Zdravim,
posledni dobou mam nejak zpomalene PC no a dneska se mi na plose spustila ikonka Desktop Security, ktera hlasi, ze mam 1780 infekci a kdesi cosi. K tomu mi vybehl AVG rezidentni stit, ktery mne hlasi trojskeho kone SHeur3.AERB, taky mi pak naskocilo nejake okynko s tim, ze se mi chce nekdo vzdalene pripojit do PC a vybrat security and personal data. Prosim Vas o pomoc, jak pocitac vycistit? Nebo je treba zformatovat cely PC? Do toho se mi moc nechce.
Dekuji
MH
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
trojan SHeur3.AERB + Desktop Security
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Michal Herůfek
- Návštěvník
- Příspěvky: 6
- Registrován: 15 pro 2005 09:57
Re: trojan SHeur3.AERB + Desktop Security
Hezké odpoledne 
Nic formátovat nemusíte, chce to jen trošku trpělivosti s odstraněním.
Začneme s tím, že pujdete do nouzového režimu (po restartu mačkejte F8 - nouzový režim s prací v síti) a vložíte log ze Rsitu, viz můj podpis
Nic formátovat nemusíte, chce to jen trošku trpělivosti s odstraněním.
Začneme s tím, že pujdete do nouzového režimu (po restartu mačkejte F8 - nouzový režim s prací v síti) a vložíte log ze Rsitu, viz můj podpis
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
Michal Herůfek
- Návštěvník
- Příspěvky: 6
- Registrován: 15 pro 2005 09:57
Re: trojan SHeur3.AERB + Desktop Security
Děkuji za reakci a budu se snažit postupovat dle vašich instrukcí...
Vypadá to ovšem, že v nouzovém režimu se nemůžu na svém ntb přihlásit k internetu (používám wifi spojení), takže to všechno dělám přes flashku a jiný PC...
Děkuji moc za pomoc
Zde log:
Logfile of random's system information tool 1.07 (written by random/random)
Run by Misa at 2010-06-18 14:03:56
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 38 GB (43%) free of 87 GB
Total RAM: 2046 MB (77% free)
HijackThis download failed
======Scheduled tasks folder======
C:\Windows\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-06-03 1615200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-02-12 174872]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-02-15 4390912]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-03-01 857648]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-07-02 13789728]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-06-03 2065248]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]
"LauncherJavaTM41"=C:\Users\Misa\AppData\Local\Temp\9904.tmp [2010-06-18 158208]
"6wvjnjurvlo1"=C:\Users\Misa\AppData\Local\Temp\m.21D5.tmp.exe [2010-06-18 2734592]
"Desktop Security 2010"=C:\Users\Misa\AppData\Roaming\Desktop Security 2010\Desktop Security 2010.exe [2010-06-17 1597952]
"SecurityCenter"=C:\Users\Misa\AppData\Roaming\Desktop Security 2010\securitycenter.exe [2010-06-17 275456]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Služba Plánovač2]
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge]
C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe [2008-08-28 13145448]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE REBOOT []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe [2008-02-21 1647912]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2009-07-02 92704]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
C:\Windows\system32\nvsvc.dll [2009-07-02 768544]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
C:\Program Files\Norton Internet Security\osCheck.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
C:\Program Files\PowerForPhone\PowerForPhone.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zshutdown]
c:\Preload\patch\sysprep.cmd []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-01-02 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Network Server.lnk]
C:\PROGRA~1\WIBUKEY\Server\WkSvMgr.exe [2007-08-21 3768320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"
======List of files/folders created in the last 1 months======
2010-06-18 14:03:57 ----D---- C:\Program Files\trend micro
2010-06-18 14:03:56 ----D---- C:\rsit
2010-06-18 13:59:55 ----A---- C:\Windows\ntbtlog.txt
2010-06-18 11:24:53 ----D---- C:\Users\Misa\AppData\Roaming\Desktop Security 2010
2010-06-14 20:19:12 ----D---- C:\Users\Misa\AppData\Roaming\Facebook
2010-06-10 07:22:39 ----A---- C:\Windows\system32\atmfd.dll
2010-06-10 07:22:38 ----A---- C:\Windows\system32\atmlib.dll
2010-06-10 07:22:35 ----A---- C:\Windows\system32\mshtml.dll
2010-06-10 07:22:34 ----A---- C:\Windows\system32\ieframe.dll
2010-06-10 07:22:32 ----A---- C:\Windows\system32\wininet.dll
2010-06-10 07:22:32 ----A---- C:\Windows\system32\urlmon.dll
2010-06-10 07:22:32 ----A---- C:\Windows\system32\iertutil.dll
2010-06-10 07:22:31 ----A---- C:\Windows\system32\occache.dll
2010-06-10 07:22:31 ----A---- C:\Windows\system32\mstime.dll
2010-06-10 07:22:31 ----A---- C:\Windows\system32\msfeeds.dll
2010-06-10 07:22:31 ----A---- C:\Windows\system32\ieui.dll
2010-06-10 07:22:31 ----A---- C:\Windows\system32\iedkcs32.dll
2010-06-10 07:22:30 ----A---- C:\Windows\system32\msfeedssync.exe
2010-06-10 07:22:30 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-06-10 07:22:30 ----A---- C:\Windows\system32\jsproxy.dll
2010-06-10 07:22:30 ----A---- C:\Windows\system32\ieUnatt.exe
2010-06-10 07:22:30 ----A---- C:\Windows\system32\iesysprep.dll
2010-06-10 07:22:30 ----A---- C:\Windows\system32\iesetup.dll
2010-06-10 07:22:30 ----A---- C:\Windows\system32\iernonce.dll
2010-06-10 07:22:30 ----A---- C:\Windows\system32\iepeers.dll
2010-06-10 07:22:30 ----A---- C:\Windows\system32\ie4uinit.exe
2010-06-10 07:21:02 ----A---- C:\Windows\system32\asycfilt.dll
2010-05-30 09:11:34 ----D---- C:\Users\Misa\AppData\Roaming\EDrawings
2010-05-30 09:10:47 ----A---- C:\Windows\eDrawingOfficeAutomator.INI
2010-05-30 09:10:45 ----D---- C:\Program Files\Common Files\SolidWorks Shared
2010-05-30 09:10:03 ----D---- C:\Program Files\Common Files\eDrawings2010
2010-05-26 07:44:28 ----A---- C:\Windows\system32\tzres.dll
======List of files/folders modified in the last 1 months======
2010-06-18 14:03:57 ----RD---- C:\Program Files
2010-06-18 14:01:17 ----D---- C:\Program Files\Mozilla Firefox
2010-06-18 13:59:55 ----D---- C:\Windows
2010-06-18 11:27:42 ----D---- C:\Users\Misa\AppData\Roaming\uTorrent
2010-06-18 11:24:57 ----D---- C:\Windows\Prefetch
2010-06-18 10:53:40 ----D---- C:\Windows\Temp
2010-06-18 10:52:54 ----D---- C:\Windows\system32\drivers
2010-06-18 10:52:52 ----A---- C:\Windows\system32\rpcnetp.exe
2010-06-18 10:52:49 ----A---- C:\Windows\system32\rpcnet.dll
2010-06-16 16:41:57 ----SHD---- C:\System Volume Information
2010-06-16 16:41:55 ----D---- C:\Windows\system32\catroot2
2010-06-15 23:59:35 ----D---- C:\Users\Misa\AppData\Roaming\vlc
2010-06-15 20:08:43 ----A---- C:\Windows\system32\acovcnt.exe
2010-06-10 11:27:03 ----D---- C:\Windows\winsxs
2010-06-10 11:14:35 ----D---- C:\Windows\Microsoft.NET
2010-06-10 11:14:22 ----RSD---- C:\Windows\assembly
2010-06-10 11:11:11 ----D---- C:\Windows\system32\catroot
2010-06-10 11:08:57 ----D---- C:\Windows\System32
2010-06-10 11:08:57 ----D---- C:\Program Files\Windows Mail
2010-06-10 11:08:56 ----D---- C:\Windows\system32\migration
2010-06-10 11:08:56 ----D---- C:\Program Files\Internet Explorer
2010-06-10 08:24:57 ----D---- C:\Windows\system32\wbem
2010-06-04 10:31:54 ----D---- C:\SPDISK
2010-06-02 13:05:36 ----D---- C:\Users\Misa\AppData\Roaming\Skype
2010-06-02 12:36:40 ----D---- C:\Users\Misa\AppData\Roaming\skypePM
2010-05-30 09:51:36 ----SD---- C:\Users\Misa\AppData\Roaming\Microsoft
2010-05-30 09:11:38 ----D---- C:\ProgramData\FLEXnet
2010-05-30 09:10:46 ----SHD---- C:\Windows\Installer
2010-05-30 09:10:45 ----D---- C:\Program Files\Common Files
2010-05-28 21:37:34 ----A---- C:\Windows\system32\mrt.exe
2010-05-27 07:54:12 ----D---- C:\Windows\rescache
2010-05-27 07:44:40 ----D---- C:\Windows\system32\cs-CZ
2010-05-26 07:37:00 ----D---- C:\Windows\system32\WDI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgTdiX;AVG Free Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2010-06-03 242896]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-25 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-24 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-22 37376]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 NETw4v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-25 2216448]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-03-05 76288]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-03-01 182456]
R3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2008-01-19 45624]
S1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2010-03-16 216200]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2010-06-03 29584]
S2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
S2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-02-05 11632]
S2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2006-12-28 18688]
S2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-19 95744]
S2 WIBUKEY;WIBU-KEY Kernel Driver; C:\Windows\SYSTEM32\DRIVERS\WibuKey.sys [2007-08-21 72704]
S3 a867a127;a867a127; C:\Windows\system32\drivers\a867a127.sys []
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 CmBatt;Ovladač baterie Microsoft ACPI Control Method Battery; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
S3 Dot4;Ovladač MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;Filtr Dot4USB Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-02-14 1740904]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-19 18432]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-07-02 9786752]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
S3 SMSCIRDA;SMSC Infrared Device Driver; C:\Windows\system32\DRIVERS\SMSCirda.sys [2007-04-25 31232]
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-22 982272]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-05-25 1743232]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S2 AcrSch2Svc;Acronis Služba Plánovač2; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe []
S2 ADSMService;ADSM Service; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2007-05-18 73728]
S2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-06 94208]
S2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-05-15 94208]
S2 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-03-16 916760]
S2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-03-16 308064]
S2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-02-21 643072]
S2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-02-12 355096]
S2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-07-02 211488]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-02-21 327680]
S2 rpcnet;Remote Procedure Call (RPC) Net; C:\Windows\system32\rpcnet.exe [2009-11-01 56680]
S2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2006-12-29 123248]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-18 655624]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-02-21 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2010-05-30 79360]
-----------------EOF-----------------
Vypadá to ovšem, že v nouzovém režimu se nemůžu na svém ntb přihlásit k internetu (používám wifi spojení), takže to všechno dělám přes flashku a jiný PC...
Děkuji moc za pomoc
Zde log:
Logfile of random's system information tool 1.07 (written by random/random)
Run by Misa at 2010-06-18 14:03:56
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 38 GB (43%) free of 87 GB
Total RAM: 2046 MB (77% free)
HijackThis download failed
======Scheduled tasks folder======
C:\Windows\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-06-03 1615200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-02-12 174872]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-02-15 4390912]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-03-01 857648]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-07-02 13789728]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-06-03 2065248]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]
"LauncherJavaTM41"=C:\Users\Misa\AppData\Local\Temp\9904.tmp [2010-06-18 158208]
"6wvjnjurvlo1"=C:\Users\Misa\AppData\Local\Temp\m.21D5.tmp.exe [2010-06-18 2734592]
"Desktop Security 2010"=C:\Users\Misa\AppData\Roaming\Desktop Security 2010\Desktop Security 2010.exe [2010-06-17 1597952]
"SecurityCenter"=C:\Users\Misa\AppData\Roaming\Desktop Security 2010\securitycenter.exe [2010-06-17 275456]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Služba Plánovač2]
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge]
C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe [2008-08-28 13145448]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE REBOOT []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe [2008-02-21 1647912]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2009-07-02 92704]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
C:\Windows\system32\nvsvc.dll [2009-07-02 768544]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
C:\Program Files\Norton Internet Security\osCheck.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
C:\Program Files\PowerForPhone\PowerForPhone.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zshutdown]
c:\Preload\patch\sysprep.cmd []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-01-02 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Network Server.lnk]
C:\PROGRA~1\WIBUKEY\Server\WkSvMgr.exe [2007-08-21 3768320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"
======List of files/folders created in the last 1 months======
2010-06-18 14:03:57 ----D---- C:\Program Files\trend micro
2010-06-18 14:03:56 ----D---- C:\rsit
2010-06-18 13:59:55 ----A---- C:\Windows\ntbtlog.txt
2010-06-18 11:24:53 ----D---- C:\Users\Misa\AppData\Roaming\Desktop Security 2010
2010-06-14 20:19:12 ----D---- C:\Users\Misa\AppData\Roaming\Facebook
2010-06-10 07:22:39 ----A---- C:\Windows\system32\atmfd.dll
2010-06-10 07:22:38 ----A---- C:\Windows\system32\atmlib.dll
2010-06-10 07:22:35 ----A---- C:\Windows\system32\mshtml.dll
2010-06-10 07:22:34 ----A---- C:\Windows\system32\ieframe.dll
2010-06-10 07:22:32 ----A---- C:\Windows\system32\wininet.dll
2010-06-10 07:22:32 ----A---- C:\Windows\system32\urlmon.dll
2010-06-10 07:22:32 ----A---- C:\Windows\system32\iertutil.dll
2010-06-10 07:22:31 ----A---- C:\Windows\system32\occache.dll
2010-06-10 07:22:31 ----A---- C:\Windows\system32\mstime.dll
2010-06-10 07:22:31 ----A---- C:\Windows\system32\msfeeds.dll
2010-06-10 07:22:31 ----A---- C:\Windows\system32\ieui.dll
2010-06-10 07:22:31 ----A---- C:\Windows\system32\iedkcs32.dll
2010-06-10 07:22:30 ----A---- C:\Windows\system32\msfeedssync.exe
2010-06-10 07:22:30 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-06-10 07:22:30 ----A---- C:\Windows\system32\jsproxy.dll
2010-06-10 07:22:30 ----A---- C:\Windows\system32\ieUnatt.exe
2010-06-10 07:22:30 ----A---- C:\Windows\system32\iesysprep.dll
2010-06-10 07:22:30 ----A---- C:\Windows\system32\iesetup.dll
2010-06-10 07:22:30 ----A---- C:\Windows\system32\iernonce.dll
2010-06-10 07:22:30 ----A---- C:\Windows\system32\iepeers.dll
2010-06-10 07:22:30 ----A---- C:\Windows\system32\ie4uinit.exe
2010-06-10 07:21:02 ----A---- C:\Windows\system32\asycfilt.dll
2010-05-30 09:11:34 ----D---- C:\Users\Misa\AppData\Roaming\EDrawings
2010-05-30 09:10:47 ----A---- C:\Windows\eDrawingOfficeAutomator.INI
2010-05-30 09:10:45 ----D---- C:\Program Files\Common Files\SolidWorks Shared
2010-05-30 09:10:03 ----D---- C:\Program Files\Common Files\eDrawings2010
2010-05-26 07:44:28 ----A---- C:\Windows\system32\tzres.dll
======List of files/folders modified in the last 1 months======
2010-06-18 14:03:57 ----RD---- C:\Program Files
2010-06-18 14:01:17 ----D---- C:\Program Files\Mozilla Firefox
2010-06-18 13:59:55 ----D---- C:\Windows
2010-06-18 11:27:42 ----D---- C:\Users\Misa\AppData\Roaming\uTorrent
2010-06-18 11:24:57 ----D---- C:\Windows\Prefetch
2010-06-18 10:53:40 ----D---- C:\Windows\Temp
2010-06-18 10:52:54 ----D---- C:\Windows\system32\drivers
2010-06-18 10:52:52 ----A---- C:\Windows\system32\rpcnetp.exe
2010-06-18 10:52:49 ----A---- C:\Windows\system32\rpcnet.dll
2010-06-16 16:41:57 ----SHD---- C:\System Volume Information
2010-06-16 16:41:55 ----D---- C:\Windows\system32\catroot2
2010-06-15 23:59:35 ----D---- C:\Users\Misa\AppData\Roaming\vlc
2010-06-15 20:08:43 ----A---- C:\Windows\system32\acovcnt.exe
2010-06-10 11:27:03 ----D---- C:\Windows\winsxs
2010-06-10 11:14:35 ----D---- C:\Windows\Microsoft.NET
2010-06-10 11:14:22 ----RSD---- C:\Windows\assembly
2010-06-10 11:11:11 ----D---- C:\Windows\system32\catroot
2010-06-10 11:08:57 ----D---- C:\Windows\System32
2010-06-10 11:08:57 ----D---- C:\Program Files\Windows Mail
2010-06-10 11:08:56 ----D---- C:\Windows\system32\migration
2010-06-10 11:08:56 ----D---- C:\Program Files\Internet Explorer
2010-06-10 08:24:57 ----D---- C:\Windows\system32\wbem
2010-06-04 10:31:54 ----D---- C:\SPDISK
2010-06-02 13:05:36 ----D---- C:\Users\Misa\AppData\Roaming\Skype
2010-06-02 12:36:40 ----D---- C:\Users\Misa\AppData\Roaming\skypePM
2010-05-30 09:51:36 ----SD---- C:\Users\Misa\AppData\Roaming\Microsoft
2010-05-30 09:11:38 ----D---- C:\ProgramData\FLEXnet
2010-05-30 09:10:46 ----SHD---- C:\Windows\Installer
2010-05-30 09:10:45 ----D---- C:\Program Files\Common Files
2010-05-28 21:37:34 ----A---- C:\Windows\system32\mrt.exe
2010-05-27 07:54:12 ----D---- C:\Windows\rescache
2010-05-27 07:44:40 ----D---- C:\Windows\system32\cs-CZ
2010-05-26 07:37:00 ----D---- C:\Windows\system32\WDI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgTdiX;AVG Free Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2010-06-03 242896]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-25 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-24 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-22 37376]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 NETw4v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-25 2216448]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-03-05 76288]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-03-01 182456]
R3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2008-01-19 45624]
S1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2010-03-16 216200]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2010-06-03 29584]
S2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
S2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-02-05 11632]
S2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2006-12-28 18688]
S2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-19 95744]
S2 WIBUKEY;WIBU-KEY Kernel Driver; C:\Windows\SYSTEM32\DRIVERS\WibuKey.sys [2007-08-21 72704]
S3 a867a127;a867a127; C:\Windows\system32\drivers\a867a127.sys []
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 CmBatt;Ovladač baterie Microsoft ACPI Control Method Battery; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
S3 Dot4;Ovladač MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;Filtr Dot4USB Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-02-14 1740904]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-19 18432]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-07-02 9786752]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
S3 SMSCIRDA;SMSC Infrared Device Driver; C:\Windows\system32\DRIVERS\SMSCirda.sys [2007-04-25 31232]
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-22 982272]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-05-25 1743232]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S2 AcrSch2Svc;Acronis Služba Plánovač2; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe []
S2 ADSMService;ADSM Service; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2007-05-18 73728]
S2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-06 94208]
S2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-05-15 94208]
S2 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-03-16 916760]
S2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-03-16 308064]
S2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-02-21 643072]
S2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-02-12 355096]
S2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-07-02 211488]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-02-21 327680]
S2 rpcnet;Remote Procedure Call (RPC) Net; C:\Windows\system32\rpcnet.exe [2009-11-01 56680]
S2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2006-12-29 123248]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-18 655624]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-02-21 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2010-05-30 79360]
-----------------EOF-----------------
Re: trojan SHeur3.AERB + Desktop Security
:arrow:Stáhněte OTM http://oldtimer.geekstogo.com/OTM.exe
Stáhněte na plochu Otm, 2krát klikněte na Otm,spustí se program,
Do levého okna "Paste Instructions for Items to be Moved" pod žlutou čáru zkopírujete skript
-klikněte na červené tlačítko Moveit!
-sem vložte obsah zeleného okénka
-Pokud se bude chtít restartovat pc, dejte YES,log pak najdete C:\_OTM\MovedFiles. Log vložte sem
Tedˇuž v běžném režimu
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem
Budu tu asi až večer
Stáhněte na plochu Otm, 2krát klikněte na Otm,spustí se program,
Do levého okna "Paste Instructions for Items to be Moved" pod žlutou čáru zkopírujete skript
Kód: Vybrat vše
:processes
explorer.exe
:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\Users\Misa\AppData\Local\Temp\m.21D5.tmp.exe
C:\Users\Misa\AppData\Local\Temp\9904.tmp
C:\Users\Misa\AppData\Roaming\Desktop Security 2010
:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
auncherJavaTM41"=-
"6wvjnjurvlo1"=-
"Desktop Security 2010"=-
"SecurityCenter"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zshutdown]
:commands
[resethosts]
[emptytemp]
[EMPTYFLASH]
[Reboot]-sem vložte obsah zeleného okénka
-Pokud se bude chtít restartovat pc, dejte YES,log pak najdete C:\_OTM\MovedFiles. Log vložte sem
Tedˇuž v běžném režimu Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe - ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem
Budu tu asi až večer
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
Michal Herůfek
- Návštěvník
- Příspěvky: 6
- Registrován: 15 pro 2005 09:57
Re: trojan SHeur3.AERB + Desktop Security
díky, tady je log z otm a jdu se pustit na combofix..
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP473D.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP95CA.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEA9C.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp folder moved successfully.
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Temp\RACC71.tmp moved successfully.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\csp225A.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\csp48B5.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\csp6576.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\csp66CB.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\csp6FC9.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\csp89E4.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\csp9778.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\csp9E.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\csp9F98.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\csp9FC1.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\cspB9E.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\cspEA42.tmp scheduled to be moved on reboot.
C:\WINDOWS\Temp\DMI118C.tmp moved successfully.
C:\WINDOWS\Temp\DMI1296.tmp moved successfully.
C:\WINDOWS\Temp\DMI9684.tmp moved successfully.
C:\WINDOWS\Temp\DMIA794.tmp moved successfully.
C:\WINDOWS\Temp\DMIC0AF.tmp moved successfully.
C:\WINDOWS\Temp\DMID3E1.tmp moved successfully.
C:\WINDOWS\Temp\DMID854.tmp moved successfully.
C:\WINDOWS\Temp\DMIE4A3.tmp moved successfully.
C:\WINDOWS\Temp\WDF1333.tmp folder moved successfully.
C:\WINDOWS\Temp\WDF2F8C.tmp folder moved successfully.
C:\WINDOWS\Temp\WDF337E.tmp folder moved successfully.
C:\WINDOWS\Temp\WDF3BB8.tmp folder moved successfully.
C:\WINDOWS\Temp\WDF3C08.tmp folder moved successfully.
C:\WINDOWS\Temp\WDF41FD.tmp folder moved successfully.
C:\WINDOWS\Temp\WDF569C.tmp folder moved successfully.
C:\WINDOWS\Temp\WDF5846.tmp folder moved successfully.
C:\WINDOWS\Temp\WDF6D73.tmp folder moved successfully.
C:\WINDOWS\Temp\WDF7B02.tmp folder moved successfully.
C:\WINDOWS\Temp\WDF7ECF.tmp folder moved successfully.
C:\WINDOWS\Temp\WDF8055.tmp folder moved successfully.
C:\WINDOWS\Temp\WDF82AF.tmp folder moved successfully.
C:\WINDOWS\Temp\WDFA026.tmp folder moved successfully.
C:\WINDOWS\Temp\WDFA3CE.tmp folder moved successfully.
C:\WINDOWS\Temp\WDFAA28.tmp folder moved successfully.
C:\WINDOWS\Temp\WDFB0D1.tmp folder moved successfully.
C:\WINDOWS\Temp\WDFBF8A.tmp folder moved successfully.
C:\WINDOWS\Temp\WDFC121.tmp folder moved successfully.
C:\WINDOWS\Temp\WDFD68.tmp folder moved successfully.
C:\WINDOWS\Temp\WDFD70E.tmp folder moved successfully.
C:\WINDOWS\Temp\WDFE8A3.tmp folder moved successfully.
C:\WINDOWS\Temp\WDFEC62.tmp folder moved successfully.
C:\WINDOWS\Temp\WDFED7B.tmp folder moved successfully.
C:\WINDOWS\Temp\WDFF2A7.tmp folder moved successfully.
C:\WINDOWS\twain_32\hpqgnds2.tmp moved successfully.
C:\Users\Misa\AppData\Local\Temp\m.21D5.tmp.exe moved successfully.
C:\Users\Misa\AppData\Local\Temp\9904.tmp moved successfully.
C:\Users\Misa\AppData\Roaming\Desktop Security 2010 folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\auncherJavaTM41" not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\6wvjnjurvlo1 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Desktop Security 2010 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SecurityCenter deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zshutdown\ deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Misa
->Temp folder emptied: 3169922522 bytes
->Temporary Internet Files folder emptied: 57065350 bytes
->Java cache emptied: 47752801 bytes
->FireFox cache emptied: 94378678 bytes
->Flash cache emptied: 50909 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 31774193 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 741 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 3 243,00 mb
OTM by OldTimer - Version 3.1.12.2 log created on 06182010_143252
Files moved on Reboot...
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\csp225A.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\csp48B5.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\csp6576.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\csp66CB.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\csp6FC9.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\csp89E4.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\csp9778.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\csp9E.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\csp9F98.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\csp9FC1.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\cspB9E.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\cspEA42.tmp scheduled to be moved on reboot.
Registry entries deleted on Reboot...
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP473D.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP95CA.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEA9C.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp folder moved successfully.
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Temp\RACC71.tmp moved successfully.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\csp225A.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\csp48B5.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\csp6576.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\csp66CB.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\csp6FC9.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\csp89E4.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\csp9778.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\csp9E.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\csp9F98.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\csp9FC1.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\cspB9E.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\cspEA42.tmp scheduled to be moved on reboot.
C:\WINDOWS\Temp\DMI118C.tmp moved successfully.
C:\WINDOWS\Temp\DMI1296.tmp moved successfully.
C:\WINDOWS\Temp\DMI9684.tmp moved successfully.
C:\WINDOWS\Temp\DMIA794.tmp moved successfully.
C:\WINDOWS\Temp\DMIC0AF.tmp moved successfully.
C:\WINDOWS\Temp\DMID3E1.tmp moved successfully.
C:\WINDOWS\Temp\DMID854.tmp moved successfully.
C:\WINDOWS\Temp\DMIE4A3.tmp moved successfully.
C:\WINDOWS\Temp\WDF1333.tmp folder moved successfully.
C:\WINDOWS\Temp\WDF2F8C.tmp folder moved successfully.
C:\WINDOWS\Temp\WDF337E.tmp folder moved successfully.
C:\WINDOWS\Temp\WDF3BB8.tmp folder moved successfully.
C:\WINDOWS\Temp\WDF3C08.tmp folder moved successfully.
C:\WINDOWS\Temp\WDF41FD.tmp folder moved successfully.
C:\WINDOWS\Temp\WDF569C.tmp folder moved successfully.
C:\WINDOWS\Temp\WDF5846.tmp folder moved successfully.
C:\WINDOWS\Temp\WDF6D73.tmp folder moved successfully.
C:\WINDOWS\Temp\WDF7B02.tmp folder moved successfully.
C:\WINDOWS\Temp\WDF7ECF.tmp folder moved successfully.
C:\WINDOWS\Temp\WDF8055.tmp folder moved successfully.
C:\WINDOWS\Temp\WDF82AF.tmp folder moved successfully.
C:\WINDOWS\Temp\WDFA026.tmp folder moved successfully.
C:\WINDOWS\Temp\WDFA3CE.tmp folder moved successfully.
C:\WINDOWS\Temp\WDFAA28.tmp folder moved successfully.
C:\WINDOWS\Temp\WDFB0D1.tmp folder moved successfully.
C:\WINDOWS\Temp\WDFBF8A.tmp folder moved successfully.
C:\WINDOWS\Temp\WDFC121.tmp folder moved successfully.
C:\WINDOWS\Temp\WDFD68.tmp folder moved successfully.
C:\WINDOWS\Temp\WDFD70E.tmp folder moved successfully.
C:\WINDOWS\Temp\WDFE8A3.tmp folder moved successfully.
C:\WINDOWS\Temp\WDFEC62.tmp folder moved successfully.
C:\WINDOWS\Temp\WDFED7B.tmp folder moved successfully.
C:\WINDOWS\Temp\WDFF2A7.tmp folder moved successfully.
C:\WINDOWS\twain_32\hpqgnds2.tmp moved successfully.
C:\Users\Misa\AppData\Local\Temp\m.21D5.tmp.exe moved successfully.
C:\Users\Misa\AppData\Local\Temp\9904.tmp moved successfully.
C:\Users\Misa\AppData\Roaming\Desktop Security 2010 folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\auncherJavaTM41" not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\6wvjnjurvlo1 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Desktop Security 2010 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SecurityCenter deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zshutdown\ deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Misa
->Temp folder emptied: 3169922522 bytes
->Temporary Internet Files folder emptied: 57065350 bytes
->Java cache emptied: 47752801 bytes
->FireFox cache emptied: 94378678 bytes
->Flash cache emptied: 50909 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 31774193 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 741 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 3 243,00 mb
OTM by OldTimer - Version 3.1.12.2 log created on 06182010_143252
Files moved on Reboot...
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\csp225A.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\csp48B5.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\csp6576.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\csp66CB.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\csp6FC9.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\csp89E4.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\csp9778.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\csp9E.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\csp9F98.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\csp9FC1.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\cspB9E.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\cspEA42.tmp scheduled to be moved on reboot.
Registry entries deleted on Reboot...
-
Michal Herůfek
- Návštěvník
- Příspěvky: 6
- Registrován: 15 pro 2005 09:57
Re: trojan SHeur3.AERB + Desktop Security
log z combofix:
ComboFix 10-06-17.02 - Misa 18.06.2010 15:56:43.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2046.1151 [GMT 2:00]
Spuštěný z: c:\users\Misa\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Misa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Desktop Security 2010.lnk
c:\users\Misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Security 2010
c:\users\Misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Security 2010.lnk
c:\users\Misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Security 2010\Activate Desktop Security 2010.lnk
c:\users\Misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Security 2010\Desktop Security 2010.lnk
c:\users\Misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Security 2010\Help Desktop Security 2010.lnk
c:\users\Misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Security 2010\How to Activate Desktop Security 2010.lnk
c:\users\Misa\Dort _Margot_ _ Recepty na .pdf
c:\windows\system32\win.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-18 do 2010-06-18 )))))))))))))))))))))))))))))))
.
2010-06-18 12:32 . 2010-06-18 12:32 -------- d-----w- C:\_OTM
2010-06-18 12:03 . 2010-06-18 12:03 -------- d-----w- c:\program files\trend micro
2010-06-18 12:03 . 2010-06-18 12:04 -------- d-----w- C:\rsit
2010-06-14 18:19 . 2010-06-14 18:19 50354 ----a-w- c:\users\Misa\AppData\Roaming\Facebook\uninstall.exe
2010-06-14 18:19 . 2010-06-18 09:28 -------- d-----w- c:\users\Misa\AppData\Roaming\Facebook
2010-06-10 05:21 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-10 05:20 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\users\Misa\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
2010-06-03 12:44 . 2010-06-03 12:44 29512 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys
2010-06-03 12:44 . 2010-06-03 12:44 242896 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-05-30 07:18 . 2010-05-30 07:18 952768 ------w- c:\programdata\Adobe\Reader\9.2\ARM\ARM Update\AdobeARM.exe
2010-05-30 07:11 . 2010-05-30 07:11 -------- d-----w- c:\users\Misa\AppData\Roaming\EDrawings
2010-05-30 07:10 . 2010-05-30 07:10 -------- d-----w- c:\program files\Common Files\SolidWorks Shared
2010-05-30 07:10 . 2010-05-30 07:10 -------- d-----w- c:\program files\Common Files\eDrawings2010
2010-05-26 05:44 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-18 13:44 . 2009-11-10 15:12 117608 ----a-w- c:\programdata\nvModes.dat
2010-06-18 13:44 . 2009-11-01 18:41 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-06-18 13:44 . 2009-11-01 17:47 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2010-06-18 13:44 . 2009-11-01 12:02 56680 ----a-w- c:\windows\system32\rpcnet.dll
2010-06-18 13:43 . 2007-04-21 10:36 3668 ----a-w- c:\windows\bthservsdp.dat
2010-06-18 12:55 . 2010-04-26 06:00 0 ----a-w- c:\users\Misa\AppData\Local\prvlcl.dat
2010-06-18 12:39 . 2009-11-01 17:51 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2010-06-18 09:27 . 2009-11-20 18:37 -------- d-----w- c:\users\Misa\AppData\Roaming\uTorrent
2010-06-15 21:59 . 2009-12-10 18:00 -------- d-----w- c:\users\Misa\AppData\Roaming\vlc
2010-06-10 09:08 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-03 12:43 . 2010-02-10 20:12 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-03 12:43 . 2010-02-10 20:12 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-02 11:05 . 2009-11-06 08:23 -------- d-----w- c:\users\Misa\AppData\Roaming\Skype
2010-06-02 10:36 . 2009-11-06 08:24 -------- d-----w- c:\users\Misa\AppData\Roaming\skypePM
2010-05-30 07:11 . 2009-11-18 19:02 -------- d-----w- c:\programdata\FLEXnet
2010-05-26 17:06 . 2010-06-10 05:22 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 05:22 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-16 16:10 . 2009-11-01 10:36 62672 ----a-w- c:\users\Misa\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-12 09:57 . 2007-04-21 11:18 598838 ----a-w- c:\windows\system32\perfh005.dat
2010-05-12 09:57 . 2007-04-21 11:18 115014 ----a-w- c:\windows\system32\perfc005.dat
2010-05-07 12:40 . 2009-11-28 20:51 -------- d-----w- c:\users\Misa\AppData\Roaming\PC Suite
2010-05-04 05:59 . 2010-06-10 05:22 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 05:22 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-10 05:22 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-10 05:22 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-20 13:07 . 2010-04-20 13:07 -------- d-----w- c:\program files\Common Files\Java
2010-04-20 12:51 . 2009-11-18 13:25 -------- d-----w- c:\program files\Java
2010-04-12 15:29 . 2010-04-20 12:51 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\programdata\Adobe\Reader\9.2\ARM\Misa\ARM Update\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\programdata\Adobe\Reader\9.2\ARM\Misa\ARM Update\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\programdata\Adobe\Reader\9.2\ARM\ARM Update\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.2\ARM\Misa\ARM Update\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.2\ARM\Misa\ARM Update\AcrobatUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.2\ARM\ARM Update\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.2\ARM\ARM Update\AcrobatUpdater.exe
2010-03-23 12:32 . 2010-03-23 12:32 1127 ----a-w- c:\windows\unins000.dat
2010-03-23 12:32 . 2010-03-23 12:32 1183739 ----a-w- c:\windows\unins000.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-02 13789728]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-03 2065248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Network Server.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk
backup=c:\windows\pss\Network Server.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge]
2008-08-28 18:34 13145448 ----a-w- c:\program files\Adobe\Adobe Bridge CS4\Bridge.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
2006-11-02 16:27 61440 ----a-w- c:\program files\ASUS\ATK Media\DMedia.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 17:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 20:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-21 14:41 1647912 ----a-w- c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-07-02 00:56 92704 ----a-w- c:\windows\System32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2009-07-02 00:56 768544 ----a-w- c:\windows\System32\nvsvc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-09-01 14:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-11-22 09:31 630784 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):1d,8e,65,ea,9d,5b,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-985456328-465501231-3580004207-1000]
"EnableNotificationsRef"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-985456328-465501231-3580004207-500]
"EnableNotificationsRef"=dword:00000001
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-02 721904]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-16 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-03 242896]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-03-16 916760]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-16 308064]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2007-04-25 31232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
2010-06-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.asus.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\x572opov.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\Misa\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-RunServices-LauncherSetup10.0.32.18 - c:\users\Misa\AppData\Local\Temp\9904.tmp
MSConfigStartUp-Acronis Služba Plánovač2 - c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
MSConfigStartUp-AcronisTimounterMonitor - c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-IS CfgWiz - c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe
MSConfigStartUp-osCheck - c:\program files\Norton Internet Security\osCheck.exe
MSConfigStartUp-PowerForPhone - c:\program files\PowerForPhone\PowerForPhone.exe
MSConfigStartUp-TrueImageMonitor - c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-18 16:24
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
C:\ADSM_PData_0150
sken byl úspešně dokončen
skryté soubory: 1
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-06-18 16:30:31
ComboFix-quarantined-files.txt 2010-06-18 14:30
Před spuštěním: Volných bajtů: 39 512 543 232
Po spuštění: Volných bajtů: 39 245 418 496
- - End Of File - - EC6808FD0E8787B49A7B522410D2907F
ComboFix 10-06-17.02 - Misa 18.06.2010 15:56:43.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2046.1151 [GMT 2:00]
Spuštěný z: c:\users\Misa\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Misa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Desktop Security 2010.lnk
c:\users\Misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Security 2010
c:\users\Misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Security 2010.lnk
c:\users\Misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Security 2010\Activate Desktop Security 2010.lnk
c:\users\Misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Security 2010\Desktop Security 2010.lnk
c:\users\Misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Security 2010\Help Desktop Security 2010.lnk
c:\users\Misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Security 2010\How to Activate Desktop Security 2010.lnk
c:\users\Misa\Dort _Margot_ _ Recepty na .pdf
c:\windows\system32\win.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-18 do 2010-06-18 )))))))))))))))))))))))))))))))
.
2010-06-18 12:32 . 2010-06-18 12:32 -------- d-----w- C:\_OTM
2010-06-18 12:03 . 2010-06-18 12:03 -------- d-----w- c:\program files\trend micro
2010-06-18 12:03 . 2010-06-18 12:04 -------- d-----w- C:\rsit
2010-06-14 18:19 . 2010-06-14 18:19 50354 ----a-w- c:\users\Misa\AppData\Roaming\Facebook\uninstall.exe
2010-06-14 18:19 . 2010-06-18 09:28 -------- d-----w- c:\users\Misa\AppData\Roaming\Facebook
2010-06-10 05:21 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-10 05:20 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\users\Misa\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
2010-06-03 12:44 . 2010-06-03 12:44 29512 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys
2010-06-03 12:44 . 2010-06-03 12:44 242896 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-05-30 07:18 . 2010-05-30 07:18 952768 ------w- c:\programdata\Adobe\Reader\9.2\ARM\ARM Update\AdobeARM.exe
2010-05-30 07:11 . 2010-05-30 07:11 -------- d-----w- c:\users\Misa\AppData\Roaming\EDrawings
2010-05-30 07:10 . 2010-05-30 07:10 -------- d-----w- c:\program files\Common Files\SolidWorks Shared
2010-05-30 07:10 . 2010-05-30 07:10 -------- d-----w- c:\program files\Common Files\eDrawings2010
2010-05-26 05:44 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-18 13:44 . 2009-11-10 15:12 117608 ----a-w- c:\programdata\nvModes.dat
2010-06-18 13:44 . 2009-11-01 18:41 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-06-18 13:44 . 2009-11-01 17:47 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2010-06-18 13:44 . 2009-11-01 12:02 56680 ----a-w- c:\windows\system32\rpcnet.dll
2010-06-18 13:43 . 2007-04-21 10:36 3668 ----a-w- c:\windows\bthservsdp.dat
2010-06-18 12:55 . 2010-04-26 06:00 0 ----a-w- c:\users\Misa\AppData\Local\prvlcl.dat
2010-06-18 12:39 . 2009-11-01 17:51 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2010-06-18 09:27 . 2009-11-20 18:37 -------- d-----w- c:\users\Misa\AppData\Roaming\uTorrent
2010-06-15 21:59 . 2009-12-10 18:00 -------- d-----w- c:\users\Misa\AppData\Roaming\vlc
2010-06-10 09:08 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-03 12:43 . 2010-02-10 20:12 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-03 12:43 . 2010-02-10 20:12 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-02 11:05 . 2009-11-06 08:23 -------- d-----w- c:\users\Misa\AppData\Roaming\Skype
2010-06-02 10:36 . 2009-11-06 08:24 -------- d-----w- c:\users\Misa\AppData\Roaming\skypePM
2010-05-30 07:11 . 2009-11-18 19:02 -------- d-----w- c:\programdata\FLEXnet
2010-05-26 17:06 . 2010-06-10 05:22 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 05:22 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-16 16:10 . 2009-11-01 10:36 62672 ----a-w- c:\users\Misa\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-12 09:57 . 2007-04-21 11:18 598838 ----a-w- c:\windows\system32\perfh005.dat
2010-05-12 09:57 . 2007-04-21 11:18 115014 ----a-w- c:\windows\system32\perfc005.dat
2010-05-07 12:40 . 2009-11-28 20:51 -------- d-----w- c:\users\Misa\AppData\Roaming\PC Suite
2010-05-04 05:59 . 2010-06-10 05:22 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 05:22 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-10 05:22 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-10 05:22 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-20 13:07 . 2010-04-20 13:07 -------- d-----w- c:\program files\Common Files\Java
2010-04-20 12:51 . 2009-11-18 13:25 -------- d-----w- c:\program files\Java
2010-04-12 15:29 . 2010-04-20 12:51 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\programdata\Adobe\Reader\9.2\ARM\Misa\ARM Update\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\programdata\Adobe\Reader\9.2\ARM\Misa\ARM Update\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\programdata\Adobe\Reader\9.2\ARM\ARM Update\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.2\ARM\Misa\ARM Update\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.2\ARM\Misa\ARM Update\AcrobatUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.2\ARM\ARM Update\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.2\ARM\ARM Update\AcrobatUpdater.exe
2010-03-23 12:32 . 2010-03-23 12:32 1127 ----a-w- c:\windows\unins000.dat
2010-03-23 12:32 . 2010-03-23 12:32 1183739 ----a-w- c:\windows\unins000.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-02 13789728]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-03 2065248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Network Server.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk
backup=c:\windows\pss\Network Server.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge]
2008-08-28 18:34 13145448 ----a-w- c:\program files\Adobe\Adobe Bridge CS4\Bridge.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
2006-11-02 16:27 61440 ----a-w- c:\program files\ASUS\ATK Media\DMedia.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 17:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 20:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-21 14:41 1647912 ----a-w- c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-07-02 00:56 92704 ----a-w- c:\windows\System32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2009-07-02 00:56 768544 ----a-w- c:\windows\System32\nvsvc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-09-01 14:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-11-22 09:31 630784 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):1d,8e,65,ea,9d,5b,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-985456328-465501231-3580004207-1000]
"EnableNotificationsRef"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-985456328-465501231-3580004207-500]
"EnableNotificationsRef"=dword:00000001
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-02 721904]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-16 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-03 242896]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-03-16 916760]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-16 308064]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2007-04-25 31232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
2010-06-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.asus.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\x572opov.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\Misa\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-RunServices-LauncherSetup10.0.32.18 - c:\users\Misa\AppData\Local\Temp\9904.tmp
MSConfigStartUp-Acronis Služba Plánovač2 - c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
MSConfigStartUp-AcronisTimounterMonitor - c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-IS CfgWiz - c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe
MSConfigStartUp-osCheck - c:\program files\Norton Internet Security\osCheck.exe
MSConfigStartUp-PowerForPhone - c:\program files\PowerForPhone\PowerForPhone.exe
MSConfigStartUp-TrueImageMonitor - c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-18 16:24
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
C:\ADSM_PData_0150
sken byl úspešně dokončen
skryté soubory: 1
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-06-18 16:30:31
ComboFix-quarantined-files.txt 2010-06-18 14:30
Před spuštěním: Volných bajtů: 39 512 543 232
Po spuštění: Volných bajtů: 39 245 418 496
- - End Of File - - EC6808FD0E8787B49A7B522410D2907F
Re: trojan SHeur3.AERB + Desktop Security
Fajn, co náš pacient? vykazuje ještě známky infekce? 
Tohle asi znáte?
c:\users\Misa\Dort _Margot_ _ Recepty na .pdf
Tohle asi znáte?
c:\users\Misa\Dort _Margot_ _ Recepty na .pdf
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
Michal Herůfek
- Návštěvník
- Příspěvky: 6
- Registrován: 15 pro 2005 09:57
Re: trojan SHeur3.AERB + Desktop Security
PC se zdá být v pořádku !
Chtěl bych ještě požádat o radu - jaký free antivir si nainstalovat. Je vhodny AVG, ktery tam mam ted? A jake dalsi preventivni programky na ochranu pc? Diky
!Chtěl bych ještě požádat o radu - jaký free antivir si nainstalovat. Je vhodny AVG, ktery tam mam ted? A jake dalsi preventivni programky na ochranu pc? Diky
Re: trojan SHeur3.AERB + Desktop Security
Combofix smazal tento soubor c:\users\Misa\Dort _Margot_ _ Recepty na .pdf.
Pokud víte, že je v pořádku, chcete ho zpět? Než smažu karanténu combofixu.
AVG pokud je free bych Vám nedoporučovala. Můžete zkusit Avast nebo Aviru.
Z firewallů doporučuji Zone alarm, ale ještě tu osmičkovou verzi, nová verze měla nějaké bugy a zpomalovala systém.
Nebo Pctools firewall patří k těm jednoduším .
Pokud víte, že je v pořádku, chcete ho zpět? Než smažu karanténu combofixu.
AVG pokud je free bych Vám nedoporučovala. Můžete zkusit Avast nebo Aviru.
Z firewallů doporučuji Zone alarm, ale ještě tu osmičkovou verzi, nová verze měla nějaké bugy a zpomalovala systém.
Nebo Pctools firewall patří k těm jednoduším
.Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
Michal Herůfek
- Návštěvník
- Příspěvky: 6
- Registrován: 15 pro 2005 09:57
Re: trojan SHeur3.AERB + Desktop Security
no ten soubor asi byl v poradku, ale ze je smazany, to vubec nevadi .
Tak AVG teda odinstaluju a zkusim ten Avast, diky!
.Tak AVG teda odinstaluju a zkusim ten Avast
, diky!Re: trojan SHeur3.AERB + Desktop Security
Ten soubor můžu ještě vytáhnout, stačí napsat. právě proto jsem Vás ještě nenechala odinstalovat combofix.
A ještě mi enutíkejte, musíme uklidit . Tak co, ten soubor chcete?
A ještě mi enutíkejte, musíme uklidit
. Tak co, ten soubor chcete?Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Přispějete na provoz fóra?