Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Infiltrace Protector.N virus

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Infiltrace Protector.N virus

#31 Příspěvek od motji »

:arrow: Co jsou jednotky T a Z?
Na kterých fleškách měla být ta infekce, ještě ji tam vidíte?

:arrow: Tento soubor znáte?
F:\bi1003cz.exe
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
Kobrik
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 10 črc 2009 15:09

Re: Infiltrace Protector.N virus

#32 Příspěvek od Kobrik »

Dobrý den, omlouvám se, že odepisuji až teď. Byl jsem nějaký čas mimo ČR.
Disky na které se ptáte jsou síťové jednotky. Všiml jsem si, že byly nakaženy i ty. Každopádně po USBfixu je nyní na každé jednotce, která byla skenována skrytá složka Autorun.inf. Předpokládám, že je zde zafixována ona havěť. Co s tím, mám to smazat? Či je třeba to řešit jinak? Přede moc děkuji za odpověď.

Nyní se již po vložení jakéhokoliv flash disku do PC žádné podezřelé soubory neobjevují.
F:\bi1003cz.exe je v pořádku. Jedná se o instalační soubor.
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Infiltrace Protector.N virus

#33 Příspěvek od motji »

Skrytá složka autorun.inf (nikoliv soubor, ale složka :!: ) je taková vakcinace - funguje to tak, že že vir se nezapíše tam, kde už jeden autorun.inf je. :) Složka je prázdná :) .

Máte s pc ještě nějaké problémy?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
Kobrik
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 10 črc 2009 15:09

Re: Infiltrace Protector.N virus

#34 Příspěvek od Kobrik »

Aha, takže nechat :-) Vypadá to, že to bude vše. Zatím XP poslouchají tak jak májí. Mnohokrát Vám děkuji za váš čas a ochotu. Sám bych to nezvládl.

Hezký zbytek víkendu. Nashledanou.
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Infiltrace Protector.N virus

#35 Příspěvek od motji »

Ano nechejte je, udělal je Usbfix. ten můžete odinstalovat - tlačítko uninstall.
Není zač :) . Hezký večer :)
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
miki
Návštěvník
Návštěvník
Příspěvky: 27
Registrován: 23 lis 2010 18:46

Re: Infiltrace Protector.N virus

#36 Příspěvek od miki »

pls! Taktiež mám tento problém na notebooku. ESET Smart Security 4 Varuje, NALEZENA INFILTRACE. Objekt C:\WINDOWS\system32\drivers\cdrom.sys
Komentar:
Tato skutocnost bola zistena pri pokuse o pristup k suboru aplikacii:
C:\WINDOWS\system32\svchost.exe

Prikladam log z OTL

OTL logfile created on: 23.11.2010 18:34:14 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Juro\Dokumenty\Preberanie
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000424 | Country: Slovinsko | Language: SLV | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 189,60 Gb Free Space | 81,42% Space Free | Partition Type: NTFS

Computer Name: JURAJ | User Name: Juro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Files/Folders - Created Within 30 Days ==========

[2010.11.17 20:12:14 | 000,000,000 | ---D | C] -- C:\totalcmd
[2010.11.17 20:12:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Juro\Data aplikací\GHISLER
[2010.10.31 18:58:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010.10.31 18:57:58 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.10.31 18:57:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.10.31 18:57:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.10.30 15:53:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010.10.30 15:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Sun
[2010.10.30 15:53:05 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.10.30 15:53:05 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.10.30 15:52:48 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010.10.30 15:52:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Juro\Data aplikací\Sun
[2010.07.31 17:59:47 | 000,005,632 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\kbfiltr.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.11.23 17:17:40 | 000,169,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.11.23 17:17:38 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.11.23 17:17:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.11.23 17:17:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.11.23 16:47:43 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\Juro\NTUSER.DAT
[2010.11.23 16:47:43 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Juro\ntuser.ini
[2010.11.22 20:08:15 | 000,000,001 | ---- | M] () -- C:\Documents and Settings\Juro\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010.11.22 20:07:56 | 000,098,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\cdrom.sys
[2010.11.18 10:59:08 | 000,023,968 | ---- | M] () -- C:\Documents and Settings\Juro\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2010.11.17 20:16:31 | 000,493,208 | -H-- | M] () -- C:\treeinfo.wc
[2010.11.17 20:12:15 | 000,000,548 | ---- | M] () -- C:\Documents and Settings\Juro\Plocha\Total Commander.lnk
[2010.11.17 19:49:28 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Adobe Reader 9.lnk
[2010.11.17 19:19:12 | 000,014,863 | ---- | M] () -- C:\Documents and Settings\Juro\Dokumenty\Nočné fotografie.docx
[2010.11.17 16:51:16 | 000,192,236 | ---- | M] () -- C:\winn27.exe
[2010.11.13 15:40:42 | 000,460,824 | ---- | M] () -- C:\snp2uvc-001.raw
[2010.11.08 16:57:33 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Juro\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.06 17:11:34 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\CDBurnerXP Pro 3.lnk
[2010.10.31 09:58:45 | 000,444,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.10.31 09:58:45 | 000,441,126 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.10.31 09:58:45 | 000,083,900 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.10.31 09:58:45 | 000,072,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.10.31 09:58:44 | 001,055,414 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.10.30 19:21:36 | 000,013,435 | ---- | M] () -- C:\Documents and Settings\Juro\Dokumenty\OVB.docx
[2010.10.30 01:00:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-JURAJ-Juro.job
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.11.22 20:08:15 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\Juro\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010.11.17 20:16:30 | 000,493,208 | -H-- | C] () -- C:\treeinfo.wc
[2010.11.17 20:12:15 | 000,000,548 | ---- | C] () -- C:\Documents and Settings\Juro\Plocha\Total Commander.lnk
[2010.11.17 20:12:14 | 000,000,545 | ---- | C] () -- C:\WINDOWS\UC.PIF
[2010.11.17 20:12:14 | 000,000,545 | ---- | C] () -- C:\WINDOWS\RAR.PIF
[2010.11.17 20:12:14 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKZIP.PIF
[2010.11.17 20:12:14 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKUNZIP.PIF
[2010.11.17 20:12:14 | 000,000,545 | ---- | C] () -- C:\WINDOWS\NOCLOSE.PIF
[2010.11.17 20:12:14 | 000,000,545 | ---- | C] () -- C:\WINDOWS\LHA.PIF
[2010.11.17 20:12:14 | 000,000,545 | ---- | C] () -- C:\WINDOWS\ARJ.PIF
[2010.11.17 19:19:11 | 000,014,863 | ---- | C] () -- C:\Documents and Settings\Juro\Dokumenty\Nočné fotografie.docx
[2010.11.17 16:51:01 | 000,192,236 | ---- | C] () -- C:\winn27.exe
[2010.11.17 15:03:48 | 000,061,440 | RHS- | C] () -- C:\WINDOWS\nvsvc32.exe
[2010.10.30 18:20:03 | 000,013,435 | ---- | C] () -- C:\Documents and Settings\Juro\Dokumenty\OVB.docx
[2010.09.27 23:15:10 | 000,004,280 | ---- | C] () -- C:\Documents and Settings\Juro\Local Settings\Data aplikací\SRDownloader(2).nast
[2010.09.27 23:03:18 | 000,000,251 | ---- | C] () -- C:\Documents and Settings\Juro\Local Settings\Data aplikací\SRDownloader(2).err
[2010.09.06 17:48:45 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2010.08.07 14:04:31 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
[2010.08.01 16:08:58 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Juro\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.31 21:23:28 | 000,023,968 | ---- | C] () -- C:\Documents and Settings\Juro\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2010.07.31 18:28:50 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\Juro\Local Settings\Data aplikací\fusioncache.dat
[2010.07.31 18:24:20 | 001,055,414 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.07.31 18:24:19 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.07.31 18:23:48 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
[2010.07.31 17:24:32 | 001,769,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2010.07.31 17:24:31 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2010.07.31 17:10:01 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2010.07.31 17:07:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2010.07.31 16:51:02 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2010.07.31 16:51:02 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2010.07.31 16:51:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2010.07.31 16:50:49 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2010.07.31 16:45:21 | 006,417,312 | -H-- | C] () -- C:\Documents and Settings\Juro\Local Settings\Data aplikací\IconCache.db
[2010.07.31 16:45:09 | 000,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2010.07.31 16:43:13 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Juro\Data aplikací\desktop.ini
[2010.07.31 16:38:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2010.07.31 16:35:01 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2010.07.31 16:35:01 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2010.07.31 16:34:17 | 000,026,364 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2010.07.31 16:34:15 | 000,003,680 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2010.01.12 04:35:44 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008.04.14 13:00:00 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2008.04.14 13:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2008.04.14 13:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2008.04.14 13:00:00 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2008.04.14 13:00:00 | 000,253,440 | ---- | C] () -- C:\WINDOWS\System32\compatUI.dll
[2008.04.14 13:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2008.04.14 13:00:00 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2008.04.14 13:00:00 | 000,098,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\cdrom.sys
[2008.04.14 13:00:00 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2008.04.14 13:00:00 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2008.04.14 13:00:00 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2008.04.14 13:00:00 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2008.04.14 13:00:00 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2008.04.14 13:00:00 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2008.04.14 13:00:00 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2008.04.14 13:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2008.04.14 13:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2008.04.14 13:00:00 | 000,033,904 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2008.04.14 13:00:00 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2008.04.14 13:00:00 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2008.04.14 13:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2008.04.14 13:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2008.04.14 13:00:00 | 000,027,898 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2008.04.14 13:00:00 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2008.04.14 13:00:00 | 000,019,741 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini
[2008.04.14 13:00:00 | 000,015,983 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2008.04.14 13:00:00 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2008.04.14 13:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2008.04.14 13:00:00 | 000,013,546 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2008.04.14 13:00:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2008.04.14 13:00:00 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll
[2008.04.14 13:00:00 | 000,009,035 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2008.04.14 13:00:00 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2008.04.14 13:00:00 | 000,004,880 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2008.04.14 13:00:00 | 000,003,010 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2008.04.14 13:00:00 | 000,002,932 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2008.04.14 13:00:00 | 000,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv
[2008.04.14 13:00:00 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2008.04.14 13:00:00 | 000,001,256 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2008.04.14 13:00:00 | 000,000,581 | ---- | C] () -- C:\WINDOWS\win.ini
[2008.04.14 13:00:00 | 000,000,359 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2008.04.14 13:00:00 | 000,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2007.03.29 21:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2006.12.05 12:05:04 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005.07.22 20:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005.04.03 06:30:00 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\scardsyn.dll
[2001.10.24 13:25:00 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
[1998.05.06 11:10:00 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\ODMA32.dll

========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 13:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation)
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -- [2010.09.02 14:15:04 | 013,351,304 | R--- | M] (Skype Technologies S.A.)
"PC Suite Tray" = "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray -- [2007.12.10 09:12:22 | 000,695,808 | ---- | M] ()
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\not active]
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 13:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation)

< c:\windows\*.* /U >
[3 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]


< MD5 for: AGP440.SYS >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys

< MD5 for: CDROM.SYS >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2010.11.22 20:07:56 | 000,098,240 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: EVENTLOG.DLL >
[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NDIS.SYS >
[2008.04.14 13:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.14 13:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 13:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 13:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< c:\windows\*.* /JN >
[2010.11.23 17:17:38 | 000,000,000 | ---- | M] () -- c:\WINDOWS\0.log
[2010.07.31 16:49:17 | 000,010,640 | ---- | M] () -- c:\WINDOWS\AegisP.cat
[2010.07.31 16:49:17 | 000,013,864 | ---- | M] () -- c:\WINDOWS\AegisP.inf
[2010.07.31 16:49:17 | 000,021,393 | ---- | M] (Cisco Systems, Inc.) -- c:\WINDOWS\AegisP.sys
[2005.05.07 01:43:00 | 000,069,632 | ---- | M] (Realtek Semiconductor Corp.) -- c:\WINDOWS\Alcmtr.exe
[2006.05.07 23:26:00 | 002,808,832 | ---- | M] (RealTek Semicoductor Corp.) -- c:\WINDOWS\alcwzrd.exe
[2010.07.07 07:55:10 | 000,000,545 | ---- | M] () -- c:\windows\ARJ.PIF
[2010.07.31 17:57:25 | 000,012,495 | ---- | M] () -- c:\WINDOWS\basecsp.log
[2010.11.23 17:17:27 | 000,002,048 | --S- | M] () -- c:\WINDOWS\bootstat.dat
[2010.10.02 12:37:19 | 000,127,034 | R--- | M] (BackWeb Technologies Inc. ) -- c:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
[2008.04.14 13:00:00 | 000,082,944 | ---- | M] () -- c:\WINDOWS\clock.avi
[2010.07.31 16:33:17 | 000,000,200 | ---- | M] () -- c:\WINDOWS\cmsetacl.log
[2010.07.31 18:38:43 | 000,002,768 | ---- | M] () -- c:\WINDOWS\COM+.log
[2010.10.13 17:05:02 | 000,268,563 | ---- | M] () -- c:\WINDOWS\comsetup.log
[2010.07.31 16:38:20 | 000,000,000 | ---- | M] () -- c:\WINDOWS\control.ini
[2008.04.14 13:00:00 | 000,000,002 | ---- | M] () -- c:\WINDOWS\desktop.ini
[2010.11.06 17:12:52 | 000,001,799 | ---- | M] () -- c:\WINDOWS\discwriter.log
[2010.10.02 12:46:22 | 000,081,486 | ---- | M] () -- c:\WINDOWS\DPINST.LOG
[2010.07.31 18:38:49 | 000,000,859 | ---- | M] () -- c:\WINDOWS\DtcInstall.log
[2008.04.14 13:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\explorer.exe
[2008.04.14 13:00:00 | 000,000,080 | ---- | M] () -- c:\windows\explorer.scf
[2010.10.13 17:05:02 | 000,778,246 | ---- | M] () -- c:\WINDOWS\FaxSetup.log
[2008.04.14 13:00:00 | 000,010,752 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\hh.exe
[2010.07.31 18:25:20 | 000,008,808 | ---- | M] () -- c:\WINDOWS\IDNMitigationAPIs.log
[2010.07.31 18:27:22 | 000,035,648 | ---- | M] () -- c:\WINDOWS\IE7-LIP.log
[2010.07.31 18:26:38 | 000,055,194 | ---- | M] () -- c:\WINDOWS\ie7.log
[2010.07.31 18:27:18 | 000,023,607 | ---- | M] () -- c:\WINDOWS\ie7_main.log
[2010.07.31 22:02:14 | 000,087,010 | ---- | M] () -- c:\WINDOWS\ie8.log
[2010.07.31 22:03:37 | 000,065,690 | ---- | M] () -- c:\WINDOWS\ie8_main.log
[2010.10.13 17:05:02 | 000,876,254 | ---- | M] () -- c:\WINDOWS\iis6.log
[2010.10.13 17:04:54 | 000,001,393 | ---- | M] () -- c:\WINDOWS\imsins.BAK
[2010.10.13 17:05:02 | 000,001,393 | ---- | M] () -- c:\WINDOWS\imsins.log
[2010.08.17 15:33:24 | 000,016,920 | ---- | M] () -- c:\WINDOWS\KB2079403.log
[2010.08.17 15:33:54 | 000,016,521 | ---- | M] () -- c:\WINDOWS\KB2115168.log
[2010.09.15 17:27:56 | 000,013,596 | ---- | M] () -- c:\WINDOWS\KB2121546.log
[2010.09.15 17:25:32 | 000,010,928 | ---- | M] () -- c:\WINDOWS\KB2141007.log
[2010.09.29 21:44:26 | 000,003,734 | ---- | M] () -- c:\WINDOWS\KB2158563.log
[2010.08.17 15:29:24 | 000,012,989 | ---- | M] () -- c:\WINDOWS\KB2160329.log
[2010.08.17 15:29:49 | 000,015,501 | ---- | M] () -- c:\WINDOWS\KB2183461-IE8.log
[2010.07.31 18:09:29 | 000,040,385 | ---- | M] () -- c:\WINDOWS\KB2229593.log
[2010.09.15 17:28:50 | 000,009,184 | ---- | M] () -- c:\WINDOWS\KB2259922.log
[2010.10.13 17:04:54 | 000,021,035 | ---- | M] () -- c:\WINDOWS\KB2279986.log
[2010.08.07 14:10:32 | 000,011,756 | ---- | M] () -- c:\WINDOWS\KB2286198.log
[2010.10.13 17:01:27 | 000,006,015 | ---- | M] () -- c:\WINDOWS\KB2296011.log
[2010.10.13 17:01:35 | 000,014,023 | ---- | M] () -- c:\WINDOWS\KB2345886.log
[2010.09.15 17:28:05 | 000,014,121 | ---- | M] () -- c:\WINDOWS\KB2347290.log
[2010.10.13 17:02:05 | 000,018,697 | ---- | M] () -- c:\WINDOWS\KB2360131-IE8.log
[2010.10.13 17:05:02 | 000,017,162 | ---- | M] () -- c:\WINDOWS\KB2360937.log
[2010.10.13 17:02:13 | 000,013,436 | ---- | M] () -- c:\WINDOWS\KB2378111.log
[2010.10.13 17:02:23 | 000,016,395 | ---- | M] () -- c:\WINDOWS\KB2387149.log
[2010.07.31 17:23:40 | 000,004,459 | ---- | M] () -- c:\WINDOWS\KB888111.log
[2010.07.31 17:20:26 | 000,000,973 | ---- | M] () -- c:\WINDOWS\KB892627.log
[2010.07.31 17:19:56 | 000,000,971 | ---- | M] () -- c:\WINDOWS\KB893056.log
[2010.07.31 17:20:11 | 000,000,930 | ---- | M] () -- c:\WINDOWS\KB896256.log
[2010.07.31 17:39:40 | 000,007,060 | ---- | M] () -- c:\WINDOWS\KB898461.log
[2010.07.31 17:55:21 | 000,006,492 | ---- | M] () -- c:\WINDOWS\KB915800-v4.log
[2010.07.31 18:24:42 | 000,002,447 | ---- | M] () -- c:\WINDOWS\KB915865.log
[2010.07.31 17:19:29 | 000,000,934 | ---- | M] () -- c:\WINDOWS\KB918005.log
[2010.07.31 17:20:40 | 000,000,934 | ---- | M] () -- c:\WINDOWS\KB921411.log
[2010.07.31 17:19:42 | 000,000,932 | ---- | M] () -- c:\WINDOWS\KB923232.log
[2010.07.31 17:57:33 | 000,019,184 | ---- | M] () -- c:\WINDOWS\KB923561.log
[2010.07.31 21:42:16 | 000,006,582 | ---- | M] () -- c:\WINDOWS\KB938127-v2-IE7.log
[2010.07.31 17:55:46 | 000,024,825 | ---- | M] () -- c:\WINDOWS\KB940157.log
[2010.08.05 19:11:24 | 000,024,638 | ---- | M] () -- c:\WINDOWS\KB940157Uninst.log
[2010.07.31 17:56:05 | 000,013,876 | ---- | M] () -- c:\WINDOWS\KB946648.log
[2010.07.31 17:55:05 | 000,008,595 | ---- | M] () -- c:\WINDOWS\KB950760.log
[2010.07.31 17:55:09 | 000,009,305 | ---- | M] () -- c:\WINDOWS\KB950762.log
[2010.07.31 17:56:12 | 000,019,197 | ---- | M] () -- c:\WINDOWS\KB950974.log
[2010.07.31 17:55:13 | 000,008,864 | ---- | M] () -- c:\WINDOWS\KB951376-v2.log
[2010.07.31 17:56:01 | 000,018,786 | ---- | M] () -- c:\WINDOWS\KB951748.log
[2010.07.31 17:55:56 | 000,016,023 | ---- | M] () -- c:\WINDOWS\KB951978.log
[2010.07.31 17:57:51 | 000,030,901 | ---- | M] () -- c:\WINDOWS\KB952004.log
[2010.07.31 18:06:35 | 000,032,234 | ---- | M] () -- c:\WINDOWS\KB952069.log
[2010.07.31 17:56:16 | 000,015,480 | ---- | M] () -- c:\WINDOWS\KB952287.log
[2010.07.31 17:56:08 | 000,018,688 | ---- | M] () -- c:\WINDOWS\KB952954.log
[2010.07.31 18:05:54 | 000,026,457 | ---- | M] () -- c:\WINDOWS\KB954155.log
[2010.07.31 17:56:51 | 000,021,447 | ---- | M] () -- c:\WINDOWS\KB954459.log
[2010.07.31 17:56:47 | 000,016,535 | ---- | M] () -- c:\WINDOWS\KB955069.log
[2010.07.31 18:06:54 | 000,033,492 | ---- | M] () -- c:\WINDOWS\KB955759.log
[2010.07.31 17:57:45 | 000,025,831 | ---- | M] () -- c:\WINDOWS\KB956572.log
[2010.07.31 18:05:26 | 000,028,102 | ---- | M] () -- c:\WINDOWS\KB956744.log
[2010.07.31 17:56:55 | 000,021,941 | ---- | M] () -- c:\WINDOWS\KB956802.log
[2010.07.31 17:56:59 | 000,017,475 | ---- | M] () -- c:\WINDOWS\KB956803.log
[2010.07.31 18:05:46 | 000,028,310 | ---- | M] () -- c:\WINDOWS\KB956844.log
[2010.07.31 17:56:42 | 000,016,023 | ---- | M] () -- c:\WINDOWS\KB958644.log
[2010.07.31 18:06:10 | 000,026,256 | ---- | M] () -- c:\WINDOWS\KB958869.log
[2010.07.31 17:57:59 | 000,031,802 | ---- | M] () -- c:\WINDOWS\KB959426.log
[2010.07.31 17:57:05 | 000,021,563 | ---- | M] () -- c:\WINDOWS\KB960225.log
[2010.07.31 17:57:55 | 000,030,765 | ---- | M] () -- c:\WINDOWS\KB960803.log
[2010.07.31 18:05:34 | 000,033,496 | ---- | M] () -- c:\WINDOWS\KB960859.log
[2010.07.31 18:27:47 | 000,034,187 | ---- | M] () -- c:\WINDOWS\KB961118.log
[2010.07.31 17:58:03 | 000,031,841 | ---- | M] () -- c:\WINDOWS\KB961501.log
[2010.07.31 18:29:03 | 000,038,000 | ---- | M] () -- c:\WINDOWS\KB963093.log
[2010.07.31 17:57:16 | 000,022,271 | ---- | M] () -- c:\WINDOWS\KB967715.log
[2010.07.31 18:06:20 | 000,038,833 | ---- | M] () -- c:\WINDOWS\KB968389.log
[2010.07.31 18:34:03 | 000,083,818 | ---- | M] () -- c:\WINDOWS\KB968930.log
[2010.07.31 18:06:14 | 000,035,001 | ---- | M] () -- c:\WINDOWS\KB969059.log
[2010.07.31 17:58:07 | 000,032,527 | ---- | M] () -- c:\WINDOWS\KB970238.log
[2010.07.31 18:29:16 | 000,042,785 | ---- | M] () -- c:\WINDOWS\KB970430.log
[2010.07.31 18:07:47 | 000,036,688 | ---- | M] () -- c:\WINDOWS\KB971468.log
[2010.07.31 18:07:05 | 000,031,787 | ---- | M] () -- c:\WINDOWS\KB971513.log
[2010.07.31 18:05:41 | 000,028,410 | ---- | M] () -- c:\WINDOWS\KB971657.log
[2010.07.31 18:29:21 | 000,042,500 | ---- | M] () -- c:\WINDOWS\KB971737.log
[2010.07.31 22:11:54 | 000,007,812 | ---- | M] () -- c:\WINDOWS\KB971961-IE8.log
[2010.07.31 18:05:50 | 000,029,487 | ---- | M] () -- c:\WINDOWS\KB971961.log
[2010.07.31 18:07:10 | 000,035,328 | ---- | M] () -- c:\WINDOWS\KB972270.log
[2010.07.31 18:05:30 | 000,033,595 | ---- | M] () -- c:\WINDOWS\KB973507.log
[2010.07.31 18:05:17 | 000,026,412 | ---- | M] () -- c:\WINDOWS\KB973540.log
[2010.07.31 18:06:30 | 000,032,530 | ---- | M] () -- c:\WINDOWS\KB973687.log
[2010.07.31 18:05:38 | 000,033,407 | ---- | M] () -- c:\WINDOWS\KB973815.log
[2010.07.31 18:05:20 | 000,027,708 | ---- | M] () -- c:\WINDOWS\KB973869.log
[2010.07.31 18:07:00 | 000,033,517 | ---- | M] () -- c:\WINDOWS\KB973904.log
[2010.07.31 18:06:07 | 000,034,175 | ---- | M] () -- c:\WINDOWS\KB974112.log
[2010.07.31 18:06:43 | 000,037,474 | ---- | M] () -- c:\WINDOWS\KB974318.log
[2010.07.31 18:06:47 | 000,032,171 | ---- | M] () -- c:\WINDOWS\KB974392.log
[2010.07.31 18:06:02 | 000,034,481 | ---- | M] () -- c:\WINDOWS\KB974571.log
[2010.07.31 18:05:58 | 000,033,587 | ---- | M] () -- c:\WINDOWS\KB975025.log
[2010.07.31 18:06:25 | 000,037,669 | ---- | M] () -- c:\WINDOWS\KB975467.log
[2010.09.15 17:28:42 | 000,009,115 | ---- | M] () -- c:\WINDOWS\KB975558.log
[2010.07.31 18:07:30 | 000,036,355 | ---- | M] () -- c:\WINDOWS\KB975560.log
[2010.07.31 18:07:57 | 000,036,374 | ---- | M] () -- c:\WINDOWS\KB975561.log
[2010.07.31 18:09:10 | 000,043,526 | ---- | M] () -- c:\WINDOWS\KB975562.log
[2010.07.31 18:07:15 | 000,041,880 | ---- | M] () -- c:\WINDOWS\KB975713.log
[2010.07.31 18:08:42 | 000,032,883 | ---- | M] () -- c:\WINDOWS\KB976002-v5.log
[2010.07.31 22:12:02 | 000,008,064 | ---- | M] () -- c:\WINDOWS\KB976662-IE8.log
[2010.07.31 18:08:11 | 000,036,429 | ---- | M] () -- c:\WINDOWS\KB977816.log
[2010.07.31 18:07:40 | 000,037,896 | ---- | M] () -- c:\WINDOWS\KB977914.log
[2010.07.31 18:07:19 | 000,042,056 | ---- | M] () -- c:\WINDOWS\KB978037.log
[2010.07.31 18:08:19 | 000,043,077 | ---- | M] () -- c:\WINDOWS\KB978338.log
[2010.07.31 18:08:47 | 000,043,970 | ---- | M] () -- c:\WINDOWS\KB978542.log
[2010.07.31 18:08:40 | 000,036,461 | ---- | M] () -- c:\WINDOWS\KB978601.log
[2010.07.31 18:08:59 | 000,036,750 | ---- | M] () -- c:\WINDOWS\KB978695.log
[2010.07.31 18:07:51 | 000,036,362 | ---- | M] () -- c:\WINDOWS\KB978706.log
[2010.07.31 18:08:15 | 000,036,358 | ---- | M] () -- c:\WINDOWS\KB979309.log
[2010.07.31 18:08:36 | 000,033,661 | ---- | M] () -- c:\WINDOWS\KB979402.log
[2010.07.31 18:09:07 | 000,043,518 | ---- | M] () -- c:\WINDOWS\KB979482.log
[2010.07.31 18:09:14 | 000,044,707 | ---- | M] () -- c:\WINDOWS\KB979559.log
[2010.07.31 18:08:28 | 000,037,610 | ---- | M] () -- c:\WINDOWS\KB979683.log
[2010.10.13 17:01:21 | 000,012,888 | ---- | M] () -- c:\WINDOWS\KB979687.log
[2010.07.31 20:56:34 | 000,043,066 | ---- | M] () -- c:\WINDOWS\KB980195.log
[2010.07.31 18:08:55 | 000,044,339 | ---- | M] () -- c:\WINDOWS\KB980218.log
[2010.07.31 18:08:07 | 000,036,763 | ---- | M] () -- c:\WINDOWS\KB980232.log
[2010.08.17 15:29:18 | 000,012,336 | ---- | M] () -- c:\WINDOWS\KB980436.log
[2010.09.15 17:27:13 | 000,012,328 | ---- | M] () -- c:\WINDOWS\KB981322.log
[2010.07.31 22:12:09 | 000,007,159 | ---- | M] () -- c:\WINDOWS\KB981332-IE8.log
[2010.07.31 18:08:31 | 000,042,791 | ---- | M] () -- c:\WINDOWS\KB981349.log
[2010.07.31 18:08:50 | 000,034,429 | ---- | M] () -- c:\WINDOWS\KB981793.log
[2010.08.17 15:33:45 | 000,014,092 | ---- | M] () -- c:\WINDOWS\KB981852.log
[2010.10.13 17:04:46 | 000,021,116 | ---- | M] () -- c:\WINDOWS\KB981957.log
[2010.08.17 15:28:06 | 000,006,602 | ---- | M] () -- c:\WINDOWS\KB981997.log
[2010.10.13 17:04:38 | 000,019,833 | ---- | M] () -- c:\WINDOWS\KB982132.log
[2010.08.17 15:34:03 | 000,012,324 | ---- | M] () -- c:\WINDOWS\KB982214.log
[2010.07.31 18:27:15 | 000,094,047 | ---- | M] () -- c:\WINDOWS\KB982381-IE7.log
[2010.07.31 22:03:16 | 000,095,226 | ---- | M] () -- c:\WINDOWS\KB982381-IE8.log
[2010.07.31 18:09:25 | 000,042,018 | ---- | M] () -- c:\WINDOWS\KB982381.log
[2010.07.31 22:02:51 | 000,085,578 | ---- | M] () -- c:\WINDOWS\KB982632-IE8.log
[2010.08.17 15:27:44 | 000,010,813 | ---- | M] () -- c:\WINDOWS\KB982665.log
[2010.09.15 17:27:48 | 000,013,116 | ---- | M] () -- c:\WINDOWS\KB982802.log
[2010.10.02 12:46:30 | 000,000,086 | ---- | M] () -- c:\WINDOWS\KE.log
[2007.01.23 14:44:00 | 000,101,136 | ---- | M] (Logitech Inc.) -- c:\WINDOWS\KHALMNPR.Exe
[2010.10.02 12:37:24 | 000,000,180 | ---- | M] () -- c:\WINDOWS\LDM.log
[2010.07.07 07:55:10 | 000,000,545 | ---- | M] () -- c:\windows\LHA.PIF
[2010.07.31 17:35:21 | 000,000,968 | ---- | M] () -- c:\WINDOWS\lipsetup.log
[2010.10.13 17:05:02 | 000,054,198 | ---- | M] () -- c:\WINDOWS\MedCtrOC.log
[2006.10.15 00:42:00 | 002,157,568 | ---- | M] (Realtek Semiconductor Corp.) -- c:\WINDOWS\MicCal.exe
[2010.08.14 14:06:13 | 000,010,548 | ---- | M] () -- c:\WINDOWS\ModemLog_Standardní modem 33 600 bitů za sekundu.txt
[2008.04.14 13:00:00 | 000,001,272 | ---- | M] () -- c:\WINDOWS\Modrá krajka 16.bmp
[2008.04.14 13:00:00 | 000,001,405 | ---- | M] () -- c:\WINDOWS\msdfmap.ini
[2010.10.13 17:05:02 | 000,039,187 | ---- | M] () -- c:\WINDOWS\msgsocm.log
[2010.10.13 17:05:02 | 000,249,582 | ---- | M] () -- c:\WINDOWS\msmqinst.log
[2003.02.20 23:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\msvcr71.dll
[2000.07.14 23:00:00 | 000,434,252 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\MSVCRTD.DLL
[2008.04.14 13:00:00 | 000,065,978 | ---- | M] () -- c:\WINDOWS\Mýdlové bubliny.bmp
[2008.04.14 13:00:00 | 000,017,336 | ---- | M] () -- c:\WINDOWS\Na rybách.bmp
[2010.10.13 17:05:02 | 000,137,082 | ---- | M] () -- c:\WINDOWS\netfxocm.log
[2010.07.31 18:25:06 | 000,007,211 | ---- | M] () -- c:\WINDOWS\NLSDownlevelMapping.log
[2010.07.07 07:55:10 | 000,000,545 | ---- | M] () -- c:\windows\NOCLOSE.PIF
[2008.04.14 13:00:00 | 000,069,632 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\NOTEPAD.EXE
[2010.08.07 14:14:16 | 000,000,000 | ---- | M] () -- c:\WINDOWS\nsreg.dat
[2010.10.13 17:05:02 | 000,161,128 | ---- | M] () -- c:\WINDOWS\ntdtcsetup.log
[2010.10.13 17:05:02 | 000,381,316 | ---- | M] () -- c:\WINDOWS\ocgen.log
[2010.10.13 17:05:02 | 000,048,749 | ---- | M] () -- c:\WINDOWS\ocmsn.log
[2010.07.31 16:38:09 | 000,004,249 | ---- | M] () -- c:\WINDOWS\ODBCINST.INI
[2010.07.31 16:43:22 | 000,000,833 | ---- | M] () -- c:\WINDOWS\OEWABLog.txt
[2008.04.14 13:00:00 | 000,065,832 | ---- | M] () -- c:\WINDOWS\Omítka Santa Fe.bmp
[2010.11.06 17:12:23 | 000,000,000 | ---- | M] () -- c:\WINDOWS\OrangeBurn.log
[2010.07.07 07:55:10 | 000,000,545 | ---- | M] () -- c:\windows\PKUNZIP.PIF
[2010.07.07 07:55:10 | 000,000,545 | ---- | M] () -- c:\windows\PKZIP.PIF
[2008.04.14 13:00:00 | 000,065,954 | ---- | M] () -- c:\WINDOWS\Prérijní vítr.bmp
[2007.01.29 19:12:00 | 000,157,216 | ---- | M] (Infineon Technologies AG) -- c:\WINDOWS\PSDrecovery.exe
[2010.07.07 07:55:10 | 000,000,545 | ---- | M] () -- c:\windows\RAR.PIF
[2008.04.14 13:00:00 | 000,147,968 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\regedit.exe
[2010.07.31 16:41:46 | 000,008,192 | ---- | M] () -- c:\WINDOWS\REGLOCS.OLD
[2010.07.31 17:35:20 | 000,003,020 | ---- | M] () -- c:\WINDOWS\regopt.log
[2008.04.14 13:00:00 | 000,017,362 | ---- | M] () -- c:\WINDOWS\Rododendron.bmp
[2006.11.18 00:21:00 | 016,270,848 | ---- | M] (Realtek Semiconductor Corp.) -- c:\WINDOWS\RTHDCPL.exe
[2006.05.07 23:35:00 | 009,709,568 | ---- | M] (Realtek Semiconductor Corp.) -- c:\WINDOWS\RTLCPL.exe
[2006.09.15 21:34:00 | 000,499,712 | ---- | M] (Realtek Semiconductor Corp.) -- c:\WINDOWS\RtlExUpd.dll
[2006.11.16 20:07:00 | 001,183,744 | ---- | M] (Realtek Semiconductor Corp.) -- c:\WINDOWS\RtlUpd.exe
[2010.11.23 16:47:46 | 000,032,632 | ---- | M] () -- c:\WINDOWS\SchedLgU.Txt
[2010.07.31 16:35:35 | 000,001,022 | ---- | M] () -- c:\WINDOWS\sessmgr.setup.log
[2010.10.02 12:55:36 | 000,204,498 | ---- | M] () -- c:\WINDOWS\setupact.log
[2010.10.27 17:25:28 | 000,836,386 | ---- | M] () -- c:\WINDOWS\setupapi.log
[2010.07.31 18:23:08 | 000,000,000 | ---- | M] () -- c:\WINDOWS\setuperr.log
[2010.07.31 17:33:06 | 000,878,615 | ---- | M] () -- c:\WINDOWS\setuplog.txt
[2006.05.20 01:04:00 | 002,879,488 | ---- | M] (Realtek Semiconductor Corp.) -- c:\WINDOWS\SkyTel.exe
[2007.10.17 12:48:00 | 002,373,889 | ---- | M] (Macrovision Corporation) -- c:\WINDOWS\snuninst.exe
[2006.07.24 23:14:00 | 000,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- c:\WINDOWS\SoundMan.exe
[2010.10.13 19:53:52 | 000,016,439 | ---- | M] () -- c:\WINDOWS\spupdsvc.log
[2010.07.31 18:26:33 | 000,000,000 | ---- | M] () -- c:\WINDOWS\Sti_Trace.log
[2010.07.31 16:55:39 | 000,000,648 | ---- | M] () -- c:\WINDOWS\SynInst.log
[2010.07.31 17:35:10 | 000,000,231 | ---- | M] () -- c:\WINDOWS\system.ini
[2010.10.13 17:05:02 | 000,039,858 | ---- | M] () -- c:\WINDOWS\tabletoc.log
[2008.04.14 13:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\TASKMAN.EXE
[2008.04.14 13:00:00 | 000,016,730 | ---- | M] () -- c:\WINDOWS\Textura peří.bmp
[2010.07.31 17:07:28 | 000,000,000 | ---- | M] () -- c:\WINDOWS\tosOBEX.INI
[2010.10.13 17:05:02 | 000,360,671 | ---- | M] () -- c:\WINDOWS\tsoc.log
[2008.04.14 13:00:00 | 000,094,784 | ---- | M] (Twain Working Group) -- c:\WINDOWS\twain.dll
[2008.04.14 13:00:00 | 000,050,688 | ---- | M] (Twain Working Group) -- c:\WINDOWS\twain_32.dll
[2008.04.14 13:00:00 | 000,049,680 | ---- | M] (Twain Working Group) -- c:\WINDOWS\twunk_16.exe
[2008.04.14 13:00:00 | 000,025,600 | ---- | M] (Twain Working Group) -- c:\WINDOWS\twunk_32.exe
[2010.07.07 07:55:10 | 000,000,545 | ---- | M] () -- c:\windows\UC.PIF
[2010.10.13 17:05:01 | 000,118,627 | ---- | M] () -- c:\WINDOWS\updspapi.log
[2010.07.31 16:35:01 | 000,000,036 | ---- | M] () -- c:\WINDOWS\vb.ini
[2010.07.31 16:35:01 | 000,000,037 | ---- | M] () -- c:\WINDOWS\vbaddin.ini
[2008.04.14 13:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\vmmreg32.dll
[2010.10.02 12:55:33 | 000,010,785 | ---- | M] () -- c:\WINDOWS\Wdf01005Inst.log
[2010.07.31 18:13:46 | 000,007,379 | ---- | M] () -- c:\WINDOWS\WgaNotify.log
[2010.11.23 17:17:31 | 000,000,159 | ---- | M] () -- c:\WINDOWS\wiadebug.log
[2010.11.23 17:17:31 | 000,000,050 | ---- | M] () -- c:\WINDOWS\wiaservc.log
[2010.09.04 20:58:26 | 000,000,581 | ---- | M] () -- c:\WINDOWS\win.ini
[2010.07.31 16:37:25 | 000,000,749 | RH-- | M] () -- c:\WINDOWS\WindowsShell.Manifest
[2010.11.23 16:47:43 | 001,315,915 | ---- | M] () -- c:\WINDOWS\WindowsUpdate.log
[2008.04.14 13:00:00 | 000,256,419 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\winhelp.exe
[2008.04.14 13:00:00 | 000,283,648 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\winhlp32.exe
[2008.04.14 13:00:00 | 000,048,680 | -HS- | M] () -- c:\WINDOWS\winnt.bmp
[2008.04.14 13:00:00 | 000,048,680 | -HS- | M] () -- c:\WINDOWS\winnt256.bmp
[2010.10.24 12:02:53 | 000,000,098 | ---- | M] () -- c:\WINDOWS\WirelessFTP.INI
[2008.04.14 13:00:00 | 000,036,582 | ---- | M] () -- c:\WINDOWS\wmprfCSY.prx
[2010.10.29 08:19:43 | 000,003,941 | ---- | M] () -- c:\WINDOWS\wmsetup.log
[2010.07.31 16:38:18 | 000,316,640 | ---- | M] () -- c:\WINDOWS\WMSysPr9.prx
[2008.04.14 13:00:00 | 000,009,522 | ---- | M] () -- c:\WINDOWS\Zapotec.bmp
[2008.04.14 13:00:00 | 000,026,582 | ---- | M] () -- c:\WINDOWS\Zelený kámen.bmp
[2008.04.14 13:00:00 | 000,017,062 | ---- | M] () -- c:\WINDOWS\Zrnko kávy.bmp
[2008.04.14 13:00:00 | 000,000,707 | ---- | M] () -- c:\windows\_default.pif
[2008.04.14 13:00:00 | 000,026,680 | ---- | M] () -- c:\WINDOWS\Řeka Sumida.bmp
[3 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< c:\windows\*.* /HL >
[3 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< c:\windows\*.* /RP >
[3 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< End of report >

dakujem za pomoc
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Infiltrace Protector.N virus

#37 Příspěvek od motji »

Dobrý večer :)

Příště si prosím založte vlastní topic.

:arrow: Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
miki
Návštěvník
Návštěvník
Příspěvky: 27
Registrován: 23 lis 2010 18:46

Re: Infiltrace Protector.N virus

#38 Příspěvek od miki »

Ďakujem za odpoveď a zároveň sa ospravedlňujem.
Posielam log z ComboFixu

ComboFix 10-11-23.01 - Juro 23.11.2010 21:06:01.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1224 [GMT 1:00]
Spuštěný z: c:\documents and settings\Juro\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Juro\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd

c:\windows\system32\drivers\cdrom.sys . . . je infikován!!

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-23 do 2010-11-23 )))))))))))))))))))))))))))))))
.

2010-11-23 18:25 . 2010-11-23 18:26 -------- d-----w- c:\documents and settings\Administrator
2010-11-17 19:12 . 2010-11-17 19:12 -------- d-----w- C:\totalcmd
2010-11-17 19:12 . 2010-11-17 19:12 -------- d-----w- c:\documents and settings\Juro\Data aplikací\GHISLER
2010-11-17 19:12 . 2010-07-07 06:55 545 ----a-w- c:\windows\UC.PIF
2010-11-17 19:12 . 2010-07-07 06:55 545 ----a-w- c:\windows\RAR.PIF
2010-11-17 19:12 . 2010-07-07 06:55 545 ----a-w- c:\windows\PKZIP.PIF
2010-11-17 19:12 . 2010-07-07 06:55 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-11-17 19:12 . 2010-07-07 06:55 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-11-17 19:12 . 2010-07-07 06:55 545 ----a-w- c:\windows\LHA.PIF
2010-11-17 19:12 . 2010-07-07 06:55 545 ----a-w- c:\windows\ARJ.PIF
2010-11-17 15:51 . 2010-11-17 15:51 192236 ----a-w- C:\winn27.exe
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-10-31 17:58 . 2010-10-31 17:58 -------- d-----w- c:\program files\Common Files\Java
2010-10-30 14:53 . 2010-10-30 14:53 -------- d-----w- c:\windows\Sun
2010-10-30 14:53 . 2010-09-15 03:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-30 14:53 . 2010-09-15 03:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-30 14:53 . 2010-09-15 01:29 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-30 14:52 . 2010-10-31 17:57 -------- d-----w- c:\program files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-22 19:07 . 2008-04-14 12:00 98240 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-10-02 11:37 . 2010-10-02 11:37 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2010-09-18 10:23 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-04-14 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:52 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:52 . 2008-04-14 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2008-04-14 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:54 . 2008-04-14 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2008-04-14 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 15:08 143360 ----a-w- c:\program files\asus\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Secure Disks]
@="{666C7836-A9B6-4AB4-94ED-DC238C81E925}"
[HKEY_CLASSES_ROOT\CLSID\{666C7836-A9B6-4AB4-94ED-DC238C81E925}]
2006-10-26 22:35 391168 ----a-r- c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 974848]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13508608]
"nwiz"="nwiz.exe" [2008-02-22 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-22 86016]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-16 1024000]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-17 16270848]
"SkyTel"="SkyTel.EXE" [2006-05-20 2879488]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-08-10 573440]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2007-06-26 851968]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-22 17920]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-03-04 677408]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-07-03 7708672]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ATKHOTKEY"="c:\program files\ATK Hotkey\Hcontrol.exe" [2007-06-29 225280]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-11 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2010-10-2 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-10-2 688128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-06 23:30 74240 ----a-r- c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 13:23 106208]
R1 ItSDisk;ItSDisk;c:\windows\system32\drivers\itsdisk.sys [17.5.2006 0:14 23232]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [29.1.2007 19:07 39080]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [14.4.2008 13:00 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [14.4.2008 13:00 14336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [6.2.2009 13:23 727720]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [31.7.2010 18:13 36608]
R3 ITECIR;ITE EC CIR Driver (RTC);c:\windows\system32\drivers\ITECIR.sys [31.7.2010 17:58 9728]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 12:37 517096]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14.4.2008 13:00 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'

2010-10-30 c:\windows\Tasks\AdobeAAMUpdater-1.0-JURAJ-Juro.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-09-11 11:07]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://googleure.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Juro\Data aplikací\Mozilla\Firefox\Profiles\zheqz1ou.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.azet.sk
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-23 21:12
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


C:\ADSM_PData_0150

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1340)
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ItMsg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\TrayIcon.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\brand.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItDAC.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItReports.DLL
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\BioAuth.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASBioAT.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItVCClient.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\AuthWiz.dll

- - - - - - - > 'explorer.exe'(5652)
c:\windows\system32\APSHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItMsg.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\asus\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\ifxtcs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\ACEngSvr.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\Infineon\Security Platform Software\PSDrt.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Infineon\Security Platform Software\SpTna.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclToBTSrv.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-11-23 21:17:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-23 20:17

Před spuštěním: Volných bajtů: 207.998.930.944
Po spuštění: Volných bajtů: 207.886.352.384

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 7946250F9619D1326FFF69C5A4A6EED6
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Infiltrace Protector.N virus

#39 Příspěvek od motji »

Vy máte win xp s jakým sp? Sp3?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
miki
Návštěvník
Návštěvník
Příspěvky: 27
Registrován: 23 lis 2010 18:46

Re: Infiltrace Protector.N virus

#40 Příspěvek od miki »

Áno SP3
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Infiltrace Protector.N virus

#41 Příspěvek od motji »

Já Vám zítra seženu náhradní soubor, musíme ho vyměnit. :)
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
miki
Návštěvník
Návštěvník
Příspěvky: 27
Registrován: 23 lis 2010 18:46

Re: Infiltrace Protector.N virus

#42 Příspěvek od miki »

Zatiaľ ďakujem a zajtra dovidenia :closed:
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Infiltrace Protector.N virus

#43 Příspěvek od motji »

Jen se zeptám, ještě jeden pc se stejným os po ruce asi nemáte, že? :D
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Infiltrace Protector.N virus

#44 Příspěvek od motji »

Zkusíme ještě tohle

:arrow: Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

KillAll::

Restore::
c:\windows\system32\drivers\cdrom.sys

Srpeek::
c:\windows\system32\drivers\cdrom.sys

Collect::
C:\winn27.exe
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek


-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
miki
Návštěvník
Návštěvník
Příspěvky: 27
Registrován: 23 lis 2010 18:46

Re: Infiltrace Protector.N virus

#45 Příspěvek od miki »

prikladám nový log

ComboFix 10-11-23.01 - Juro 24.11.2010 18:18:54.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1353 [GMT 1:00]
Spuštěný z: c:\documents and settings\Juro\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Juro\Plocha\CFScript.txt.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

file zipped: C:\winn27.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\winn27.exe

c:\windows\system32\drivers\cdrom.sys . . . je infikován!!

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-24 do 2010-11-24 )))))))))))))))))))))))))))))))
.

2010-11-24 17:19 . 2010-11-24 17:19 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-11-23 18:25 . 2010-11-23 18:26 -------- d-----w- c:\documents and settings\Administrator
2010-11-17 19:12 . 2010-11-17 19:12 -------- d-----w- C:\totalcmd
2010-11-17 19:12 . 2010-11-17 19:12 -------- d-----w- c:\documents and settings\Juro\Data aplikací\GHISLER
2010-11-17 19:12 . 2010-07-07 06:55 545 ----a-w- c:\windows\UC.PIF
2010-11-17 19:12 . 2010-07-07 06:55 545 ----a-w- c:\windows\RAR.PIF
2010-11-17 19:12 . 2010-07-07 06:55 545 ----a-w- c:\windows\PKZIP.PIF
2010-11-17 19:12 . 2010-07-07 06:55 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-11-17 19:12 . 2010-07-07 06:55 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-11-17 19:12 . 2010-07-07 06:55 545 ----a-w- c:\windows\LHA.PIF
2010-11-17 19:12 . 2010-07-07 06:55 545 ----a-w- c:\windows\ARJ.PIF
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-10-31 17:58 . 2010-10-31 17:58 -------- d-----w- c:\program files\Common Files\Java
2010-10-30 14:53 . 2010-10-30 14:53 -------- d-----w- c:\windows\Sun
2010-10-30 14:53 . 2010-09-15 03:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-30 14:53 . 2010-09-15 03:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-30 14:53 . 2010-09-15 01:29 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-30 14:52 . 2010-10-31 17:57 -------- d-----w- c:\program files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-22 19:07 . 2008-04-14 12:00 98240 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-10-02 11:37 . 2010-10-02 11:37 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2010-09-18 10:23 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-04-14 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:52 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:52 . 2008-04-14 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2008-04-14 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:54 . 2008-04-14 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
.

(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 15:08 143360 ----a-w- c:\program files\asus\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Secure Disks]
@="{666C7836-A9B6-4AB4-94ED-DC238C81E925}"
[HKEY_CLASSES_ROOT\CLSID\{666C7836-A9B6-4AB4-94ED-DC238C81E925}]
2006-10-26 22:35 391168 ----a-r- c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 974848]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13508608]
"nwiz"="nwiz.exe" [2008-02-22 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-22 86016]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-16 1024000]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-17 16270848]
"SkyTel"="SkyTel.EXE" [2006-05-20 2879488]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-08-10 573440]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2007-06-26 851968]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-22 17920]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-03-04 677408]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-07-03 7708672]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ATKHOTKEY"="c:\program files\ATK Hotkey\Hcontrol.exe" [2007-06-29 225280]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-11 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2010-10-2 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-10-2 688128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-06 23:30 74240 ----a-r- c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 13:23 106208]
R1 ItSDisk;ItSDisk;c:\windows\system32\drivers\itsdisk.sys [17.5.2006 0:14 23232]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [29.1.2007 19:07 39080]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [14.4.2008 13:00 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [14.4.2008 13:00 14336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [6.2.2009 13:23 727720]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [31.7.2010 18:13 36608]
R3 ITECIR;ITE EC CIR Driver (RTC);c:\windows\system32\drivers\ITECIR.sys [31.7.2010 17:58 9728]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 12:37 517096]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14.4.2008 13:00 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'

2010-10-30 c:\windows\Tasks\AdobeAAMUpdater-1.0-JURAJ-Juro.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-09-11 11:07]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://googleure.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Juro\Data aplikací\Mozilla\Firefox\Profiles\zheqz1ou.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.azet.sk
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-24 18:24
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1336)
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ItMsg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\TrayIcon.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\brand.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItDAC.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItReports.DLL
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\BioAuth.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASBioAT.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItVCClient.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\AuthWiz.dll

- - - - - - - > 'explorer.exe'(5484)
c:\windows\system32\APSHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItMsg.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\asus\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\ifxtcs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\system32\ACEngSvr.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\program files\Infineon\Security Platform Software\PSDrt.exe
c:\program files\Infineon\Security Platform Software\SpTna.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclToBTSrv.exe
.
**************************************************************************
.
Celkový čas: 2010-11-24 18:29:11 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-24 17:29
ComboFix2.txt 2010-11-23 20:17

Před spuštěním: Volných bajtů: 207.951.331.328
Po spuštění: Volných bajtů: 207.937.667.072

- - End Of File - - 481F59171A0A935B78F3B6DA2D188236
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“