Nevim si s tim uz rady. Stahuje mi to neustale nejaka data z internetu a odstranit to nejde..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:15, on 8.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\dhcp\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\xxxx\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Microsoft Web Test Recorder 9.0 Helper - {E31CE47F-C268-41ba-897B-B415E613947D} - C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MirandaIM] "C:\MIRANDA_EVOLUCE\Miranda_IM\miranda32.exe" "C:\MIRANDA_EVOLUCE\Miranda_IM\Others\Snekatis"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\xxx\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [svc] c:\program Files\ThunMail\testabd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3684908734
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://80.82.144.82/activex/AMC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{15902329-075E-49F6-BB4C-3F723110A76B}: NameServer = 192.168.28.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{15902329-075E-49F6-BB4C-3F723110A76B}: NameServer = 192.168.28.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{15902329-075E-49F6-BB4C-3F723110A76B}: NameServer = 192.168.28.1
O18 - Protocol: x-owacid - {0215258F-F0A8-49DE-BF1B-0FF02EDA8807} - C:\Program Files\Microsoft\Outlook Web Access SMIME Client\mimectl.dll
O20 - AppInit_DLLs: c:\progra~1\ThunMail\testabd.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dhcp server (DhcpSrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: WEP/WPA-PMK key recovery service (WZCOOK) - Unknown owner - C:\aircrack-ng-1.0-rc1-win\aircrack-ng-1.0-rc1-win\bin\wzcook.exe (file missing)
--
End of file - 8179 bytes
Na zavirovany PC nejde nainstalovat antivir Vyřešeno
-
Snekatis
- Pohlaví:
Na zavirovany PC nejde nainstalovat antivir
Naposledy upravil(a) Snekatis dne 19 led 2010 15:03, celkem upraveno 1 x.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43293
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Na zavirovany PC nejde nainstalovat antivir Vyřešeno
Postupuj podle návodu který jsem dal Mousovi:
viewtopic.php?f=70&t=39278
Nic vypínat nemusíš ( nemáš antivir, firewall ani antispyware).
viewtopic.php?f=70&t=39278
Nic vypínat nemusíš ( nemáš antivir, firewall ani antispyware).
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
Snekatis
- Pohlaví:
Re: Na zavirovany PC nejde nainstalovat antivir
ComboFix 09-04-04.01 - xxx 2009-04-08 11:28:20.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.3072.2672 [GMT 2:00]
Spuštěný z: c:\documents and settings\xxx\Plocha\tools\tools\VerTerm.exe
AV: AVG *On-access scanning disabled* (Outdated)
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\dhcp\svchost.exe
c:\windows\Install.txt
c:\windows\system32\drivers\UACykmxewsw.sys
c:\windows\system32\Install.txt
c:\windows\system32\UACewftidwf.dll
c:\windows\system32\UACfqxnqqwc.log
c:\windows\system32\uacinit.dll
c:\windows\system32\UACoejvbnmp.dll
c:\windows\system32\UACoobymwrr.dll
c:\windows\system32\UACpfxmnltx.log
c:\windows\system32\UACpnhixlvn.dll
c:\windows\system32\UACpxvhosjh.dat
c:\windows\system32\UACvitlwxwm.log
c:\windows\system32\UACxlloymxj.dll
. . . je infikován!!
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
-------\Legacy_AFISICX
-------\Legacy_AT1394
-------\Legacy_DHCPSRV
-------\Legacy_IAS
-------\Legacy_IPRIP
-------\Legacy_NPF
-------\Legacy_SOPIDKC
-------\Legacy_TDCTXTE
-------\Service_DhcpSrv
-------\Service_Iprip
-------\Service_restore
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-08 do 2009-04-08 )))))))))))))))))))))))))))))))
.
2009-04-08 11:13 . 2009-04-08 11:13 318 --ah----- C:\aaw7boot.cmd
2009-04-08 11:11 . 2009-04-08 11:11 0 --a------ c:\documents and settings\Ond
2009-04-08 11:10 . 2009-04-08 11:10 <DIR> d-------- c:\documents and settings\NetworkService\Plocha
2009-04-08 10:52 . 2009-04-08 11:14 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Lavasoft
2009-04-08 09:54 . 2009-04-08 09:54 <DIR> d-------- c:\program files\iPod
2009-04-08 09:54 . 2009-04-08 09:54 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-08 09:27 . 2009-04-08 09:27 <DIR> dr------- c:\documents and settings\LocalService\Oblíbené položky
2009-04-07 22:29 . 2009-04-07 22:29 <DIR> d-------- c:\program files\CCleaner
2009-04-07 22:06 . 2009-04-07 22:06 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-07 22:06 . 2009-04-06 15:32 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-07 22:06 . 2009-04-06 15:32 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-07 21:50 . 2009-04-07 21:56 <DIR> d-------- C:\fixwareout
2009-04-07 18:47 . 2009-04-07 18:47 213,120 --a--c--- c:\windows\system32\dllcache\ndis.sys
2009-04-07 17:19 . 2009-04-08 11:28 <DIR> d-------- c:\windows\dhcp
2009-04-07 17:18 . 2009-04-07 18:47 <DIR> dr-hs---- c:\program files\ThunMail
2009-04-07 17:18 . 2009-04-07 20:59 21,704 --a------ c:\windows\system32\rr.exe
2009-04-07 17:17 . 2002-07-26 17:02 161,792 --a------ c:\windows\system32\UNWISE.EXE
2009-04-03 10:25 . 2009-04-03 10:25 <DIR> d-------- c:\program files\Microsoft
2009-03-31 14:20 . 2009-04-08 09:24 <DIR> d-------- c:\documents and settings\xxx\Data aplikací\skypePM
2009-03-31 14:20 . 2009-03-31 14:20 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-03-28 20:45 . 2009-03-28 20:45 <DIR> d-------- c:\program files\Zeallsoft
2009-03-28 20:40 . 2009-04-07 21:48 <DIR> d-------- c:\program files\DemoStudio
2009-03-25 16:31 . 2009-03-25 16:31 <DIR> d-------- C:\dokument
2009-03-18 18:50 . 2009-03-22 17:29 32 --a------ c:\windows\0
2009-03-18 18:50 . 2009-03-18 18:50 0 --a------ c:\windows\system32\0
2009-03-18 18:20 . 2009-03-18 18:52 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Bluetooth
2009-03-18 18:08 . 2008-04-14 09:52 91,648 --a------ c:\windows\system32\drivers\kswdmcap.ax
2009-03-18 18:08 . 2008-04-14 09:52 61,952 --a------ c:\windows\system32\drivers\kstvtune.ax
2009-03-18 18:08 . 2008-04-14 09:52 54,272 --a------ c:\windows\system32\drivers\vfwwdm32.dll
2009-03-18 18:08 . 2008-04-14 09:52 43,008 --a------ c:\windows\system32\drivers\ksxbar.ax
2009-03-18 18:08 . 2008-04-14 09:52 28,672 --a------ c:\windows\system32\drivers\vidcap.ax
2009-03-18 08:10 . 2009-03-18 08:10 664 --a------ c:\windows\system32\d3d9caps.dat
2009-03-16 20:51 . 2009-03-16 20:54 1,924 --a------ C:\s.png
2009-03-13 15:59 . 2009-03-13 16:58 <DIR> d-------- c:\program files\Cain
2009-03-12 16:24 . 2009-03-12 16:24 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\JH Software
2009-03-12 11:52 . 2009-03-12 11:53 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-12 11:51 . 2009-03-12 11:51 <DIR> d-------- c:\program files\QuickTime
2009-03-12 11:47 . 2009-03-06 00:59 1,900,544 --a------ c:\windows\system32\usbaaplrc.dll
2009-03-12 06:30 . 2008-04-14 09:52 221,184 --a------ c:\windows\system32\wmpns.dll
2009-03-10 18:08 . 2009-03-10 18:08 <DIR> d-------- c:\documents and settings\xxx\Data aplikací\Windows Live Writer
2009-03-10 17:52 . 2009-03-10 17:52 <DIR> d-------- c:\documents and settings\xxx\Tracing
2009-03-10 17:52 . 2009-03-10 17:52 <DIR> d-------- c:\documents and settings\xxx\Tracing
2009-03-10 17:43 . 2006-11-29 14:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2009-03-10 17:25 . 2009-03-10 17:25 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-03-10 11:14 . 2009-03-10 11:14 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Blizzard
2009-03-09 22:27 . 2009-03-10 17:10 <DIR> d-------- c:\program files\World of Warcraft
2009-03-09 22:27 . 2009-03-09 23:00 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment
2009-03-09 22:11 . 2009-03-09 22:11 <DIR> d-------- c:\documents and settings\xxx\Data aplikací\JLC's Software
2009-03-09 22:09 . 2009-03-10 16:39 <DIR> d-------- c:\program files\JLC's Software
2009-03-09 21:53 . 2009-03-09 21:53 <DIR> d-------- c:\program files\World of Warcraft.temp
2009-03-09 21:53 . 2009-03-09 21:53 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment.temp
2009-03-08 12:00 . 2009-03-08 12:00 <DIR> d-------- c:\program files\AtHome Video Streaming Server
2009-03-08 11:52 . 2009-03-08 11:52 <DIR> d-------- c:\documents and settings\xxx\Data aplikací\GetWare
2009-03-08 11:51 . 2009-03-08 11:51 <DIR> d-------- c:\program files\GetWare
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-08 09:21 --------- d-----w c:\documents and settings\xxx\Data aplikací\Skype
2009-04-08 07:54 --------- d-----w c:\program files\iTunes
2009-04-08 07:54 --------- d-----w c:\program files\Common Files\Apple
2009-04-08 07:48 --------- d-----w c:\documents and settings\All Users\Data aplikací\ESET
2009-04-07 16:47 213,120 ----a-w c:\windows\system32\drivers\ndis.sys
2009-03-24 10:54 --------- d-----w c:\program files\BitComet
2009-03-22 10:29 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-03-22 10:28 --------- d-----w c:\program files\Classic Menu for Office
2009-03-19 14:32 23,400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-18 17:16 --------- d-----w c:\program files\MSBuild
2009-03-18 17:16 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-03-18 06:10 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Apple Computer
2009-03-10 16:13 --------- d-----w c:\program files\Nokia
2009-03-10 16:07 --------- d--h--w c:\program files\InstallJammer Registry
2009-03-10 15:42 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-03-06 14:11 --------- d-----w c:\program files\Warcraft III
2009-03-05 22:59 36,864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-05 18:52 --------- d-----w c:\program files\MSECache
2009-03-03 14:40 --------- d-----w c:\documents and settings\xxx\Data aplikací\PC Suite
2009-03-03 14:40 --------- d-----w c:\documents and settings\All Users\Data aplikací\PC Suite
2009-03-03 14:39 --------- d-----w c:\documents and settings\xxx\Data aplikací\Nokia
2009-03-03 14:38 --------- d-----w c:\program files\DIFX
2009-03-03 14:35 --------- d-----w c:\documents and settings\All Users\Data aplikací\Installations
2009-03-03 13:38 --------- d-----w c:\program files\Opera
2009-03-01 14:31 --------- d-----w c:\documents and settings\xxx\Data aplikací\BalsamiqMockupsForDesktop.2AC69118EBDF987BED0DDB0FDD08468D6BE55BAA.1
2009-03-01 09:34 --------- d-----w c:\documents and settings\xxx\Data aplikací\esmska
2009-03-01 08:24 --------- d-----w c:\program files\Axence
2009-02-27 21:09 --------- d-----w c:\program files\Microsoft Visual Studio 9.0
2009-02-27 21:07 --------- d-----w c:\program files\Common Files\Merge Modules
2009-02-27 10:24 --------- d-----w c:\program files\Safari
2009-02-27 05:35 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-26 16:48 --------- d-----w c:\program files\ReadAir
2009-02-26 16:48 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-02-26 16:48 --------- d-----w c:\documents and settings\xxx\Data aplikací\com.adammcgrath.ReadAir.C2FD571D0FC2888161CD93D688BC9C815E69B426.1
2009-02-25 11:41 --------- d-----w c:\documents and settings\xxx\Data aplikací\GullySoft
2009-02-24 15:24 --------- d-----w c:\program files\Windows Desktop Search
2009-02-22 12:07 --------- d-----w c:\program files\CDex_150
2009-02-15 09:51 --------- d-----w c:\program files\Axis Communications
2009-02-11 06:57 --------- d-----w c:\program files\Google
2009-02-09 12:05 --------- d-----w c:\documents and settings\xxx\Data aplikací\Download Manager
2009-01-24 12:19 21,152 ----a-w c:\documents and settings\xxx\Data aplikací\GDIPFONTCACHEV1.DAT
2009-01-19 13:08 524,288 ----a-w c:\windows\opuc.dll
.
------- Sigcheck -------
2004-08-04 00:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\$NtServicePackUninstall$\ndis.sys
2008-04-14 01:50 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys
2009-04-07 18:47 213120 d9c9981c9e83db13ffc803aedf5cb57e c:\windows\system32\dllcache\ndis.sys
2009-04-07 18:47 213120 1cd9bdd460658bb768618af445b4a1c4 c:\windows\system32\drivers\ndis.sys
2008-04-14 09:52 1042944 2bc54ac30cb7ce4ade5aa8fd79e47090 c:\windows\explorer.exe
2004-08-17 16:49 1041408 49feea5da3e4000a74e6998838a10ccf c:\windows\$NtServicePackUninstall$\explorer.exe
2008-04-14 09:52 1042944 d0a9b582b77a6239f98a637ee4d16a12 c:\windows\ServicePackFiles\i386\explorer.exe
2004-08-17 16:49 24064 0abd02b1679b2ba8cb3349f4e1867bf0 c:\windows\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 09:52 24064 aae3f69a71ffa85147f984b9c363d072 c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-14 09:52 24064 7400039a7eecb42715db941c191a5db5 c:\windows\system32\ctfmon.exe
2004-08-17 16:49 33280 b7c18bac747a28f40275ec1efdf8ca48 c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-14 09:52 34816 70aa0e19eb803478cb30d9a6a5ce4ce5 c:\windows\ServicePackFiles\i386\userinit.exe
2008-04-14 09:52 34816 dd60692b34c2c3342349dded8617e2f1 c:\windows\system32\userinit.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 24064]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 503240]
"Google Update"="c:\documents and settings\xxx\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-02-07 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 352256]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 425984]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-19 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SoundMan"="SOUNDMAN.EXE" [2002-06-18 c:\windows\SOUNDMAN.EXE]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 24064]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-27 122368]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-01-17 805392]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 03:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\ThunMail\testabd.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\MIRANDA_EVOLUCE\\Miranda_IM\\miranda32.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\Program Files\\Apple Software Update\\SoftwareUpdate.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Strong DC\\StrongDC.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\xxx\\Plocha\\bulanci.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Microsoft Visual Studio 9.0\\Common7\\IDE\\devenv.exe"=
"c:\\Program Files\\AtHome Video Streaming Server\\AvsServer.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"d:\\Přijaté soubory\\Mike\\MirandaPack\\MirandaPack\\miranda32.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"14145:TCP"= 14145:TCP:BitComet 14145 TCP
"14145:UDP"= 14145:UDP:BitComet 14145 UDP
"3587:TCP"= 3587:TCP:Skupiny sítě Peer-to-Peer
"3540:UDP"= 3540:UDP:Protokol PNRP (Peer Name Resolution Protocol)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-01-08 20744]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 17:51:58 13560]
R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2002-02-19 14336]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2002-08-29 69120]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys --> c:\windows\system32\Drivers\btnetBus.sys [?]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-07-02 26248]
S3 oje936d;oje936d;c:\windows\system32\drivers\oje936d.sys --> c:\windows\system32\drivers\oje936d.sys [?]
S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys [2007-09-04 55664]
S3 WZCOOK;WEP/WPA-PMK key recovery service;"c:\aircrack-ng-1.0-rc1-win\aircrack-ng-1.0-rc1-win\bin\wzcook.exe" --> c:\aircrack-ng-1.0-rc1-win\aircrack-ng-1.0-rc1-win\bin\wzcook.exe [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\autoplay.exe
.
Obsah adresáře 'Naplánované úlohy'
2009-04-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []
2009-03-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
2009-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1637723038-725345543-1003.job
- c:\documents and settings\OndY []
2009-04-08 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe []
2009-04-07 c:\windows\Tasks\User_Feed_Synchronization-{09CE9F76-AE6E-48AF-8890-3252423FD231}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 19:36]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
HKU-Default-Run-svc - c:\program files\ThunMail\testabd.exe
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
Trusted Zone: devmasters.cz\exch
TCP: {15902329-075E-49F6-BB4C-3F723110A76B} = 192.168.28.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://80.82.144.82/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\xxx\Data aplikací\Mozilla\Firefox\Profiles\5pfizk4a.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - http://www.google.cz
FF - prefs.js: keyword.URL - hxxp://searchbox.digsby.com/search?sour ... &gfns=1&q=
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-08 11:35:27
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwOpenFile
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\.bcp\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.cc\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.cod\PersistentHandler]
@DACL=(02 0000)
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.dsp\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.dsw\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.i\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.inl\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.lst\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.mak\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.map\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.mk\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.odh\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.odl\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.pot\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKEY_LOCAL_MACHINE\software\Classes\.pps\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKEY_LOCAL_MACHINE\software\Classes\.ppt\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKEY_LOCAL_MACHINE\software\Classes\.prc\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.rc2\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.rct\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.rgs\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.rtf\PersistentHandler]
@DACL=(02 0000)
@="{2e2294a9-50d7-4fe7-a09f-e6492e185884}"
[HKEY_LOCAL_MACHINE\software\Classes\.s\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.srf\PersistentHandler]
@DACL=(02 0000)
@="{eec97550-47a9-11cf-b952-00aa0051fe20}"
[HKEY_LOCAL_MACHINE\software\Classes\.tlh\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.tli\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.trg\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.user\PersistentHandler]
@DACL=(02 0000)
@="{eec97550-47a9-11cf-b952-00aa0051fe20}"
[HKEY_LOCAL_MACHINE\software\Classes\.vcproj\PersistentHandler]
@DACL=(02 0000)
@="{eec97550-47a9-11cf-b952-00aa0051fe20}"
[HKEY_LOCAL_MACHINE\software\Classes\.vspscc\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.vsscc\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.vssscc\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.xls\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKEY_LOCAL_MACHINE\software\Classes\.xlt\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKEY_LOCAL_MACHINE\software\Classes\.xsd\PersistentHandler]
@DACL=(02 0000)
@="{7E9D8D44-6926-426F-AA2B-217A819A5CCE}"
[HKEY_LOCAL_MACHINE\software\Classes\.xslt\PersistentHandler]
@DACL=(02 0000)
@="{7E9D8D44-6926-426F-AA2B-217A819A5CCE}"
[HKEY_LOCAL_MACHINE\software\Classes\mapi\Shell]
@DACL=(02 0000)
@=""
[HKEY_LOCAL_MACHINE\software\Xanthic\{EAC0842F-9764-03DD-A0B6-5FFFB48AD6EB}*_]
"fr"="078F4F525F5557"
"lr"="078F4F525F5557"
DUMPHIVE0.003 (REGF)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1152)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\Bonjour\mdnsNSP.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\RealVNC\VNC4\winvnc4.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\documents and settings\Ondc:\program files\Logitech\SetPoint\SetPoint.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Internet Explorer\iexplore.exe
c:\documents and settings\Ondc:\windows\explorer.exe
.
**************************************************************************
.
Celkový čas: 2009-04-08 11:40:57 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-04-08 09:40:50
Před spuštěním: Volných bajtů: 14,027,042,816
Po spuštění: Volných bajtů: 14,077,911,040
432 --- E O F --- 2009-03-31 18:25:15
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.3072.2672 [GMT 2:00]
Spuštěný z: c:\documents and settings\xxx\Plocha\tools\tools\VerTerm.exe
AV: AVG *On-access scanning disabled* (Outdated)
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\dhcp\svchost.exe
c:\windows\Install.txt
c:\windows\system32\drivers\UACykmxewsw.sys
c:\windows\system32\Install.txt
c:\windows\system32\UACewftidwf.dll
c:\windows\system32\UACfqxnqqwc.log
c:\windows\system32\uacinit.dll
c:\windows\system32\UACoejvbnmp.dll
c:\windows\system32\UACoobymwrr.dll
c:\windows\system32\UACpfxmnltx.log
c:\windows\system32\UACpnhixlvn.dll
c:\windows\system32\UACpxvhosjh.dat
c:\windows\system32\UACvitlwxwm.log
c:\windows\system32\UACxlloymxj.dll
. . . je infikován!!
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
-------\Legacy_AFISICX
-------\Legacy_AT1394
-------\Legacy_DHCPSRV
-------\Legacy_IAS
-------\Legacy_IPRIP
-------\Legacy_NPF
-------\Legacy_SOPIDKC
-------\Legacy_TDCTXTE
-------\Service_DhcpSrv
-------\Service_Iprip
-------\Service_restore
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-08 do 2009-04-08 )))))))))))))))))))))))))))))))
.
2009-04-08 11:13 . 2009-04-08 11:13 318 --ah----- C:\aaw7boot.cmd
2009-04-08 11:11 . 2009-04-08 11:11 0 --a------ c:\documents and settings\Ond
2009-04-08 11:10 . 2009-04-08 11:10 <DIR> d-------- c:\documents and settings\NetworkService\Plocha
2009-04-08 10:52 . 2009-04-08 11:14 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Lavasoft
2009-04-08 09:54 . 2009-04-08 09:54 <DIR> d-------- c:\program files\iPod
2009-04-08 09:54 . 2009-04-08 09:54 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-08 09:27 . 2009-04-08 09:27 <DIR> dr------- c:\documents and settings\LocalService\Oblíbené položky
2009-04-07 22:29 . 2009-04-07 22:29 <DIR> d-------- c:\program files\CCleaner
2009-04-07 22:06 . 2009-04-07 22:06 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-07 22:06 . 2009-04-06 15:32 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-07 22:06 . 2009-04-06 15:32 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-07 21:50 . 2009-04-07 21:56 <DIR> d-------- C:\fixwareout
2009-04-07 18:47 . 2009-04-07 18:47 213,120 --a--c--- c:\windows\system32\dllcache\ndis.sys
2009-04-07 17:19 . 2009-04-08 11:28 <DIR> d-------- c:\windows\dhcp
2009-04-07 17:18 . 2009-04-07 18:47 <DIR> dr-hs---- c:\program files\ThunMail
2009-04-07 17:18 . 2009-04-07 20:59 21,704 --a------ c:\windows\system32\rr.exe
2009-04-07 17:17 . 2002-07-26 17:02 161,792 --a------ c:\windows\system32\UNWISE.EXE
2009-04-03 10:25 . 2009-04-03 10:25 <DIR> d-------- c:\program files\Microsoft
2009-03-31 14:20 . 2009-04-08 09:24 <DIR> d-------- c:\documents and settings\xxx\Data aplikací\skypePM
2009-03-31 14:20 . 2009-03-31 14:20 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-03-28 20:45 . 2009-03-28 20:45 <DIR> d-------- c:\program files\Zeallsoft
2009-03-28 20:40 . 2009-04-07 21:48 <DIR> d-------- c:\program files\DemoStudio
2009-03-25 16:31 . 2009-03-25 16:31 <DIR> d-------- C:\dokument
2009-03-18 18:50 . 2009-03-22 17:29 32 --a------ c:\windows\0
2009-03-18 18:50 . 2009-03-18 18:50 0 --a------ c:\windows\system32\0
2009-03-18 18:20 . 2009-03-18 18:52 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Bluetooth
2009-03-18 18:08 . 2008-04-14 09:52 91,648 --a------ c:\windows\system32\drivers\kswdmcap.ax
2009-03-18 18:08 . 2008-04-14 09:52 61,952 --a------ c:\windows\system32\drivers\kstvtune.ax
2009-03-18 18:08 . 2008-04-14 09:52 54,272 --a------ c:\windows\system32\drivers\vfwwdm32.dll
2009-03-18 18:08 . 2008-04-14 09:52 43,008 --a------ c:\windows\system32\drivers\ksxbar.ax
2009-03-18 18:08 . 2008-04-14 09:52 28,672 --a------ c:\windows\system32\drivers\vidcap.ax
2009-03-18 08:10 . 2009-03-18 08:10 664 --a------ c:\windows\system32\d3d9caps.dat
2009-03-16 20:51 . 2009-03-16 20:54 1,924 --a------ C:\s.png
2009-03-13 15:59 . 2009-03-13 16:58 <DIR> d-------- c:\program files\Cain
2009-03-12 16:24 . 2009-03-12 16:24 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\JH Software
2009-03-12 11:52 . 2009-03-12 11:53 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-12 11:51 . 2009-03-12 11:51 <DIR> d-------- c:\program files\QuickTime
2009-03-12 11:47 . 2009-03-06 00:59 1,900,544 --a------ c:\windows\system32\usbaaplrc.dll
2009-03-12 06:30 . 2008-04-14 09:52 221,184 --a------ c:\windows\system32\wmpns.dll
2009-03-10 18:08 . 2009-03-10 18:08 <DIR> d-------- c:\documents and settings\xxx\Data aplikací\Windows Live Writer
2009-03-10 17:52 . 2009-03-10 17:52 <DIR> d-------- c:\documents and settings\xxx\Tracing
2009-03-10 17:52 . 2009-03-10 17:52 <DIR> d-------- c:\documents and settings\xxx\Tracing
2009-03-10 17:43 . 2006-11-29 14:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2009-03-10 17:25 . 2009-03-10 17:25 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-03-10 11:14 . 2009-03-10 11:14 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Blizzard
2009-03-09 22:27 . 2009-03-10 17:10 <DIR> d-------- c:\program files\World of Warcraft
2009-03-09 22:27 . 2009-03-09 23:00 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment
2009-03-09 22:11 . 2009-03-09 22:11 <DIR> d-------- c:\documents and settings\xxx\Data aplikací\JLC's Software
2009-03-09 22:09 . 2009-03-10 16:39 <DIR> d-------- c:\program files\JLC's Software
2009-03-09 21:53 . 2009-03-09 21:53 <DIR> d-------- c:\program files\World of Warcraft.temp
2009-03-09 21:53 . 2009-03-09 21:53 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment.temp
2009-03-08 12:00 . 2009-03-08 12:00 <DIR> d-------- c:\program files\AtHome Video Streaming Server
2009-03-08 11:52 . 2009-03-08 11:52 <DIR> d-------- c:\documents and settings\xxx\Data aplikací\GetWare
2009-03-08 11:51 . 2009-03-08 11:51 <DIR> d-------- c:\program files\GetWare
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-08 09:21 --------- d-----w c:\documents and settings\xxx\Data aplikací\Skype
2009-04-08 07:54 --------- d-----w c:\program files\iTunes
2009-04-08 07:54 --------- d-----w c:\program files\Common Files\Apple
2009-04-08 07:48 --------- d-----w c:\documents and settings\All Users\Data aplikací\ESET
2009-04-07 16:47 213,120 ----a-w c:\windows\system32\drivers\ndis.sys
2009-03-24 10:54 --------- d-----w c:\program files\BitComet
2009-03-22 10:29 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-03-22 10:28 --------- d-----w c:\program files\Classic Menu for Office
2009-03-19 14:32 23,400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-18 17:16 --------- d-----w c:\program files\MSBuild
2009-03-18 17:16 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-03-18 06:10 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Apple Computer
2009-03-10 16:13 --------- d-----w c:\program files\Nokia
2009-03-10 16:07 --------- d--h--w c:\program files\InstallJammer Registry
2009-03-10 15:42 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-03-06 14:11 --------- d-----w c:\program files\Warcraft III
2009-03-05 22:59 36,864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-05 18:52 --------- d-----w c:\program files\MSECache
2009-03-03 14:40 --------- d-----w c:\documents and settings\xxx\Data aplikací\PC Suite
2009-03-03 14:40 --------- d-----w c:\documents and settings\All Users\Data aplikací\PC Suite
2009-03-03 14:39 --------- d-----w c:\documents and settings\xxx\Data aplikací\Nokia
2009-03-03 14:38 --------- d-----w c:\program files\DIFX
2009-03-03 14:35 --------- d-----w c:\documents and settings\All Users\Data aplikací\Installations
2009-03-03 13:38 --------- d-----w c:\program files\Opera
2009-03-01 14:31 --------- d-----w c:\documents and settings\xxx\Data aplikací\BalsamiqMockupsForDesktop.2AC69118EBDF987BED0DDB0FDD08468D6BE55BAA.1
2009-03-01 09:34 --------- d-----w c:\documents and settings\xxx\Data aplikací\esmska
2009-03-01 08:24 --------- d-----w c:\program files\Axence
2009-02-27 21:09 --------- d-----w c:\program files\Microsoft Visual Studio 9.0
2009-02-27 21:07 --------- d-----w c:\program files\Common Files\Merge Modules
2009-02-27 10:24 --------- d-----w c:\program files\Safari
2009-02-27 05:35 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-26 16:48 --------- d-----w c:\program files\ReadAir
2009-02-26 16:48 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-02-26 16:48 --------- d-----w c:\documents and settings\xxx\Data aplikací\com.adammcgrath.ReadAir.C2FD571D0FC2888161CD93D688BC9C815E69B426.1
2009-02-25 11:41 --------- d-----w c:\documents and settings\xxx\Data aplikací\GullySoft
2009-02-24 15:24 --------- d-----w c:\program files\Windows Desktop Search
2009-02-22 12:07 --------- d-----w c:\program files\CDex_150
2009-02-15 09:51 --------- d-----w c:\program files\Axis Communications
2009-02-11 06:57 --------- d-----w c:\program files\Google
2009-02-09 12:05 --------- d-----w c:\documents and settings\xxx\Data aplikací\Download Manager
2009-01-24 12:19 21,152 ----a-w c:\documents and settings\xxx\Data aplikací\GDIPFONTCACHEV1.DAT
2009-01-19 13:08 524,288 ----a-w c:\windows\opuc.dll
.
------- Sigcheck -------
2004-08-04 00:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\$NtServicePackUninstall$\ndis.sys
2008-04-14 01:50 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys
2009-04-07 18:47 213120 d9c9981c9e83db13ffc803aedf5cb57e c:\windows\system32\dllcache\ndis.sys
2009-04-07 18:47 213120 1cd9bdd460658bb768618af445b4a1c4 c:\windows\system32\drivers\ndis.sys
2008-04-14 09:52 1042944 2bc54ac30cb7ce4ade5aa8fd79e47090 c:\windows\explorer.exe
2004-08-17 16:49 1041408 49feea5da3e4000a74e6998838a10ccf c:\windows\$NtServicePackUninstall$\explorer.exe
2008-04-14 09:52 1042944 d0a9b582b77a6239f98a637ee4d16a12 c:\windows\ServicePackFiles\i386\explorer.exe
2004-08-17 16:49 24064 0abd02b1679b2ba8cb3349f4e1867bf0 c:\windows\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 09:52 24064 aae3f69a71ffa85147f984b9c363d072 c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-14 09:52 24064 7400039a7eecb42715db941c191a5db5 c:\windows\system32\ctfmon.exe
2004-08-17 16:49 33280 b7c18bac747a28f40275ec1efdf8ca48 c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-14 09:52 34816 70aa0e19eb803478cb30d9a6a5ce4ce5 c:\windows\ServicePackFiles\i386\userinit.exe
2008-04-14 09:52 34816 dd60692b34c2c3342349dded8617e2f1 c:\windows\system32\userinit.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 24064]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 503240]
"Google Update"="c:\documents and settings\xxx\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-02-07 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 352256]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 425984]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-19 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SoundMan"="SOUNDMAN.EXE" [2002-06-18 c:\windows\SOUNDMAN.EXE]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 24064]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-27 122368]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-01-17 805392]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 03:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\ThunMail\testabd.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\MIRANDA_EVOLUCE\\Miranda_IM\\miranda32.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\Program Files\\Apple Software Update\\SoftwareUpdate.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Strong DC\\StrongDC.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\xxx\\Plocha\\bulanci.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Microsoft Visual Studio 9.0\\Common7\\IDE\\devenv.exe"=
"c:\\Program Files\\AtHome Video Streaming Server\\AvsServer.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"d:\\Přijaté soubory\\Mike\\MirandaPack\\MirandaPack\\miranda32.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"14145:TCP"= 14145:TCP:BitComet 14145 TCP
"14145:UDP"= 14145:UDP:BitComet 14145 UDP
"3587:TCP"= 3587:TCP:Skupiny sítě Peer-to-Peer
"3540:UDP"= 3540:UDP:Protokol PNRP (Peer Name Resolution Protocol)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-01-08 20744]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 17:51:58 13560]
R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2002-02-19 14336]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2002-08-29 69120]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys --> c:\windows\system32\Drivers\btnetBus.sys [?]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-07-02 26248]
S3 oje936d;oje936d;c:\windows\system32\drivers\oje936d.sys --> c:\windows\system32\drivers\oje936d.sys [?]
S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys [2007-09-04 55664]
S3 WZCOOK;WEP/WPA-PMK key recovery service;"c:\aircrack-ng-1.0-rc1-win\aircrack-ng-1.0-rc1-win\bin\wzcook.exe" --> c:\aircrack-ng-1.0-rc1-win\aircrack-ng-1.0-rc1-win\bin\wzcook.exe [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\autoplay.exe
.
Obsah adresáře 'Naplánované úlohy'
2009-04-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []
2009-03-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
2009-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1637723038-725345543-1003.job
- c:\documents and settings\OndY []
2009-04-08 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe []
2009-04-07 c:\windows\Tasks\User_Feed_Synchronization-{09CE9F76-AE6E-48AF-8890-3252423FD231}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 19:36]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
HKU-Default-Run-svc - c:\program files\ThunMail\testabd.exe
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
Trusted Zone: devmasters.cz\exch
TCP: {15902329-075E-49F6-BB4C-3F723110A76B} = 192.168.28.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://80.82.144.82/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\xxx\Data aplikací\Mozilla\Firefox\Profiles\5pfizk4a.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - http://www.google.cz
FF - prefs.js: keyword.URL - hxxp://searchbox.digsby.com/search?sour ... &gfns=1&q=
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-08 11:35:27
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwOpenFile
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\.bcp\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.cc\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.cod\PersistentHandler]
@DACL=(02 0000)
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.dsp\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.dsw\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.i\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.inl\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.lst\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.mak\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.map\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.mk\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.odh\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.odl\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.pot\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKEY_LOCAL_MACHINE\software\Classes\.pps\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKEY_LOCAL_MACHINE\software\Classes\.ppt\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKEY_LOCAL_MACHINE\software\Classes\.prc\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.rc2\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.rct\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.rgs\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.rtf\PersistentHandler]
@DACL=(02 0000)
@="{2e2294a9-50d7-4fe7-a09f-e6492e185884}"
[HKEY_LOCAL_MACHINE\software\Classes\.s\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.srf\PersistentHandler]
@DACL=(02 0000)
@="{eec97550-47a9-11cf-b952-00aa0051fe20}"
[HKEY_LOCAL_MACHINE\software\Classes\.tlh\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.tli\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.trg\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.user\PersistentHandler]
@DACL=(02 0000)
@="{eec97550-47a9-11cf-b952-00aa0051fe20}"
[HKEY_LOCAL_MACHINE\software\Classes\.vcproj\PersistentHandler]
@DACL=(02 0000)
@="{eec97550-47a9-11cf-b952-00aa0051fe20}"
[HKEY_LOCAL_MACHINE\software\Classes\.vspscc\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.vsscc\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.vssscc\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_LOCAL_MACHINE\software\Classes\.xls\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKEY_LOCAL_MACHINE\software\Classes\.xlt\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"
[HKEY_LOCAL_MACHINE\software\Classes\.xsd\PersistentHandler]
@DACL=(02 0000)
@="{7E9D8D44-6926-426F-AA2B-217A819A5CCE}"
[HKEY_LOCAL_MACHINE\software\Classes\.xslt\PersistentHandler]
@DACL=(02 0000)
@="{7E9D8D44-6926-426F-AA2B-217A819A5CCE}"
[HKEY_LOCAL_MACHINE\software\Classes\mapi\Shell]
@DACL=(02 0000)
@=""
[HKEY_LOCAL_MACHINE\software\Xanthic\{EAC0842F-9764-03DD-A0B6-5FFFB48AD6EB}*_]
"fr"="078F4F525F5557"
"lr"="078F4F525F5557"
DUMPHIVE0.003 (REGF)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1152)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\Bonjour\mdnsNSP.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\RealVNC\VNC4\winvnc4.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\documents and settings\Ondc:\program files\Logitech\SetPoint\SetPoint.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Internet Explorer\iexplore.exe
c:\documents and settings\Ondc:\windows\explorer.exe
.
**************************************************************************
.
Celkový čas: 2009-04-08 11:40:57 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-04-08 09:40:50
Před spuštěním: Volných bajtů: 14,027,042,816
Po spuštění: Volných bajtů: 14,077,911,040
432 --- E O F --- 2009-03-31 18:25:15
Naposledy upravil(a) Snekatis dne 19 led 2010 15:06, celkem upraveno 2 x.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43293
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Na zavirovany PC nejde nainstalovat antivir
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
ulož si ho na plochu jako-název remove.bat a ulož ho jako typ všechny soubory , najdi na ploše tento soubor , spusť ho poklepáním.Otevře se Dosovské okno a zavře. Restartuj comp.
*****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Toto znáš:
C:\dokument
C:\s.png ?
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
sc config avg8emc start= disabled
sc stop avg8emc
sc delete avg8emc
sc config avg8wd start= disabled
sc stop avg8wd
sc delete avg8wd
sc config oje936d start= disabled
sc stop oje936d
sc delete oje936d
sc config WZCOOK start= disabled
sc stop WZCOOK
sc delete WZCOOKulož si ho na plochu jako-název remove.bat a ulož ho jako typ všechny soubory , najdi na ploše tento soubor , spusť ho poklepáním.Otevře se Dosovské okno a zavře. Restartuj comp.
*****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
File::
c:\windows\system32\UNWISE.EXE
c:\progra~1\ThunMail\testabd.dll
Folder::
C:\fixwareout
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Toto znáš:
C:\dokument
C:\s.png ?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 5 hostů