = 62.240.161.226,213.192.21.70
O17 - HKLM\System\CS2\Services\Tcpip\..\{1F5CC887-3626-417E-92CD-493FC359D6D5}: NameServer = 62.240.161.226,213.192.21.70
O23 - Service: AVE Service (AVEService) - AVIRA GmbH - C:\Program Files\AVIRA Desktop\AVESVC.EXE
O23 - Service: AVIRA Mail Security Service (AVIRAMailService) - AVIRA GmbH - C:\Program Files\AVIRA Desktop\AVMAILC.EXE
O23 - Service: AVIRA Service (AVIRAService) - AVIRA GmbH - C:\Program Files\AVIRA Desktop\AVGUARD.EXE
O23 - Service: AVIRA Update (AVWUpSrv) - AVIRA GmbH - C:\Program Files\AVIRA Desktop\AVWUPSRV.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 4235 bytes
Syst‚m Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.264 [GMT 2:00]
* Created a new restore point
FILE::
C:\wsusupd.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\qqd.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\qqd.sys
((((((((((((((((((((((((( Files Created from 2007-08-22 to 2007-09-22 )))))))))))))))))))))))))))))))
.
2007-09-21 16:46 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-17 21:36 <DIR> d-------- C:\Temp
2007-09-16 20:45 <DIR> d-------- C:\K750_R1DB001_MAIN_EU_1_CL_RED49
2007-09-16 20:34 <DIR> d-------- C:\rest_K750_R1DB001
2007-09-16 20:25 <DIR> d-------- C:\My Backstreet
2007-09-16 20:11 <DIR> d-------- C:\rest_k750_R1BC002
2007-09-16 20:08 <DIR> d-------- C:\k750w800_r2e_dcu_49r
2007-09-16 17:03 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-09-16 16:57 19,424 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys
2007-09-16 16:57 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2007-09-16 16:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Last.fm
2007-09-12 16:16 0 --a------ C:\WINDOWS\system32\ntkrpamp.exe
2007-09-12 16:16 0 --a------ C:\WINDOWS\system32\ntkrnlmp.exe
2007-09-12 15:44 244,448 --a------ C:\WINDOWS\system32\fb24efdf.sys
2007-09-10 16:21 <DIR> d-------- C:\Program Files\Emgeton MiniMax
2007-09-01 21:21 41 ---h----- C:\WINDOWS\dsez5079.dat
2007-09-01 21:21 <DIR> d-------- C:\Program Files\PhotoFiltre Studio
2007-09-01 11:28 <DIR> d-------- C:\Program Files\CDex_150
2007-08-25 11:16 <DIR> d-------- C:\Program Files\Crawler
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-22 09:37 --------- d-------- C:\Program Files\Last.fm
2007-09-18 15:52 --------- d-------- C:\Program Files\Spyware Terminator
2007-09-16 17:03 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-09-16 17:03 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2007-09-16 16:45 --------- d-------- C:\Program Files\Sony Ericsson
2007-09-15 11:41 --------- d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-09-13 15:25 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Spyware Terminator
2007-09-12 15:43 2134506 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2007-09-12 15:43 2040170 --a------ C:\WINDOWS\system32\ntkrnlpa.exe
2007-09-10 21:59 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-25 11:19 138624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-08-21 11:37 --------- d-------- C:\Program Files\Common Files\Teleca Shared
2007-08-21 11:37 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Teleca
2007-08-21 11:37 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Sony Ericsson
2007-08-21 11:35 6144 --a------ C:\WINDOWS\system32\drivers\k750cm.sys
2007-08-21 11:35 5744 --a------ C:\WINDOWS\system32\drivers\k750wh.sys
2007-08-13 23:29 --------- d-------- C:\Program Files\ICQLite
2007-08-03 16:00 --------- d-------- C:\Program Files\Webteh
2007-08-03 15:56 --------- d-------- C:\Program Files\Combined Community Codec Pack
2007-08-02 15:58 --------- d-------- C:\Program Files\Ontrack
2007-07-28 14:58 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-07-28 14:58 --------- d-------- C:\Program Files\Brother
2007-07-28 14:57 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\InstallShield
2007-07-28 14:56 --------- d-------- C:\Program Files\ScanSoft
2007-07-28 14:56 --------- d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-07-28 14:56 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\ScanSoft
2007-07-28 14:56 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Brother
2007-07-24 17:26 --------- d-------- C:\Program Files\Opera
2007-07-24 16:46 --------- d-------- C:\Program Files\OO Software
2007-07-22 12:20 --------- d-------- C:\Program Files\Trillian
2007-07-17 17:11 180224 -rahs---- C:\WINDOWS\system32\lnternat.exe
2007-07-17 15:45 737280 --a------ C:\WINDOWS\iun6002.exe
.
((((((((((((((((((((((((((((( snapshot_2007-09-21_164826.70 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 16,384 2007-09-21 14:48:04 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2007-09-21 14:48:04 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 32,768 2007-09-21 14:48:04 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
----a-w 16,384 2007-09-18 17:47:08 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2007-09-18 17:47:08 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 32,768 2007-09-18 17:47:08 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-03-09 15:29]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-03-09 15:29]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-08-25 11:18]
"AVGCtrl"="C:\Program Files\AVIRA Desktop\AVGNT.exe" [2005-02-18 08:09]
"AVWUpd32"="C:\PROGRA~1\AVIRAD~1\Avwupd32.exe" [2004-09-02 15:29]
C:\DOCUME~1\ALLUSE~1\NABDKA~1\Programy\POSPUT~1\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-07-20 15:00:22]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Last.fm Helper.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Martin^Nabídka Start^Programy^Po spuštění^BWMeter (2).lnk]
path=C:\Documents and Settings\Martin\Nabídka Start\Programy\Po spuštění\BWMeter (2).lnk
backup=C:\WINDOWS\pss\BWMeter (2).lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Martin^Nabídka Start^Programy^Po spuštění^BWMeter.lnk]
path=C:\Documents and Settings\Martin\Nabídka Start\Programy\Po spuštění\BWMeter.lnk
backup=C:\WINDOWS\pss\BWMeter.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\System32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"C:\Program Files\ICQLite\ICQLite.exe" -minimize
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"D:\Hry\Steam\Steam.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
R2 AVEService;AVE Service;"C:\Program Files\AVIRA Desktop\AVESVC.EXE"
R2 AVIRAMailService;AVIRA Mail Security Service;"C:\Program Files\AVIRA Desktop\AVMAILC.EXE"
R2 AVIRAService;AVIRA Service;"C:\Program Files\AVIRA Desktop\AVGUARD.EXE"
R2 AVWUpSrv;AVIRA Update;"C:\Program Files\AVIRA Desktop\AVWUPSRV.EXE"
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 avgntdw;avgntdw;\??\C:\Program Files\AVIRA Desktop\AVGNTDW.SYS
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2007-09-21 15:15:55 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-22 11:43:29
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-22 11:43:59 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-22 11:43
C:\ComboFix2.txt ... 2007-09-21 18:39
.
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:42, on 22.9.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVIRA Desktop\AVESVC.EXE
C:\Program Files\AVIRA Desktop\AVGUARD.EXE
C:\Program Files\AVIRA Desktop\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\oodag.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVIRA Desktop\AVMAILC.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\AVIRA Desktop\AVGNT.EXE
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Martin\Plocha\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVIRA Desktop\AVGNT.EXE" /min
O4 - HKLM\..\Run: [AVWUpd32] "C:\PROGRA~1\AVIRAD~1\Avwupd32.EXE" /min
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F5CC887-3626-417E-92CD-493FC359D6D5}: NameServer = 62.240.161.226,213.192.21.70
O17 - HKLM\System\CS1\Services\Tcpip\..\{1F5CC887-3626-417E-92CD-493FC359D6D5}: NameServer = 62.240.161.226,213.192.21.70
O17 - HKLM\System\CS2\Services\Tcpip\..\{1F5CC887-3626-417E-92CD-493FC359D6D5}: NameServer = 62.240.161.226,213.192.21.70
O23 - Service: AVE Service (AVEService) - AVIRA GmbH - C:\Program Files\AVIRA Desktop\AVESVC.EXE
O23 - Service: AVIRA Mail Security Service (AVIRAMailService) - AVIRA GmbH - C:\Program Files\AVIRA Desktop\AVMAILC.EXE
O23 - Service: AVIRA Service (AVIRAService) - AVIRA GmbH - C:\Program Files\AVIRA Desktop\AVGUARD.EXE
O23 - Service: AVIRA Update (AVWUpSrv) - AVIRA GmbH - C:\Program Files\AVIRA Desktop\AVWUPSRV.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 4235 bytes
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Vytvoř si nový CFScript a tento krát do něj vlož toto:
a dej sem pak log.
Log z HJT je v pořádku, akorát teď nevím jestli v té aviře (jestli je to kompletní balík) máš firewall, pokud by tam nebyl tak si nějaký doinstaluj na vybrat si můžeš zde.
Kód: Vybrat vše
File::
C:\WINDOWS\system32\lnternat.exea dej sem pak log.
Log z HJT je v pořádku, akorát teď nevím jestli v té aviře (jestli je to kompletní balík) máš firewall, pokud by tam nebyl tak si nějaký doinstaluj na vybrat si můžeš zde.
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 99 hostů