Dobrý den,
chtěl bych poprpsit o pomoc. Na jednom našem PC se neustále objevují viry, přestože to pokaždé projedu antivirem vyčistím, ale oni se objevují stále znovu. Přikládám log z Ssitu a prosím o radu. Předem děkuji.
Cernto
Logfile of random's system information tool 1.06 (written by random/random)
Run by pospisilova at 2010-03-15 07:41:04
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 64 GB (79%) free of 80 GB
Total RAM: 2010 MB (75% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:41:11, on 15.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\pospisilova\Plocha\RSIT.exe
C:\Program Files\trend micro\pospisilova.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://flvdirect.iamwired.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{fc600575-3013-4e8e-941c-4b00dafce730} - (no file)
F2 - REG:system.ini: Shell=
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: flvdirect - {5625fd13-4240-16fb-af40-70b30bc97859} - C:\WINDOWS\system32\kukZ8LW_mFJE.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: myBabylon English4 Toolbar - {fc600575-3013-4e8e-941c-4b00dafce730} - C:\Program Files\myBabylon_English4\tbmyB0.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: myBabylon English4 Toolbar - {fc600575-3013-4e8e-941c-4b00dafce730} - C:\Program Files\myBabylon_English4\tbmyB0.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [Microsoft(R) System Manager] C:\WINDOWS\system32\a5ca62.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [SyncMan] C:\WINDOWS\system32\SyncMan.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\pospisilova.OHAVLOVA\reader_s.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SyncMan] C:\Documents and Settings\pospisilova\SyncMan.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.flvdirect.com
O15 - ESC Trusted Zone: http://www.flvdirect.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4301E7A7-EDE2-4F0F-AA15-E8DFB36CDFAB}: NameServer = 62.129.50.20,85.135.32.100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: f_lock - f_lock.dll (file missing)
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
--
End of file - 7577 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-03-12 1598744]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5625fd13-4240-16fb-af40-70b30bc97859}]
flvdirect - C:\WINDOWS\system32\kukZ8LW_mFJE.dll [2010-01-29 1241088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}]
Babylon IE plugin - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll [2010-02-03 252816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-11-25 1230080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc600575-3013-4e8e-941c-4b00dafce730}]
myBabylon English4 Toolbar - C:\Program Files\myBabylon_English4\tbmyB0.dll [2010-03-03 2349080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-11-25 1230080]
{fc600575-3013-4e8e-941c-4b00dafce730} - myBabylon English4 Toolbar - C:\Program Files\myBabylon_English4\tbmyB0.dll [2010-03-03 2349080]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-12-23 18077696]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2009-01-21 134656]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2009-01-21 166912]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2009-01-21 134656]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2008-07-14 570664]
"LGODDFU"=C:\Program Files\lg_fwupdate\fwupdate.exe [2009-12-03 557056]
"Microsoft(R) System Manager"=C:\WINDOWS\system32\a5ca62.exe []
"Babylon Client"=C:\Program Files\Babylon\Babylon-Pro\Babylon.exe [2010-02-03 3721104]
"SyncMan"=C:\WINDOWS\system32\SyncMan.exe []
"Regedit32"=C:\WINDOWS\system32\regedit.exe []
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-03-12 2059544]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"reader_s"=C:\Documents and Settings\pospisilova.OHAVLOVA\reader_s.exe []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SyncMan"=C:\Documents and Settings\pospisilova\SyncMan.exe []
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-03-12 12464]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\f_lock]
f_lock.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2009-01-21 205824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
wsetdtc.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgdiag.exe"="C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe"
"C:\Program Files\AVG\AVG8\avgdiagex.exe"="C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\WINDOWS\TEMP\gkst.tmp\svchost.exe"="C:\WINDOWS\TEMP\gkst.tmp\svchost.exe:*:Enabled:svchost"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\AVG\AVG9\avgam.exe"="C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG9\avgdiagex.exe"="C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c9a90b4-8b03-11de-894a-0016768a7146}]
shell\autorun\command - E:\cplebk.exe
shell\explore\command - E:\cplebk.exe
shell\open\command - E:\cplebk.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e080106-7eaf-11db-b234-0016768a7146}]
shell\autorun\command - F:\zahrkw.exe
shell\explore\command - F:\zahrkw.exe
shell\open\command - F:\zahrkw.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3476343a-403a-11de-8920-0016768a7146}]
shell\autorun\command - E:\tcskdx.exe
shell\explore\command - E:\tcskdx.exe
shell\open\command - E:\tcskdx.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54b48346-065a-11df-bb5b-001cc0e6f738}]
shell\AutoRun\command - O:\ozBPdf.eXe
shell\OPEn\command - O:\ozbpDf.Exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58684ce7-019f-11df-bb57-001cc0e6f738}]
shell\AutoRun\command - O:\ozBPdf.eXe
shell\OPEn\command - O:\ozbpDf.Exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e578949-50d0-11de-8930-0016768a7146}]
shell\autorun\command - E:\zahrkw.exe
shell\explore\command - E:\zahrkw.exe
shell\open\command - E:\zahrkw.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fda4236-d409-11de-bb29-001cc0e6f738}]
shell\AutoRun\command - O:\wjcbrt.exe
shell\explore\command - O:\wjcbrt.exe
shell\open\command - O:\wjcbrt.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{824abcfe-347c-11de-890f-0016768a7146}]
shell\autorun\command - E:\kqaojd.exe
shell\explore\command - E:\kqaojd.exe
shell\open\command - E:\kqaojd.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89c7edd0-04bf-11df-bb59-001cc0e6f738}]
shell\AutoRun\command - O:\ozBPdf.eXe
shell\OPEn\command - O:\ozbpDf.Exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89c7edd8-04bf-11df-bb59-001cc0e6f738}]
shell\AutoRun\command - O:\ozBPdf.eXe
shell\OPEn\command - O:\ozbpDf.Exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b3a23e3-40ff-11de-8922-0016768a7146}]
shell\autorun\command - ikuxwg.exe
shell\explore\command - ikuxwg.exe
shell\open\command - ikuxwg.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9816f23f-0f26-11df-bb64-001cc0e6f738}]
shell\AutoRun\command - E:\ozBPdf.eXe
shell\OPEn\command - E:\ozbpDf.Exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a619b3e-0733-11df-bb5d-001cc0e6f738}]
shell\AutoRun\command - O:\ozBPdf.eXe
shell\OPEn\command - O:\ozbpDf.Exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e72870a-c2f1-11de-bb1f-001cc0e6f738}]
shell\AutoRun\command - E:\HrPlNT.exE
shell\OpEn\command - E:\HRplNt.exE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b429c3d0-5da3-11db-b203-0016768a7146}]
shell\AutoRun\command - E:\yqlvle.exe
shell\explore\command - E:\yqlvle.exe
shell\open\command - E:\yqlvle.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd1ecd61-d7f7-11de-bb2c-001cc0e6f738}]
shell\AutoRun\command - E:\OOvKMf.eXe
shell\OpEn\command - E:\oOvkmF.eXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6d43dfb-0108-11df-bb56-001cc0e6f738}]
shell\AutoRun\command - SnZWro.eXe
shell\OPeN\command - SNzWro.exE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7064756-d59f-11de-bb2b-001cc0e6f738}]
shell\AutoRun\command - O:\ozBPdf.eXe
shell\OPEn\command - O:\ozbpDf.Exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd1c6d4a-33db-11de-91a3-0016768a7146}]
shell\autorun\command - E:\zahrkw.exe
shell\explore\command - E:\zahrkw.exe
shell\open\command - E:\zahrkw.exe
======List of files/folders created in the last 1 months======
2010-03-15 07:41:05 ----D---- C:\Program Files\trend micro
2010-03-15 07:41:04 ----D---- C:\rsit
2010-03-15 07:20:51 ----D---- C:\Documents and Settings\pospisilova\Data aplikací\AVGTOOLBAR
2010-03-15 07:20:51 ----D---- C:\Documents and Settings\pospisilova\Data aplikací\AVG8
2010-03-12 13:57:21 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-03-12 13:43:03 ----HD---- C:\$AVG
2010-03-12 13:42:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg9
2010-03-12 07:06:19 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-04 07:16:34 ----HDC---- C:\WINDOWS\$NtUninstallKB977165-v2$
2010-03-02 07:59:00 ----A---- C:\WINDOWS\system32\svchost.bat
2010-03-02 07:01:59 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
======List of files/folders modified in the last 1 months======
2010-03-15 07:41:05 ----RD---- C:\Program Files
2010-03-15 07:40:18 ----D---- C:\WINDOWS\Temp
2010-03-15 07:40:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\Babylon
2010-03-15 07:37:25 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-15 07:37:22 ----D---- C:\WINDOWS\Prefetch
2010-03-15 07:37:20 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-15 07:20:55 ----A---- C:\WINDOWS\lgfwup.ini
2010-03-15 07:03:02 ----D---- C:\WINDOWS\system32
2010-03-12 14:38:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-12 13:57:32 ----D---- C:\WINDOWS\system32\drivers
2010-03-12 13:43:01 ----D---- C:\Program Files\AVG
2010-03-12 13:42:23 ----SHD---- C:\WINDOWS\Installer
2010-03-12 13:42:22 ----D---- C:\WINDOWS\WinSxS
2010-03-12 13:42:14 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-03-12 13:42:00 ----D---- C:\WINDOWS
2010-03-12 13:37:51 ----SHD---- C:\System Volume Information
2010-03-12 13:37:51 ----D---- C:\WINDOWS\system32\Restore
2010-03-12 11:31:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-03-12 07:06:24 ----HD---- C:\WINDOWS\inf
2010-03-12 07:06:21 ----D---- C:\Program Files\Movie Maker
2010-03-12 07:06:08 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-05 13:40:40 ----D---- C:\Dokumenty
2010-03-04 07:16:41 ----A---- C:\WINDOWS\imsins.BAK
2010-03-03 12:43:40 ----D---- C:\Program Files\myBabylon_English4
2010-03-03 09:38:08 ----D---- C:\Program Files\lg_fwupdate
2010-03-02 08:32:05 ----SHD---- C:\WINDOWS\CSC
2010-03-02 06:30:12 ----A---- C:\WINDOWS\system32\MRT.exe
2010-02-19 07:05:13 ----D---- C:\Program Files\Microsoft Works
2010-02-18 08:00:26 ----D---- C:\Temp
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-03-12 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-03-12 29512]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-03-12 242696]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-01-21 6278560]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-12-23 4967424]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-12-17 119552]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avg9emc;AVG E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-03-12 916760]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-03-12 308064]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Neustále se objevující viry
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Neustále se objevující viry
Nastrkejte do počítače všechny USB klíče a udělejte toto:
stahnete a ulozte nejlepe na plochu ComboFix
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano:
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem
stahnete a ulozte nejlepe na plochu ComboFix
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano:
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem
Re: Neustále se objevující viry
Provedl jsem, přikládám log.
ComboFix 10-03-14.06 - Administrator 15.03.2010 12:31:10.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2010.1613 [GMT 1:00]
Spuštěný z: c:\documents and settings\pospisilova\Plocha\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Plocha\FLV Direct Player.lnk
c:\documents and settings\pospisilova\biodo.exe
c:\documents and settings\pospisilova\goeuto.exe
c:\documents and settings\pospisilova\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\pospisilova\pjveow.exe
c:\program files\FLV Direct Player
c:\program files\FLV Direct Player\downloading.swf
c:\program files\FLV Direct Player\dskinliteu.dll
c:\program files\FLV Direct Player\FLVPlayer.exe
c:\program files\FLV Direct Player\player.dat
c:\program files\FLV Direct Player\preload.swf
c:\program files\FLV Direct Player\SkinDirectFLV\skin.xml
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Button\button_default.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Button\button_disable.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Button\button_down.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Button\button_hot.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Button\button_normal.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\ComboBox\combobox_buttonDown.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\ComboBox\combobox_buttonHot.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\ComboBox\combobox_buttonNor.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\ComboBox\edit_back.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Menu\menubg.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Menu\menuItem_arrow.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Menu\menuItem_check.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Menu\menuitem_select.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Menu\menuItem_seperator.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_close_down.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_close_hot.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_close_nor.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_max_down.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_max_hot.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_max_nor.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_min_down.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_min_hot.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_min_nor.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_restore_down.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_restore_hot.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_restore_nor.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Window\BottomBorder.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Window\downarrow.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Window\LeftBorder.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Window\Logo.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Window\main.ico
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Window\RightBorder.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Window\TitlePattern.bmp
c:\program files\FLV Direct Player\uninstall.exe
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1811
c:\recycler\S-1-5-21-1117510159-6537730022-828093388-5715
c:\windows\system32\AutoRun.inf
c:\windows\system32\msvcrt2.dll
c:\windows\system32\VB6KO.DLL
Nakažená kopie c:\windows\system32\DRIVERS\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty ate it :p
c:\windows\system32\drivers\cdrom.sys . . . chybí !!
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-15 do 2010-03-15 )))))))))))))))))))))))))))))))
.
2010-03-15 06:41 . 2010-03-15 06:41 -------- d-----w- c:\program files\trend micro
2010-03-15 06:41 . 2010-03-15 06:41 -------- d-----w- C:\rsit
2010-03-12 12:57 . 2010-03-12 12:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-12 12:43 . 2010-03-12 13:01 -------- d-----w- C:\$AVG
2010-03-02 06:59 . 2010-03-02 06:59 137 ----a-w- c:\windows\system32\svchost.bat
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 11:21 . 2010-03-15 11:21 3362816 ---ha-w- c:\documents and settings\pospisilova\ntuser.tmp
2010-03-15 06:37 . 2008-04-14 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-03-12 12:57 . 2009-10-27 12:53 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-12 12:57 . 2009-10-27 12:53 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-12 12:56 . 2009-10-27 12:53 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-03-12 12:56 . 2009-10-27 12:53 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-12 12:43 . 2009-10-27 12:53 -------- d-----w- c:\program files\AVG
2010-03-03 11:43 . 2010-02-03 06:38 -------- d-----w- c:\program files\myBabylon_English4
2010-03-03 08:38 . 2009-10-26 09:50 -------- d-----w- c:\program files\lg_fwupdate
2010-02-19 06:05 . 2010-02-09 14:08 -------- d-----w- c:\program files\Microsoft Works
2010-02-03 06:39 . 2010-02-03 06:39 118260 ----a-w- c:\windows\system32\Dsj8V6LJ-J-u.exe
2010-02-03 06:38 . 2010-02-03 06:38 -------- d-----w- c:\program files\Conduit
2010-02-03 06:38 . 2010-02-03 06:38 -------- d-----w- c:\program files\Babylon
2010-02-03 06:38 . 2010-02-03 06:38 307840 ----a-w- c:\documents and settings\pospisilova\FLVDirect.exe
2010-01-29 00:25 . 2010-01-29 00:25 1241088 ----a-w- c:\windows\system32\kukZ8LW_mFJE.dll
2009-12-31 16:50 . 2008-04-14 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2009-10-26 09:09 343552 ----a-w- c:\windows\system32\mspaint.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5625fd13-4240-16fb-af40-70b30bc97859}]
2010-01-29 00:25 1241088 ----a-w- c:\windows\system32\kukZ8LW_mFJE.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc600575-3013-4e8e-941c-4b00dafce730}]
2010-03-03 11:43 2349080 ----a-w- c:\program files\myBabylon_English4\tbmyB0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{fc600575-3013-4e8e-941c-4b00dafce730}"= "c:\program files\myBabylon_English4\tbmyB0.dll" [2010-03-03 2349080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CLASSES_ROOT\clsid\{fc600575-3013-4e8e-941c-4b00dafce730}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-23 18077696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-07-14 570664]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2009-12-03 557056]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2010-02-03 3721104]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-12 12:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [27.10.2009 13:53 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [27.10.2009 13:53 216200]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [27.10.2009 13:53 242696]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [12.3.2010 13:56 916760]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12.3.2010 13:57 308064]
S0 cwyis;cwyis; [x]
S0 kqlhuqz;kqlhuqz; [x]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e72870a-c2f1-11de-bb1f-001cc0e6f738}]
\SHELl\AutoRun\command - E:\HrPlNT.exE
\SHELl\OpEn\cOMMAnd - E:\HRplNt.exE
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
TCP: {4301E7A7-EDE2-4F0F-AA15-E8DFB36CDFAB} = 62.129.50.20,85.135.32.100
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-Microsoft(R) System Manager - c:\windows\system32\a5ca62.exe
HKLM-Run-SyncMan - c:\windows\system32\SyncMan.exe
Notify-f_lock - f_lock.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-15 12:35
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1292428093-179605362-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,a2,d3,52,04,6e,fe,4d,aa,2c,72,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,a2,d3,52,04,6e,fe,4d,aa,2c,72,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,e1,b3,a3,57,54,38,44,a3,15,ed,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3336)
c:\program files\Babylon\Babylon-Pro\Captlib.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Celkový čas: 2010-03-15 12:36:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-15 11:36
Před spuštěním: Volných bajtů: 70 736 543 744
Po spuštění: Volných bajtů: 72 461 475 840
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 0097CD39AB8DC67ED052F1A604AE2044
ComboFix 10-03-14.06 - Administrator 15.03.2010 12:31:10.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2010.1613 [GMT 1:00]
Spuštěný z: c:\documents and settings\pospisilova\Plocha\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Plocha\FLV Direct Player.lnk
c:\documents and settings\pospisilova\biodo.exe
c:\documents and settings\pospisilova\goeuto.exe
c:\documents and settings\pospisilova\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\pospisilova\pjveow.exe
c:\program files\FLV Direct Player
c:\program files\FLV Direct Player\downloading.swf
c:\program files\FLV Direct Player\dskinliteu.dll
c:\program files\FLV Direct Player\FLVPlayer.exe
c:\program files\FLV Direct Player\player.dat
c:\program files\FLV Direct Player\preload.swf
c:\program files\FLV Direct Player\SkinDirectFLV\skin.xml
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Button\button_default.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Button\button_disable.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Button\button_down.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Button\button_hot.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Button\button_normal.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\ComboBox\combobox_buttonDown.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\ComboBox\combobox_buttonHot.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\ComboBox\combobox_buttonNor.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\ComboBox\edit_back.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Menu\menubg.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Menu\menuItem_arrow.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Menu\menuItem_check.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Menu\menuitem_select.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Menu\menuItem_seperator.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_close_down.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_close_hot.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_close_nor.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_max_down.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_max_hot.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_max_nor.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_min_down.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_min_hot.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_min_nor.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_restore_down.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_restore_hot.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_restore_nor.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Window\BottomBorder.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Window\downarrow.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Window\LeftBorder.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Window\Logo.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Window\main.ico
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Window\RightBorder.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Window\TitlePattern.bmp
c:\program files\FLV Direct Player\uninstall.exe
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1811
c:\recycler\S-1-5-21-1117510159-6537730022-828093388-5715
c:\windows\system32\AutoRun.inf
c:\windows\system32\msvcrt2.dll
c:\windows\system32\VB6KO.DLL
Nakažená kopie c:\windows\system32\DRIVERS\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty ate it :p
c:\windows\system32\drivers\cdrom.sys . . . chybí !!
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-15 do 2010-03-15 )))))))))))))))))))))))))))))))
.
2010-03-15 06:41 . 2010-03-15 06:41 -------- d-----w- c:\program files\trend micro
2010-03-15 06:41 . 2010-03-15 06:41 -------- d-----w- C:\rsit
2010-03-12 12:57 . 2010-03-12 12:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-12 12:43 . 2010-03-12 13:01 -------- d-----w- C:\$AVG
2010-03-02 06:59 . 2010-03-02 06:59 137 ----a-w- c:\windows\system32\svchost.bat
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 11:21 . 2010-03-15 11:21 3362816 ---ha-w- c:\documents and settings\pospisilova\ntuser.tmp
2010-03-15 06:37 . 2008-04-14 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-03-12 12:57 . 2009-10-27 12:53 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-12 12:57 . 2009-10-27 12:53 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-12 12:56 . 2009-10-27 12:53 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-03-12 12:56 . 2009-10-27 12:53 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-12 12:43 . 2009-10-27 12:53 -------- d-----w- c:\program files\AVG
2010-03-03 11:43 . 2010-02-03 06:38 -------- d-----w- c:\program files\myBabylon_English4
2010-03-03 08:38 . 2009-10-26 09:50 -------- d-----w- c:\program files\lg_fwupdate
2010-02-19 06:05 . 2010-02-09 14:08 -------- d-----w- c:\program files\Microsoft Works
2010-02-03 06:39 . 2010-02-03 06:39 118260 ----a-w- c:\windows\system32\Dsj8V6LJ-J-u.exe
2010-02-03 06:38 . 2010-02-03 06:38 -------- d-----w- c:\program files\Conduit
2010-02-03 06:38 . 2010-02-03 06:38 -------- d-----w- c:\program files\Babylon
2010-02-03 06:38 . 2010-02-03 06:38 307840 ----a-w- c:\documents and settings\pospisilova\FLVDirect.exe
2010-01-29 00:25 . 2010-01-29 00:25 1241088 ----a-w- c:\windows\system32\kukZ8LW_mFJE.dll
2009-12-31 16:50 . 2008-04-14 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2009-10-26 09:09 343552 ----a-w- c:\windows\system32\mspaint.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5625fd13-4240-16fb-af40-70b30bc97859}]
2010-01-29 00:25 1241088 ----a-w- c:\windows\system32\kukZ8LW_mFJE.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc600575-3013-4e8e-941c-4b00dafce730}]
2010-03-03 11:43 2349080 ----a-w- c:\program files\myBabylon_English4\tbmyB0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{fc600575-3013-4e8e-941c-4b00dafce730}"= "c:\program files\myBabylon_English4\tbmyB0.dll" [2010-03-03 2349080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CLASSES_ROOT\clsid\{fc600575-3013-4e8e-941c-4b00dafce730}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-23 18077696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-07-14 570664]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2009-12-03 557056]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2010-02-03 3721104]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-12 12:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [27.10.2009 13:53 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [27.10.2009 13:53 216200]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [27.10.2009 13:53 242696]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [12.3.2010 13:56 916760]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12.3.2010 13:57 308064]
S0 cwyis;cwyis; [x]
S0 kqlhuqz;kqlhuqz; [x]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e72870a-c2f1-11de-bb1f-001cc0e6f738}]
\SHELl\AutoRun\command - E:\HrPlNT.exE
\SHELl\OpEn\cOMMAnd - E:\HRplNt.exE
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
TCP: {4301E7A7-EDE2-4F0F-AA15-E8DFB36CDFAB} = 62.129.50.20,85.135.32.100
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-Microsoft(R) System Manager - c:\windows\system32\a5ca62.exe
HKLM-Run-SyncMan - c:\windows\system32\SyncMan.exe
Notify-f_lock - f_lock.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-15 12:35
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1292428093-179605362-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,a2,d3,52,04,6e,fe,4d,aa,2c,72,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,a2,d3,52,04,6e,fe,4d,aa,2c,72,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,e1,b3,a3,57,54,38,44,a3,15,ed,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3336)
c:\program files\Babylon\Babylon-Pro\Captlib.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Celkový čas: 2010-03-15 12:36:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-15 11:36
Před spuštěním: Volných bajtů: 70 736 543 744
Po spuštění: Volných bajtů: 72 461 475 840
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 0097CD39AB8DC67ED052F1A604AE2044
Re: Neustále se objevující viry
Ještě bych chtěl podotknout, že ta paní co jí to PC patří používá 3 USB disky a když je skenuju tak se na nich objevuje virus Packed Autolt a objevuje se v souborech ozbpdf.exe a hwrkca.exe. Nevím co to jsou za soubory, na flashce je nikde nevidím a na inetu jsem taky nic k tomu nenašel. Díky za každou radu.
Cernto
Cernto
Re: Neustále se objevující viry
pokud jste tak jeste neucinil, presunte Combofix na plochu
otevrete si Poznamkovy blok
do nej zkopirujte skript z nasledujiciho okna:
ulozte vami vytvoreny textovy soubor jako CFScript.txt na plochu
po ulozeni uchopte vami vytvoreny skript levym tlacitkem mysi a presunte jej nad ikonu Combofixu, nad niz skript upustte:
po aplikaci by na vas mel vybafnout dalsi log, vlozte jej sem
Upozorneni: je mozne, ze po aplikaci skriptu a restartu nenabehnou Windows, v takovem pripade znovu restartujte, po restartu mackejte F8 a zvolte Posledni znamou fukncni konfiguraci
Toto dobře znáte?
c:\program files\myBabylon_English4
otevrete si Poznamkovy blok
do nej zkopirujte skript z nasledujiciho okna:
Kód: Vybrat vše
Driver::
cwyis
kqlhuqz
File::
c:\windows\system32\svchost.bat
c:\windows\system32\Dsj8V6LJ-J-u.exe
c:\windows\system32\kukZ8LW_mFJE.dll
E:\cplebk.exe
F:\zahrkw.exe
E:\tcskdx.exe
O:\ozBPdf.eXe
O:\ozbpDf.Exe
E:\zahrkw.exe
O:\wjcbrt.exe
E:\kqaojd.exe
E:\HrPlNT.exE
E:\yqlvle.exe
E:\OOvKMf.eXe
E:\oOvkmF.eXE
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd1c6d4a-33db-11de-91a3-0016768a7146}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7064756-d59f-11de-bb2b-001cc0e6f738}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6d43dfb-0108-11df-bb56-001cc0e6f738}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd1ecd61-d7f7-11de-bb2c-001cc0e6f738}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b429c3d0-5da3-11db-b203-0016768a7146}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e72870a-c2f1-11de-bb1f-001cc0e6f738}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a619b3e-0733-11df-bb5d-001cc0e6f738}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b3a23e3-40ff-11de-8922-0016768a7146}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89c7edd8-04bf-11df-bb59-001cc0e6f738}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{824abcfe-347c-11de-890f-0016768a7146}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fda4236-d409-11de-bb29-001cc0e6f738}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e578949-50d0-11de-8930-0016768a7146}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58684ce7-019f-11df-bb57-001cc0e6f738}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54b48346-065a-11df-bb5b-001cc0e6f738}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3476343a-403a-11de-8920-0016768a7146}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e080106-7eaf-11db-b234-0016768a7146}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c9a90b4-8b03-11de-894a-0016768a7146}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e72870a-c2f1-11de-bb1f-001cc0e6f738}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc600575-3013-4e8e-941c-4b00dafce730}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5625fd13-4240-16fb-af40-70b30bc97859}]
po ulozeni uchopte vami vytvoreny skript levym tlacitkem mysi a presunte jej nad ikonu Combofixu, nad niz skript upustte:
po aplikaci by na vas mel vybafnout dalsi log, vlozte jej sem
Upozorneni: je mozne, ze po aplikaci skriptu a restartu nenabehnou Windows, v takovem pripade znovu restartujte, po restartu mackejte F8 a zvolte Posledni znamou fukncni konfiguraci
Toto dobře znáte?
c:\program files\myBabylon_English4
Re: Neustále se objevující viry
Provedl jsem, přikládám log.
Cernto
ComboFix 10-03-15.04 - pospisilova 16.03.2010 7:15.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2010.1445 [GMT 1:00]
Spuštěný z: c:\documents and settings\pospisilova\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\pospisilova\Plocha\CFScript.txt
FILE ::
"c:\windows\system32\Dsj8V6LJ-J-u.exe"
"c:\windows\system32\kukZ8LW_mFJE.dll"
"c:\windows\system32\svchost.bat"
"E:\cplebk.exe"
"E:\HrPlNT.exE"
"E:\kqaojd.exe"
"E:\oOvkmF.eXE"
"E:\tcskdx.exe"
"E:\yqlvle.exe"
"E:\zahrkw.exe"
"F:\zahrkw.exe"
"O:\ozBPdf.eXe"
"O:\wjcbrt.exe"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\pospisilova\biodo.exe
c:\documents and settings\pospisilova\goeuto.exe
c:\documents and settings\pospisilova\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\pospisilova\pjveow.exe
c:\windows\system32\Dsj8V6LJ-J-u.exe
c:\windows\system32\kukZ8LW_mFJE.dll
c:\windows\system32\svchost.bat
c:\windows\system32\drivers\cdrom.sys . . . chybí !!
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_cwyis
-------\Service_kqlhuqz
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-16 do 2010-03-16 )))))))))))))))))))))))))))))))
.
2010-03-15 06:41 . 2010-03-15 06:41 -------- d-----w- c:\program files\trend micro
2010-03-15 06:41 . 2010-03-15 06:41 -------- d-----w- C:\rsit
2010-03-12 12:57 . 2010-03-12 12:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-12 12:43 . 2010-03-12 13:01 -------- d-----w- C:\$AVG
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 06:37 . 2008-04-14 12:00 96512 ------w- c:\windows\system32\drivers\atapi.sys
2010-03-12 12:57 . 2009-10-27 12:53 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-12 12:57 . 2009-10-27 12:53 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-12 12:56 . 2009-10-27 12:53 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-03-12 12:56 . 2009-10-27 12:53 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-12 12:43 . 2009-10-27 12:53 -------- d-----w- c:\program files\AVG
2010-03-03 11:43 . 2010-02-03 06:38 -------- d-----w- c:\program files\myBabylon_English4
2010-03-03 08:38 . 2009-10-26 09:50 -------- d-----w- c:\program files\lg_fwupdate
2010-02-19 06:05 . 2010-02-09 14:08 -------- d-----w- c:\program files\Microsoft Works
2010-02-03 06:38 . 2010-02-03 06:38 -------- d-----w- c:\program files\Conduit
2010-02-03 06:38 . 2010-02-03 06:38 -------- d-----w- c:\program files\Babylon
2010-02-03 06:38 . 2010-02-03 06:38 307840 ----a-w- c:\documents and settings\pospisilova\FLVDirect.exe
2009-12-31 16:50 . 2008-04-14 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2008-04-14 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2009-10-26 09:09 343552 ----a-w- c:\windows\system32\mspaint.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-23 18077696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-07-14 570664]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2009-12-03 557056]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2010-02-03 3721104]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-12 12:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [27.10.2009 13:53 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [27.10.2009 13:53 216200]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [27.10.2009 13:53 242696]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [12.3.2010 13:56 916760]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12.3.2010 13:57 308064]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
TCP: {4301E7A7-EDE2-4F0F-AA15-E8DFB36CDFAB} = 62.129.50.20,85.135.32.100
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-Dsj8V6LJ-J-u - c:\windows\system32\Dsj8V6LJ-J-u.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-16 07:21
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1292428093-179605362-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,a2,d3,52,04,6e,fe,4d,aa,2c,72,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,a2,d3,52,04,6e,fe,4d,aa,2c,72,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,e1,b3,a3,57,54,38,44,a3,15,ed,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(2888)
c:\program files\Babylon\Babylon-Pro\Captlib.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Celkový čas: 2010-03-16 07:23:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-16 06:23
ComboFix2.txt 2010-03-15 11:36
Před spuštěním: Volných bajtů: 72 454 426 624
Po spuštění: Volných bajtů: 72 418 115 584
- - End Of File - - 82C32E214EE19F379DA9999FF2FEBB3B
Cernto
ComboFix 10-03-15.04 - pospisilova 16.03.2010 7:15.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2010.1445 [GMT 1:00]
Spuštěný z: c:\documents and settings\pospisilova\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\pospisilova\Plocha\CFScript.txt
FILE ::
"c:\windows\system32\Dsj8V6LJ-J-u.exe"
"c:\windows\system32\kukZ8LW_mFJE.dll"
"c:\windows\system32\svchost.bat"
"E:\cplebk.exe"
"E:\HrPlNT.exE"
"E:\kqaojd.exe"
"E:\oOvkmF.eXE"
"E:\tcskdx.exe"
"E:\yqlvle.exe"
"E:\zahrkw.exe"
"F:\zahrkw.exe"
"O:\ozBPdf.eXe"
"O:\wjcbrt.exe"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\pospisilova\biodo.exe
c:\documents and settings\pospisilova\goeuto.exe
c:\documents and settings\pospisilova\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\pospisilova\pjveow.exe
c:\windows\system32\Dsj8V6LJ-J-u.exe
c:\windows\system32\kukZ8LW_mFJE.dll
c:\windows\system32\svchost.bat
c:\windows\system32\drivers\cdrom.sys . . . chybí !!
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_cwyis
-------\Service_kqlhuqz
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-16 do 2010-03-16 )))))))))))))))))))))))))))))))
.
2010-03-15 06:41 . 2010-03-15 06:41 -------- d-----w- c:\program files\trend micro
2010-03-15 06:41 . 2010-03-15 06:41 -------- d-----w- C:\rsit
2010-03-12 12:57 . 2010-03-12 12:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-12 12:43 . 2010-03-12 13:01 -------- d-----w- C:\$AVG
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 06:37 . 2008-04-14 12:00 96512 ------w- c:\windows\system32\drivers\atapi.sys
2010-03-12 12:57 . 2009-10-27 12:53 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-12 12:57 . 2009-10-27 12:53 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-12 12:56 . 2009-10-27 12:53 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-03-12 12:56 . 2009-10-27 12:53 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-12 12:43 . 2009-10-27 12:53 -------- d-----w- c:\program files\AVG
2010-03-03 11:43 . 2010-02-03 06:38 -------- d-----w- c:\program files\myBabylon_English4
2010-03-03 08:38 . 2009-10-26 09:50 -------- d-----w- c:\program files\lg_fwupdate
2010-02-19 06:05 . 2010-02-09 14:08 -------- d-----w- c:\program files\Microsoft Works
2010-02-03 06:38 . 2010-02-03 06:38 -------- d-----w- c:\program files\Conduit
2010-02-03 06:38 . 2010-02-03 06:38 -------- d-----w- c:\program files\Babylon
2010-02-03 06:38 . 2010-02-03 06:38 307840 ----a-w- c:\documents and settings\pospisilova\FLVDirect.exe
2009-12-31 16:50 . 2008-04-14 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2008-04-14 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2009-10-26 09:09 343552 ----a-w- c:\windows\system32\mspaint.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-23 18077696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-07-14 570664]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2009-12-03 557056]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2010-02-03 3721104]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-12 12:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [27.10.2009 13:53 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [27.10.2009 13:53 216200]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [27.10.2009 13:53 242696]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [12.3.2010 13:56 916760]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12.3.2010 13:57 308064]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
TCP: {4301E7A7-EDE2-4F0F-AA15-E8DFB36CDFAB} = 62.129.50.20,85.135.32.100
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-Dsj8V6LJ-J-u - c:\windows\system32\Dsj8V6LJ-J-u.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-16 07:21
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1292428093-179605362-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,a2,d3,52,04,6e,fe,4d,aa,2c,72,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,a2,d3,52,04,6e,fe,4d,aa,2c,72,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,e1,b3,a3,57,54,38,44,a3,15,ed,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(2888)
c:\program files\Babylon\Babylon-Pro\Captlib.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Celkový čas: 2010-03-16 07:23:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-16 06:23
ComboFix2.txt 2010-03-15 11:36
Před spuštěním: Volných bajtů: 72 454 426 624
Po spuštění: Volných bajtů: 72 418 115 584
- - End Of File - - 82C32E214EE19F379DA9999FF2FEBB3B
Re: Neustále se objevující viry
Paráda!
Pokud se mi to povede, stáhněte si soubor, který posílám, rozbalte ho a uložte si ho na Plochu.
Potom udělejte nový script pro ComboFix. Do Poznámkového bloku zkopírujte:
Opět přesuňte nad iconu ComboFixu a ComboFix se zase spustí. Následný log sem vložte a popište chování počítače.
Pokud se mi to povede, stáhněte si soubor, který posílám, rozbalte ho a uložte si ho na Plochu.
Potom udělejte nový script pro ComboFix. Do Poznámkového bloku zkopírujte:
Kód: Vybrat vše
FCopy::
c:\documents and settings\pospisilova\Plocha\cdrom.sys | c:\windows\system32\drivers\cdrom.sys- Přílohy
-
- cdrom.zip
- (34.06 KiB) Staženo 77 x
Re: Neustále se objevující viry
Provedl jsem a přikládám log. Nevšiml jsem si nějakého zvláštního chování při běhu Comba. Akurát se mi PC před vytvořením logu nerestartovalo, jako v předchozích připádech.
Cernto
ComboFix 10-03-16.05 - Administrator 17.03.2010 13:40:00.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2010.1433 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\cdrom.sys . . . chybí !!
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-17 do 2010-03-17 )))))))))))))))))))))))))))))))
.
2010-03-15 06:41 . 2010-03-15 06:41 -------- d-----w- c:\program files\trend micro
2010-03-15 06:41 . 2010-03-15 06:41 -------- d-----w- C:\rsit
2010-03-12 12:57 . 2010-03-12 12:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-12 12:43 . 2010-03-12 13:01 -------- d-----w- C:\$AVG
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 06:37 . 2008-04-14 12:00 96512 ------w- c:\windows\system32\drivers\atapi.sys
2010-03-12 12:57 . 2009-10-27 12:53 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-12 12:57 . 2009-10-27 12:53 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-12 12:56 . 2009-10-27 12:53 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-03-12 12:56 . 2009-10-27 12:53 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-12 12:43 . 2009-10-27 12:53 -------- d-----w- c:\program files\AVG
2010-03-03 11:43 . 2010-02-03 06:38 -------- d-----w- c:\program files\myBabylon_English4
2010-03-03 08:38 . 2009-10-26 09:50 -------- d-----w- c:\program files\lg_fwupdate
2010-02-19 06:05 . 2010-02-09 14:08 -------- d-----w- c:\program files\Microsoft Works
2010-02-03 06:38 . 2010-02-03 06:38 -------- d-----w- c:\program files\Conduit
2010-02-03 06:38 . 2010-02-03 06:38 -------- d-----w- c:\program files\Babylon
2010-02-03 06:38 . 2010-02-03 06:38 307840 ----a-w- c:\documents and settings\pospisilova\FLVDirect.exe
2009-12-31 16:50 . 2008-04-14 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2008-04-14 12:00 916480 ------w- c:\windows\system32\wininet.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 13:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-23 18077696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-07-14 570664]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2009-12-03 557056]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2010-02-03 3721104]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-12 12:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [27.10.2009 13:53 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [27.10.2009 13:53 216200]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [27.10.2009 13:53 242696]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [12.3.2010 13:56 916760]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12.3.2010 13:57 308064]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [16.3.2010 8:01 369920]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
TCP: {4301E7A7-EDE2-4F0F-AA15-E8DFB36CDFAB} = 62.129.50.20,85.135.32.100
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-17 13:41
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1292428093-179605362-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,a2,d3,52,04,6e,fe,4d,aa,2c,72,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,a2,d3,52,04,6e,fe,4d,aa,2c,72,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,e1,b3,a3,57,54,38,44,a3,15,ed,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3396)
c:\windows\system32\webcheck.dll
.
Celkový čas: 2010-03-17 13:42:33
ComboFix-quarantined-files.txt 2010-03-17 12:42
ComboFix2.txt 2010-03-16 06:23
ComboFix3.txt 2010-03-15 11:36
Před spuštěním: Volných bajtů: 72 248 500 224
Po spuštění: Volných bajtů: 72 228 184 064
- - End Of File - - 54E4EB9E2BF51737016FCFDD063EE8C1
Cernto
ComboFix 10-03-16.05 - Administrator 17.03.2010 13:40:00.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2010.1433 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\cdrom.sys . . . chybí !!
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-17 do 2010-03-17 )))))))))))))))))))))))))))))))
.
2010-03-15 06:41 . 2010-03-15 06:41 -------- d-----w- c:\program files\trend micro
2010-03-15 06:41 . 2010-03-15 06:41 -------- d-----w- C:\rsit
2010-03-12 12:57 . 2010-03-12 12:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-12 12:43 . 2010-03-12 13:01 -------- d-----w- C:\$AVG
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 06:37 . 2008-04-14 12:00 96512 ------w- c:\windows\system32\drivers\atapi.sys
2010-03-12 12:57 . 2009-10-27 12:53 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-12 12:57 . 2009-10-27 12:53 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-12 12:56 . 2009-10-27 12:53 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-03-12 12:56 . 2009-10-27 12:53 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-12 12:43 . 2009-10-27 12:53 -------- d-----w- c:\program files\AVG
2010-03-03 11:43 . 2010-02-03 06:38 -------- d-----w- c:\program files\myBabylon_English4
2010-03-03 08:38 . 2009-10-26 09:50 -------- d-----w- c:\program files\lg_fwupdate
2010-02-19 06:05 . 2010-02-09 14:08 -------- d-----w- c:\program files\Microsoft Works
2010-02-03 06:38 . 2010-02-03 06:38 -------- d-----w- c:\program files\Conduit
2010-02-03 06:38 . 2010-02-03 06:38 -------- d-----w- c:\program files\Babylon
2010-02-03 06:38 . 2010-02-03 06:38 307840 ----a-w- c:\documents and settings\pospisilova\FLVDirect.exe
2009-12-31 16:50 . 2008-04-14 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2008-04-14 12:00 916480 ------w- c:\windows\system32\wininet.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 13:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-23 18077696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-07-14 570664]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2009-12-03 557056]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2010-02-03 3721104]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-12 12:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [27.10.2009 13:53 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [27.10.2009 13:53 216200]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [27.10.2009 13:53 242696]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [12.3.2010 13:56 916760]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12.3.2010 13:57 308064]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [16.3.2010 8:01 369920]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
TCP: {4301E7A7-EDE2-4F0F-AA15-E8DFB36CDFAB} = 62.129.50.20,85.135.32.100
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-17 13:41
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1292428093-179605362-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,a2,d3,52,04,6e,fe,4d,aa,2c,72,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,a2,d3,52,04,6e,fe,4d,aa,2c,72,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,e1,b3,a3,57,54,38,44,a3,15,ed,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3396)
c:\windows\system32\webcheck.dll
.
Celkový čas: 2010-03-17 13:42:33
ComboFix-quarantined-files.txt 2010-03-17 12:42
ComboFix2.txt 2010-03-16 06:23
ComboFix3.txt 2010-03-15 11:36
Před spuštěním: Volných bajtů: 72 248 500 224
Po spuštění: Volných bajtů: 72 228 184 064
- - End Of File - - 54E4EB9E2BF51737016FCFDD063EE8C1
-
cernohous13
- VIP in memoriam
- Příspěvky: 8721
- Registrován: 09 pro 2006 06:19
- Bydliště: Jablonec nad Nisou
- Kontaktovat uživatele:
Re: Neustále se objevující viry
Edo promiň 
Stáhni "System Look" - http://jpshortstuff.247fixes.com/SystemLook.exe
Spusť jej a do okna zkopírujKlik na Look a po scanu sem zkopíruj výsledek hledání
Stáhni "System Look" - http://jpshortstuff.247fixes.com/SystemLook.exeSpusť jej a do okna zkopíruj
Kód: Vybrat vše
:filefind
cdrom.sysDoporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
Re: Neustále se objevující viry
Provedl jsem, přikládám log.
Cernto
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 08:02 on 18/03/2010 by Administrator (Administrator - Elevation successful)
========== filefind ==========
Searching for "cdrom.sys"
C:\Documents and Settings\Administrator\Plocha\cdrom.sys --a--- 62976 bytes [12:37 17/03/2010] [18:40 13/04/2008] 1F4260CC5B42272D71F79E570A27A4FE
C:\Documents and Settings\Administrator\Plocha\cdrom\cdrom.sys --a--- 62976 bytes [18:40 13/04/2008] [18:40 13/04/2008] 1F4260CC5B42272D71F79E570A27A4FE
-=End Of File=-
Cernto
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 08:02 on 18/03/2010 by Administrator (Administrator - Elevation successful)
========== filefind ==========
Searching for "cdrom.sys"
C:\Documents and Settings\Administrator\Plocha\cdrom.sys --a--- 62976 bytes [12:37 17/03/2010] [18:40 13/04/2008] 1F4260CC5B42272D71F79E570A27A4FE
C:\Documents and Settings\Administrator\Plocha\cdrom\cdrom.sys --a--- 62976 bytes [18:40 13/04/2008] [18:40 13/04/2008] 1F4260CC5B42272D71F79E570A27A4FE
-=End Of File=-
-
cernohous13
- VIP in memoriam
- Příspěvky: 8721
- Registrován: 09 pro 2006 06:19
- Bydliště: Jablonec nad Nisou
- Kontaktovat uživatele:
Re: Neustále se objevující viry
Nový CFscript
Kód: Vybrat vše
FCopy::
C:\Documents and Settings\Administrator\Plocha\cdrom.sys | c:\windows\system32\drivers\cdrom.sys
C:\Documents and Settings\Administrator\Plocha\cdrom.sys | C:\windows\system32\dllcache\cdrom.sysDoporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
Re: Neustále se objevující viry
Provedl jsem, přikládám log.
Cernto
ComboFix 10-03-18.01 - Administrator 19.03.2010 8:16.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2010.1434 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--------------- FCopy ---------------
c:\documents and settings\Administrator\Plocha\cdrom.sys --> c:\windows\system32\drivers\cdrom.sys
c:\documents and settings\Administrator\Plocha\cdrom.sys --> c:\windows\system32\dllcache\cdrom.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-19 do 2010-03-19 )))))))))))))))))))))))))))))))
.
2010-03-19 07:16 . 2008-04-13 18:40 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2010-03-19 07:16 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-03-15 06:41 . 2010-03-15 06:41 -------- d-----w- c:\program files\trend micro
2010-03-15 06:41 . 2010-03-15 06:41 -------- d-----w- C:\rsit
2010-03-12 12:57 . 2010-03-12 12:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-12 12:43 . 2010-03-12 13:01 -------- d-----w- C:\$AVG
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 06:37 . 2008-04-14 12:00 96512 ------w- c:\windows\system32\drivers\atapi.sys
2010-03-12 12:57 . 2009-10-27 12:53 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-12 12:57 . 2009-10-27 12:53 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-12 12:56 . 2009-10-27 12:53 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-03-12 12:56 . 2009-10-27 12:53 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-12 12:43 . 2009-10-27 12:53 -------- d-----w- c:\program files\AVG
2010-03-03 11:43 . 2010-02-03 06:38 -------- d-----w- c:\program files\myBabylon_English4
2010-03-03 08:38 . 2009-10-26 09:50 -------- d-----w- c:\program files\lg_fwupdate
2010-02-19 06:05 . 2010-02-09 14:08 -------- d-----w- c:\program files\Microsoft Works
2010-02-03 06:38 . 2010-02-03 06:38 -------- d-----w- c:\program files\Conduit
2010-02-03 06:38 . 2010-02-03 06:38 -------- d-----w- c:\program files\Babylon
2010-02-03 06:38 . 2010-02-03 06:38 307840 ----a-w- c:\documents and settings\pospisilova\FLVDirect.exe
2009-12-31 16:50 . 2008-04-14 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2008-04-14 12:00 916480 ------w- c:\windows\system32\wininet.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 13:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-23 18077696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-07-14 570664]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2009-12-03 557056]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2010-02-03 3721104]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-12 12:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [27.10.2009 13:53 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [27.10.2009 13:53 216200]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [27.10.2009 13:53 242696]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [12.3.2010 13:56 916760]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12.3.2010 13:57 308064]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [16.3.2010 8:01 369920]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
TCP: {4301E7A7-EDE2-4F0F-AA15-E8DFB36CDFAB} = 62.129.50.20,85.135.32.100
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1292428093-179605362-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,a2,d3,52,04,6e,fe,4d,aa,2c,72,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,a2,d3,52,04,6e,fe,4d,aa,2c,72,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,e1,b3,a3,57,54,38,44,a3,15,ed,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(1960)
c:\program files\Babylon\Babylon-Pro\Captlib.dll
c:\windows\system32\webcheck.dll
.
Celkový čas: 2010-03-19 08:18:34
ComboFix-quarantined-files.txt 2010-03-19 07:18
ComboFix2.txt 2010-03-17 12:42
ComboFix3.txt 2010-03-16 06:23
ComboFix4.txt 2010-03-15 11:36
Před spuštěním: Volných bajtů: 72 044 634 112
Po spuštění: Volných bajtů: 72 027 414 528
- - End Of File - - 066BFF0AD79CB47A64548CC0AD94F5F2
Cernto
ComboFix 10-03-18.01 - Administrator 19.03.2010 8:16.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2010.1434 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--------------- FCopy ---------------
c:\documents and settings\Administrator\Plocha\cdrom.sys --> c:\windows\system32\drivers\cdrom.sys
c:\documents and settings\Administrator\Plocha\cdrom.sys --> c:\windows\system32\dllcache\cdrom.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-19 do 2010-03-19 )))))))))))))))))))))))))))))))
.
2010-03-19 07:16 . 2008-04-13 18:40 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2010-03-19 07:16 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-03-15 06:41 . 2010-03-15 06:41 -------- d-----w- c:\program files\trend micro
2010-03-15 06:41 . 2010-03-15 06:41 -------- d-----w- C:\rsit
2010-03-12 12:57 . 2010-03-12 12:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-12 12:43 . 2010-03-12 13:01 -------- d-----w- C:\$AVG
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 06:37 . 2008-04-14 12:00 96512 ------w- c:\windows\system32\drivers\atapi.sys
2010-03-12 12:57 . 2009-10-27 12:53 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-12 12:57 . 2009-10-27 12:53 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-12 12:56 . 2009-10-27 12:53 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-03-12 12:56 . 2009-10-27 12:53 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-12 12:43 . 2009-10-27 12:53 -------- d-----w- c:\program files\AVG
2010-03-03 11:43 . 2010-02-03 06:38 -------- d-----w- c:\program files\myBabylon_English4
2010-03-03 08:38 . 2009-10-26 09:50 -------- d-----w- c:\program files\lg_fwupdate
2010-02-19 06:05 . 2010-02-09 14:08 -------- d-----w- c:\program files\Microsoft Works
2010-02-03 06:38 . 2010-02-03 06:38 -------- d-----w- c:\program files\Conduit
2010-02-03 06:38 . 2010-02-03 06:38 -------- d-----w- c:\program files\Babylon
2010-02-03 06:38 . 2010-02-03 06:38 307840 ----a-w- c:\documents and settings\pospisilova\FLVDirect.exe
2009-12-31 16:50 . 2008-04-14 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2008-04-14 12:00 916480 ------w- c:\windows\system32\wininet.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 13:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-23 18077696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-07-14 570664]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2009-12-03 557056]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2010-02-03 3721104]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-12 12:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [27.10.2009 13:53 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [27.10.2009 13:53 216200]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [27.10.2009 13:53 242696]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [12.3.2010 13:56 916760]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12.3.2010 13:57 308064]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [16.3.2010 8:01 369920]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
TCP: {4301E7A7-EDE2-4F0F-AA15-E8DFB36CDFAB} = 62.129.50.20,85.135.32.100
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1292428093-179605362-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,a2,d3,52,04,6e,fe,4d,aa,2c,72,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,a2,d3,52,04,6e,fe,4d,aa,2c,72,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,e1,b3,a3,57,54,38,44,a3,15,ed,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(1960)
c:\program files\Babylon\Babylon-Pro\Captlib.dll
c:\windows\system32\webcheck.dll
.
Celkový čas: 2010-03-19 08:18:34
ComboFix-quarantined-files.txt 2010-03-19 07:18
ComboFix2.txt 2010-03-17 12:42
ComboFix3.txt 2010-03-16 06:23
ComboFix4.txt 2010-03-15 11:36
Před spuštěním: Volných bajtů: 72 044 634 112
Po spuštění: Volných bajtů: 72 027 414 528
- - End Of File - - 066BFF0AD79CB47A64548CC0AD94F5F2
Re: Neustále se objevující viry
Co na to počítač? Jsou ještě nějaké problémy?
Re: Neustále se objevující viry
Pro sichr ještě zkuste prověřit na www.virustotal.com tento soubor:
c:\windows\system32\webcheck.dll
výsledek sem zkopírujte.
c:\windows\system32\webcheck.dll
výsledek sem zkopírujte.
Re: Neustále se objevující viry
Já se omlouvám, že se ozývám až teď, ale měl jsem teď hrozné fofry a zapomněl jsem na to. Teď jsem na tom PC byl a ten soubor jsem tam nenašel. Zatím to vypadá snad dobře. Uvidíme.
Cernto
Cernto
Přispějete na provoz fóra?