Obávám se, že ty rootkity, které se vám v PC neustále obnovují, mají na svědomí smazání dat.Folder::
c:\program files\AskBarDis
Collect::
c:\windows\x.reg
c:\windows\system32\drivers\onniqwqw.sys
c:\windows\system32\drivers\gqxhkcdk.sys
C:\FMKXMBYF
Driver::
fqrtoxdw
fucwklgf
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
poškozená data ?
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: poškozená data ?
Spusťte znovu tímto skriptem:
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: poškozená data ?
Provedeno dle navodu a zde opet predkladam log. Nejspis asi budu postupovat dle navodu zde na foru,souhlasite ? S tim ze po kazdy akci sem vlozim log s zadosti o kontrolu...ok ?
http://www.viry.cz/forum/viewtopic.php?t=14396
ComboFix 10-01-04.01 - Uživatel 05.01.2010 18:38:51.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.767.383 [GMT 1:00]
Spuštěný z: c:\documents and settings\Uživatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Uživatel\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100105-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
file zipped: c:\windows\x.reg
.
/wow section - STAGE 1
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Cache\0048FE09
c:\program files\AskBarDis\bar\Cache\00490915
c:\program files\AskBarDis\bar\Cache\00490B76.bin
c:\program files\AskBarDis\bar\Cache\00490E93.bin
c:\program files\AskBarDis\bar\Cache\00491142.bin
c:\program files\AskBarDis\bar\Cache\004913B3.bin
c:\program files\AskBarDis\bar\Cache\004917DA.bin
c:\program files\AskBarDis\bar\Cache\004919DE.bin
c:\program files\AskBarDis\bar\Cache\00492855.bin
c:\program files\AskBarDis\bar\Cache\004929CC.bin
c:\program files\AskBarDis\bar\Cache\00492B62.bin
c:\program files\AskBarDis\bar\Cache\files.ini
c:\program files\AskBarDis\bar\History\search
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\bar\Settings\prevcfg.htm
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe
c:\windows\x.reg
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_fqrtoxdw
-------\Service_fucwklgf
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-05 do 2010-01-05 )))))))))))))))))))))))))))))))
.
2010-01-03 13:43 . 2010-01-03 13:43 389632 ----a-w- c:\windows\system32\CF9622.exe
2010-01-03 13:34 . 2010-01-03 13:31 389632 ----a-w- c:\windows\system32\CF7323.exe
2010-01-03 13:11 . 2010-01-03 13:12 -------- d-----w- c:\program files\trend micro
2010-01-03 13:11 . 2010-01-03 13:12 -------- d-----w- C:\rsit
2010-01-02 15:33 . 2010-01-02 16:23 -------- d-----w- c:\program files\Ontrack
2010-01-02 15:23 . 2009-12-17 23:14 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-01-02 15:22 . 2010-01-02 15:23 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-01-01 16:27 . 2010-01-01 16:27 -------- d-----w- c:\program files\MediaDoctor
2010-01-01 14:58 . 2004-03-16 07:35 49152 ----a-w- c:\windows\system32\OctaneARM.dll
2010-01-01 00:34 . 2010-01-01 00:34 -------- d-----w- c:\program files\Recuva
2009-12-27 12:59 . 2009-07-05 20:33 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-27 12:59 . 2009-07-05 20:33 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-12-27 12:59 . 2009-12-27 12:59 -------- d-----w- c:\program files\ffdshow
2009-12-13 14:46 . 2010-01-04 20:25 -------- d-----w- c:\program files\ICQ6.5
2009-12-10 15:14 . 2010-01-01 18:38 -------- d-----w- c:\program files\IDOS 09-10
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 18:06 . 2006-11-08 14:24 609 --sha-w- c:\windows\system32\mmf.sys
2010-01-05 17:15 . 2009-06-03 12:43 -------- d-----w- c:\program files\LogMeIn
2010-01-02 17:28 . 2009-04-30 12:28 -------- d-----w- c:\program files\FastStone Image Viewer
2010-01-02 16:24 . 2004-11-19 08:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-02 16:19 . 2009-08-22 09:21 -------- d-----w- c:\program files\Safari
2010-01-02 16:17 . 2005-10-02 17:26 -------- d-----w- c:\program files\CyberLink
2010-01-02 16:15 . 2004-11-19 21:16 -------- d-----w- c:\program files\Phenomedia
2010-01-02 16:14 . 2006-12-12 16:13 -------- d-----w- c:\program files\Counter-Strike 1.6
2010-01-01 16:12 . 2008-11-03 16:55 -------- d-----w- c:\program files\Common Files\COWON
2010-01-01 15:56 . 2008-11-03 16:55 -------- d-----w- c:\program files\JetAudio
2010-01-01 15:34 . 2008-03-13 19:06 -------- d-----w- c:\program files\FlatOut
2009-12-27 12:59 . 2009-09-19 10:25 -------- d-----w- c:\program files\Cool YouTube Downloader
2009-12-18 13:02 . 2005-03-10 17:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-13 16:06 . 2008-07-11 20:42 -------- d-----w- c:\program files\Miranda IM
2009-12-13 15:53 . 2009-03-13 20:11 -------- d-----w- c:\program files\ICQ6Toolbar
2009-12-13 15:23 . 2007-08-05 14:03 -------- d-----w- c:\program files\QIP
2009-11-25 16:40 . 2009-10-19 12:30 171552 ----a-w- c:\windows\system32\guard32.dll
2009-11-25 16:40 . 2009-10-19 12:30 133064 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-11-24 23:54 . 2007-06-22 13:30 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2007-06-22 13:30 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2007-06-22 13:30 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2007-06-22 13:30 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2007-06-22 13:30 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2007-06-22 13:30 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-22 13:44 . 2004-11-19 18:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-18 12:56 . 2009-10-19 12:30 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-11-18 12:56 . 2009-10-19 12:30 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-10-28 17:58 . 2001-10-25 14:00 505350 ----a-w- c:\windows\system32\perfh005.dat
2009-10-28 17:58 . 2001-10-25 14:00 108888 ----a-w- c:\windows\system32\perfc005.dat
2009-10-21 06:03 . 2004-12-03 17:58 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 06:03 . 2004-12-03 17:58 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 14:58 . 2009-07-12 15:04 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-19 12:32 . 2009-10-19 12:32 253688 ----a-w- c:\windows\system32\cssdll32.dll
2009-10-13 10:53 . 2002-09-20 18:04 267776 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54 . 2002-09-20 18:04 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54 . 2002-09-20 18:04 112640 ----a-w- c:\windows\system32\rastls.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kalendar"="c:\program files\Kalendar\kalendar.exe" [2005-11-09 580608]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2009-09-23 434840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-23 335872]
"AHQInit"="c:\program files\Creative\SBLive\Program\AHQInit.exe" [2001-05-10 102400]
"mouseElf"="c:\progra~1\KYE\GENIUS~1\mouseElf.exe" [2002-05-20 151552]
"AudioHQ"="c:\program files\Creative\SBLive\AudioHQ\AHQTB.EXE" [2001-08-17 180224]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2006-12-01 1583644]
"COMODO Internet Security"="c:\program files\Comodo\COMODO Internet Security\cfp.exe" [2009-11-18 1800464]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-08-16 339968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{DAE0285D-0788-4E87-985E-01DF2EDE4ACD}"= "c:\windows\system32\Wshxt.dll" [2008-06-22 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 18:35 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Uživatel^Nabídka Start^Programy^Po spuštění^Reminder-cor40212.lnk]
path=c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\Reminder-cor40212.lnk
backup=c:\windows\pss\Reminder-cor40212.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Uživatel^Nabídka Start^Programy^Po spuštění^µTorrent.lnk]
path=c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\µTorrent.lnk
backup=c:\windows\pss\µTorrent.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-07-24 16:46 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-06-13 13:21 282624 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-11-07 17:39 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-03-27 06:35 36352 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TermService"=3 (0x3)
"SSDPSRV"=3 (0x3)
"LmHosts"=2 (0x2)
"mnmsrvc"=3 (0x3)
"upnphost"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"EA Core"="c:\program files\Electronic Arts\EA Link\Core.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CHotkey"=mHotkey.exe
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Total Commander 6\\TOTALCMD.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\j2re1.4.2_04\\bin\\javaw.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla\\mozilla.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8785:TCP"= 8785:TCP:*:Disabled:BitComet 8785 TCP
"8785:UDP"= 8785:UDP:*:Disabled:BitComet 8785 UDP
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 0 (0x0)
"AllowInboundMaskRequest"= 0 (0x0)
"AllowInboundRouterRequest"= 0 (0x0)
"AllowOutboundDestinationUnreachable"= 0 (0x0)
"AllowOutboundSourceQuench"= 0 (0x0)
"AllowOutboundParameterProblem"= 0 (0x0)
"AllowOutboundTimeExceeded"= 0 (0x0)
"AllowRedirect"= 0 (0x0)
"AllowOutboundPacketTooBig"= 0 (0x0)
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.11.2005 9:27 Čas: 716272]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2.4.2008 16:15 Čas: 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [19.10.2009 13:30 Čas: 133064]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [19.10.2009 13:30 Čas: 25160]
R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [13.8.2007 12:42 Čas: 13312]
R1 Winhpfile;Winhpfile;c:\fmkxmbyf\HPFile.sys [22.6.2008 19:37 Čas: 16601]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.4.2008 16:15 Čas: 20560]
R2 athsgt;athsgt;c:\windows\system32\drivers\athsgt.sys [6.4.2006 19:00 Čas: 164992]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [13.3.2009 21:11 Čas: 222968]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [8.11.2006 15:24 Čas: 2560]
R2 limsgt;limsgt;c:\windows\system32\drivers\limsgt.sys [6.4.2006 19:00 Čas: 12544]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24.7.2008 17:46 Čas: 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [3.6.2009 13:44 Čas: 47640]
R2 OracleFormsServer-Forms60Server;Oracle Forms Server [Forms60Server];c:\orant\bin\ifsrv60.exe -start_service --> c:\orant\bin\ifsrv60.exe -start_service [?]
R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [21.4.2006 7:22 Čas: 70912]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [18.12.2009 0:12 Čas: 1044808]
R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [13.8.2007 12:42 Čas: 8832]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 Čas: 10064]
S2 BT848;BtCap, WDM Video Capture;c:\windows\system32\drivers\BT848.sys [25.11.2004 14:09 Čas: 266180]
S2 BTTUNER;BtTuner, WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [19.11.2004 21:45 Čas: 18944]
S2 BTXBAR;BtXBar, WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [19.11.2004 21:45 Čas: 13308]
S3 GAGPDrv;GAGPDrv; [x]
S3 OracleClientCache80;OracleClientCache80;c:\orant\BIN\ONRSD80.EXE [2.5.2009 16:54 Čas: 101136]
S3 Revolution1;Revolution1;\??\c:\docume~1\UIVATE~1\LOCALS~1\Temp\Rar$EX02.047\Revolution_Engine_8.3_ShaK3\SHAK3.sys --> c:\docume~1\UIVATE~1\LOCALS~1\Temp\Rar$EX02.047\Revolution_Engine_8.3_ShaK3\SHAK3.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2.2.2009 11:04 Čas: 356920]
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);c:\windows\system32\drivers\SE2Fbus.sys [30.5.2007 15:47 Čas: 61600]
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;c:\windows\system32\drivers\SE2Fmdfl.sys [30.5.2007 17:58 Čas: 9360]
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;c:\windows\system32\drivers\SE2Fmdm.sys [30.5.2007 17:58 Čas: 97184]
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE2Fmgmt.sys [30.5.2007 18:25 Čas: 88688]
S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);c:\windows\system32\drivers\se2Fnd5.sys [30.5.2007 18:25 Čas: 18704]
S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;c:\windows\system32\drivers\SE2Fobex.sys [30.5.2007 18:20 Čas: 86560]
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);c:\windows\system32\drivers\se2Funic.sys [30.5.2007 18:25 Čas: 90800]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Obsah adresáře 'Naplánované úlohy'
2009-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-01-05 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-12-17 23:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: Do fronty Star Downloaderu - c:\program files\Star Downloader\sdieenq.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Zobrazit originál
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\g8ca54fd.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\np32dsw.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-05 19:08
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys >>UNKNOWN [0x83FDA1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf77b5fc3
\Driver\ACPI -> ACPI.sys @ 0xf7613cb8
\Driver\atapi -> prosync1.sys @ 0xf7c7b6c1
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0084
ParseProcedure -> ntoskrnl.exe @ 0x8056f07e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0084
ParseProcedure -> ntoskrnl.exe @ 0x8056f07e
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1614895754-1637723038-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0A0B3829-8B3D-6294-BC8B-A754B0DB491E}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1614895754-1637723038-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:56,85,13,20,e9,a2,22,63,a1,7b,ab,30,d3,36,21,fb,82,2a,8c,fa,b0,dd,ad,
10,6a,6d,fe,82,d7,19,3f,25,a2,12,8a,62,a0,f6,4e,f4,d0,27,ac,fe,c1,d9,88,c9,\
"??"=hex:75,4f,3d,73,80,3a,99,4b,7b,08,39,8b,8e,8b,b6,43
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{765dd79e-581f-4bb6-92f4-2c332f2d46df}]
@Denied: (Full) (Everyone)
"Model"=dword:0000015a
"Therad"=dword:0000001f
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):99,c7,fb,e7,71,8c,30,ac,11,59,be,14,34,84,06,e9,96,84,22,74,d4,
8e,ae,47,ec,25,f3,53,18,c7,e5,00,b2,9a,c7,bc,58,20,67,d4,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,c9,e0,20,43,a1,23,f2,
e3
"2"=hex:d7,7a,ea,31,a0,f7,22,dd,b6,43,6f,32,07,8b,4a,0a,e2,6f,a8,1b,53,71,0d,
78,d5,ad,68,1b,c8,4a,9b,03
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,aa,6b,6f,c8,5d,d1,dd,
70,c8,0c,a2,71,14,a4,b5,05,7d,2c,84,8d,ff,2b,de,6d,f8,f2,70,94,19,43,ce,bd,\
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC]
"1"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,d5,a9,6f,e0,2c,05,4e,14
"2"=hex:58,92,5a,34,3f,c6,a5,c5
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,61,5a,c0,6c,22,7e,83,13,6e,44,91,28,69,cc,01,dd
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,8a,e8,46,ee,dc,b9,3c,
6e,96,5e,02,2e,f5,00,a9,81,08,f6,52,ef,e7,50,0b,0f,63,cf,89,b0,df,91,3d,bf,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\LMIinit.dll
- - - - - - - > 'explorer.exe'(964)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\Microsoft Private Folder 1.0\ShellExt.dll
c:\windows\system32\PFLib.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\browselc.dll
c:\fmkxmbyf\HPIE.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Comodo\COMODO Internet Security\cmdagent.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\devldr32.exe
c:\windows\System32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\orant\bin\ifsrv60.exe
c:\program files\Microsoft Private Folder 1.0\PrfldSvc.exe
c:\orant\bin\ifweb60.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\UAService7.exe
c:\windows\System32\MsPMSPSv.exe
.
**************************************************************************
.
Celkový čas: 2010-01-05 19:18:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-05 18:18
ComboFix2.txt 2010-01-03 15:29
Před spuštěním: 4 170 883 072
Po spuštění: 4 140 380 160
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 57AEEDF5C4FB85187C0B1714C3D48219
http://www.viry.cz/forum/viewtopic.php?t=14396
ComboFix 10-01-04.01 - Uživatel 05.01.2010 18:38:51.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.767.383 [GMT 1:00]
Spuštěný z: c:\documents and settings\Uživatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Uživatel\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100105-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
file zipped: c:\windows\x.reg
.
/wow section - STAGE 1
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Cache\0048FE09
c:\program files\AskBarDis\bar\Cache\00490915
c:\program files\AskBarDis\bar\Cache\00490B76.bin
c:\program files\AskBarDis\bar\Cache\00490E93.bin
c:\program files\AskBarDis\bar\Cache\00491142.bin
c:\program files\AskBarDis\bar\Cache\004913B3.bin
c:\program files\AskBarDis\bar\Cache\004917DA.bin
c:\program files\AskBarDis\bar\Cache\004919DE.bin
c:\program files\AskBarDis\bar\Cache\00492855.bin
c:\program files\AskBarDis\bar\Cache\004929CC.bin
c:\program files\AskBarDis\bar\Cache\00492B62.bin
c:\program files\AskBarDis\bar\Cache\files.ini
c:\program files\AskBarDis\bar\History\search
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\bar\Settings\prevcfg.htm
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe
c:\windows\x.reg
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_fqrtoxdw
-------\Service_fucwklgf
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-05 do 2010-01-05 )))))))))))))))))))))))))))))))
.
2010-01-03 13:43 . 2010-01-03 13:43 389632 ----a-w- c:\windows\system32\CF9622.exe
2010-01-03 13:34 . 2010-01-03 13:31 389632 ----a-w- c:\windows\system32\CF7323.exe
2010-01-03 13:11 . 2010-01-03 13:12 -------- d-----w- c:\program files\trend micro
2010-01-03 13:11 . 2010-01-03 13:12 -------- d-----w- C:\rsit
2010-01-02 15:33 . 2010-01-02 16:23 -------- d-----w- c:\program files\Ontrack
2010-01-02 15:23 . 2009-12-17 23:14 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-01-02 15:22 . 2010-01-02 15:23 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-01-01 16:27 . 2010-01-01 16:27 -------- d-----w- c:\program files\MediaDoctor
2010-01-01 14:58 . 2004-03-16 07:35 49152 ----a-w- c:\windows\system32\OctaneARM.dll
2010-01-01 00:34 . 2010-01-01 00:34 -------- d-----w- c:\program files\Recuva
2009-12-27 12:59 . 2009-07-05 20:33 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-27 12:59 . 2009-07-05 20:33 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-12-27 12:59 . 2009-12-27 12:59 -------- d-----w- c:\program files\ffdshow
2009-12-13 14:46 . 2010-01-04 20:25 -------- d-----w- c:\program files\ICQ6.5
2009-12-10 15:14 . 2010-01-01 18:38 -------- d-----w- c:\program files\IDOS 09-10
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 18:06 . 2006-11-08 14:24 609 --sha-w- c:\windows\system32\mmf.sys
2010-01-05 17:15 . 2009-06-03 12:43 -------- d-----w- c:\program files\LogMeIn
2010-01-02 17:28 . 2009-04-30 12:28 -------- d-----w- c:\program files\FastStone Image Viewer
2010-01-02 16:24 . 2004-11-19 08:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-02 16:19 . 2009-08-22 09:21 -------- d-----w- c:\program files\Safari
2010-01-02 16:17 . 2005-10-02 17:26 -------- d-----w- c:\program files\CyberLink
2010-01-02 16:15 . 2004-11-19 21:16 -------- d-----w- c:\program files\Phenomedia
2010-01-02 16:14 . 2006-12-12 16:13 -------- d-----w- c:\program files\Counter-Strike 1.6
2010-01-01 16:12 . 2008-11-03 16:55 -------- d-----w- c:\program files\Common Files\COWON
2010-01-01 15:56 . 2008-11-03 16:55 -------- d-----w- c:\program files\JetAudio
2010-01-01 15:34 . 2008-03-13 19:06 -------- d-----w- c:\program files\FlatOut
2009-12-27 12:59 . 2009-09-19 10:25 -------- d-----w- c:\program files\Cool YouTube Downloader
2009-12-18 13:02 . 2005-03-10 17:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-13 16:06 . 2008-07-11 20:42 -------- d-----w- c:\program files\Miranda IM
2009-12-13 15:53 . 2009-03-13 20:11 -------- d-----w- c:\program files\ICQ6Toolbar
2009-12-13 15:23 . 2007-08-05 14:03 -------- d-----w- c:\program files\QIP
2009-11-25 16:40 . 2009-10-19 12:30 171552 ----a-w- c:\windows\system32\guard32.dll
2009-11-25 16:40 . 2009-10-19 12:30 133064 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-11-24 23:54 . 2007-06-22 13:30 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2007-06-22 13:30 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2007-06-22 13:30 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2007-06-22 13:30 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2007-06-22 13:30 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2007-06-22 13:30 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-22 13:44 . 2004-11-19 18:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-18 12:56 . 2009-10-19 12:30 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-11-18 12:56 . 2009-10-19 12:30 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-10-28 17:58 . 2001-10-25 14:00 505350 ----a-w- c:\windows\system32\perfh005.dat
2009-10-28 17:58 . 2001-10-25 14:00 108888 ----a-w- c:\windows\system32\perfc005.dat
2009-10-21 06:03 . 2004-12-03 17:58 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 06:03 . 2004-12-03 17:58 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 14:58 . 2009-07-12 15:04 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-19 12:32 . 2009-10-19 12:32 253688 ----a-w- c:\windows\system32\cssdll32.dll
2009-10-13 10:53 . 2002-09-20 18:04 267776 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54 . 2002-09-20 18:04 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54 . 2002-09-20 18:04 112640 ----a-w- c:\windows\system32\rastls.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kalendar"="c:\program files\Kalendar\kalendar.exe" [2005-11-09 580608]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2009-09-23 434840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-23 335872]
"AHQInit"="c:\program files\Creative\SBLive\Program\AHQInit.exe" [2001-05-10 102400]
"mouseElf"="c:\progra~1\KYE\GENIUS~1\mouseElf.exe" [2002-05-20 151552]
"AudioHQ"="c:\program files\Creative\SBLive\AudioHQ\AHQTB.EXE" [2001-08-17 180224]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2006-12-01 1583644]
"COMODO Internet Security"="c:\program files\Comodo\COMODO Internet Security\cfp.exe" [2009-11-18 1800464]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-08-16 339968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{DAE0285D-0788-4E87-985E-01DF2EDE4ACD}"= "c:\windows\system32\Wshxt.dll" [2008-06-22 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 18:35 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Uživatel^Nabídka Start^Programy^Po spuštění^Reminder-cor40212.lnk]
path=c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\Reminder-cor40212.lnk
backup=c:\windows\pss\Reminder-cor40212.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Uživatel^Nabídka Start^Programy^Po spuštění^µTorrent.lnk]
path=c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\µTorrent.lnk
backup=c:\windows\pss\µTorrent.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-07-24 16:46 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-06-13 13:21 282624 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-11-07 17:39 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-03-27 06:35 36352 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TermService"=3 (0x3)
"SSDPSRV"=3 (0x3)
"LmHosts"=2 (0x2)
"mnmsrvc"=3 (0x3)
"upnphost"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"EA Core"="c:\program files\Electronic Arts\EA Link\Core.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CHotkey"=mHotkey.exe
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Total Commander 6\\TOTALCMD.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\j2re1.4.2_04\\bin\\javaw.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla\\mozilla.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8785:TCP"= 8785:TCP:*:Disabled:BitComet 8785 TCP
"8785:UDP"= 8785:UDP:*:Disabled:BitComet 8785 UDP
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 0 (0x0)
"AllowInboundMaskRequest"= 0 (0x0)
"AllowInboundRouterRequest"= 0 (0x0)
"AllowOutboundDestinationUnreachable"= 0 (0x0)
"AllowOutboundSourceQuench"= 0 (0x0)
"AllowOutboundParameterProblem"= 0 (0x0)
"AllowOutboundTimeExceeded"= 0 (0x0)
"AllowRedirect"= 0 (0x0)
"AllowOutboundPacketTooBig"= 0 (0x0)
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.11.2005 9:27 Čas: 716272]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2.4.2008 16:15 Čas: 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [19.10.2009 13:30 Čas: 133064]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [19.10.2009 13:30 Čas: 25160]
R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [13.8.2007 12:42 Čas: 13312]
R1 Winhpfile;Winhpfile;c:\fmkxmbyf\HPFile.sys [22.6.2008 19:37 Čas: 16601]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.4.2008 16:15 Čas: 20560]
R2 athsgt;athsgt;c:\windows\system32\drivers\athsgt.sys [6.4.2006 19:00 Čas: 164992]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [13.3.2009 21:11 Čas: 222968]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [8.11.2006 15:24 Čas: 2560]
R2 limsgt;limsgt;c:\windows\system32\drivers\limsgt.sys [6.4.2006 19:00 Čas: 12544]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24.7.2008 17:46 Čas: 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [3.6.2009 13:44 Čas: 47640]
R2 OracleFormsServer-Forms60Server;Oracle Forms Server [Forms60Server];c:\orant\bin\ifsrv60.exe -start_service --> c:\orant\bin\ifsrv60.exe -start_service [?]
R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [21.4.2006 7:22 Čas: 70912]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [18.12.2009 0:12 Čas: 1044808]
R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [13.8.2007 12:42 Čas: 8832]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 Čas: 10064]
S2 BT848;BtCap, WDM Video Capture;c:\windows\system32\drivers\BT848.sys [25.11.2004 14:09 Čas: 266180]
S2 BTTUNER;BtTuner, WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [19.11.2004 21:45 Čas: 18944]
S2 BTXBAR;BtXBar, WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [19.11.2004 21:45 Čas: 13308]
S3 GAGPDrv;GAGPDrv; [x]
S3 OracleClientCache80;OracleClientCache80;c:\orant\BIN\ONRSD80.EXE [2.5.2009 16:54 Čas: 101136]
S3 Revolution1;Revolution1;\??\c:\docume~1\UIVATE~1\LOCALS~1\Temp\Rar$EX02.047\Revolution_Engine_8.3_ShaK3\SHAK3.sys --> c:\docume~1\UIVATE~1\LOCALS~1\Temp\Rar$EX02.047\Revolution_Engine_8.3_ShaK3\SHAK3.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2.2.2009 11:04 Čas: 356920]
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);c:\windows\system32\drivers\SE2Fbus.sys [30.5.2007 15:47 Čas: 61600]
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;c:\windows\system32\drivers\SE2Fmdfl.sys [30.5.2007 17:58 Čas: 9360]
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;c:\windows\system32\drivers\SE2Fmdm.sys [30.5.2007 17:58 Čas: 97184]
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE2Fmgmt.sys [30.5.2007 18:25 Čas: 88688]
S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);c:\windows\system32\drivers\se2Fnd5.sys [30.5.2007 18:25 Čas: 18704]
S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;c:\windows\system32\drivers\SE2Fobex.sys [30.5.2007 18:20 Čas: 86560]
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);c:\windows\system32\drivers\se2Funic.sys [30.5.2007 18:25 Čas: 90800]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Obsah adresáře 'Naplánované úlohy'
2009-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-01-05 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-12-17 23:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: Do fronty Star Downloaderu - c:\program files\Star Downloader\sdieenq.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Zobrazit originál
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\g8ca54fd.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\np32dsw.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-05 19:08
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys >>UNKNOWN [0x83FDA1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf77b5fc3
\Driver\ACPI -> ACPI.sys @ 0xf7613cb8
\Driver\atapi -> prosync1.sys @ 0xf7c7b6c1
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0084
ParseProcedure -> ntoskrnl.exe @ 0x8056f07e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0084
ParseProcedure -> ntoskrnl.exe @ 0x8056f07e
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1614895754-1637723038-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0A0B3829-8B3D-6294-BC8B-A754B0DB491E}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1614895754-1637723038-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:56,85,13,20,e9,a2,22,63,a1,7b,ab,30,d3,36,21,fb,82,2a,8c,fa,b0,dd,ad,
10,6a,6d,fe,82,d7,19,3f,25,a2,12,8a,62,a0,f6,4e,f4,d0,27,ac,fe,c1,d9,88,c9,\
"??"=hex:75,4f,3d,73,80,3a,99,4b,7b,08,39,8b,8e,8b,b6,43
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{765dd79e-581f-4bb6-92f4-2c332f2d46df}]
@Denied: (Full) (Everyone)
"Model"=dword:0000015a
"Therad"=dword:0000001f
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):99,c7,fb,e7,71,8c,30,ac,11,59,be,14,34,84,06,e9,96,84,22,74,d4,
8e,ae,47,ec,25,f3,53,18,c7,e5,00,b2,9a,c7,bc,58,20,67,d4,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,c9,e0,20,43,a1,23,f2,
e3
"2"=hex:d7,7a,ea,31,a0,f7,22,dd,b6,43,6f,32,07,8b,4a,0a,e2,6f,a8,1b,53,71,0d,
78,d5,ad,68,1b,c8,4a,9b,03
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,aa,6b,6f,c8,5d,d1,dd,
70,c8,0c,a2,71,14,a4,b5,05,7d,2c,84,8d,ff,2b,de,6d,f8,f2,70,94,19,43,ce,bd,\
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC]
"1"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,d5,a9,6f,e0,2c,05,4e,14
"2"=hex:58,92,5a,34,3f,c6,a5,c5
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,61,5a,c0,6c,22,7e,83,13,6e,44,91,28,69,cc,01,dd
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,8a,e8,46,ee,dc,b9,3c,
6e,96,5e,02,2e,f5,00,a9,81,08,f6,52,ef,e7,50,0b,0f,63,cf,89,b0,df,91,3d,bf,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\LMIinit.dll
- - - - - - - > 'explorer.exe'(964)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\Microsoft Private Folder 1.0\ShellExt.dll
c:\windows\system32\PFLib.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\browselc.dll
c:\fmkxmbyf\HPIE.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Comodo\COMODO Internet Security\cmdagent.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\devldr32.exe
c:\windows\System32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\orant\bin\ifsrv60.exe
c:\program files\Microsoft Private Folder 1.0\PrfldSvc.exe
c:\orant\bin\ifweb60.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\UAService7.exe
c:\windows\System32\MsPMSPSv.exe
.
**************************************************************************
.
Celkový čas: 2010-01-05 19:18:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-05 18:18
ComboFix2.txt 2010-01-03 15:29
Před spuštěním: 4 170 883 072
Po spuštění: 4 140 380 160
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 57AEEDF5C4FB85187C0B1714C3D48219
gaz
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: poškozená data ?
Už je to podstatně lepší, ale spusťte CF ještě jednou tímto skriptem:
Driver::
GAGPDrv
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: poškozená data ?
Provedeno dle navodu...zde je log
ComboFix 10-01-04.01 - Uživatel 05.01.2010 20:35:46.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.767.325 [GMT 1:00]
Spuštěný z: c:\documents and settings\Uživatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Uživatel\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100105-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_GAGPDrv
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-05 do 2010-01-05 )))))))))))))))))))))))))))))))
.
2010-01-03 13:43 . 2010-01-03 13:43 389632 ----a-w- c:\windows\system32\CF9622.exe
2010-01-03 13:34 . 2010-01-03 13:31 389632 ----a-w- c:\windows\system32\CF7323.exe
2010-01-03 13:11 . 2010-01-03 13:12 -------- d-----w- c:\program files\trend micro
2010-01-03 13:11 . 2010-01-03 13:12 -------- d-----w- C:\rsit
2010-01-02 15:33 . 2010-01-02 16:23 -------- d-----w- c:\program files\Ontrack
2010-01-02 15:23 . 2009-12-17 23:14 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-01-02 15:22 . 2010-01-02 15:23 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-01-01 16:27 . 2010-01-01 16:27 -------- d-----w- c:\program files\MediaDoctor
2010-01-01 14:58 . 2004-03-16 07:35 49152 ----a-w- c:\windows\system32\OctaneARM.dll
2010-01-01 00:34 . 2010-01-01 00:34 -------- d-----w- c:\program files\Recuva
2009-12-27 12:59 . 2009-07-05 20:33 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-27 12:59 . 2009-07-05 20:33 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-12-27 12:59 . 2009-12-27 12:59 -------- d-----w- c:\program files\ffdshow
2009-12-13 14:46 . 2010-01-04 20:25 -------- d-----w- c:\program files\ICQ6.5
2009-12-10 15:14 . 2010-01-01 18:38 -------- d-----w- c:\program files\IDOS 09-10
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 19:50 . 2006-11-08 14:24 609 --sha-w- c:\windows\system32\mmf.sys
2010-01-05 17:15 . 2009-06-03 12:43 -------- d-----w- c:\program files\LogMeIn
2010-01-02 17:28 . 2009-04-30 12:28 -------- d-----w- c:\program files\FastStone Image Viewer
2010-01-02 16:24 . 2004-11-19 08:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-02 16:19 . 2009-08-22 09:21 -------- d-----w- c:\program files\Safari
2010-01-02 16:17 . 2005-10-02 17:26 -------- d-----w- c:\program files\CyberLink
2010-01-02 16:15 . 2004-11-19 21:16 -------- d-----w- c:\program files\Phenomedia
2010-01-02 16:14 . 2006-12-12 16:13 -------- d-----w- c:\program files\Counter-Strike 1.6
2010-01-01 16:12 . 2008-11-03 16:55 -------- d-----w- c:\program files\Common Files\COWON
2010-01-01 15:56 . 2008-11-03 16:55 -------- d-----w- c:\program files\JetAudio
2010-01-01 15:34 . 2008-03-13 19:06 -------- d-----w- c:\program files\FlatOut
2009-12-27 12:59 . 2009-09-19 10:25 -------- d-----w- c:\program files\Cool YouTube Downloader
2009-12-18 13:02 . 2005-03-10 17:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-13 16:06 . 2008-07-11 20:42 -------- d-----w- c:\program files\Miranda IM
2009-12-13 15:53 . 2009-03-13 20:11 -------- d-----w- c:\program files\ICQ6Toolbar
2009-12-13 15:23 . 2007-08-05 14:03 -------- d-----w- c:\program files\QIP
2009-11-25 16:40 . 2009-10-19 12:30 171552 ----a-w- c:\windows\system32\guard32.dll
2009-11-25 16:40 . 2009-10-19 12:30 133064 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-11-24 23:54 . 2007-06-22 13:30 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2007-06-22 13:30 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2007-06-22 13:30 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2007-06-22 13:30 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2007-06-22 13:30 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2007-06-22 13:30 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-22 13:44 . 2004-11-19 18:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-18 12:56 . 2009-10-19 12:30 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-11-18 12:56 . 2009-10-19 12:30 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-10-28 17:58 . 2001-10-25 14:00 505350 ----a-w- c:\windows\system32\perfh005.dat
2009-10-28 17:58 . 2001-10-25 14:00 108888 ----a-w- c:\windows\system32\perfc005.dat
2009-10-21 06:03 . 2004-12-03 17:58 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 06:03 . 2004-12-03 17:58 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 14:58 . 2009-07-12 15:04 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-19 12:32 . 2009-10-19 12:32 253688 ----a-w- c:\windows\system32\cssdll32.dll
2009-10-13 10:53 . 2002-09-20 18:04 267776 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54 . 2002-09-20 18:04 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54 . 2002-09-20 18:04 112640 ----a-w- c:\windows\system32\rastls.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kalendar"="c:\program files\Kalendar\kalendar.exe" [2005-11-09 580608]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2009-09-23 434840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-23 335872]
"AHQInit"="c:\program files\Creative\SBLive\Program\AHQInit.exe" [2001-05-10 102400]
"mouseElf"="c:\progra~1\KYE\GENIUS~1\mouseElf.exe" [2002-05-20 151552]
"AudioHQ"="c:\program files\Creative\SBLive\AudioHQ\AHQTB.EXE" [2001-08-17 180224]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2006-12-01 1583644]
"COMODO Internet Security"="c:\program files\Comodo\COMODO Internet Security\cfp.exe" [2009-11-18 1800464]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-08-16 339968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{DAE0285D-0788-4E87-985E-01DF2EDE4ACD}"= "c:\windows\system32\Wshxt.dll" [2008-06-22 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 18:35 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Uživatel^Nabídka Start^Programy^Po spuštění^Reminder-cor40212.lnk]
path=c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\Reminder-cor40212.lnk
backup=c:\windows\pss\Reminder-cor40212.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Uživatel^Nabídka Start^Programy^Po spuštění^µTorrent.lnk]
path=c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\µTorrent.lnk
backup=c:\windows\pss\µTorrent.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-07-24 16:46 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-06-13 13:21 282624 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-11-07 17:39 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-03-27 06:35 36352 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TermService"=3 (0x3)
"SSDPSRV"=3 (0x3)
"LmHosts"=2 (0x2)
"mnmsrvc"=3 (0x3)
"upnphost"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"EA Core"="c:\program files\Electronic Arts\EA Link\Core.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CHotkey"=mHotkey.exe
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Total Commander 6\\TOTALCMD.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\j2re1.4.2_04\\bin\\javaw.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla\\mozilla.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8785:TCP"= 8785:TCP:*:Disabled:BitComet 8785 TCP
"8785:UDP"= 8785:UDP:*:Disabled:BitComet 8785 UDP
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 0 (0x0)
"AllowInboundMaskRequest"= 0 (0x0)
"AllowInboundRouterRequest"= 0 (0x0)
"AllowOutboundDestinationUnreachable"= 0 (0x0)
"AllowOutboundSourceQuench"= 0 (0x0)
"AllowOutboundParameterProblem"= 0 (0x0)
"AllowOutboundTimeExceeded"= 0 (0x0)
"AllowRedirect"= 0 (0x0)
"AllowOutboundPacketTooBig"= 0 (0x0)
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.11.2005 9:27 Čas: 716272]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2.4.2008 16:15 Čas: 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [19.10.2009 13:30 Čas: 133064]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [19.10.2009 13:30 Čas: 25160]
R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [13.8.2007 12:42 Čas: 13312]
R1 Winhpfile;Winhpfile;c:\fmkxmbyf\HPFile.sys [22.6.2008 19:37 Čas: 16601]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.4.2008 16:15 Čas: 20560]
R2 athsgt;athsgt;c:\windows\system32\drivers\athsgt.sys [6.4.2006 19:00 Čas: 164992]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [13.3.2009 21:11 Čas: 222968]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [8.11.2006 15:24 Čas: 2560]
R2 limsgt;limsgt;c:\windows\system32\drivers\limsgt.sys [6.4.2006 19:00 Čas: 12544]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24.7.2008 17:46 Čas: 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [3.6.2009 13:44 Čas: 47640]
R2 OracleFormsServer-Forms60Server;Oracle Forms Server [Forms60Server];c:\orant\bin\ifsrv60.exe -start_service --> c:\orant\bin\ifsrv60.exe -start_service [?]
R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [21.4.2006 7:22 Čas: 70912]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [18.12.2009 0:12 Čas: 1044808]
R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [13.8.2007 12:42 Čas: 8832]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 Čas: 10064]
S2 BT848;BtCap, WDM Video Capture;c:\windows\system32\drivers\BT848.sys [25.11.2004 14:09 Čas: 266180]
S2 BTTUNER;BtTuner, WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [19.11.2004 21:45 Čas: 18944]
S2 BTXBAR;BtXBar, WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [19.11.2004 21:45 Čas: 13308]
S3 OracleClientCache80;OracleClientCache80;c:\orant\BIN\ONRSD80.EXE [2.5.2009 16:54 Čas: 101136]
S3 Revolution1;Revolution1;\??\c:\docume~1\UIVATE~1\LOCALS~1\Temp\Rar$EX02.047\Revolution_Engine_8.3_ShaK3\SHAK3.sys --> c:\docume~1\UIVATE~1\LOCALS~1\Temp\Rar$EX02.047\Revolution_Engine_8.3_ShaK3\SHAK3.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2.2.2009 11:04 Čas: 356920]
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);c:\windows\system32\drivers\SE2Fbus.sys [30.5.2007 15:47 Čas: 61600]
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;c:\windows\system32\drivers\SE2Fmdfl.sys [30.5.2007 17:58 Čas: 9360]
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;c:\windows\system32\drivers\SE2Fmdm.sys [30.5.2007 17:58 Čas: 97184]
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE2Fmgmt.sys [30.5.2007 18:25 Čas: 88688]
S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);c:\windows\system32\drivers\se2Fnd5.sys [30.5.2007 18:25 Čas: 18704]
S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;c:\windows\system32\drivers\SE2Fobex.sys [30.5.2007 18:20 Čas: 86560]
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);c:\windows\system32\drivers\se2Funic.sys [30.5.2007 18:25 Čas: 90800]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Obsah adresáře 'Naplánované úlohy'
2009-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-01-05 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-12-17 23:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: Do fronty Star Downloaderu - c:\program files\Star Downloader\sdieenq.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Zobrazit originál
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\g8ca54fd.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\np32dsw.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-05 20:52
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys >>UNKNOWN [0x83F6C1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf77b5fc3
\Driver\ACPI -> ACPI.sys @ 0xf7613cb8
\Driver\atapi -> prosync1.sys @ 0xf7c7b6c1
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0084
ParseProcedure -> ntoskrnl.exe @ 0x8056f07e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0084
ParseProcedure -> ntoskrnl.exe @ 0x8056f07e
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1614895754-1637723038-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0A0B3829-8B3D-6294-BC8B-A754B0DB491E}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1614895754-1637723038-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:56,85,13,20,e9,a2,22,63,a1,7b,ab,30,d3,36,21,fb,82,2a,8c,fa,b0,dd,ad,
10,6a,6d,fe,82,d7,19,3f,25,a2,12,8a,62,a0,f6,4e,f4,d0,27,ac,fe,c1,d9,88,c9,\
"??"=hex:75,4f,3d,73,80,3a,99,4b,7b,08,39,8b,8e,8b,b6,43
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{765dd79e-581f-4bb6-92f4-2c332f2d46df}]
@Denied: (Full) (Everyone)
"Model"=dword:0000015a
"Therad"=dword:0000001f
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):99,c7,fb,e7,71,8c,30,ac,11,59,be,14,34,84,06,e9,96,84,22,74,d4,
8e,ae,47,ec,25,f3,53,18,c7,e5,00,b2,9a,c7,bc,58,20,67,d4,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,c9,e0,20,43,a1,23,f2,
e3
"2"=hex:d7,7a,ea,31,a0,f7,22,dd,b6,43,6f,32,07,8b,4a,0a,e2,6f,a8,1b,53,71,0d,
78,d5,ad,68,1b,c8,4a,9b,03
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,aa,6b,6f,c8,5d,d1,dd,
70,c8,0c,a2,71,14,a4,b5,05,7d,2c,84,8d,ff,2b,de,6d,f8,f2,70,94,19,43,ce,bd,\
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC]
"1"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,d5,a9,6f,e0,2c,05,4e,14
"2"=hex:58,92,5a,34,3f,c6,a5,c5
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,61,5a,c0,6c,22,7e,83,13,6e,44,91,28,69,cc,01,dd
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,8a,e8,46,ee,dc,b9,3c,
6e,96,5e,02,2e,f5,00,a9,81,08,f6,52,ef,e7,50,0b,0f,63,cf,89,b0,df,91,3d,bf,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\LMIinit.dll
- - - - - - - > 'explorer.exe'(3920)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\Microsoft Private Folder 1.0\ShellExt.dll
c:\windows\system32\PFLib.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Comodo\COMODO Internet Security\cmdagent.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\devldr32.exe
c:\windows\System32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\orant\bin\ifsrv60.exe
c:\program files\Microsoft Private Folder 1.0\PrfldSvc.exe
c:\orant\bin\ifweb60.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\UAService7.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Comodo\COMODO Internet Security\crashrep.exe
.
**************************************************************************
.
Celkový čas: 2010-01-05 21:02:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-05 20:02
ComboFix2.txt 2010-01-03 15:29
Před spuštěním: 3 289 669 632
Po spuštění: 3 239 862 272
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 165B17EB44810FCDA60775930276F44D
ComboFix 10-01-04.01 - Uživatel 05.01.2010 20:35:46.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.767.325 [GMT 1:00]
Spuštěný z: c:\documents and settings\Uživatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Uživatel\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100105-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_GAGPDrv
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-05 do 2010-01-05 )))))))))))))))))))))))))))))))
.
2010-01-03 13:43 . 2010-01-03 13:43 389632 ----a-w- c:\windows\system32\CF9622.exe
2010-01-03 13:34 . 2010-01-03 13:31 389632 ----a-w- c:\windows\system32\CF7323.exe
2010-01-03 13:11 . 2010-01-03 13:12 -------- d-----w- c:\program files\trend micro
2010-01-03 13:11 . 2010-01-03 13:12 -------- d-----w- C:\rsit
2010-01-02 15:33 . 2010-01-02 16:23 -------- d-----w- c:\program files\Ontrack
2010-01-02 15:23 . 2009-12-17 23:14 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-01-02 15:22 . 2010-01-02 15:23 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-01-01 16:27 . 2010-01-01 16:27 -------- d-----w- c:\program files\MediaDoctor
2010-01-01 14:58 . 2004-03-16 07:35 49152 ----a-w- c:\windows\system32\OctaneARM.dll
2010-01-01 00:34 . 2010-01-01 00:34 -------- d-----w- c:\program files\Recuva
2009-12-27 12:59 . 2009-07-05 20:33 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-27 12:59 . 2009-07-05 20:33 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-12-27 12:59 . 2009-12-27 12:59 -------- d-----w- c:\program files\ffdshow
2009-12-13 14:46 . 2010-01-04 20:25 -------- d-----w- c:\program files\ICQ6.5
2009-12-10 15:14 . 2010-01-01 18:38 -------- d-----w- c:\program files\IDOS 09-10
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 19:50 . 2006-11-08 14:24 609 --sha-w- c:\windows\system32\mmf.sys
2010-01-05 17:15 . 2009-06-03 12:43 -------- d-----w- c:\program files\LogMeIn
2010-01-02 17:28 . 2009-04-30 12:28 -------- d-----w- c:\program files\FastStone Image Viewer
2010-01-02 16:24 . 2004-11-19 08:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-02 16:19 . 2009-08-22 09:21 -------- d-----w- c:\program files\Safari
2010-01-02 16:17 . 2005-10-02 17:26 -------- d-----w- c:\program files\CyberLink
2010-01-02 16:15 . 2004-11-19 21:16 -------- d-----w- c:\program files\Phenomedia
2010-01-02 16:14 . 2006-12-12 16:13 -------- d-----w- c:\program files\Counter-Strike 1.6
2010-01-01 16:12 . 2008-11-03 16:55 -------- d-----w- c:\program files\Common Files\COWON
2010-01-01 15:56 . 2008-11-03 16:55 -------- d-----w- c:\program files\JetAudio
2010-01-01 15:34 . 2008-03-13 19:06 -------- d-----w- c:\program files\FlatOut
2009-12-27 12:59 . 2009-09-19 10:25 -------- d-----w- c:\program files\Cool YouTube Downloader
2009-12-18 13:02 . 2005-03-10 17:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-13 16:06 . 2008-07-11 20:42 -------- d-----w- c:\program files\Miranda IM
2009-12-13 15:53 . 2009-03-13 20:11 -------- d-----w- c:\program files\ICQ6Toolbar
2009-12-13 15:23 . 2007-08-05 14:03 -------- d-----w- c:\program files\QIP
2009-11-25 16:40 . 2009-10-19 12:30 171552 ----a-w- c:\windows\system32\guard32.dll
2009-11-25 16:40 . 2009-10-19 12:30 133064 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-11-24 23:54 . 2007-06-22 13:30 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2007-06-22 13:30 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2007-06-22 13:30 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2007-06-22 13:30 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2007-06-22 13:30 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2007-06-22 13:30 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-22 13:44 . 2004-11-19 18:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-18 12:56 . 2009-10-19 12:30 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-11-18 12:56 . 2009-10-19 12:30 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-10-28 17:58 . 2001-10-25 14:00 505350 ----a-w- c:\windows\system32\perfh005.dat
2009-10-28 17:58 . 2001-10-25 14:00 108888 ----a-w- c:\windows\system32\perfc005.dat
2009-10-21 06:03 . 2004-12-03 17:58 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 06:03 . 2004-12-03 17:58 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 14:58 . 2009-07-12 15:04 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-19 12:32 . 2009-10-19 12:32 253688 ----a-w- c:\windows\system32\cssdll32.dll
2009-10-13 10:53 . 2002-09-20 18:04 267776 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54 . 2002-09-20 18:04 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54 . 2002-09-20 18:04 112640 ----a-w- c:\windows\system32\rastls.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kalendar"="c:\program files\Kalendar\kalendar.exe" [2005-11-09 580608]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2009-09-23 434840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-23 335872]
"AHQInit"="c:\program files\Creative\SBLive\Program\AHQInit.exe" [2001-05-10 102400]
"mouseElf"="c:\progra~1\KYE\GENIUS~1\mouseElf.exe" [2002-05-20 151552]
"AudioHQ"="c:\program files\Creative\SBLive\AudioHQ\AHQTB.EXE" [2001-08-17 180224]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2006-12-01 1583644]
"COMODO Internet Security"="c:\program files\Comodo\COMODO Internet Security\cfp.exe" [2009-11-18 1800464]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-08-16 339968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{DAE0285D-0788-4E87-985E-01DF2EDE4ACD}"= "c:\windows\system32\Wshxt.dll" [2008-06-22 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 18:35 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Uživatel^Nabídka Start^Programy^Po spuštění^Reminder-cor40212.lnk]
path=c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\Reminder-cor40212.lnk
backup=c:\windows\pss\Reminder-cor40212.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Uživatel^Nabídka Start^Programy^Po spuštění^µTorrent.lnk]
path=c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\µTorrent.lnk
backup=c:\windows\pss\µTorrent.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-07-24 16:46 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-06-13 13:21 282624 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-11-07 17:39 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-03-27 06:35 36352 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TermService"=3 (0x3)
"SSDPSRV"=3 (0x3)
"LmHosts"=2 (0x2)
"mnmsrvc"=3 (0x3)
"upnphost"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"EA Core"="c:\program files\Electronic Arts\EA Link\Core.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CHotkey"=mHotkey.exe
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Total Commander 6\\TOTALCMD.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\j2re1.4.2_04\\bin\\javaw.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla\\mozilla.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8785:TCP"= 8785:TCP:*:Disabled:BitComet 8785 TCP
"8785:UDP"= 8785:UDP:*:Disabled:BitComet 8785 UDP
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 0 (0x0)
"AllowInboundMaskRequest"= 0 (0x0)
"AllowInboundRouterRequest"= 0 (0x0)
"AllowOutboundDestinationUnreachable"= 0 (0x0)
"AllowOutboundSourceQuench"= 0 (0x0)
"AllowOutboundParameterProblem"= 0 (0x0)
"AllowOutboundTimeExceeded"= 0 (0x0)
"AllowRedirect"= 0 (0x0)
"AllowOutboundPacketTooBig"= 0 (0x0)
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.11.2005 9:27 Čas: 716272]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2.4.2008 16:15 Čas: 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [19.10.2009 13:30 Čas: 133064]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [19.10.2009 13:30 Čas: 25160]
R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [13.8.2007 12:42 Čas: 13312]
R1 Winhpfile;Winhpfile;c:\fmkxmbyf\HPFile.sys [22.6.2008 19:37 Čas: 16601]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.4.2008 16:15 Čas: 20560]
R2 athsgt;athsgt;c:\windows\system32\drivers\athsgt.sys [6.4.2006 19:00 Čas: 164992]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [13.3.2009 21:11 Čas: 222968]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [8.11.2006 15:24 Čas: 2560]
R2 limsgt;limsgt;c:\windows\system32\drivers\limsgt.sys [6.4.2006 19:00 Čas: 12544]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24.7.2008 17:46 Čas: 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [3.6.2009 13:44 Čas: 47640]
R2 OracleFormsServer-Forms60Server;Oracle Forms Server [Forms60Server];c:\orant\bin\ifsrv60.exe -start_service --> c:\orant\bin\ifsrv60.exe -start_service [?]
R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [21.4.2006 7:22 Čas: 70912]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [18.12.2009 0:12 Čas: 1044808]
R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [13.8.2007 12:42 Čas: 8832]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 Čas: 10064]
S2 BT848;BtCap, WDM Video Capture;c:\windows\system32\drivers\BT848.sys [25.11.2004 14:09 Čas: 266180]
S2 BTTUNER;BtTuner, WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [19.11.2004 21:45 Čas: 18944]
S2 BTXBAR;BtXBar, WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [19.11.2004 21:45 Čas: 13308]
S3 OracleClientCache80;OracleClientCache80;c:\orant\BIN\ONRSD80.EXE [2.5.2009 16:54 Čas: 101136]
S3 Revolution1;Revolution1;\??\c:\docume~1\UIVATE~1\LOCALS~1\Temp\Rar$EX02.047\Revolution_Engine_8.3_ShaK3\SHAK3.sys --> c:\docume~1\UIVATE~1\LOCALS~1\Temp\Rar$EX02.047\Revolution_Engine_8.3_ShaK3\SHAK3.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2.2.2009 11:04 Čas: 356920]
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);c:\windows\system32\drivers\SE2Fbus.sys [30.5.2007 15:47 Čas: 61600]
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;c:\windows\system32\drivers\SE2Fmdfl.sys [30.5.2007 17:58 Čas: 9360]
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;c:\windows\system32\drivers\SE2Fmdm.sys [30.5.2007 17:58 Čas: 97184]
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE2Fmgmt.sys [30.5.2007 18:25 Čas: 88688]
S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);c:\windows\system32\drivers\se2Fnd5.sys [30.5.2007 18:25 Čas: 18704]
S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;c:\windows\system32\drivers\SE2Fobex.sys [30.5.2007 18:20 Čas: 86560]
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);c:\windows\system32\drivers\se2Funic.sys [30.5.2007 18:25 Čas: 90800]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Obsah adresáře 'Naplánované úlohy'
2009-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-01-05 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-12-17 23:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: Do fronty Star Downloaderu - c:\program files\Star Downloader\sdieenq.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Zobrazit originál
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\g8ca54fd.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\np32dsw.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-05 20:52
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys >>UNKNOWN [0x83F6C1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf77b5fc3
\Driver\ACPI -> ACPI.sys @ 0xf7613cb8
\Driver\atapi -> prosync1.sys @ 0xf7c7b6c1
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0084
ParseProcedure -> ntoskrnl.exe @ 0x8056f07e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0084
ParseProcedure -> ntoskrnl.exe @ 0x8056f07e
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1614895754-1637723038-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0A0B3829-8B3D-6294-BC8B-A754B0DB491E}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1614895754-1637723038-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:56,85,13,20,e9,a2,22,63,a1,7b,ab,30,d3,36,21,fb,82,2a,8c,fa,b0,dd,ad,
10,6a,6d,fe,82,d7,19,3f,25,a2,12,8a,62,a0,f6,4e,f4,d0,27,ac,fe,c1,d9,88,c9,\
"??"=hex:75,4f,3d,73,80,3a,99,4b,7b,08,39,8b,8e,8b,b6,43
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{765dd79e-581f-4bb6-92f4-2c332f2d46df}]
@Denied: (Full) (Everyone)
"Model"=dword:0000015a
"Therad"=dword:0000001f
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):99,c7,fb,e7,71,8c,30,ac,11,59,be,14,34,84,06,e9,96,84,22,74,d4,
8e,ae,47,ec,25,f3,53,18,c7,e5,00,b2,9a,c7,bc,58,20,67,d4,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,c9,e0,20,43,a1,23,f2,
e3
"2"=hex:d7,7a,ea,31,a0,f7,22,dd,b6,43,6f,32,07,8b,4a,0a,e2,6f,a8,1b,53,71,0d,
78,d5,ad,68,1b,c8,4a,9b,03
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,aa,6b,6f,c8,5d,d1,dd,
70,c8,0c,a2,71,14,a4,b5,05,7d,2c,84,8d,ff,2b,de,6d,f8,f2,70,94,19,43,ce,bd,\
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC]
"1"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,d5,a9,6f,e0,2c,05,4e,14
"2"=hex:58,92,5a,34,3f,c6,a5,c5
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,61,5a,c0,6c,22,7e,83,13,6e,44,91,28,69,cc,01,dd
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,8a,e8,46,ee,dc,b9,3c,
6e,96,5e,02,2e,f5,00,a9,81,08,f6,52,ef,e7,50,0b,0f,63,cf,89,b0,df,91,3d,bf,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\LMIinit.dll
- - - - - - - > 'explorer.exe'(3920)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\Microsoft Private Folder 1.0\ShellExt.dll
c:\windows\system32\PFLib.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Comodo\COMODO Internet Security\cmdagent.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\devldr32.exe
c:\windows\System32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\orant\bin\ifsrv60.exe
c:\program files\Microsoft Private Folder 1.0\PrfldSvc.exe
c:\orant\bin\ifweb60.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\UAService7.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Comodo\COMODO Internet Security\crashrep.exe
.
**************************************************************************
.
Celkový čas: 2010-01-05 21:02:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-05 20:02
ComboFix2.txt 2010-01-03 15:29
Před spuštěním: 3 289 669 632
Po spuštění: 3 239 862 272
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 165B17EB44810FCDA60775930276F44D
gaz
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: poškozená data ?
Konečně log vypadá čistý. Teď je nutné se pokusit o záchranu dat. Ovám se ale, že to nebude jednoduché, ne-li nemožné.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: poškozená data ?
Nepujde-li to neda se nic delat ale jestli se mnou budete mit trpelivost tak jsem pripraven zkusit vse nac mi budou stacit sily.
gaz
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: poškozená data ?
Nemohu poradit nic jiného, nežli standardní programy na záchranu dat: http://www.stahuj.centrum.cz/utility_a_ ... bnova_dat/ . Neznáme totiž rutinu, kterou rootkit použil na smazání dat. Budete asi muset zkusit, co půjde, ne všechno se může osvědčit. Odborná záchrana dat od firmy by vás mohla přijít na dost peněz.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: poškozená data ?
Rádo se stalo!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: poškozená data ?
Zkousel jsem obnovu dat programem EasyRecovery Professional pred ocistou a i po ni a zatimco pred ni mi hlasil vsechna data poskozena tak nyni se mi povedlo obnovit cca 80 % fotografii.
Jeste jednou diky Rudymu za jeho cas a rady.........DIKY.
Jeste jednou diky Rudymu za jeho cas a rady.........DIKY.
gaz
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: poškozená data ?
Vůbec nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?