Dobrý den přeji,
o víkendu se stala věc, kdy AVG SW mi zahlásil, že nalezl virus FakeAlert. Na počítači se mi virus projevuje tak, že např. když píšu, jsou vynechávána některá písmena, při kliknutí na odkaz nebo samovolně se otevře odkaz na xxx nebo jiné stránky ...
Zkoušel jsem virus odstranit, spybootem, adawarem, antivir sw, ale zatím stále bezúspěšně.
Níže zasílám výpis z HijackThis.
Prosím o pomoc.
Předem díky
Logfile of HijackThis v1.99.1
Scan saved at 06:59:19, on 11/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\xampp\apache\bin\apache.exe
C:\AVG7\avgamsvr.exe
C:\AVG7\avgupsvc.exe
C:\AVG7\avgemc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\xampp\mysql\bin\mysqld-nt.exe
C:\Program Files\Speed to Market\Concerto Server\S2MRemoteSrvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Converter\vmware-ufad.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Speed to Market\Concerto Server\S2MLocalSrvcs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\Program Files\Applications\wcs.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_18\bin\jusched.exe
C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\zapletal\Desktop\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mikro4:4030/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_18\bin\jusched.exe"
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdsyj.exe] C:\WINDOWS\system32\kdsyj.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_18\bin\npjpi142_18.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_18\bin\npjpi142_18.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {49B07BB1-01B8-11D4-99DE-006097C4E923} (MPPOpener Class) - http://mikroelektronika.mpmsystem.cz/co ... Opener.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8733213772
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dmikro.local
O17 - HKLM\Software\..\Telephony: DomainName = dmikro.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{4854933C-3F11-4919-90F5-E3785C73AFF1}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFA950AA-AB79-4F21-A3C2-ABF601F88A14}: NameServer = 85.255.114.74,85.255.112.132
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dmikro.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dmikro.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apache2.2 - Unknown owner - C:\xampp\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\AVG7\avgemc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FareOn TCP Responder (FareOn-TCP) - Mikroelektronika spol. s r.o. - C:\Mikroelektronika\TCP Responder\ServiceRunner.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Odyssey Client (odClientService) - Funk Software, Inc. - C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - Unknown owner - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe" runservice -w -N "pgsql-8.3" -D "C:\Program Files\PostgreSQL\8.3\data\ (file missing)
O23 - Service: S2MLocalSrvcs - Realization Technologies - C:\Program Files\Speed to Market\Concerto Server\S2MLocalSrvcs.exe
O23 - Service: S2MRemoteSrvcs - Realization Technologies - C:\Program Files\Speed to Market\Concerto Server\S2MRemoteSrvcs.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: VMware Converter Service (ufad-p2v) - Unknown owner - C:\Program Files\VMware\VMware Converter\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Converter\\" -s ufad-p2v.xml (file missing)
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Virus Fake Alert
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Virus Fake Alert
Dobrý den,
pustíme na to ComboFix:
stahnete a ulozte nejlepe na plochu ComboFix
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano:
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem
pustíme na to ComboFix:
stahnete a ulozte nejlepe na plochu ComboFix
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano:
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem
-
Mikevanzap
- Návštěvník
- Příspěvky: 3
- Registrován: 08 kvě 2005 18:30
Re: Virus Fake Alert
ComboFix 08-11-10.01 - Administrator 2008-11-11 8:40:04.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1033.18.237 [GMT 1:00]
Spuštěný z: c:\documents and settings\zapletal\Desktop\ComboFix.exe
* Vytvořen nový Bod Obnovení
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Adsl Software Limited
c:\program files\Applications\wcs.exe
c:\windows\config.ini
c:\windows\system32\byXQIAsQ.dll
c:\windows\system32\kdsyj.exe
c:\windows\system32\opnkllLB.dll
c:\windows\system32\QsAIQXyb.ini
c:\windows\system32\QsAIQXyb.ini2
c:\windows\system32\SOCKETX.DLL
c:\windows\system32\tuvVLdbB.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-10-11 do 2008-11-11 )))))))))))))))))))))))))))))))
.
2008-11-10 16:13 . 2008-11-10 16:13 146 --a------ c:\windows\wininit.ini
2008-11-10 15:17 . 2008-11-10 17:04 <DIR> d-------- c:\documents and settings\vaculikv.DMIKRO
2008-11-10 15:10 . 2008-11-10 15:10 <DIR> d-------- C:\Visio
2008-11-10 15:10 . 2008-11-10 15:10 <DIR> d-------- C:\REKLAMACE
2008-11-10 15:10 . 2008-11-10 15:10 <DIR> d-------- c:\program files\Lavasoft
2008-11-10 15:10 . 2008-11-10 15:10 <DIR> d-------- C:\OdHonzi
2008-11-10 15:10 . 2008-11-10 15:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-10 15:10 . 2008-11-10 15:10 <DIR> d-------- C:\Bacau
2008-11-10 15:10 . 2008-11-10 15:10 <DIR> d-------- C:\avjf
2008-11-10 15:09 . 2008-11-10 15:09 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-10 12:39 . 2008-11-10 15:09 <DIR> d---s---- c:\documents and settings\vaculikv
2008-11-10 08:27 . 2008-11-10 08:27 <DIR> d-------- c:\program files\Lavasoft(2)
2008-11-10 08:27 . 2008-11-10 15:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft(2)
2008-11-08 17:08 . 2008-11-10 15:10 <DIR> d-------- C:\Mikro
2008-11-08 08:42 . 2008-11-11 08:40 <DIR> d-------- c:\program files\Applications
2008-10-14 14:48 . 2008-10-14 15:06 <DIR> d-------- C:\_MOST_ANALYZA
2008-10-11 09:37 . 2008-10-11 19:22 <DIR> d-------- C:\Most04
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 07:06 --------- d-----w c:\documents and settings\Administrator\Application Data\AVG7
2008-11-11 06:00 --------- d-----w c:\documents and settings\zapletal\Application Data\AVG7
2008-11-10 16:28 --------- d-----w c:\program files\ICQToolbar
2008-11-10 15:13 --------- d-----w c:\program files\Enigma Software Group
2008-11-10 14:26 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-10 14:26 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-10 14:09 --------- d-----w c:\program files\Azureus
2008-11-09 13:05 --------- d---a-w c:\program files\Canon
2008-11-08 11:39 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-09 13:36 --------- d-----w c:\program files\RustemSoft
2008-10-07 19:41 --------- d-----w c:\documents and settings\zapletal\Application Data\skypePM
2008-10-07 19:41 --------- d-----w c:\documents and settings\zapletal\Application Data\Skype
2008-09-23 10:00 --------- d-----w c:\program files\Fujitsu Siemens Computers
2008-09-23 10:00 --------- d-----w c:\program files\Common Files\Funk Software
2008-09-23 09:35 466,944 ----a-w c:\windows\system32\w29NCPA.dll
2008-09-23 09:35 3,298,432 ----a-w c:\windows\system32\drivers\w29n51.sys
2008-09-23 09:35 1,671,168 ----a-w c:\windows\system32\w29mlres.dll
2008-09-23 09:05 --------- d-----w c:\program files\Crystal Runtime
2008-08-25 06:24 10,624,000 -c--a-w c:\windows\system32\U2L_K201.DLL
2008-01-08 20:26 32 -c--a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-04-06 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-04-06 114688]
"AVG7_CC"="c:\avg7\avgcc.exe" [2008-10-20 590848]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-04 143360]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-03 185896]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_18\bin\jusched.exe" [2008-05-28 32881]
"OdTray.exe"="c:\program files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe" [2003-12-16 626746]
"AGRSMMSG"="AGRSMMSG.exe" [2003-02-14 c:\windows\AGRSMMSG.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"AVG7_Run"="c:\avg7\avgw.exe" [2007-10-25 219136]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1998-04-06 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1998-04-06 51984]
VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-06-18 6144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CtrlVol]
--a--c--- 2002-10-23 16:18 163840 c:\program files\Launch Manager\ctrlvol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyApp]
--a--c--- 2003-01-09 09:41 57418 c:\program files\Launch Manager\HotkeyApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2008-04-01 11:40 172280 c:\program files\ICQ6\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
--a------ 2008-02-01 12:55 1103240 c:\program files\Spyware Doctor\pctsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]
--a--c--- 2002-12-02 09:22 32768 c:\program files\Launch Manager\LaunchAp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\openvpn-gui]
--a--c--- 2005-04-21 10:46 98816 c:\program files\OpenVPN\bin\openvpn-gui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2008-01-07 21:02 495616 c:\program files\Winamp Remote\bin\OrbTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rainlendar2]
--a------ 2007-07-24 08:12 1298432 c:\program files\Rainlendar2\Rainlendar2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-12-07 15:08 21686568 c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-07-07 09:42 2156368 c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-08-06 13:45 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a--c--- 2003-04-24 14:44 610304 c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a--c--- 2003-04-24 14:51 110592 c:\program files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton]
--a--c--- 2003-01-09 08:57 53248 c:\program files\Launch Manager\WButton.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a--c--- 2007-10-10 06:28 36352 c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\AVG7\\avgcc.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\xampp\\apache\\bin\\apache.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 Ext2fs;Ext2fs;c:\windows\system32\DRIVERS\ext2fs.sys [2008-01-20 179584]
R1 gwiopm;gwiopm;c:\windows\system32\drivers\gwiopm.sys [1998-06-03 3904]
R1 Hotkey;Hotkey;c:\windows\system32\drivers\Hotkey.sys [2002-10-29 8843]
R1 IfsMount;IfsMount;c:\windows\system32\DRIVERS\ifsmount.sys [2007-12-29 49536]
R1 Wbutton;Wbutton;c:\windows\system32\drivers\Wbutton.sys [2002-10-23 2920]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2007-03-05 16896]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe runservice -w -N pgsql-8.3 -D c:\program files\PostgreSQL\8.3\data\ [ ]
R2 S2MLocalSrvcs;S2MLocalSrvcs;c:\program files\Speed to Market\Concerto Server\S2MLocalSrvcs.exe [2006-05-02 311296]
R2 S2MRemoteSrvcs;S2MRemoteSrvcs;c:\program files\Speed to Market\Concerto Server\S2MRemoteSrvcs.exe [2006-05-02 200704]
R2 ufad-p2v;VMware Converter Service;c:\program files\VMware\VMware Converter\vmware-ufad.exe [2007-10-09 176128]
R2 vstor2-p2v30;Vstor2 P2V30 Virtual Storage Driver;c:\program files\VMware\VMware Converter\vstor2-p2v30.sys [2007-10-09 19248]
R3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;c:\windows\system32\NSNDIS5.SYS [2004-03-24 17280]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2004-06-24 23552]
R3 WBMS;Winbond Memory Stick Storage (MS) Device Driver;c:\windows\system32\Drivers\WBMS.SYS [2002-11-07 30208]
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;c:\windows\system32\Drivers\WBSD.SYS [2002-11-28 25600]
S3 atm6124;atm6124.Sys ATMEL USB SAMBA Driver;c:\windows\system32\Drivers\atm6124.sys [2007-06-05 15317]
S3 BIFLAK;BIFLAK;c:\pcinfo\biflak.sys [2005-07-22 2822]
S3 FareOn-TCP;FareOn TCP Responder;c:\mikroelektronika\TCP Responder\ServiceRunner.exe [2007-07-08 20480]
S3 NetWlan5;Symbol Based 802.11b Wireless LAN Card Driver;c:\windows\system32\DRIVERS\NetWlan5.sys [2004-08-03 132695]
S3 OracleOraHome81ClientCache;OracleOraHome81ClientCache;c:\oracle\ora81\BIN\ONRSD.EXE [2000-10-19 411244]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{B58C9513-8896-4A6A-9BA8-0FBA3423F821} - c:\windows\system32\tuvVLdbB.dll
BHO-{ECE790AE-4E6B-46C2-B5BE-AE2B9B5F024E} - c:\windows\system32\byXQIAsQ.dll
HKLM-Run-c:\windows\system32\kdsyj.exe - c:\windows\system32\kdsyj.exe
HKLM-Run-pdfSaver3 - (no file)
HKLM-Explorer_Run-QuickTimeTask - c:\program files\Applications\wcs.exe
ShellExecuteHooks-{B58C9513-8896-4A6A-9BA8-0FBA3423F821} - c:\windows\system32\tuvVLdbB.dll
.
------- Doplňkový sken -------
.
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://89.188.16.42/index.html/?cmp=impr&lid=daily_daily&rid=zdez&affid=150044&morphid=irq4&revid=9604&uid=C5F14D341CD011DDB5FD152174CFFFFF&guid=DE1BE186633D4F9A81499CDA515D9F12&url=http:%2F%2Fbestgamblingever.com%2Fsomemegacool.page.html&rff=http:%2F%2Fwww.yobt.com%2F%3Fid=mistype.com&ver=4017
O17 -: HKLM\CCS\Interface\{4854933C-3F11-4919-90F5-E3785C73AFF1}: NameServer = 208.67.220.220,208.67.222.222
O16 -: {49B07BB1-01B8-11D4-99DE-006097C4E923} - hxxp://mikroelektronika.mpmsystem.cz/conweb/MPPOpener.dll
c:\windows\Downloaded Program Files\MPPOpener.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 08:54:29
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\avg7\avgamsvr.exe
c:\avg7\avgupsvc.exe
c:\avg7\avgemc.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Borland\InterBase\bin\ibguard.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\xampp\mysql\bin\mysqld-nt.exe
c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Borland\InterBase\bin\ibserver.exe
c:\windows\system32\spool\drivers\w32x86\3\HP1006MC.EXE
.
**************************************************************************
.
Celkový čas: 2008-11-11 8:59:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-11-11 07:59:33
Před spuštěním: 11,640,918,016 bytes free
Po spuštění: Volných bajtů: 11,629,039,616
218 --- E O F --- 2008-09-15 07:24:38
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1033.18.237 [GMT 1:00]
Spuštěný z: c:\documents and settings\zapletal\Desktop\ComboFix.exe
* Vytvořen nový Bod Obnovení
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Adsl Software Limited
c:\program files\Applications\wcs.exe
c:\windows\config.ini
c:\windows\system32\byXQIAsQ.dll
c:\windows\system32\kdsyj.exe
c:\windows\system32\opnkllLB.dll
c:\windows\system32\QsAIQXyb.ini
c:\windows\system32\QsAIQXyb.ini2
c:\windows\system32\SOCKETX.DLL
c:\windows\system32\tuvVLdbB.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-10-11 do 2008-11-11 )))))))))))))))))))))))))))))))
.
2008-11-10 16:13 . 2008-11-10 16:13 146 --a------ c:\windows\wininit.ini
2008-11-10 15:17 . 2008-11-10 17:04 <DIR> d-------- c:\documents and settings\vaculikv.DMIKRO
2008-11-10 15:10 . 2008-11-10 15:10 <DIR> d-------- C:\Visio
2008-11-10 15:10 . 2008-11-10 15:10 <DIR> d-------- C:\REKLAMACE
2008-11-10 15:10 . 2008-11-10 15:10 <DIR> d-------- c:\program files\Lavasoft
2008-11-10 15:10 . 2008-11-10 15:10 <DIR> d-------- C:\OdHonzi
2008-11-10 15:10 . 2008-11-10 15:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-10 15:10 . 2008-11-10 15:10 <DIR> d-------- C:\Bacau
2008-11-10 15:10 . 2008-11-10 15:10 <DIR> d-------- C:\avjf
2008-11-10 15:09 . 2008-11-10 15:09 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-10 12:39 . 2008-11-10 15:09 <DIR> d---s---- c:\documents and settings\vaculikv
2008-11-10 08:27 . 2008-11-10 08:27 <DIR> d-------- c:\program files\Lavasoft(2)
2008-11-10 08:27 . 2008-11-10 15:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft(2)
2008-11-08 17:08 . 2008-11-10 15:10 <DIR> d-------- C:\Mikro
2008-11-08 08:42 . 2008-11-11 08:40 <DIR> d-------- c:\program files\Applications
2008-10-14 14:48 . 2008-10-14 15:06 <DIR> d-------- C:\_MOST_ANALYZA
2008-10-11 09:37 . 2008-10-11 19:22 <DIR> d-------- C:\Most04
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 07:06 --------- d-----w c:\documents and settings\Administrator\Application Data\AVG7
2008-11-11 06:00 --------- d-----w c:\documents and settings\zapletal\Application Data\AVG7
2008-11-10 16:28 --------- d-----w c:\program files\ICQToolbar
2008-11-10 15:13 --------- d-----w c:\program files\Enigma Software Group
2008-11-10 14:26 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-10 14:26 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-10 14:09 --------- d-----w c:\program files\Azureus
2008-11-09 13:05 --------- d---a-w c:\program files\Canon
2008-11-08 11:39 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-09 13:36 --------- d-----w c:\program files\RustemSoft
2008-10-07 19:41 --------- d-----w c:\documents and settings\zapletal\Application Data\skypePM
2008-10-07 19:41 --------- d-----w c:\documents and settings\zapletal\Application Data\Skype
2008-09-23 10:00 --------- d-----w c:\program files\Fujitsu Siemens Computers
2008-09-23 10:00 --------- d-----w c:\program files\Common Files\Funk Software
2008-09-23 09:35 466,944 ----a-w c:\windows\system32\w29NCPA.dll
2008-09-23 09:35 3,298,432 ----a-w c:\windows\system32\drivers\w29n51.sys
2008-09-23 09:35 1,671,168 ----a-w c:\windows\system32\w29mlres.dll
2008-09-23 09:05 --------- d-----w c:\program files\Crystal Runtime
2008-08-25 06:24 10,624,000 -c--a-w c:\windows\system32\U2L_K201.DLL
2008-01-08 20:26 32 -c--a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-04-06 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-04-06 114688]
"AVG7_CC"="c:\avg7\avgcc.exe" [2008-10-20 590848]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-04 143360]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-03 185896]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_18\bin\jusched.exe" [2008-05-28 32881]
"OdTray.exe"="c:\program files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe" [2003-12-16 626746]
"AGRSMMSG"="AGRSMMSG.exe" [2003-02-14 c:\windows\AGRSMMSG.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"AVG7_Run"="c:\avg7\avgw.exe" [2007-10-25 219136]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1998-04-06 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1998-04-06 51984]
VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-06-18 6144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CtrlVol]
--a--c--- 2002-10-23 16:18 163840 c:\program files\Launch Manager\ctrlvol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyApp]
--a--c--- 2003-01-09 09:41 57418 c:\program files\Launch Manager\HotkeyApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2008-04-01 11:40 172280 c:\program files\ICQ6\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
--a------ 2008-02-01 12:55 1103240 c:\program files\Spyware Doctor\pctsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]
--a--c--- 2002-12-02 09:22 32768 c:\program files\Launch Manager\LaunchAp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\openvpn-gui]
--a--c--- 2005-04-21 10:46 98816 c:\program files\OpenVPN\bin\openvpn-gui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2008-01-07 21:02 495616 c:\program files\Winamp Remote\bin\OrbTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rainlendar2]
--a------ 2007-07-24 08:12 1298432 c:\program files\Rainlendar2\Rainlendar2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-12-07 15:08 21686568 c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-07-07 09:42 2156368 c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-08-06 13:45 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a--c--- 2003-04-24 14:44 610304 c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a--c--- 2003-04-24 14:51 110592 c:\program files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton]
--a--c--- 2003-01-09 08:57 53248 c:\program files\Launch Manager\WButton.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a--c--- 2007-10-10 06:28 36352 c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\AVG7\\avgcc.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\xampp\\apache\\bin\\apache.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 Ext2fs;Ext2fs;c:\windows\system32\DRIVERS\ext2fs.sys [2008-01-20 179584]
R1 gwiopm;gwiopm;c:\windows\system32\drivers\gwiopm.sys [1998-06-03 3904]
R1 Hotkey;Hotkey;c:\windows\system32\drivers\Hotkey.sys [2002-10-29 8843]
R1 IfsMount;IfsMount;c:\windows\system32\DRIVERS\ifsmount.sys [2007-12-29 49536]
R1 Wbutton;Wbutton;c:\windows\system32\drivers\Wbutton.sys [2002-10-23 2920]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2007-03-05 16896]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe runservice -w -N pgsql-8.3 -D c:\program files\PostgreSQL\8.3\data\ [ ]
R2 S2MLocalSrvcs;S2MLocalSrvcs;c:\program files\Speed to Market\Concerto Server\S2MLocalSrvcs.exe [2006-05-02 311296]
R2 S2MRemoteSrvcs;S2MRemoteSrvcs;c:\program files\Speed to Market\Concerto Server\S2MRemoteSrvcs.exe [2006-05-02 200704]
R2 ufad-p2v;VMware Converter Service;c:\program files\VMware\VMware Converter\vmware-ufad.exe [2007-10-09 176128]
R2 vstor2-p2v30;Vstor2 P2V30 Virtual Storage Driver;c:\program files\VMware\VMware Converter\vstor2-p2v30.sys [2007-10-09 19248]
R3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;c:\windows\system32\NSNDIS5.SYS [2004-03-24 17280]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2004-06-24 23552]
R3 WBMS;Winbond Memory Stick Storage (MS) Device Driver;c:\windows\system32\Drivers\WBMS.SYS [2002-11-07 30208]
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;c:\windows\system32\Drivers\WBSD.SYS [2002-11-28 25600]
S3 atm6124;atm6124.Sys ATMEL USB SAMBA Driver;c:\windows\system32\Drivers\atm6124.sys [2007-06-05 15317]
S3 BIFLAK;BIFLAK;c:\pcinfo\biflak.sys [2005-07-22 2822]
S3 FareOn-TCP;FareOn TCP Responder;c:\mikroelektronika\TCP Responder\ServiceRunner.exe [2007-07-08 20480]
S3 NetWlan5;Symbol Based 802.11b Wireless LAN Card Driver;c:\windows\system32\DRIVERS\NetWlan5.sys [2004-08-03 132695]
S3 OracleOraHome81ClientCache;OracleOraHome81ClientCache;c:\oracle\ora81\BIN\ONRSD.EXE [2000-10-19 411244]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{B58C9513-8896-4A6A-9BA8-0FBA3423F821} - c:\windows\system32\tuvVLdbB.dll
BHO-{ECE790AE-4E6B-46C2-B5BE-AE2B9B5F024E} - c:\windows\system32\byXQIAsQ.dll
HKLM-Run-c:\windows\system32\kdsyj.exe - c:\windows\system32\kdsyj.exe
HKLM-Run-pdfSaver3 - (no file)
HKLM-Explorer_Run-QuickTimeTask - c:\program files\Applications\wcs.exe
ShellExecuteHooks-{B58C9513-8896-4A6A-9BA8-0FBA3423F821} - c:\windows\system32\tuvVLdbB.dll
.
------- Doplňkový sken -------
.
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://89.188.16.42/index.html/?cmp=impr&lid=daily_daily&rid=zdez&affid=150044&morphid=irq4&revid=9604&uid=C5F14D341CD011DDB5FD152174CFFFFF&guid=DE1BE186633D4F9A81499CDA515D9F12&url=http:%2F%2Fbestgamblingever.com%2Fsomemegacool.page.html&rff=http:%2F%2Fwww.yobt.com%2F%3Fid=mistype.com&ver=4017
O17 -: HKLM\CCS\Interface\{4854933C-3F11-4919-90F5-E3785C73AFF1}: NameServer = 208.67.220.220,208.67.222.222
O16 -: {49B07BB1-01B8-11D4-99DE-006097C4E923} - hxxp://mikroelektronika.mpmsystem.cz/conweb/MPPOpener.dll
c:\windows\Downloaded Program Files\MPPOpener.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 08:54:29
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\avg7\avgamsvr.exe
c:\avg7\avgupsvc.exe
c:\avg7\avgemc.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Borland\InterBase\bin\ibguard.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\xampp\mysql\bin\mysqld-nt.exe
c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Borland\InterBase\bin\ibserver.exe
c:\windows\system32\spool\drivers\w32x86\3\HP1006MC.EXE
.
**************************************************************************
.
Celkový čas: 2008-11-11 8:59:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-11-11 07:59:33
Před spuštěním: 11,640,918,016 bytes free
Po spuštění: Volných bajtů: 11,629,039,616
218 --- E O F --- 2008-09-15 07:24:38
Re: Virus Fake Alert
No, výborně!
Co na to počítač?
Co na to počítač?
-
Mikevanzap
- Návštěvník
- Příspěvky: 3
- Registrován: 08 kvě 2005 18:30
Re: Virus Fake Alert
Vypadá to nadějně:-)
Děkuji za pomoc.
Michal
Děkuji za pomoc.
Michal
Re: Virus Fake Alert
Zdravím. Dnes mě také začal obtěžovat Fake Alert a můj ESET ho nedokáže odstranit. Jelikož mám 64-bitový systém (Windows 7), nemůžu použít Combofix. Prosím poraďte!
P.S.: Ten můj F.A. způsobuje, že se mi po spuštění hned zase zavře Firefox.
Tady je záznam z Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:02:29, on 2.5.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Users\Pavel\AppData\Local\Temp\Rbf.exe
D:\Steam\Steam.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Users\Pavel\AppData\Local\Temp\Rbd.exe
C:\Users\Pavel\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.1.27.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [M5T8QL3YW3] C:\Users\Pavel\AppData\Local\Temp\Rbd.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\Pavel\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Pavel\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.1.27.dll/206 (file missing)
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WTService - Unknown owner - C:\Windows\System32\atwtusb.exe (file missing)
--
End of file - 9116 bytes
P.S.: Ten můj F.A. způsobuje, že se mi po spuštění hned zase zavře Firefox.
Tady je záznam z Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:02:29, on 2.5.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Users\Pavel\AppData\Local\Temp\Rbf.exe
D:\Steam\Steam.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Users\Pavel\AppData\Local\Temp\Rbd.exe
C:\Users\Pavel\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.1.27.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [M5T8QL3YW3] C:\Users\Pavel\AppData\Local\Temp\Rbd.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\Pavel\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Pavel\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.1.27.dll/206 (file missing)
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WTService - Unknown owner - C:\Windows\System32\atwtusb.exe (file missing)
--
End of file - 9116 bytes
Re: Virus Fake Alert
Zamboa
Založte si prosím vlastní topic a vložte do něj log ze rsitu.
Takto by to bylo nepřehledné. Děkuji za pochopení
Založte si prosím vlastní topic a vložte do něj log ze rsitu.
Takto by to bylo nepřehledné. Děkuji za pochopení
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Přispějete na provoz fóra?