Dobrý den,
prosím o radu, vždy po zapnutí internetu je CPU okamžitě na 100% a zřejmě se něco stahuje do PC. Posílám log z RSIT. Předem moc děkuji
Jakub
Logfile of random's system information tool 1.08 (written by random/random)
Run by Kuba at 2010-11-13 20:58:30
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 27 GB (74%) free of 36 GB
Total RAM: 510 MB (21% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:52, on 2010-11-13
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\CToolbar.exe
C:\DOCUME~1\Kuba\LOCALS~1\Temp\494.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Kuba\Plocha\RSIT.exe
C:\WINDOWS\system32\foucu.exe
C:\Program Files\trend micro\Kuba.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crawler.com/homepage.aspx?tbid=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [nossen] C:\WINDOWS\system32\kidassu.exe
O4 - HKLM\..\RunServices: [nossen] C:\WINDOWS\system32\kidassu.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [MSConfig] C:\Documents and Settings\Kuba\rqf.exe \u
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: 0zvqq6c.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: 1j70qqg.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: 1qwmhid.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: 3gbrsnd.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: 5si971f.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: 60hc0je.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: 70pfl66.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: 871uvqq.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: 9k1gcs0.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: cyytkkfwwr.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: e1awwriidu.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: ee6qq6cc6.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: g1cyytkk.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: jpplbbxx.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: kfl66c81.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: lbcxd870.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: m91i3jfabg.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: p0lq81cnojp.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: rx70tjp2vl.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: siojzavl.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: sytukglr5i.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: vb5rniy1.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: vvrhhdttpff.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: vwrhidtu.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: w1soojaavm.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: xc871fplg.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: y1uqqlccxo.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: 0zvqq6c.exe (User 'Default user')
O4 - .DEFAULT Startup: 1j70qqg.exe (User 'Default user')
O4 - .DEFAULT Startup: 1qwmhid.exe (User 'Default user')
O4 - .DEFAULT Startup: 3gbrsnd.exe (User 'Default user')
O4 - .DEFAULT Startup: 5si971f.exe (User 'Default user')
O4 - .DEFAULT Startup: 60hc0je.exe (User 'Default user')
O4 - .DEFAULT Startup: 70pfl66.exe (User 'Default user')
O4 - .DEFAULT Startup: 871uvqq.exe (User 'Default user')
O4 - .DEFAULT Startup: 9k1gcs0.exe (User 'Default user')
O4 - .DEFAULT Startup: cyytkkfwwr.exe (User 'Default user')
O4 - .DEFAULT Startup: e1awwriidu.exe (User 'Default user')
O4 - .DEFAULT Startup: ee6qq6cc6.exe (User 'Default user')
O4 - .DEFAULT Startup: g1cyytkk.exe (User 'Default user')
O4 - .DEFAULT Startup: jpplbbxx.exe (User 'Default user')
O4 - .DEFAULT Startup: kfl66c81.exe (User 'Default user')
O4 - .DEFAULT Startup: lbcxd870.exe (User 'Default user')
O4 - .DEFAULT Startup: m91i3jfabg.exe (User 'Default user')
O4 - .DEFAULT Startup: p0lq81cnojp.exe (User 'Default user')
O4 - .DEFAULT Startup: rx70tjp2vl.exe (User 'Default user')
O4 - .DEFAULT Startup: siojzavl.exe (User 'Default user')
O4 - .DEFAULT Startup: sytukglr5i.exe (User 'Default user')
O4 - .DEFAULT Startup: vb5rniy1.exe (User 'Default user')
O4 - .DEFAULT Startup: vvrhhdttpff.exe (User 'Default user')
O4 - .DEFAULT Startup: vwrhidtu.exe (User 'Default user')
O4 - .DEFAULT Startup: w1soojaavm.exe (User 'Default user')
O4 - .DEFAULT Startup: xc871fplg.exe (User 'Default user')
O4 - .DEFAULT Startup: y1uqqlccxo.exe (User 'Default user')
O4 - Startup: 0zvqq6c.exe
O4 - Startup: 1j70qqg.exe
O4 - Startup: 1qwmhid.exe
O4 - Startup: 3gbrsnd.exe
O4 - Startup: 5si971f.exe
O4 - Startup: 60hc0je.exe
O4 - Startup: 70pfl66.exe
O4 - Startup: 871uvqq.exe
O4 - Startup: 9k1gcs0.exe
O4 - Startup: cyytkkfwwr.exe
O4 - Startup: e1awwriidu.exe
O4 - Startup: ee6qq6cc6.exe
O4 - Startup: g1cyytkk.exe
O4 - Startup: jpplbbxx.exe
O4 - Startup: kfl66c81.exe
O4 - Startup: lbcxd870.exe
O4 - Startup: m91i3jfabg.exe
O4 - Startup: p0lq81cnojp.exe
O4 - Startup: rx70tjp2vl.exe
O4 - Startup: siojzavl.exe
O4 - Startup: sytukglr5i.exe
O4 - Startup: vb5rniy1.exe
O4 - Startup: vvrhhdttpff.exe
O4 - Startup: vwrhidtu.exe
O4 - Startup: w1soojaavm.exe
O4 - Startup: xc871fplg.exe
O4 - Startup: y1uqqlccxo.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati ... 0.31.0.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Blue Coat K9 Web Protection (ei9owe4en5e847ai) - Unknown owner - C:\WINDOWS\system32\rajequupe.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 10883 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"EPM-DM"=c:\acer\epm\epm-dm.exe [2005-03-28 188416]
"ePowerManagement"=C:\Acer\ePM\ePM.exe [2005-03-24 2880512]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-06-28 2837864]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-04-13 2176512]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-15 385024]
"EOUApp"=C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe [2004-10-15 356352]
"nossen"=C:\WINDOWS\system32\kidassu.exe [2010-11-13 201216]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]
"MSConfig"=C:\Documents and Settings\Kuba\rqf.exe [2010-11-13 19456]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\acerWireless]
C:\Program Files\acer\Wireless\Utility\WlanUtil.exe [2004-06-09 417792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]
C:\Program Files\Atheros\ACU.exe [2005-01-31 253952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-04-28 344064]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp]
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe [2004-10-15 356352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe [2010-01-27 256280]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.1\ICQ.exe [2010-10-27 133432]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-15 385024]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\Program Files\Launch Manager\QtZgAcer.EXE [2005-09-05 319488]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-03-29 437584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Pro Dispatcher v3]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe [2009-03-24 606208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-04-13 3037696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AVerQuick.lnk]
C:\PROGRA~1\COMMON~1\AVERME~1\AVERQU~1\AVERQU~2.EXE [2007-04-17 614400]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [1999-02-17 65588]
C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění
0zvqq6c.exe
1j70qqg.exe
1qwmhid.exe
3gbrsnd.exe
5si971f.exe
60hc0je.exe
70pfl66.exe
871uvqq.exe
9k1gcs0.exe
cyytkkfwwr.exe
e1awwriidu.exe
ee6qq6cc6.exe
g1cyytkk.exe
jpplbbxx.exe
kfl66c81.exe
lbcxd870.exe
m91i3jfabg.exe
p0lq81cnojp.exe
rx70tjp2vl.exe
siojzavl.exe
sytukglr5i.exe
vb5rniy1.exe
vvrhhdttpff.exe
vwrhidtu.exe
w1soojaavm.exe
xc871fplg.exe
y1uqqlccxo.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-04-28 46080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-10-15 110592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Disabled:Crawler Spyware Terminator"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Documents and Settings\Kuba\Plocha\P17535732.JPG-www.facebook.exe"="C:\WINDOWS\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-11-13 20:52:19 ----A---- C:\WINDOWS\system32\rajequupe.exe
2010-11-13 20:51:25 ----A---- C:\WINDOWS\system32\kidassu.exe
2010-11-13 20:29:28 ----HD---- C:\WINDOWS\PIF
2010-11-13 20:18:03 ----D---- C:\Program Files\trend micro
2010-11-13 20:18:00 ----D---- C:\rsit
2010-11-13 18:40:39 ----A---- C:\Boot.bak
2010-11-13 18:40:34 ----RASHD---- C:\cmdcons
2010-11-13 18:39:13 ----D---- C:\ComboFix
2010-11-13 18:26:09 ----D---- C:\WINDOWS\ERDNT
2010-11-13 18:22:51 ----D---- C:\Qoobox
2010-11-13 16:23:12 ----RSH---- C:\Documents and Settings\Kuba\Data aplikací\juzjf.exe
2010-11-13 16:22:26 ----A---- C:\t6.exe
2010-10-19 21:20:38 ----D---- C:\Program Files\Free MP3 Cutter
2010-10-15 18:39:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2010-10-15 18:38:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2279986$
2010-10-15 18:38:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2010-10-15 18:38:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2010-10-15 18:37:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2010-10-15 18:37:19 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2010-10-15 18:36:58 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2010-10-15 18:30:30 ----HDC---- C:\WINDOWS\$NtUninstallKB981957$
2010-10-15 18:30:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$
======List of files/folders modified in the last 1 months======
2010-11-13 20:52:19 ----D---- C:\WINDOWS\system32
2010-11-13 20:51:50 ----RSHD---- C:\RECYCLER
2010-11-13 20:51:15 ----D---- C:\Program Files\Crawler
2010-11-13 20:50:15 ----D---- C:\WINDOWS\Prefetch
2010-11-13 20:49:05 ----AD---- C:\WINDOWS\Temp
2010-11-13 20:46:30 ----D---- C:\WINDOWS\system32\drivers
2010-11-13 20:45:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-13 20:45:46 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-13 20:35:40 ----D---- C:\Program Files\Spyware Terminator
2010-11-13 20:32:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-11-13 20:29:28 ----D---- C:\WINDOWS
2010-11-13 20:18:03 ----RD---- C:\Program Files
2010-11-13 19:21:13 ----D---- C:\temp
2010-11-13 18:57:39 ----HDC---- C:\WINDOWS\$NtUninstallKB980232_0$
2010-11-13 18:40:40 ----RASH---- C:\boot.ini
2010-11-13 16:37:34 ----D---- C:\Documents and Settings\Kuba\Data aplikací\Spyware Terminator
2010-11-10 22:15:40 ----D---- C:\Documents and Settings\Kuba\Data aplikací\ICQ
2010-11-08 20:00:57 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-11-06 20:26:56 ----D---- C:\Program Files\ICQ7.1
2010-10-31 15:50:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-30 12:33:45 ----D---- C:\Program Files\Mozilla Firefox
2010-10-28 16:07:27 ----A---- C:\WINDOWS\system32\pbsvc_heroes.exe
2010-10-28 15:21:08 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-10-25 20:34:46 ----SD---- C:\Documents and Settings\Kuba\Data aplikací\Microsoft
2010-10-24 12:04:16 ----D---- C:\WINDOWS\Debug
2010-10-23 21:18:21 ----SHD---- C:\WINDOWS\Installer
2010-10-16 14:53:21 ----HD---- C:\WINDOWS\inf
2010-10-15 18:39:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-10-15 18:39:18 ----HD---- C:\WINDOWS\$hf_mig$
2010-10-15 18:38:06 ----D---- C:\WINDOWS\WinSxS
2010-10-15 18:36:04 ----D---- C:\Program Files\Internet Explorer
2010-10-15 18:35:11 ----D---- C:\WINDOWS\ie8updates
2010-10-15 18:31:19 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-06-28 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-06-28 165456]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-06-28 46672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-04-13 17801]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-06-28 17744]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-06-28 100176]
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-10-15 11354]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-06-28 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-04-28 1132544]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2003-09-26 44032]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camcaud.sys [2004-06-25 34048]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camchal.sys [2004-06-25 276480]
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\DKbFltr.sys [2005-09-05 16896]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-01-25 1038208]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-01-25 207616]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-29 3222784]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-01-25 703616]
S3 akshasp;Aladdin HASP Key; C:\WINDOWS\system32\DRIVERS\akshasp.sys [2006-11-22 327168]
S3 aksusb;Aladdin USB Key; C:\WINDOWS\system32\DRIVERS\aksusb.sys [2006-11-22 100096]
S3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM); C:\WINDOWS\system32\drivers\averhbtv.sys [2007-04-30 302848]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 guogwjlu;guogwjlu; \??\C:\WINDOWS\System32\Drivers\guogwjlu.sys []
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2004-12-27 36864]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-04-28 364544]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2004-10-15 86016]
R2 OwnershipProtocol;OwnershipProtocol; C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe [2004-10-15 98304]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-04-13 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-11-08 215016]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2004-10-15 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2004-10-15 360521]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-04-13 488960]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S2 ei9owe4en5e847ai;Blue Coat K9 Web Protection; C:\WINDOWS\system32\rajequupe.exe [2010-11-13 201216]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-13 136176]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Vir
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vir
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Log z Combofixu
ComboFix 10-11-12.06 - Kuba 2010-11-13 21:33:45.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.510.270 [GMT 1:00]
Spuštěný z: c:\documents and settings\Kuba\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Kuba\Dokumenty\cc_20101113_204302.reg
c:\documents and settings\Kuba\nivhit.exe
c:\documents and settings\Kuba\secupdat.dat
c:\documents and settings\Kuba\wrcblv.exe
c:\recycler\S-1-5-21-5833907845-5826113209-726411687-9283\yv8g67.exe
c:\windows\system32\kidassu.exe
c:\windows\system32\secupdat.dat
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-13 do 2010-11-13 )))))))))))))))))))))))))))))))
.
2010-11-13 15:23 . 2010-11-13 15:22 91136 --sh--r- c:\documents and settings\Kuba\Data aplikací\juzjf.exe
2010-11-13 15:22 . 2010-11-13 15:22 91136 ----a-w- C:\t6.exe
2010-10-28 14:18 . 2010-10-28 14:18 -------- d-sh--w- c:\documents and settings\Kuba\IECompatCache
2010-10-19 20:20 . 2010-10-19 20:20 -------- d-----w- c:\program files\Free MP3 Cutter
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-13 19:51 . 2010-11-13 19:52 201216 ----a-w- c:\windows\system32\kidassu.exe
2010-11-08 19:01 . 2010-04-13 21:12 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-11-08 19:00 . 2010-04-13 21:26 215016 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-11-08 19:00 . 2010-04-13 21:12 215016 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-28 15:08 . 2010-04-13 21:12 138056 ----a-w- c:\documents and settings\Kuba\Data aplikací\PnkBstrK.sys
2010-10-28 15:08 . 2010-04-13 21:12 138056 ----a-w- c:\documents and settings\Kuba\Data aplikací\PnkBstrK.sys
2010-10-28 15:08 . 2010-04-13 21:12 138056 ----a-w- c:\documents and settings\Kuba\Data aplikací\PnkBstrK.sys
2010-10-28 15:08 . 2010-04-13 21:12 138056 ----a-w- c:\documents and settings\Kuba\Data aplikací\PnkBstrK.sys
2010-10-28 15:07 . 2010-04-13 21:11 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-09-18 10:23 . 2001-10-25 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2001-10-25 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-10-25 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-10-25 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:52 . 2001-10-25 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2001-10-25 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2001-10-25 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:52 . 2001-10-25 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2001-10-25 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2001-10-25 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:54 . 2001-10-25 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2001-10-25 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2001-10-25 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2001-10-25 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2001-10-25 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 188416]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-24 2880512]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-04-13 2176512]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 356352]
"nossen"="c:\windows\system32\kidassu.exe" [2010-11-13 201216]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Kuba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
0zvqq6c.exe [2010-11-13 60416]
1ciy1kp.exe [2010-11-13 60416]
1j70qqg.exe [2010-11-13 60416]
1qwmhid.exe [2010-11-13 60416]
3gbrsnd.exe [2010-11-13 60416]
5si971f.exe [2010-11-13 60416]
60hc0je.exe [2010-11-13 60416]
70pfl66.exe [2010-11-13 60416]
871uvqq.exe [2010-11-13 60416]
9k1gcs0.exe [2010-11-13 60416]
cyytkkfwwr.exe [2010-11-13 60416]
e1awwriidu.exe [2010-11-13 60416]
ee6qq6cc6.exe [2010-11-13 60416]
g1cyytkk.exe [2010-11-13 60416]
jpplbbxx.exe [2010-11-13 60416]
kfl66c81.exe [2010-11-13 60416]
lbcxd870.exe [2010-11-13 60416]
m91i3jfabg.exe [2010-11-13 60416]
p0lq81cnojp.exe [2010-11-13 60416]
rx70tjp2vl.exe [2010-11-13 60416]
siojzavl.exe [2010-11-13 60416]
sytukglr5i.exe [2010-11-13 60416]
vb5rniy1.exe [2010-11-13 60416]
vvrhhdttpff.exe [2010-11-13 60416]
vwrhidtu.exe [2010-11-13 60416]
w1soojaavm.exe [2010-11-13 60416]
xc871fplg.exe [2010-11-13 60416]
y1uqqlccxo.exe [2010-11-13 60416]
c:\documents and settings\Kuba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
0zvqq6c.exe [2010-11-13 60416]
1ciy1kp.exe [2010-11-13 60416]
1j70qqg.exe [2010-11-13 60416]
1qwmhid.exe [2010-11-13 60416]
3gbrsnd.exe [2010-11-13 60416]
5si971f.exe [2010-11-13 60416]
60hc0je.exe [2010-11-13 60416]
70pfl66.exe [2010-11-13 60416]
871uvqq.exe [2010-11-13 60416]
9k1gcs0.exe [2010-11-13 60416]
cyytkkfwwr.exe [2010-11-13 60416]
e1awwriidu.exe [2010-11-13 60416]
ee6qq6cc6.exe [2010-11-13 60416]
g1cyytkk.exe [2010-11-13 60416]
jpplbbxx.exe [2010-11-13 60416]
kfl66c81.exe [2010-11-13 60416]
lbcxd870.exe [2010-11-13 60416]
m91i3jfabg.exe [2010-11-13 60416]
p0lq81cnojp.exe [2010-11-13 60416]
rx70tjp2vl.exe [2010-11-13 60416]
siojzavl.exe [2010-11-13 60416]
sytukglr5i.exe [2010-11-13 60416]
vb5rniy1.exe [2010-11-13 60416]
vvrhhdttpff.exe [2010-11-13 60416]
vwrhidtu.exe [2010-11-13 60416]
w1soojaavm.exe [2010-11-13 60416]
xc871fplg.exe [2010-11-13 60416]
y1uqqlccxo.exe [2010-11-13 60416]
c:\documents and settings\Kuba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
0zvqq6c.exe [2010-11-13 60416]
1ciy1kp.exe [2010-11-13 60416]
1j70qqg.exe [2010-11-13 60416]
1qwmhid.exe [2010-11-13 60416]
3gbrsnd.exe [2010-11-13 60416]
5si971f.exe [2010-11-13 60416]
60hc0je.exe [2010-11-13 60416]
70pfl66.exe [2010-11-13 60416]
871uvqq.exe [2010-11-13 60416]
9k1gcs0.exe [2010-11-13 60416]
cyytkkfwwr.exe [2010-11-13 60416]
e1awwriidu.exe [2010-11-13 60416]
ee6qq6cc6.exe [2010-11-13 60416]
g1cyytkk.exe [2010-11-13 60416]
jpplbbxx.exe [2010-11-13 60416]
kfl66c81.exe [2010-11-13 60416]
lbcxd870.exe [2010-11-13 60416]
m91i3jfabg.exe [2010-11-13 60416]
p0lq81cnojp.exe [2010-11-13 60416]
rx70tjp2vl.exe [2010-11-13 60416]
siojzavl.exe [2010-11-13 60416]
sytukglr5i.exe [2010-11-13 60416]
vb5rniy1.exe [2010-11-13 60416]
vvrhhdttpff.exe [2010-11-13 60416]
vwrhidtu.exe [2010-11-13 60416]
w1soojaavm.exe [2010-11-13 60416]
xc871fplg.exe [2010-11-13 60416]
y1uqqlccxo.exe [2010-11-13 60416]
c:\documents and settings\Kuba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
0zvqq6c.exe [2010-11-13 60416]
1ciy1kp.exe [2010-11-13 60416]
1j70qqg.exe [2010-11-13 60416]
1qwmhid.exe [2010-11-13 60416]
3gbrsnd.exe [2010-11-13 60416]
5si971f.exe [2010-11-13 60416]
60hc0je.exe [2010-11-13 60416]
70pfl66.exe [2010-11-13 60416]
871uvqq.exe [2010-11-13 60416]
9k1gcs0.exe [2010-11-13 60416]
cyytkkfwwr.exe [2010-11-13 60416]
e1awwriidu.exe [2010-11-13 60416]
ee6qq6cc6.exe [2010-11-13 60416]
g1cyytkk.exe [2010-11-13 60416]
jpplbbxx.exe [2010-11-13 60416]
kfl66c81.exe [2010-11-13 60416]
lbcxd870.exe [2010-11-13 60416]
m91i3jfabg.exe [2010-11-13 60416]
p0lq81cnojp.exe [2010-11-13 60416]
rx70tjp2vl.exe [2010-11-13 60416]
siojzavl.exe [2010-11-13 60416]
sytukglr5i.exe [2010-11-13 60416]
vb5rniy1.exe [2010-11-13 60416]
vvrhhdttpff.exe [2010-11-13 60416]
vwrhidtu.exe [2010-11-13 60416]
w1soojaavm.exe [2010-11-13 60416]
xc871fplg.exe [2010-11-13 60416]
y1uqqlccxo.exe [2010-11-13 60416]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 09:27 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AVerQuick.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\acerWireless]
2004-06-09 09:15 417792 ----a-w- c:\program files\acer\Wireless\Utility\wlanutil.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]
2005-01-31 06:05 253952 ----a-w- c:\program files\Atheros\ACU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-21 23:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-04-28 19:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp]
2004-10-15 09:31 356352 ----a-w- c:\program files\Intel\Wireless\Bin\EOUWiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
2010-01-27 01:07 256280 ----a-w- c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-10-27 12:20 133432 ----a-w- c:\program files\ICQ7.1\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2004-10-15 09:27 385024 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2005-09-05 09:43 319488 ----a-w- c:\program files\Launch Manager\QtZgAcer.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-03-29 13:24 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 08:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Pro Dispatcher v3]
2009-03-24 10:45 606208 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2010-04-13 20:02 3037696 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Documents and Settings\\Kuba\\Plocha\\P17535732.JPG-www.facebook.exe"= c:\\WINDOWS\\nvsvc32.exe
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-04-13 165456]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-04-13 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-04-13 17744]
R2 ei9owe4en5e847ai;Blue Coat K9 Web Protection;c:\windows\system32\rajequupe.exe --> c:\windows\system32\rajequupe.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-13 136176]
S3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\system32\drivers\averhbtv.sys [2010-04-14 302848]
S3 guogwjlu;guogwjlu;\??\c:\windows\System32\Drivers\guogwjlu.sys --> c:\windows\System32\Drivers\guogwjlu.sys [?]
S3 vkpollka;vkpollka;\??\c:\windows\System32\Drivers\vkpollka.sys --> c:\windows\System32\Drivers\vkpollka.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-13 20:11]
2010-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-13 20:11]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60446
IE: Crawler Search - tbr:iemenu
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/update ... 0.31.0.cab
FF - ProfilePath - c:\documents and settings\Kuba\Data aplikací\Mozilla\Firefox\Profiles\6un76x5m.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx? ... 60446&qkw=
FF - component: c:\documents and settings\Kuba\Data aplikací\Mozilla\Firefox\Profiles\6un76x5m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Crawler\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\firefox\components\xwsg.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-13 21:41
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-602162358-1547161642-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AAF5C051-4D4A-C0AC-1299-F96ABDD814D7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(956)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
- - - - - - - > 'explorer.exe'(3244)
c:\windows\system32\webcheck.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\windows\system32\acs.exe
c:\program files\Intel\Wireless\Bin\OProtSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2010-11-13 21:45:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-13 20:45
Před spuštěním: Volných bajtů: 28,066,783,232
Po spuštění: Volných bajtů: 28,032,462,848
- - End Of File - - 16D03F72E5332C405B3F290ABB5B9593
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.510.270 [GMT 1:00]
Spuštěný z: c:\documents and settings\Kuba\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Kuba\Dokumenty\cc_20101113_204302.reg
c:\documents and settings\Kuba\nivhit.exe
c:\documents and settings\Kuba\secupdat.dat
c:\documents and settings\Kuba\wrcblv.exe
c:\recycler\S-1-5-21-5833907845-5826113209-726411687-9283\yv8g67.exe
c:\windows\system32\kidassu.exe
c:\windows\system32\secupdat.dat
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-13 do 2010-11-13 )))))))))))))))))))))))))))))))
.
2010-11-13 15:23 . 2010-11-13 15:22 91136 --sh--r- c:\documents and settings\Kuba\Data aplikací\juzjf.exe
2010-11-13 15:22 . 2010-11-13 15:22 91136 ----a-w- C:\t6.exe
2010-10-28 14:18 . 2010-10-28 14:18 -------- d-sh--w- c:\documents and settings\Kuba\IECompatCache
2010-10-19 20:20 . 2010-10-19 20:20 -------- d-----w- c:\program files\Free MP3 Cutter
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-13 19:51 . 2010-11-13 19:52 201216 ----a-w- c:\windows\system32\kidassu.exe
2010-11-08 19:01 . 2010-04-13 21:12 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-11-08 19:00 . 2010-04-13 21:26 215016 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-11-08 19:00 . 2010-04-13 21:12 215016 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-28 15:08 . 2010-04-13 21:12 138056 ----a-w- c:\documents and settings\Kuba\Data aplikací\PnkBstrK.sys
2010-10-28 15:08 . 2010-04-13 21:12 138056 ----a-w- c:\documents and settings\Kuba\Data aplikací\PnkBstrK.sys
2010-10-28 15:08 . 2010-04-13 21:12 138056 ----a-w- c:\documents and settings\Kuba\Data aplikací\PnkBstrK.sys
2010-10-28 15:08 . 2010-04-13 21:12 138056 ----a-w- c:\documents and settings\Kuba\Data aplikací\PnkBstrK.sys
2010-10-28 15:07 . 2010-04-13 21:11 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-09-18 10:23 . 2001-10-25 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2001-10-25 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-10-25 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-10-25 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:52 . 2001-10-25 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2001-10-25 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2001-10-25 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:52 . 2001-10-25 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2001-10-25 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2001-10-25 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:54 . 2001-10-25 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2001-10-25 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2001-10-25 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2001-10-25 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2001-10-25 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 188416]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-24 2880512]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-04-13 2176512]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 356352]
"nossen"="c:\windows\system32\kidassu.exe" [2010-11-13 201216]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Kuba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
0zvqq6c.exe [2010-11-13 60416]
1ciy1kp.exe [2010-11-13 60416]
1j70qqg.exe [2010-11-13 60416]
1qwmhid.exe [2010-11-13 60416]
3gbrsnd.exe [2010-11-13 60416]
5si971f.exe [2010-11-13 60416]
60hc0je.exe [2010-11-13 60416]
70pfl66.exe [2010-11-13 60416]
871uvqq.exe [2010-11-13 60416]
9k1gcs0.exe [2010-11-13 60416]
cyytkkfwwr.exe [2010-11-13 60416]
e1awwriidu.exe [2010-11-13 60416]
ee6qq6cc6.exe [2010-11-13 60416]
g1cyytkk.exe [2010-11-13 60416]
jpplbbxx.exe [2010-11-13 60416]
kfl66c81.exe [2010-11-13 60416]
lbcxd870.exe [2010-11-13 60416]
m91i3jfabg.exe [2010-11-13 60416]
p0lq81cnojp.exe [2010-11-13 60416]
rx70tjp2vl.exe [2010-11-13 60416]
siojzavl.exe [2010-11-13 60416]
sytukglr5i.exe [2010-11-13 60416]
vb5rniy1.exe [2010-11-13 60416]
vvrhhdttpff.exe [2010-11-13 60416]
vwrhidtu.exe [2010-11-13 60416]
w1soojaavm.exe [2010-11-13 60416]
xc871fplg.exe [2010-11-13 60416]
y1uqqlccxo.exe [2010-11-13 60416]
c:\documents and settings\Kuba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
0zvqq6c.exe [2010-11-13 60416]
1ciy1kp.exe [2010-11-13 60416]
1j70qqg.exe [2010-11-13 60416]
1qwmhid.exe [2010-11-13 60416]
3gbrsnd.exe [2010-11-13 60416]
5si971f.exe [2010-11-13 60416]
60hc0je.exe [2010-11-13 60416]
70pfl66.exe [2010-11-13 60416]
871uvqq.exe [2010-11-13 60416]
9k1gcs0.exe [2010-11-13 60416]
cyytkkfwwr.exe [2010-11-13 60416]
e1awwriidu.exe [2010-11-13 60416]
ee6qq6cc6.exe [2010-11-13 60416]
g1cyytkk.exe [2010-11-13 60416]
jpplbbxx.exe [2010-11-13 60416]
kfl66c81.exe [2010-11-13 60416]
lbcxd870.exe [2010-11-13 60416]
m91i3jfabg.exe [2010-11-13 60416]
p0lq81cnojp.exe [2010-11-13 60416]
rx70tjp2vl.exe [2010-11-13 60416]
siojzavl.exe [2010-11-13 60416]
sytukglr5i.exe [2010-11-13 60416]
vb5rniy1.exe [2010-11-13 60416]
vvrhhdttpff.exe [2010-11-13 60416]
vwrhidtu.exe [2010-11-13 60416]
w1soojaavm.exe [2010-11-13 60416]
xc871fplg.exe [2010-11-13 60416]
y1uqqlccxo.exe [2010-11-13 60416]
c:\documents and settings\Kuba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
0zvqq6c.exe [2010-11-13 60416]
1ciy1kp.exe [2010-11-13 60416]
1j70qqg.exe [2010-11-13 60416]
1qwmhid.exe [2010-11-13 60416]
3gbrsnd.exe [2010-11-13 60416]
5si971f.exe [2010-11-13 60416]
60hc0je.exe [2010-11-13 60416]
70pfl66.exe [2010-11-13 60416]
871uvqq.exe [2010-11-13 60416]
9k1gcs0.exe [2010-11-13 60416]
cyytkkfwwr.exe [2010-11-13 60416]
e1awwriidu.exe [2010-11-13 60416]
ee6qq6cc6.exe [2010-11-13 60416]
g1cyytkk.exe [2010-11-13 60416]
jpplbbxx.exe [2010-11-13 60416]
kfl66c81.exe [2010-11-13 60416]
lbcxd870.exe [2010-11-13 60416]
m91i3jfabg.exe [2010-11-13 60416]
p0lq81cnojp.exe [2010-11-13 60416]
rx70tjp2vl.exe [2010-11-13 60416]
siojzavl.exe [2010-11-13 60416]
sytukglr5i.exe [2010-11-13 60416]
vb5rniy1.exe [2010-11-13 60416]
vvrhhdttpff.exe [2010-11-13 60416]
vwrhidtu.exe [2010-11-13 60416]
w1soojaavm.exe [2010-11-13 60416]
xc871fplg.exe [2010-11-13 60416]
y1uqqlccxo.exe [2010-11-13 60416]
c:\documents and settings\Kuba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
0zvqq6c.exe [2010-11-13 60416]
1ciy1kp.exe [2010-11-13 60416]
1j70qqg.exe [2010-11-13 60416]
1qwmhid.exe [2010-11-13 60416]
3gbrsnd.exe [2010-11-13 60416]
5si971f.exe [2010-11-13 60416]
60hc0je.exe [2010-11-13 60416]
70pfl66.exe [2010-11-13 60416]
871uvqq.exe [2010-11-13 60416]
9k1gcs0.exe [2010-11-13 60416]
cyytkkfwwr.exe [2010-11-13 60416]
e1awwriidu.exe [2010-11-13 60416]
ee6qq6cc6.exe [2010-11-13 60416]
g1cyytkk.exe [2010-11-13 60416]
jpplbbxx.exe [2010-11-13 60416]
kfl66c81.exe [2010-11-13 60416]
lbcxd870.exe [2010-11-13 60416]
m91i3jfabg.exe [2010-11-13 60416]
p0lq81cnojp.exe [2010-11-13 60416]
rx70tjp2vl.exe [2010-11-13 60416]
siojzavl.exe [2010-11-13 60416]
sytukglr5i.exe [2010-11-13 60416]
vb5rniy1.exe [2010-11-13 60416]
vvrhhdttpff.exe [2010-11-13 60416]
vwrhidtu.exe [2010-11-13 60416]
w1soojaavm.exe [2010-11-13 60416]
xc871fplg.exe [2010-11-13 60416]
y1uqqlccxo.exe [2010-11-13 60416]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 09:27 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AVerQuick.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\acerWireless]
2004-06-09 09:15 417792 ----a-w- c:\program files\acer\Wireless\Utility\wlanutil.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]
2005-01-31 06:05 253952 ----a-w- c:\program files\Atheros\ACU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-21 23:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-04-28 19:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp]
2004-10-15 09:31 356352 ----a-w- c:\program files\Intel\Wireless\Bin\EOUWiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
2010-01-27 01:07 256280 ----a-w- c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-10-27 12:20 133432 ----a-w- c:\program files\ICQ7.1\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2004-10-15 09:27 385024 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2005-09-05 09:43 319488 ----a-w- c:\program files\Launch Manager\QtZgAcer.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-03-29 13:24 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 08:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Pro Dispatcher v3]
2009-03-24 10:45 606208 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2010-04-13 20:02 3037696 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Documents and Settings\\Kuba\\Plocha\\P17535732.JPG-www.facebook.exe"= c:\\WINDOWS\\nvsvc32.exe
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-04-13 165456]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-04-13 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-04-13 17744]
R2 ei9owe4en5e847ai;Blue Coat K9 Web Protection;c:\windows\system32\rajequupe.exe --> c:\windows\system32\rajequupe.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-13 136176]
S3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\system32\drivers\averhbtv.sys [2010-04-14 302848]
S3 guogwjlu;guogwjlu;\??\c:\windows\System32\Drivers\guogwjlu.sys --> c:\windows\System32\Drivers\guogwjlu.sys [?]
S3 vkpollka;vkpollka;\??\c:\windows\System32\Drivers\vkpollka.sys --> c:\windows\System32\Drivers\vkpollka.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-13 20:11]
2010-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-13 20:11]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60446
IE: Crawler Search - tbr:iemenu
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/update ... 0.31.0.cab
FF - ProfilePath - c:\documents and settings\Kuba\Data aplikací\Mozilla\Firefox\Profiles\6un76x5m.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx? ... 60446&qkw=
FF - component: c:\documents and settings\Kuba\Data aplikací\Mozilla\Firefox\Profiles\6un76x5m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Crawler\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\firefox\components\xwsg.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-13 21:41
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-602162358-1547161642-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AAF5C051-4D4A-C0AC-1299-F96ABDD814D7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(956)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
- - - - - - - > 'explorer.exe'(3244)
c:\windows\system32\webcheck.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\windows\system32\acs.exe
c:\program files\Intel\Wireless\Bin\OProtSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2010-11-13 21:45:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-13 20:45
Před spuštěním: Volných bajtů: 28,066,783,232
Po spuštění: Volných bajtů: 28,032,462,848
- - End Of File - - 16D03F72E5332C405B3F290ABB5B9593
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vir
Asi takhle. Máte toho tam víc než dost, než bych sestavil skript, trvalo by to nejméně hodinu. Udělejte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 a dejte log. Doufejme, že něco smaže. Pak znovu ComboFix a další log.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vir
Takže AVPTool jsem udělal, asi 4x se to přerušilo a smazal se vždy nějaký trojan, pak se restartoval PC a pokračoval jsem v kontrole. Tady jsou logy z těch přerušní a celkový:
2010-11-14 07:19 Úloha byla spuštěna
2010-11-14 07:19 Zjištěno: Trojan-Downloader.Win32.FraudLoad.xzit C:\WINDOWS\System32\kidassu.exe
2010-11-14 07:19 Bude odstraněno při restartování systému: Trojan-Downloader.Win32.FraudLoad.xzit C:\WINDOWS\System32\kidassu.exe
2010-11-14 07:22 Zjištěno: Trojan.Win32.Inject.awxz C:\Documents and Settings\Kuba\Plocha\P17535732.JPG-www.facebook.exe
2010-11-14 07:22 Odstraněno: Trojan.Win32.Inject.awxz C:\Documents and Settings\Kuba\Plocha\P17535732.JPG-www.facebook.exe
2010-11-14 07:22 Odstraněno: Trojan.Win32.Inject.awxz C:\Documents and Settings\Kuba\Plocha\P17535732.JPG-www.facebook.exe
2010-11-14 07:22 Zjištěno: Trojan-Downloader.Win32.Refroso.bsq C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\0zvqq6c.exe
2010-11-14 07:23 Odstraněno: Trojan-Downloader.Win32.Refroso.bsq C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\0zvqq6c.exe
2010-11-14 07:23 Odstraněno: Trojan-Downloader.Win32.Refroso.bsq C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\0zvqq6c.exe
2010-11-14 07:23 Zjištěno: Trojan-Downloader.Win32.Refroso.bsq C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\1j70qqg.exe
2010-11-14 07:23 Odstraněno: Trojan-Downloader.Win32.Refroso.bsq C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\1j70qqg.exe
2010-11-14 07:23 Odstraněno: Trojan-Downloader.Win32.Refroso.bsq C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\1j70qqg.exe
2010-11-14 07:23 Zjištěno: Trojan-Downloader.Win32.Refroso.btw C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\1qwmhid.exe
2010-11-14 07:23 Odstraněno: Trojan-Downloader.Win32.Refroso.btw C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\1qwmhid.exe
2010-11-14 07:23 Odstraněno: Trojan-Downloader.Win32.Refroso.btw C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\1qwmhid.exe
2010-11-14 07:23 Zjištěno: Trojan-Downloader.Win32.Refroso.bsk C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\3gbrsnd.exe
2010-11-14 07:23 Odstraněno: Trojan-Downloader.Win32.Refroso.bsk C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\3gbrsnd.exe
2010-11-14 07:23 Odstraněno: Trojan-Downloader.Win32.Refroso.bsk C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\3gbrsnd.exe
2010-11-14 07:23 Zjištěno: Trojan-Downloader.Win32.Refroso.bsk C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\5si971f.exe
2010-11-14 07:23 Odstraněno: Trojan-Downloader.Win32.Refroso.bsk C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\5si971f.exe
2010-11-14 07:23 Odstraněno: Trojan-Downloader.Win32.Refroso.bsk C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\5si971f.exe
2010-11-14 07:23 Zjištěno: Trojan-Downloader.Win32.Refroso.btw C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\871uvqq.exe
2010-11-14 07:23 Odstraněno: Trojan-Downloader.Win32.Refroso.btw C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\871uvqq.exe
2010-11-14 07:23 Odstraněno: Trojan-Downloader.Win32.Refroso.btw C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\871uvqq.exe
2010-11-14 07:24 Úloha byla dokončena
--------------------------------------------------------------------------------------
2010-11-14 07:34 Úloha byla spuštěna
2010-11-14 07:34 Zjištěno: Trojan-Downloader.Win32.Refroso.btv C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\9k1gcs0.exe
2010-11-14 07:35 Odstraněno: Trojan-Downloader.Win32.Refroso.btv C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\9k1gcs0.exe
2010-11-14 07:37 Úloha byla dokončena
----------------------------------------------------------------------------------------
2010-11-14 07:43 Úloha byla spuštěna
2010-11-14 07:43 Zjištěno: Trojan-Downloader.Win32.Refroso.bsr c:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\p0lq81cnojp.exe
2010-11-14 07:43 Odstraněno: Trojan-Downloader.Win32.Refroso.bsr c:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\p0lq81cnojp.exe
2010-11-14 07:45 Úloha byla dokončena
------------------------------------------------------------------------------
2010-11-14 07:51 Úloha byla spuštěna
2010-11-14 07:51 Zjištěno: Trojan-Downloader.Win32.Refroso.bss c:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\sytukglr5i.exe
2010-11-14 07:51 Odstraněno: Trojan-Downloader.Win32.Refroso.bss c:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\sytukglr5i.exe
2010-11-14 07:53 Úloha byla dokončena
------------------------------------------------------------------------------
2010-11-14 07:29 Úloha byla spuštěna
2010-11-14 07:34 Zjištěno: Trojan-Downloader.Win32.Refroso.btv C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\9k1gcs0.exe
2010-11-14 07:34 Zjištěno: Trojan-Downloader.Win32.Refroso.btu C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\jpplbbxx.exe
2010-11-14 07:34 Zjištěno: Trojan-Downloader.Win32.Refroso.bss C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\kfl66c81.exe
2010-11-14 07:34 Úloha byla zastavena
2010-11-14 07:41 Úloha byla spuštěna
2010-11-14 07:42 Zjištěno: Trojan-Downloader.Win32.Refroso.btv C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\m91i3jfabg.exe
2010-11-14 07:42 Zjištěno: Trojan-Downloader.Win32.Refroso.btu C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\rx70tjp2vl.exe
2010-11-14 07:42 Zjištěno: Trojan-Downloader.Win32.Refroso.bsr C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\p0lq81cnojp.exe
2010-11-14 07:43 Úloha byla zastavena
2010-11-14 07:49 Úloha byla spuštěna
2010-11-14 07:50 Zjištěno: Trojan-Downloader.Win32.Refroso.bss c:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\sytukglr5i.exe
2010-11-14 07:50 Zjištěno: Trojan-Downloader.Win32.Refroso.bss c:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\xc871fplg.exe
2010-11-14 07:50 Zjištěno: Trojan-Downloader.Win32.Refroso.bsq c:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\y1uqqlccxo.exe
2010-11-14 07:51 Úloha byla zastavena
2010-11-14 07:57 Úloha byla spuštěna
2010-11-14 08:10 Zjištěno: Backdoor.Win32.Inject.gpm C:\Qoobox\Quarantine\C\Documents and Settings\Kuba\wrcblv.exe.vir/UPX
2010-11-14 08:10 Zjištěno: Backdoor.Win32.Inject.gpm C:\Qoobox\Quarantine\C\Documents and Settings\Kuba\nivhit.exe.vir/UPX
2010-11-14 08:10 Zjištěno: Backdoor.Win32.Cetorp.p C:\Qoobox\Quarantine\C\Documents and Settings\Kuba\secupdat.dat.vir/PE-Crypt.XorPE
2010-11-14 08:10 Odstraněno: Backdoor.Win32.Cetorp.p C:\Qoobox\Quarantine\C\Documents and Settings\Kuba\secupdat.dat.vir
2010-11-14 08:10 Zjištěno: Trojan.Win32.VBKrypt.unf C:\Qoobox\Quarantine\C\RECYCLER\S-1-5-21-5833907845-5826113209-726411687-9283\yv8g67.exe.vir
2010-11-14 08:10 Odstraněno: Backdoor.Win32.Inject.gpm C:\Qoobox\Quarantine\C\Documents and Settings\Kuba\nivhit.exe.vir
2010-11-14 08:10 Zjištěno: Trojan.Win32.Inject.awxz C:\Qoobox\Quarantine\C\WINDOWS\nvsvc32.exe.vir
2010-11-14 08:10 Odstraněno: Backdoor.Win32.Inject.gpm C:\Qoobox\Quarantine\C\Documents and Settings\Kuba\wrcblv.exe.vir
2010-11-14 08:10 Zjištěno: Trojan-Downloader.Win32.FraudLoad.xzit C:\Qoobox\Quarantine\C\WINDOWS\system32\kidassu.exe.vir
2010-11-14 08:11 Odstraněno: Trojan.Win32.VBKrypt.unf C:\Qoobox\Quarantine\C\RECYCLER\S-1-5-21-5833907845-5826113209-726411687-9283\yv8g67.exe.vir
2010-11-14 08:11 Zjištěno: Backdoor.Win32.Cetorp.p C:\Qoobox\Quarantine\C\WINDOWS\system32\secupdat.dat.vir/PE-Crypt.XorPE
2010-11-14 08:11 Odstraněno: Trojan.Win32.Inject.awxz C:\Qoobox\Quarantine\C\WINDOWS\nvsvc32.exe.vir
2010-11-14 08:11 Odstraněno: Trojan-Downloader.Win32.FraudLoad.xzit C:\Qoobox\Quarantine\C\WINDOWS\system32\kidassu.exe.vir
2010-11-14 08:11 Odstraněno: Backdoor.Win32.Cetorp.p C:\Qoobox\Quarantine\C\WINDOWS\system32\secupdat.dat.vir
2010-11-14 08:27 Úloha byla dokončena
----------------------------------------------------------------
A log z ComboFixu:
ComboFix 10-11-12.06 - Kuba 2010-11-14 8:32.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.510.246 [GMT 1:00]
Spuštěný z: c:\documents and settings\Kuba\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-14 do 2010-11-14 )))))))))))))))))))))))))))))))
.
2010-11-13 22:33 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\79658892.sys
2010-11-13 22:33 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\7965889.sys
2010-11-13 22:33 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\79658891.sys
2010-11-13 22:33 . 2010-11-14 06:25 -------- d-----w- c:\program files\Virus Removal Tool
2010-11-13 19:29 . 2010-11-13 19:29 -------- d--h--w- c:\windows\PIF
2010-11-13 19:18 . 2010-11-13 19:59 -------- d-----w- c:\program files\trend micro
2010-11-13 19:18 . 2010-11-13 19:18 -------- d-----w- C:\rsit
2010-11-13 15:23 . 2010-11-13 15:22 91136 --sh--r- c:\documents and settings\Kuba\Data aplikací\juzjf.exe
2010-11-13 15:22 . 2010-11-13 15:22 91136 ----a-w- C:\t6.exe
2010-10-28 14:18 . 2010-10-28 14:18 -------- d-sh--w- c:\documents and settings\Kuba\IECompatCache
2010-10-19 20:20 . 2010-10-19 20:20 -------- d-----w- c:\program files\Free MP3 Cutter
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-08 19:01 . 2010-04-13 21:12 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-11-08 19:00 . 2010-04-13 21:26 215016 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-11-08 19:00 . 2010-04-13 21:12 215016 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-28 15:08 . 2010-04-13 21:12 138056 ----a-w- c:\documents and settings\Kuba\Data aplikací\PnkBstrK.sys
2010-10-28 15:08 . 2010-04-13 21:12 138056 ----a-w- c:\documents and settings\Kuba\Data aplikací\PnkBstrK.sys
2010-10-28 15:08 . 2010-04-13 21:12 138056 ----a-w- c:\documents and settings\Kuba\Data aplikací\PnkBstrK.sys
2010-10-28 15:08 . 2010-04-13 21:12 138056 ----a-w- c:\documents and settings\Kuba\Data aplikací\PnkBstrK.sys
2010-10-28 15:07 . 2010-04-13 21:11 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-09-18 10:23 . 2001-10-25 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2001-10-25 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-10-25 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-10-25 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:52 . 2001-10-25 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2001-10-25 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2001-10-25 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:52 . 2001-10-25 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2001-10-25 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2001-10-25 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:54 . 2001-10-25 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2001-10-25 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2001-10-25 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2001-10-25 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2001-10-25 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 188416]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-24 2880512]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-04-13 2176512]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 356352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Kuba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
1ciy1kp.exe [2010-11-13 60416]
60hc0je.exe [2010-11-13 60416]
70pfl66.exe [2010-11-13 60416]
cyytkkfwwr.exe [2010-11-13 60416]
e1awwriidu.exe [2010-11-13 60416]
ee6qq6cc6.exe [2010-11-13 60416]
g1cyytkk.exe [2010-11-13 60416]
lbcxd870.exe [2010-11-13 60416]
setup_9.0.0.722_14.11.2010_00-18.lnk - c:\program files\Virus Removal Tool\setup_9.0.0.722_14.11.2010_00-18\startup.exe [2010-11-13 72208]
siojzavl.exe [2010-11-13 60416]
vb5rniy1.exe [2010-11-13 60416]
vvrhhdttpff.exe [2010-11-13 60416]
vwrhidtu.exe [2010-11-13 60416]
w1soojaavm.exe [2010-11-13 60416]
c:\documents and settings\Kuba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
1ciy1kp.exe [2010-11-13 60416]
60hc0je.exe [2010-11-13 60416]
70pfl66.exe [2010-11-13 60416]
cyytkkfwwr.exe [2010-11-13 60416]
e1awwriidu.exe [2010-11-13 60416]
ee6qq6cc6.exe [2010-11-13 60416]
g1cyytkk.exe [2010-11-13 60416]
lbcxd870.exe [2010-11-13 60416]
setup_9.0.0.722_14.11.2010_00-18.lnk - c:\program files\Virus Removal Tool\setup_9.0.0.722_14.11.2010_00-18\startup.exe [2010-11-13 72208]
siojzavl.exe [2010-11-13 60416]
vb5rniy1.exe [2010-11-13 60416]
vvrhhdttpff.exe [2010-11-13 60416]
vwrhidtu.exe [2010-11-13 60416]
w1soojaavm.exe [2010-11-13 60416]
c:\documents and settings\Kuba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
1ciy1kp.exe [2010-11-13 60416]
60hc0je.exe [2010-11-13 60416]
70pfl66.exe [2010-11-13 60416]
cyytkkfwwr.exe [2010-11-13 60416]
e1awwriidu.exe [2010-11-13 60416]
ee6qq6cc6.exe [2010-11-13 60416]
g1cyytkk.exe [2010-11-13 60416]
lbcxd870.exe [2010-11-13 60416]
setup_9.0.0.722_14.11.2010_00-18.lnk - c:\program files\Virus Removal Tool\setup_9.0.0.722_14.11.2010_00-18\startup.exe [2010-11-13 72208]
siojzavl.exe [2010-11-13 60416]
vb5rniy1.exe [2010-11-13 60416]
vvrhhdttpff.exe [2010-11-13 60416]
vwrhidtu.exe [2010-11-13 60416]
w1soojaavm.exe [2010-11-13 60416]
c:\documents and settings\Kuba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
1ciy1kp.exe [2010-11-13 60416]
60hc0je.exe [2010-11-13 60416]
70pfl66.exe [2010-11-13 60416]
cyytkkfwwr.exe [2010-11-13 60416]
e1awwriidu.exe [2010-11-13 60416]
ee6qq6cc6.exe [2010-11-13 60416]
g1cyytkk.exe [2010-11-13 60416]
lbcxd870.exe [2010-11-13 60416]
setup_9.0.0.722_14.11.2010_00-18.lnk - c:\program files\Virus Removal Tool\setup_9.0.0.722_14.11.2010_00-18\startup.exe [2010-11-13 72208]
siojzavl.exe [2010-11-13 60416]
vb5rniy1.exe [2010-11-13 60416]
vvrhhdttpff.exe [2010-11-13 60416]
vwrhidtu.exe [2010-11-13 60416]
w1soojaavm.exe [2010-11-13 60416]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 09:27 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AVerQuick.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\acerWireless]
2004-06-09 09:15 417792 ----a-w- c:\program files\acer\Wireless\Utility\wlanutil.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]
2005-01-31 06:05 253952 ----a-w- c:\program files\Atheros\ACU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-21 23:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-04-28 19:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp]
2004-10-15 09:31 356352 ----a-w- c:\program files\Intel\Wireless\Bin\EOUWiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
2010-01-27 01:07 256280 ----a-w- c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-10-27 12:20 133432 ----a-w- c:\program files\ICQ7.1\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2004-10-15 09:27 385024 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2005-09-05 09:43 319488 ----a-w- c:\program files\Launch Manager\QtZgAcer.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-03-29 13:24 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 08:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Pro Dispatcher v3]
2009-03-24 10:45 606208 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2010-04-13 20:02 3037696 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
R0 79658892;79658892 Boot Guard Driver;c:\windows\system32\drivers\79658892.sys [2010-11-13 37392]
R1 79658891;79658891;c:\windows\system32\drivers\79658891.sys [2010-11-13 128016]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-04-13 165456]
R1 setup_9.0.0.722_14.11.2010_00-18drv;setup_9.0.0.722_14.11.2010_00-18drv;c:\windows\system32\drivers\7965889.sys [2010-11-13 315408]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-04-13 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-04-13 17744]
S2 ei9owe4en5e847ai;Blue Coat K9 Web Protection;c:\windows\system32\rajequupe.exe --> c:\windows\system32\rajequupe.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-13 136176]
S3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\system32\drivers\averhbtv.sys [2010-04-14 302848]
S3 guogwjlu;guogwjlu;\??\c:\windows\System32\Drivers\guogwjlu.sys --> c:\windows\System32\Drivers\guogwjlu.sys [?]
S3 vkpollka;vkpollka;\??\c:\windows\System32\Drivers\vkpollka.sys --> c:\windows\System32\Drivers\vkpollka.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-13 20:11]
2010-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-13 20:11]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60446
IE: Crawler Search - tbr:iemenu
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/update ... 0.31.0.cab
FF - ProfilePath - c:\documents and settings\Kuba\Data aplikací\Mozilla\Firefox\Profiles\6un76x5m.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx? ... 60446&qkw=
FF - component: c:\documents and settings\Kuba\Data aplikací\Mozilla\Firefox\Profiles\6un76x5m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Crawler\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\firefox\components\xwsg.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-14 08:37
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-602162358-1547161642-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AAF5C051-4D4A-C0AC-1299-F96ABDD814D7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(964)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
- - - - - - - > 'explorer.exe'(3488)
c:\windows\system32\webcheck.dll
.
Celkový čas: 2010-11-14 08:40:07
ComboFix-quarantined-files.txt 2010-11-14 07:40
ComboFix2.txt 2010-11-13 20:45
Před spuštěním: Volných bajtů: 28,905,930,752
Po spuštění: Volných bajtů: 28,898,861,056
- - End Of File - - E4AD76A7A174078A806AE7171B5B891B
2010-11-14 07:19 Úloha byla spuštěna
2010-11-14 07:19 Zjištěno: Trojan-Downloader.Win32.FraudLoad.xzit C:\WINDOWS\System32\kidassu.exe
2010-11-14 07:19 Bude odstraněno při restartování systému: Trojan-Downloader.Win32.FraudLoad.xzit C:\WINDOWS\System32\kidassu.exe
2010-11-14 07:22 Zjištěno: Trojan.Win32.Inject.awxz C:\Documents and Settings\Kuba\Plocha\P17535732.JPG-www.facebook.exe
2010-11-14 07:22 Odstraněno: Trojan.Win32.Inject.awxz C:\Documents and Settings\Kuba\Plocha\P17535732.JPG-www.facebook.exe
2010-11-14 07:22 Odstraněno: Trojan.Win32.Inject.awxz C:\Documents and Settings\Kuba\Plocha\P17535732.JPG-www.facebook.exe
2010-11-14 07:22 Zjištěno: Trojan-Downloader.Win32.Refroso.bsq C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\0zvqq6c.exe
2010-11-14 07:23 Odstraněno: Trojan-Downloader.Win32.Refroso.bsq C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\0zvqq6c.exe
2010-11-14 07:23 Odstraněno: Trojan-Downloader.Win32.Refroso.bsq C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\0zvqq6c.exe
2010-11-14 07:23 Zjištěno: Trojan-Downloader.Win32.Refroso.bsq C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\1j70qqg.exe
2010-11-14 07:23 Odstraněno: Trojan-Downloader.Win32.Refroso.bsq C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\1j70qqg.exe
2010-11-14 07:23 Odstraněno: Trojan-Downloader.Win32.Refroso.bsq C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\1j70qqg.exe
2010-11-14 07:23 Zjištěno: Trojan-Downloader.Win32.Refroso.btw C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\1qwmhid.exe
2010-11-14 07:23 Odstraněno: Trojan-Downloader.Win32.Refroso.btw C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\1qwmhid.exe
2010-11-14 07:23 Odstraněno: Trojan-Downloader.Win32.Refroso.btw C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\1qwmhid.exe
2010-11-14 07:23 Zjištěno: Trojan-Downloader.Win32.Refroso.bsk C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\3gbrsnd.exe
2010-11-14 07:23 Odstraněno: Trojan-Downloader.Win32.Refroso.bsk C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\3gbrsnd.exe
2010-11-14 07:23 Odstraněno: Trojan-Downloader.Win32.Refroso.bsk C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\3gbrsnd.exe
2010-11-14 07:23 Zjištěno: Trojan-Downloader.Win32.Refroso.bsk C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\5si971f.exe
2010-11-14 07:23 Odstraněno: Trojan-Downloader.Win32.Refroso.bsk C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\5si971f.exe
2010-11-14 07:23 Odstraněno: Trojan-Downloader.Win32.Refroso.bsk C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\5si971f.exe
2010-11-14 07:23 Zjištěno: Trojan-Downloader.Win32.Refroso.btw C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\871uvqq.exe
2010-11-14 07:23 Odstraněno: Trojan-Downloader.Win32.Refroso.btw C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\871uvqq.exe
2010-11-14 07:23 Odstraněno: Trojan-Downloader.Win32.Refroso.btw C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\871uvqq.exe
2010-11-14 07:24 Úloha byla dokončena
--------------------------------------------------------------------------------------
2010-11-14 07:34 Úloha byla spuštěna
2010-11-14 07:34 Zjištěno: Trojan-Downloader.Win32.Refroso.btv C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\9k1gcs0.exe
2010-11-14 07:35 Odstraněno: Trojan-Downloader.Win32.Refroso.btv C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\9k1gcs0.exe
2010-11-14 07:37 Úloha byla dokončena
----------------------------------------------------------------------------------------
2010-11-14 07:43 Úloha byla spuštěna
2010-11-14 07:43 Zjištěno: Trojan-Downloader.Win32.Refroso.bsr c:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\p0lq81cnojp.exe
2010-11-14 07:43 Odstraněno: Trojan-Downloader.Win32.Refroso.bsr c:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\p0lq81cnojp.exe
2010-11-14 07:45 Úloha byla dokončena
------------------------------------------------------------------------------
2010-11-14 07:51 Úloha byla spuštěna
2010-11-14 07:51 Zjištěno: Trojan-Downloader.Win32.Refroso.bss c:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\sytukglr5i.exe
2010-11-14 07:51 Odstraněno: Trojan-Downloader.Win32.Refroso.bss c:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\sytukglr5i.exe
2010-11-14 07:53 Úloha byla dokončena
------------------------------------------------------------------------------
2010-11-14 07:29 Úloha byla spuštěna
2010-11-14 07:34 Zjištěno: Trojan-Downloader.Win32.Refroso.btv C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\9k1gcs0.exe
2010-11-14 07:34 Zjištěno: Trojan-Downloader.Win32.Refroso.btu C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\jpplbbxx.exe
2010-11-14 07:34 Zjištěno: Trojan-Downloader.Win32.Refroso.bss C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\kfl66c81.exe
2010-11-14 07:34 Úloha byla zastavena
2010-11-14 07:41 Úloha byla spuštěna
2010-11-14 07:42 Zjištěno: Trojan-Downloader.Win32.Refroso.btv C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\m91i3jfabg.exe
2010-11-14 07:42 Zjištěno: Trojan-Downloader.Win32.Refroso.btu C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\rx70tjp2vl.exe
2010-11-14 07:42 Zjištěno: Trojan-Downloader.Win32.Refroso.bsr C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\p0lq81cnojp.exe
2010-11-14 07:43 Úloha byla zastavena
2010-11-14 07:49 Úloha byla spuštěna
2010-11-14 07:50 Zjištěno: Trojan-Downloader.Win32.Refroso.bss c:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\sytukglr5i.exe
2010-11-14 07:50 Zjištěno: Trojan-Downloader.Win32.Refroso.bss c:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\xc871fplg.exe
2010-11-14 07:50 Zjištěno: Trojan-Downloader.Win32.Refroso.bsq c:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění\y1uqqlccxo.exe
2010-11-14 07:51 Úloha byla zastavena
2010-11-14 07:57 Úloha byla spuštěna
2010-11-14 08:10 Zjištěno: Backdoor.Win32.Inject.gpm C:\Qoobox\Quarantine\C\Documents and Settings\Kuba\wrcblv.exe.vir/UPX
2010-11-14 08:10 Zjištěno: Backdoor.Win32.Inject.gpm C:\Qoobox\Quarantine\C\Documents and Settings\Kuba\nivhit.exe.vir/UPX
2010-11-14 08:10 Zjištěno: Backdoor.Win32.Cetorp.p C:\Qoobox\Quarantine\C\Documents and Settings\Kuba\secupdat.dat.vir/PE-Crypt.XorPE
2010-11-14 08:10 Odstraněno: Backdoor.Win32.Cetorp.p C:\Qoobox\Quarantine\C\Documents and Settings\Kuba\secupdat.dat.vir
2010-11-14 08:10 Zjištěno: Trojan.Win32.VBKrypt.unf C:\Qoobox\Quarantine\C\RECYCLER\S-1-5-21-5833907845-5826113209-726411687-9283\yv8g67.exe.vir
2010-11-14 08:10 Odstraněno: Backdoor.Win32.Inject.gpm C:\Qoobox\Quarantine\C\Documents and Settings\Kuba\nivhit.exe.vir
2010-11-14 08:10 Zjištěno: Trojan.Win32.Inject.awxz C:\Qoobox\Quarantine\C\WINDOWS\nvsvc32.exe.vir
2010-11-14 08:10 Odstraněno: Backdoor.Win32.Inject.gpm C:\Qoobox\Quarantine\C\Documents and Settings\Kuba\wrcblv.exe.vir
2010-11-14 08:10 Zjištěno: Trojan-Downloader.Win32.FraudLoad.xzit C:\Qoobox\Quarantine\C\WINDOWS\system32\kidassu.exe.vir
2010-11-14 08:11 Odstraněno: Trojan.Win32.VBKrypt.unf C:\Qoobox\Quarantine\C\RECYCLER\S-1-5-21-5833907845-5826113209-726411687-9283\yv8g67.exe.vir
2010-11-14 08:11 Zjištěno: Backdoor.Win32.Cetorp.p C:\Qoobox\Quarantine\C\WINDOWS\system32\secupdat.dat.vir/PE-Crypt.XorPE
2010-11-14 08:11 Odstraněno: Trojan.Win32.Inject.awxz C:\Qoobox\Quarantine\C\WINDOWS\nvsvc32.exe.vir
2010-11-14 08:11 Odstraněno: Trojan-Downloader.Win32.FraudLoad.xzit C:\Qoobox\Quarantine\C\WINDOWS\system32\kidassu.exe.vir
2010-11-14 08:11 Odstraněno: Backdoor.Win32.Cetorp.p C:\Qoobox\Quarantine\C\WINDOWS\system32\secupdat.dat.vir
2010-11-14 08:27 Úloha byla dokončena
----------------------------------------------------------------
A log z ComboFixu:
ComboFix 10-11-12.06 - Kuba 2010-11-14 8:32.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.510.246 [GMT 1:00]
Spuštěný z: c:\documents and settings\Kuba\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-14 do 2010-11-14 )))))))))))))))))))))))))))))))
.
2010-11-13 22:33 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\79658892.sys
2010-11-13 22:33 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\7965889.sys
2010-11-13 22:33 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\79658891.sys
2010-11-13 22:33 . 2010-11-14 06:25 -------- d-----w- c:\program files\Virus Removal Tool
2010-11-13 19:29 . 2010-11-13 19:29 -------- d--h--w- c:\windows\PIF
2010-11-13 19:18 . 2010-11-13 19:59 -------- d-----w- c:\program files\trend micro
2010-11-13 19:18 . 2010-11-13 19:18 -------- d-----w- C:\rsit
2010-11-13 15:23 . 2010-11-13 15:22 91136 --sh--r- c:\documents and settings\Kuba\Data aplikací\juzjf.exe
2010-11-13 15:22 . 2010-11-13 15:22 91136 ----a-w- C:\t6.exe
2010-10-28 14:18 . 2010-10-28 14:18 -------- d-sh--w- c:\documents and settings\Kuba\IECompatCache
2010-10-19 20:20 . 2010-10-19 20:20 -------- d-----w- c:\program files\Free MP3 Cutter
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-08 19:01 . 2010-04-13 21:12 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-11-08 19:00 . 2010-04-13 21:26 215016 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-11-08 19:00 . 2010-04-13 21:12 215016 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-28 15:08 . 2010-04-13 21:12 138056 ----a-w- c:\documents and settings\Kuba\Data aplikací\PnkBstrK.sys
2010-10-28 15:08 . 2010-04-13 21:12 138056 ----a-w- c:\documents and settings\Kuba\Data aplikací\PnkBstrK.sys
2010-10-28 15:08 . 2010-04-13 21:12 138056 ----a-w- c:\documents and settings\Kuba\Data aplikací\PnkBstrK.sys
2010-10-28 15:08 . 2010-04-13 21:12 138056 ----a-w- c:\documents and settings\Kuba\Data aplikací\PnkBstrK.sys
2010-10-28 15:07 . 2010-04-13 21:11 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-09-18 10:23 . 2001-10-25 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2001-10-25 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-10-25 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-10-25 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:52 . 2001-10-25 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2001-10-25 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2001-10-25 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:52 . 2001-10-25 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2001-10-25 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2001-10-25 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:54 . 2001-10-25 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2001-10-25 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2001-10-25 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2001-10-25 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2001-10-25 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 188416]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-24 2880512]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-04-13 2176512]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 356352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Kuba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
1ciy1kp.exe [2010-11-13 60416]
60hc0je.exe [2010-11-13 60416]
70pfl66.exe [2010-11-13 60416]
cyytkkfwwr.exe [2010-11-13 60416]
e1awwriidu.exe [2010-11-13 60416]
ee6qq6cc6.exe [2010-11-13 60416]
g1cyytkk.exe [2010-11-13 60416]
lbcxd870.exe [2010-11-13 60416]
setup_9.0.0.722_14.11.2010_00-18.lnk - c:\program files\Virus Removal Tool\setup_9.0.0.722_14.11.2010_00-18\startup.exe [2010-11-13 72208]
siojzavl.exe [2010-11-13 60416]
vb5rniy1.exe [2010-11-13 60416]
vvrhhdttpff.exe [2010-11-13 60416]
vwrhidtu.exe [2010-11-13 60416]
w1soojaavm.exe [2010-11-13 60416]
c:\documents and settings\Kuba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
1ciy1kp.exe [2010-11-13 60416]
60hc0je.exe [2010-11-13 60416]
70pfl66.exe [2010-11-13 60416]
cyytkkfwwr.exe [2010-11-13 60416]
e1awwriidu.exe [2010-11-13 60416]
ee6qq6cc6.exe [2010-11-13 60416]
g1cyytkk.exe [2010-11-13 60416]
lbcxd870.exe [2010-11-13 60416]
setup_9.0.0.722_14.11.2010_00-18.lnk - c:\program files\Virus Removal Tool\setup_9.0.0.722_14.11.2010_00-18\startup.exe [2010-11-13 72208]
siojzavl.exe [2010-11-13 60416]
vb5rniy1.exe [2010-11-13 60416]
vvrhhdttpff.exe [2010-11-13 60416]
vwrhidtu.exe [2010-11-13 60416]
w1soojaavm.exe [2010-11-13 60416]
c:\documents and settings\Kuba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
1ciy1kp.exe [2010-11-13 60416]
60hc0je.exe [2010-11-13 60416]
70pfl66.exe [2010-11-13 60416]
cyytkkfwwr.exe [2010-11-13 60416]
e1awwriidu.exe [2010-11-13 60416]
ee6qq6cc6.exe [2010-11-13 60416]
g1cyytkk.exe [2010-11-13 60416]
lbcxd870.exe [2010-11-13 60416]
setup_9.0.0.722_14.11.2010_00-18.lnk - c:\program files\Virus Removal Tool\setup_9.0.0.722_14.11.2010_00-18\startup.exe [2010-11-13 72208]
siojzavl.exe [2010-11-13 60416]
vb5rniy1.exe [2010-11-13 60416]
vvrhhdttpff.exe [2010-11-13 60416]
vwrhidtu.exe [2010-11-13 60416]
w1soojaavm.exe [2010-11-13 60416]
c:\documents and settings\Kuba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
1ciy1kp.exe [2010-11-13 60416]
60hc0je.exe [2010-11-13 60416]
70pfl66.exe [2010-11-13 60416]
cyytkkfwwr.exe [2010-11-13 60416]
e1awwriidu.exe [2010-11-13 60416]
ee6qq6cc6.exe [2010-11-13 60416]
g1cyytkk.exe [2010-11-13 60416]
lbcxd870.exe [2010-11-13 60416]
setup_9.0.0.722_14.11.2010_00-18.lnk - c:\program files\Virus Removal Tool\setup_9.0.0.722_14.11.2010_00-18\startup.exe [2010-11-13 72208]
siojzavl.exe [2010-11-13 60416]
vb5rniy1.exe [2010-11-13 60416]
vvrhhdttpff.exe [2010-11-13 60416]
vwrhidtu.exe [2010-11-13 60416]
w1soojaavm.exe [2010-11-13 60416]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 09:27 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AVerQuick.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\acerWireless]
2004-06-09 09:15 417792 ----a-w- c:\program files\acer\Wireless\Utility\wlanutil.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]
2005-01-31 06:05 253952 ----a-w- c:\program files\Atheros\ACU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-21 23:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-04-28 19:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp]
2004-10-15 09:31 356352 ----a-w- c:\program files\Intel\Wireless\Bin\EOUWiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
2010-01-27 01:07 256280 ----a-w- c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-10-27 12:20 133432 ----a-w- c:\program files\ICQ7.1\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2004-10-15 09:27 385024 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2005-09-05 09:43 319488 ----a-w- c:\program files\Launch Manager\QtZgAcer.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-03-29 13:24 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 08:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Pro Dispatcher v3]
2009-03-24 10:45 606208 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2010-04-13 20:02 3037696 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
R0 79658892;79658892 Boot Guard Driver;c:\windows\system32\drivers\79658892.sys [2010-11-13 37392]
R1 79658891;79658891;c:\windows\system32\drivers\79658891.sys [2010-11-13 128016]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-04-13 165456]
R1 setup_9.0.0.722_14.11.2010_00-18drv;setup_9.0.0.722_14.11.2010_00-18drv;c:\windows\system32\drivers\7965889.sys [2010-11-13 315408]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-04-13 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-04-13 17744]
S2 ei9owe4en5e847ai;Blue Coat K9 Web Protection;c:\windows\system32\rajequupe.exe --> c:\windows\system32\rajequupe.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-13 136176]
S3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\system32\drivers\averhbtv.sys [2010-04-14 302848]
S3 guogwjlu;guogwjlu;\??\c:\windows\System32\Drivers\guogwjlu.sys --> c:\windows\System32\Drivers\guogwjlu.sys [?]
S3 vkpollka;vkpollka;\??\c:\windows\System32\Drivers\vkpollka.sys --> c:\windows\System32\Drivers\vkpollka.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-13 20:11]
2010-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-13 20:11]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60446
IE: Crawler Search - tbr:iemenu
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/update ... 0.31.0.cab
FF - ProfilePath - c:\documents and settings\Kuba\Data aplikací\Mozilla\Firefox\Profiles\6un76x5m.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx? ... 60446&qkw=
FF - component: c:\documents and settings\Kuba\Data aplikací\Mozilla\Firefox\Profiles\6un76x5m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Crawler\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\firefox\components\xwsg.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-14 08:37
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-602162358-1547161642-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AAF5C051-4D4A-C0AC-1299-F96ABDD814D7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(964)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
- - - - - - - > 'explorer.exe'(3488)
c:\windows\system32\webcheck.dll
.
Celkový čas: 2010-11-14 08:40:07
ComboFix-quarantined-files.txt 2010-11-14 07:40
ComboFix2.txt 2010-11-13 20:45
Před spuštěním: Volných bajtů: 28,905,930,752
Po spuštění: Volných bajtů: 28,898,861,056
- - End Of File - - E4AD76A7A174078A806AE7171B5B891B
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vir
ještě dočistíme. otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.KillAll::
Collect::
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\1ciy1kp.exe
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\60hc0je.exe
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\70pfl66.exe
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\cyytkkfwwr.exe
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\e1awwriidu.exe
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\ee6qq6cc6.exe
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\g1cyytkk.exe
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\lbcxd870.exe
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\siojzavl.exe
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vb5rniy1.exe
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vvrhhdttpff.exe
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vwrhidtu.exe
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\w1soojaavm.exe
c:\windows\system32\drivers\79658892.sys
c:\windows\system32\drivers\7965889.sys
c:\windows\system32\drivers\79658891.sys
c:\windows\system32\rajequupe.exe
c:\windows\System32\Drivers\guogwjlu.sys
c:\windows\System32\Drivers\vkpollka.sys
Driver::
79658892
7965889
79658891
ei9owe4en5e847ai
guogwjlu
vkpollka
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vir
Tak hotovo, ještě před tím, než ComboFix vytvořil log, chtěl zaslat nějaký malware k podrobnému rozboru, ale server byl dočasně nedostupný, tak to uložil pro pozdější zaslání...
Tady je poslední log:
ComboFix 10-11-12.06 - Kuba 2010-11-14 13:06:59.6.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.510.198 [GMT 1:00]
Spuštěný z: c:\documents and settings\Kuba\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Kuba\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\1ciy1kp.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\60hc0je.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\70pfl66.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\cyytkkfwwr.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\e1awwriidu.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\ee6qq6cc6.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\g1cyytkk.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\lbcxd870.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\siojzavl.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vb5rniy1.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vvrhhdttpff.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vwrhidtu.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\w1soojaavm.exe
file zipped: c:\windows\system32\drivers\7965889.sys
file zipped: c:\windows\system32\drivers\79658891.sys
file zipped: c:\windows\system32\drivers\79658892.sys
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\7965889.sys
c:\windows\system32\drivers\79658891.sys
c:\windows\system32\drivers\79658892.sys
c:\windows\system32\UNWISE.EXE
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_79658891
-------\Legacy_79658892
-------\Legacy_EI9OWE4EN5E847AI
-------\Service_79658891
-------\Service_79658892
-------\Service_ei9owe4en5e847ai
-------\Service_guogwjlu
-------\Service_vkpollka
-------\Legacy_setup_9.0.0.722_14.11.2010_00-18drv
-------\Service_setup_9.0.0.722_14.11.2010_00-18drv
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-14 do 2010-11-14 )))))))))))))))))))))))))))))))
.
2010-11-13 22:33 . 2010-11-14 06:25 -------- d-----w- c:\program files\Virus Removal Tool
2010-11-13 19:29 . 2010-11-13 19:29 -------- d--h--w- c:\windows\PIF
2010-11-13 19:18 . 2010-11-13 19:59 -------- d-----w- c:\program files\trend micro
2010-11-13 19:18 . 2010-11-13 19:18 -------- d-----w- C:\rsit
2010-11-13 15:23 . 2010-11-13 15:22 91136 --sh--r- c:\documents and settings\Kuba\Data aplikací\juzjf.exe
2010-11-13 15:22 . 2010-11-13 15:22 91136 ----a-w- C:\t6.exe
2010-10-28 14:18 . 2010-10-28 14:18 -------- d-sh--w- c:\documents and settings\Kuba\IECompatCache
2010-10-19 20:20 . 2010-10-19 20:20 -------- d-----w- c:\program files\Free MP3 Cutter
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-08 19:01 . 2010-04-13 21:12 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-11-08 19:00 . 2010-04-13 21:26 215016 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-11-08 19:00 . 2010-04-13 21:12 215016 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-28 15:08 . 2010-04-13 21:12 138056 ----a-w- c:\documents and settings\Kuba\Data aplikací\PnkBstrK.sys
2010-10-28 15:08 . 2010-04-13 21:12 138056 ----a-w- c:\documents and settings\Kuba\Data aplikací\PnkBstrK.sys
2010-10-28 15:08 . 2010-04-13 21:12 138056 ----a-w- c:\documents and settings\Kuba\Data aplikací\PnkBstrK.sys
2010-10-28 15:08 . 2010-04-13 21:12 138056 ----a-w- c:\documents and settings\Kuba\Data aplikací\PnkBstrK.sys
2010-10-28 15:07 . 2010-04-13 21:11 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-09-18 10:23 . 2001-10-25 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2001-10-25 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-10-25 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-10-25 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:52 . 2001-10-25 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2001-10-25 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2001-10-25 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:52 . 2001-10-25 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2001-10-25 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2001-10-25 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:54 . 2001-10-25 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2001-10-25 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2001-10-25 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2001-10-25 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 188416]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-24 2880512]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-04-13 2176512]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 356352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Kuba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
1ciy1kp.exe [2010-11-13 60416]
60hc0je.exe [2010-11-13 60416]
70pfl66.exe [2010-11-13 60416]
cyytkkfwwr.exe [2010-11-13 60416]
e1awwriidu.exe [2010-11-13 60416]
ee6qq6cc6.exe [2010-11-13 60416]
g1cyytkk.exe [2010-11-13 60416]
lbcxd870.exe [2010-11-13 60416]
setup_9.0.0.722_14.11.2010_00-18.lnk - c:\program files\Virus Removal Tool\setup_9.0.0.722_14.11.2010_00-18\startup.exe [2010-11-13 72208]
siojzavl.exe [2010-11-13 60416]
vb5rniy1.exe [2010-11-13 60416]
vvrhhdttpff.exe [2010-11-13 60416]
vwrhidtu.exe [2010-11-13 60416]
w1soojaavm.exe [2010-11-13 60416]
c:\documents and settings\Kuba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
1ciy1kp.exe [2010-11-13 60416]
60hc0je.exe [2010-11-13 60416]
70pfl66.exe [2010-11-13 60416]
cyytkkfwwr.exe [2010-11-13 60416]
e1awwriidu.exe [2010-11-13 60416]
ee6qq6cc6.exe [2010-11-13 60416]
g1cyytkk.exe [2010-11-13 60416]
lbcxd870.exe [2010-11-13 60416]
setup_9.0.0.722_14.11.2010_00-18.lnk - c:\program files\Virus Removal Tool\setup_9.0.0.722_14.11.2010_00-18\startup.exe [2010-11-13 72208]
siojzavl.exe [2010-11-13 60416]
vb5rniy1.exe [2010-11-13 60416]
vvrhhdttpff.exe [2010-11-13 60416]
vwrhidtu.exe [2010-11-13 60416]
w1soojaavm.exe [2010-11-13 60416]
c:\documents and settings\Kuba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
1ciy1kp.exe [2010-11-13 60416]
60hc0je.exe [2010-11-13 60416]
70pfl66.exe [2010-11-13 60416]
cyytkkfwwr.exe [2010-11-13 60416]
e1awwriidu.exe [2010-11-13 60416]
ee6qq6cc6.exe [2010-11-13 60416]
g1cyytkk.exe [2010-11-13 60416]
lbcxd870.exe [2010-11-13 60416]
setup_9.0.0.722_14.11.2010_00-18.lnk - c:\program files\Virus Removal Tool\setup_9.0.0.722_14.11.2010_00-18\startup.exe [2010-11-13 72208]
siojzavl.exe [2010-11-13 60416]
vb5rniy1.exe [2010-11-13 60416]
vvrhhdttpff.exe [2010-11-13 60416]
vwrhidtu.exe [2010-11-13 60416]
w1soojaavm.exe [2010-11-13 60416]
c:\documents and settings\Kuba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
1ciy1kp.exe [2010-11-13 60416]
60hc0je.exe [2010-11-13 60416]
70pfl66.exe [2010-11-13 60416]
cyytkkfwwr.exe [2010-11-13 60416]
e1awwriidu.exe [2010-11-13 60416]
ee6qq6cc6.exe [2010-11-13 60416]
g1cyytkk.exe [2010-11-13 60416]
lbcxd870.exe [2010-11-13 60416]
setup_9.0.0.722_14.11.2010_00-18.lnk - c:\program files\Virus Removal Tool\setup_9.0.0.722_14.11.2010_00-18\startup.exe [2010-11-13 72208]
siojzavl.exe [2010-11-13 60416]
vb5rniy1.exe [2010-11-13 60416]
vvrhhdttpff.exe [2010-11-13 60416]
vwrhidtu.exe [2010-11-13 60416]
w1soojaavm.exe [2010-11-13 60416]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 09:27 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AVerQuick.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\acerWireless]
2004-06-09 09:15 417792 ----a-w- c:\program files\acer\Wireless\Utility\wlanutil.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]
2005-01-31 06:05 253952 ----a-w- c:\program files\Atheros\ACU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-21 23:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-04-28 19:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp]
2004-10-15 09:31 356352 ----a-w- c:\program files\Intel\Wireless\Bin\EOUWiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
2010-01-27 01:07 256280 ----a-w- c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-10-27 12:20 133432 ----a-w- c:\program files\ICQ7.1\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2004-10-15 09:27 385024 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2005-09-05 09:43 319488 ----a-w- c:\program files\Launch Manager\QtZgAcer.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-03-29 13:24 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 08:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Pro Dispatcher v3]
2009-03-24 10:45 606208 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2010-04-13 20:02 3037696 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-04-13 165456]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-04-13 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-04-13 17744]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-13 136176]
S3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\system32\drivers\averhbtv.sys [2010-04-14 302848]
.
Obsah adresáře 'Naplánované úlohy'
2010-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-13 20:11]
2010-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-13 20:11]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60446
IE: Crawler Search - tbr:iemenu
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/update ... 0.31.0.cab
FF - ProfilePath - c:\documents and settings\Kuba\Data aplikací\Mozilla\Firefox\Profiles\6un76x5m.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx? ... 60446&qkw=
FF - component: c:\documents and settings\Kuba\Data aplikací\Mozilla\Firefox\Profiles\6un76x5m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Crawler\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\firefox\components\xwsg.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-Hardlock Device Drivers - c:\windows\system32\UNWISE.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-14 13:17
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-602162358-1547161642-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AAF5C051-4D4A-C0AC-1299-F96ABDD814D7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(964)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
- - - - - - - > 'explorer.exe'(2452)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\acs.exe
c:\program files\Intel\Wireless\Bin\OProtSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2010-11-14 13:21:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-14 12:21
ComboFix2.txt 2010-11-14 07:40
ComboFix3.txt 2010-11-13 20:45
Před spuštěním: Volných bajtů: 28,880,220,160
Po spuštění: Volných bajtů: 28,819,058,688
- - End Of File - - C8C777BC697EB3ADAF9CBE261DBEE9F6
Tady je poslední log:
ComboFix 10-11-12.06 - Kuba 2010-11-14 13:06:59.6.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.510.198 [GMT 1:00]
Spuštěný z: c:\documents and settings\Kuba\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Kuba\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\1ciy1kp.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\60hc0je.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\70pfl66.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\cyytkkfwwr.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\e1awwriidu.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\ee6qq6cc6.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\g1cyytkk.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\lbcxd870.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\siojzavl.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vb5rniy1.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vvrhhdttpff.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vwrhidtu.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\w1soojaavm.exe
file zipped: c:\windows\system32\drivers\7965889.sys
file zipped: c:\windows\system32\drivers\79658891.sys
file zipped: c:\windows\system32\drivers\79658892.sys
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\7965889.sys
c:\windows\system32\drivers\79658891.sys
c:\windows\system32\drivers\79658892.sys
c:\windows\system32\UNWISE.EXE
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_79658891
-------\Legacy_79658892
-------\Legacy_EI9OWE4EN5E847AI
-------\Service_79658891
-------\Service_79658892
-------\Service_ei9owe4en5e847ai
-------\Service_guogwjlu
-------\Service_vkpollka
-------\Legacy_setup_9.0.0.722_14.11.2010_00-18drv
-------\Service_setup_9.0.0.722_14.11.2010_00-18drv
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-14 do 2010-11-14 )))))))))))))))))))))))))))))))
.
2010-11-13 22:33 . 2010-11-14 06:25 -------- d-----w- c:\program files\Virus Removal Tool
2010-11-13 19:29 . 2010-11-13 19:29 -------- d--h--w- c:\windows\PIF
2010-11-13 19:18 . 2010-11-13 19:59 -------- d-----w- c:\program files\trend micro
2010-11-13 19:18 . 2010-11-13 19:18 -------- d-----w- C:\rsit
2010-11-13 15:23 . 2010-11-13 15:22 91136 --sh--r- c:\documents and settings\Kuba\Data aplikací\juzjf.exe
2010-11-13 15:22 . 2010-11-13 15:22 91136 ----a-w- C:\t6.exe
2010-10-28 14:18 . 2010-10-28 14:18 -------- d-sh--w- c:\documents and settings\Kuba\IECompatCache
2010-10-19 20:20 . 2010-10-19 20:20 -------- d-----w- c:\program files\Free MP3 Cutter
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-08 19:01 . 2010-04-13 21:12 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-11-08 19:00 . 2010-04-13 21:26 215016 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-11-08 19:00 . 2010-04-13 21:12 215016 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-28 15:08 . 2010-04-13 21:12 138056 ----a-w- c:\documents and settings\Kuba\Data aplikací\PnkBstrK.sys
2010-10-28 15:08 . 2010-04-13 21:12 138056 ----a-w- c:\documents and settings\Kuba\Data aplikací\PnkBstrK.sys
2010-10-28 15:08 . 2010-04-13 21:12 138056 ----a-w- c:\documents and settings\Kuba\Data aplikací\PnkBstrK.sys
2010-10-28 15:08 . 2010-04-13 21:12 138056 ----a-w- c:\documents and settings\Kuba\Data aplikací\PnkBstrK.sys
2010-10-28 15:07 . 2010-04-13 21:11 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-09-18 10:23 . 2001-10-25 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2001-10-25 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-10-25 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-10-25 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:52 . 2001-10-25 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2001-10-25 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2001-10-25 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:52 . 2001-10-25 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2001-10-25 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2001-10-25 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:54 . 2001-10-25 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2001-10-25 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2001-10-25 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2001-10-25 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 188416]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-24 2880512]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-04-13 2176512]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 356352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Kuba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
1ciy1kp.exe [2010-11-13 60416]
60hc0je.exe [2010-11-13 60416]
70pfl66.exe [2010-11-13 60416]
cyytkkfwwr.exe [2010-11-13 60416]
e1awwriidu.exe [2010-11-13 60416]
ee6qq6cc6.exe [2010-11-13 60416]
g1cyytkk.exe [2010-11-13 60416]
lbcxd870.exe [2010-11-13 60416]
setup_9.0.0.722_14.11.2010_00-18.lnk - c:\program files\Virus Removal Tool\setup_9.0.0.722_14.11.2010_00-18\startup.exe [2010-11-13 72208]
siojzavl.exe [2010-11-13 60416]
vb5rniy1.exe [2010-11-13 60416]
vvrhhdttpff.exe [2010-11-13 60416]
vwrhidtu.exe [2010-11-13 60416]
w1soojaavm.exe [2010-11-13 60416]
c:\documents and settings\Kuba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
1ciy1kp.exe [2010-11-13 60416]
60hc0je.exe [2010-11-13 60416]
70pfl66.exe [2010-11-13 60416]
cyytkkfwwr.exe [2010-11-13 60416]
e1awwriidu.exe [2010-11-13 60416]
ee6qq6cc6.exe [2010-11-13 60416]
g1cyytkk.exe [2010-11-13 60416]
lbcxd870.exe [2010-11-13 60416]
setup_9.0.0.722_14.11.2010_00-18.lnk - c:\program files\Virus Removal Tool\setup_9.0.0.722_14.11.2010_00-18\startup.exe [2010-11-13 72208]
siojzavl.exe [2010-11-13 60416]
vb5rniy1.exe [2010-11-13 60416]
vvrhhdttpff.exe [2010-11-13 60416]
vwrhidtu.exe [2010-11-13 60416]
w1soojaavm.exe [2010-11-13 60416]
c:\documents and settings\Kuba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
1ciy1kp.exe [2010-11-13 60416]
60hc0je.exe [2010-11-13 60416]
70pfl66.exe [2010-11-13 60416]
cyytkkfwwr.exe [2010-11-13 60416]
e1awwriidu.exe [2010-11-13 60416]
ee6qq6cc6.exe [2010-11-13 60416]
g1cyytkk.exe [2010-11-13 60416]
lbcxd870.exe [2010-11-13 60416]
setup_9.0.0.722_14.11.2010_00-18.lnk - c:\program files\Virus Removal Tool\setup_9.0.0.722_14.11.2010_00-18\startup.exe [2010-11-13 72208]
siojzavl.exe [2010-11-13 60416]
vb5rniy1.exe [2010-11-13 60416]
vvrhhdttpff.exe [2010-11-13 60416]
vwrhidtu.exe [2010-11-13 60416]
w1soojaavm.exe [2010-11-13 60416]
c:\documents and settings\Kuba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
1ciy1kp.exe [2010-11-13 60416]
60hc0je.exe [2010-11-13 60416]
70pfl66.exe [2010-11-13 60416]
cyytkkfwwr.exe [2010-11-13 60416]
e1awwriidu.exe [2010-11-13 60416]
ee6qq6cc6.exe [2010-11-13 60416]
g1cyytkk.exe [2010-11-13 60416]
lbcxd870.exe [2010-11-13 60416]
setup_9.0.0.722_14.11.2010_00-18.lnk - c:\program files\Virus Removal Tool\setup_9.0.0.722_14.11.2010_00-18\startup.exe [2010-11-13 72208]
siojzavl.exe [2010-11-13 60416]
vb5rniy1.exe [2010-11-13 60416]
vvrhhdttpff.exe [2010-11-13 60416]
vwrhidtu.exe [2010-11-13 60416]
w1soojaavm.exe [2010-11-13 60416]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 09:27 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AVerQuick.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\acerWireless]
2004-06-09 09:15 417792 ----a-w- c:\program files\acer\Wireless\Utility\wlanutil.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]
2005-01-31 06:05 253952 ----a-w- c:\program files\Atheros\ACU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-21 23:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-04-28 19:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp]
2004-10-15 09:31 356352 ----a-w- c:\program files\Intel\Wireless\Bin\EOUWiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
2010-01-27 01:07 256280 ----a-w- c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-10-27 12:20 133432 ----a-w- c:\program files\ICQ7.1\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2004-10-15 09:27 385024 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2005-09-05 09:43 319488 ----a-w- c:\program files\Launch Manager\QtZgAcer.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-03-29 13:24 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 08:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Pro Dispatcher v3]
2009-03-24 10:45 606208 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2010-04-13 20:02 3037696 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-04-13 165456]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-04-13 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-04-13 17744]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-13 136176]
S3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\system32\drivers\averhbtv.sys [2010-04-14 302848]
.
Obsah adresáře 'Naplánované úlohy'
2010-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-13 20:11]
2010-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-13 20:11]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60446
IE: Crawler Search - tbr:iemenu
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/update ... 0.31.0.cab
FF - ProfilePath - c:\documents and settings\Kuba\Data aplikací\Mozilla\Firefox\Profiles\6un76x5m.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx? ... 60446&qkw=
FF - component: c:\documents and settings\Kuba\Data aplikací\Mozilla\Firefox\Profiles\6un76x5m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Crawler\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\firefox\components\xwsg.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-Hardlock Device Drivers - c:\windows\system32\UNWISE.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-14 13:17
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-602162358-1547161642-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AAF5C051-4D4A-C0AC-1299-F96ABDD814D7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(964)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
- - - - - - - > 'explorer.exe'(2452)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\acs.exe
c:\program files\Intel\Wireless\Bin\OProtSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2010-11-14 13:21:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-14 12:21
ComboFix2.txt 2010-11-14 07:40
ComboFix3.txt 2010-11-13 20:45
Před spuštěním: Volných bajtů: 28,880,220,160
Po spuštění: Volných bajtů: 28,819,058,688
- - End Of File - - C8C777BC697EB3ADAF9CBE261DBEE9F6
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vir
Ještě jednou spusťte CF tímto skriptem:
KillAll::
Collect::
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\1ciy1kp.exe
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\60hc0je.exe
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\70pfl66.exe
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\cyytkkfwwr.exe
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\e1awwriidu.exe
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\ee6qq6cc6.exe
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\g1cyytkk.exe
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\lbcxd870.exe
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\siojzavl.exe
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vb5rniy1.exe
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vvrhhdttpff.exe
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vwrhidtu.exe
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\w1soojaavm.exe
C:\t6.exe
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vir
ComboFix 10-11-12.06 - Kuba 2010-11-14 17:42:51.7.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.510.258 [GMT 1:00]
Spuštěný z: c:\documents and settings\Kuba\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Kuba\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\1ciy1kp.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\60hc0je.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\70pfl66.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\cyytkkfwwr.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\e1awwriidu.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\ee6qq6cc6.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\g1cyytkk.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\lbcxd870.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\siojzavl.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vb5rniy1.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vvrhhdttpff.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vwrhidtu.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\w1soojaavm.exe
file zipped: C:\t6.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\t6.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-14 do 2010-11-14 )))))))))))))))))))))))))))))))
.
2010-11-13 22:33 . 2010-11-14 06:25 -------- d-----w- c:\program files\Virus Removal Tool
2010-11-13 19:29 . 2010-11-13 19:29 -------- d--h--w- c:\windows\PIF
2010-11-13 19:18 . 2010-11-13 19:59 -------- d-----w- c:\program files\trend micro
2010-11-13 19:18 . 2010-11-13 19:18 -------- d-----w- C:\rsit
2010-11-13 15:23 . 2010-11-13 15:22 91136 --sh--r- c:\documents and settings\Kuba\Data aplikací\juzjf.exe
2010-10-28 14:18 . 2010-10-28 14:18 -------- d-sh--w- c:\documents and settings\Kuba\IECompatCache
2010-10-19 20:20 . 2010-10-19 20:20 -------- d-----w- c:\program files\Free MP3 Cutter
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-08 19:01 . 2010-04-13 21:12 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-11-08 19:00 . 2010-04-13 21:26 215016 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-11-08 19:00 . 2010-04-13 21:12 215016 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-28 15:08 . 2010-04-13 21:12 138056 ----a-w- c:\documents and settings\Kuba\Data aplikací\PnkBstrK.sys
2010-10-28 15:08 . 2010-04-13 21:12 138056 ----a-w- c:\documents and settings\Kuba\Data aplikací\PnkBstrK.sys
2010-10-28 15:08 . 2010-04-13 21:12 138056 ----a-w- c:\documents and settings\Kuba\Data aplikací\PnkBstrK.sys
2010-10-28 15:08 . 2010-04-13 21:12 138056 ----a-w- c:\documents and settings\Kuba\Data aplikací\PnkBstrK.sys
2010-10-28 15:07 . 2010-04-13 21:11 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-09-18 10:23 . 2001-10-25 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2001-10-25 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-10-25 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-10-25 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:52 . 2001-10-25 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2001-10-25 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2001-10-25 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:52 . 2001-10-25 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2001-10-25 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2001-10-25 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:54 . 2001-10-25 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2001-10-25 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2001-10-25 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2001-10-25 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 188416]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-24 2880512]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-04-13 2176512]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 356352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Kuba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
1ciy1kp.exe [2010-11-13 60416]
60hc0je.exe [2010-11-13 60416]
70pfl66.exe [2010-11-13 60416]
cyytkkfwwr.exe [2010-11-13 60416]
e1awwriidu.exe [2010-11-13 60416]
ee6qq6cc6.exe [2010-11-13 60416]
g1cyytkk.exe [2010-11-13 60416]
lbcxd870.exe [2010-11-13 60416]
setup_9.0.0.722_14.11.2010_00-18.lnk - c:\program files\Virus Removal Tool\setup_9.0.0.722_14.11.2010_00-18\startup.exe [2010-11-13 72208]
siojzavl.exe [2010-11-13 60416]
vb5rniy1.exe [2010-11-13 60416]
vvrhhdttpff.exe [2010-11-13 60416]
vwrhidtu.exe [2010-11-13 60416]
w1soojaavm.exe [2010-11-13 60416]
c:\documents and settings\Kuba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
1ciy1kp.exe [2010-11-13 60416]
60hc0je.exe [2010-11-13 60416]
70pfl66.exe [2010-11-13 60416]
cyytkkfwwr.exe [2010-11-13 60416]
e1awwriidu.exe [2010-11-13 60416]
ee6qq6cc6.exe [2010-11-13 60416]
g1cyytkk.exe [2010-11-13 60416]
lbcxd870.exe [2010-11-13 60416]
setup_9.0.0.722_14.11.2010_00-18.lnk - c:\program files\Virus Removal Tool\setup_9.0.0.722_14.11.2010_00-18\startup.exe [2010-11-13 72208]
siojzavl.exe [2010-11-13 60416]
vb5rniy1.exe [2010-11-13 60416]
vvrhhdttpff.exe [2010-11-13 60416]
vwrhidtu.exe [2010-11-13 60416]
w1soojaavm.exe [2010-11-13 60416]
c:\documents and settings\Kuba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
1ciy1kp.exe [2010-11-13 60416]
60hc0je.exe [2010-11-13 60416]
70pfl66.exe [2010-11-13 60416]
cyytkkfwwr.exe [2010-11-13 60416]
e1awwriidu.exe [2010-11-13 60416]
ee6qq6cc6.exe [2010-11-13 60416]
g1cyytkk.exe [2010-11-13 60416]
lbcxd870.exe [2010-11-13 60416]
setup_9.0.0.722_14.11.2010_00-18.lnk - c:\program files\Virus Removal Tool\setup_9.0.0.722_14.11.2010_00-18\startup.exe [2010-11-13 72208]
siojzavl.exe [2010-11-13 60416]
vb5rniy1.exe [2010-11-13 60416]
vvrhhdttpff.exe [2010-11-13 60416]
vwrhidtu.exe [2010-11-13 60416]
w1soojaavm.exe [2010-11-13 60416]
c:\documents and settings\Kuba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
1ciy1kp.exe [2010-11-13 60416]
60hc0je.exe [2010-11-13 60416]
70pfl66.exe [2010-11-13 60416]
cyytkkfwwr.exe [2010-11-13 60416]
e1awwriidu.exe [2010-11-13 60416]
ee6qq6cc6.exe [2010-11-13 60416]
g1cyytkk.exe [2010-11-13 60416]
lbcxd870.exe [2010-11-13 60416]
setup_9.0.0.722_14.11.2010_00-18.lnk - c:\program files\Virus Removal Tool\setup_9.0.0.722_14.11.2010_00-18\startup.exe [2010-11-13 72208]
siojzavl.exe [2010-11-13 60416]
vb5rniy1.exe [2010-11-13 60416]
vvrhhdttpff.exe [2010-11-13 60416]
vwrhidtu.exe [2010-11-13 60416]
w1soojaavm.exe [2010-11-13 60416]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 09:27 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AVerQuick.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\acerWireless]
2004-06-09 09:15 417792 ----a-w- c:\program files\acer\Wireless\Utility\wlanutil.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]
2005-01-31 06:05 253952 ----a-w- c:\program files\Atheros\ACU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-21 23:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-04-28 19:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp]
2004-10-15 09:31 356352 ----a-w- c:\program files\Intel\Wireless\Bin\EOUWiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
2010-01-27 01:07 256280 ----a-w- c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-10-27 12:20 133432 ----a-w- c:\program files\ICQ7.1\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2004-10-15 09:27 385024 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2005-09-05 09:43 319488 ----a-w- c:\program files\Launch Manager\QtZgAcer.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-03-29 13:24 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 08:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Pro Dispatcher v3]
2009-03-24 10:45 606208 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2010-04-13 20:02 3037696 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-04-13 165456]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-04-13 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-04-13 17744]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-13 136176]
S3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\system32\drivers\averhbtv.sys [2010-04-14 302848]
.
Obsah adresáře 'Naplánované úlohy'
2010-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-13 20:11]
2010-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-13 20:11]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60446
IE: Crawler Search - tbr:iemenu
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/update ... 0.31.0.cab
FF - ProfilePath - c:\documents and settings\Kuba\Data aplikací\Mozilla\Firefox\Profiles\6un76x5m.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx? ... 60446&qkw=
FF - component: c:\documents and settings\Kuba\Data aplikací\Mozilla\Firefox\Profiles\6un76x5m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Crawler\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\firefox\components\xwsg.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-14 17:51
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-602162358-1547161642-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AAF5C051-4D4A-C0AC-1299-F96ABDD814D7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(960)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
- - - - - - - > 'explorer.exe'(3860)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\acs.exe
c:\program files\Intel\Wireless\Bin\OProtSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2010-11-14 17:56:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-14 16:56
ComboFix2.txt 2010-11-14 12:21
ComboFix3.txt 2010-11-14 07:40
ComboFix4.txt 2010-11-13 20:45
Před spuštěním: Volných bajtů: 28,795,842,560
Po spuštění: Volných bajtů: 28,789,354,496
- - End Of File - - AA4BE09E7F013786EC55FA1B3B77AE67
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.510.258 [GMT 1:00]
Spuštěný z: c:\documents and settings\Kuba\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Kuba\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\1ciy1kp.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\60hc0je.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\70pfl66.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\cyytkkfwwr.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\e1awwriidu.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\ee6qq6cc6.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\g1cyytkk.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\lbcxd870.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\siojzavl.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vb5rniy1.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vvrhhdttpff.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vwrhidtu.exe
file zipped: c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\w1soojaavm.exe
file zipped: C:\t6.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\t6.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-14 do 2010-11-14 )))))))))))))))))))))))))))))))
.
2010-11-13 22:33 . 2010-11-14 06:25 -------- d-----w- c:\program files\Virus Removal Tool
2010-11-13 19:29 . 2010-11-13 19:29 -------- d--h--w- c:\windows\PIF
2010-11-13 19:18 . 2010-11-13 19:59 -------- d-----w- c:\program files\trend micro
2010-11-13 19:18 . 2010-11-13 19:18 -------- d-----w- C:\rsit
2010-11-13 15:23 . 2010-11-13 15:22 91136 --sh--r- c:\documents and settings\Kuba\Data aplikací\juzjf.exe
2010-10-28 14:18 . 2010-10-28 14:18 -------- d-sh--w- c:\documents and settings\Kuba\IECompatCache
2010-10-19 20:20 . 2010-10-19 20:20 -------- d-----w- c:\program files\Free MP3 Cutter
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-08 19:01 . 2010-04-13 21:12 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-11-08 19:00 . 2010-04-13 21:26 215016 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-11-08 19:00 . 2010-04-13 21:12 215016 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-28 15:08 . 2010-04-13 21:12 138056 ----a-w- c:\documents and settings\Kuba\Data aplikací\PnkBstrK.sys
2010-10-28 15:08 . 2010-04-13 21:12 138056 ----a-w- c:\documents and settings\Kuba\Data aplikací\PnkBstrK.sys
2010-10-28 15:08 . 2010-04-13 21:12 138056 ----a-w- c:\documents and settings\Kuba\Data aplikací\PnkBstrK.sys
2010-10-28 15:08 . 2010-04-13 21:12 138056 ----a-w- c:\documents and settings\Kuba\Data aplikací\PnkBstrK.sys
2010-10-28 15:07 . 2010-04-13 21:11 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-09-18 10:23 . 2001-10-25 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2001-10-25 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-10-25 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-10-25 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:52 . 2001-10-25 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2001-10-25 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2001-10-25 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:52 . 2001-10-25 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2001-10-25 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2001-10-25 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:54 . 2001-10-25 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2001-10-25 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2001-10-25 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2001-10-25 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 188416]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-24 2880512]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-04-13 2176512]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 356352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Kuba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
1ciy1kp.exe [2010-11-13 60416]
60hc0je.exe [2010-11-13 60416]
70pfl66.exe [2010-11-13 60416]
cyytkkfwwr.exe [2010-11-13 60416]
e1awwriidu.exe [2010-11-13 60416]
ee6qq6cc6.exe [2010-11-13 60416]
g1cyytkk.exe [2010-11-13 60416]
lbcxd870.exe [2010-11-13 60416]
setup_9.0.0.722_14.11.2010_00-18.lnk - c:\program files\Virus Removal Tool\setup_9.0.0.722_14.11.2010_00-18\startup.exe [2010-11-13 72208]
siojzavl.exe [2010-11-13 60416]
vb5rniy1.exe [2010-11-13 60416]
vvrhhdttpff.exe [2010-11-13 60416]
vwrhidtu.exe [2010-11-13 60416]
w1soojaavm.exe [2010-11-13 60416]
c:\documents and settings\Kuba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
1ciy1kp.exe [2010-11-13 60416]
60hc0je.exe [2010-11-13 60416]
70pfl66.exe [2010-11-13 60416]
cyytkkfwwr.exe [2010-11-13 60416]
e1awwriidu.exe [2010-11-13 60416]
ee6qq6cc6.exe [2010-11-13 60416]
g1cyytkk.exe [2010-11-13 60416]
lbcxd870.exe [2010-11-13 60416]
setup_9.0.0.722_14.11.2010_00-18.lnk - c:\program files\Virus Removal Tool\setup_9.0.0.722_14.11.2010_00-18\startup.exe [2010-11-13 72208]
siojzavl.exe [2010-11-13 60416]
vb5rniy1.exe [2010-11-13 60416]
vvrhhdttpff.exe [2010-11-13 60416]
vwrhidtu.exe [2010-11-13 60416]
w1soojaavm.exe [2010-11-13 60416]
c:\documents and settings\Kuba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
1ciy1kp.exe [2010-11-13 60416]
60hc0je.exe [2010-11-13 60416]
70pfl66.exe [2010-11-13 60416]
cyytkkfwwr.exe [2010-11-13 60416]
e1awwriidu.exe [2010-11-13 60416]
ee6qq6cc6.exe [2010-11-13 60416]
g1cyytkk.exe [2010-11-13 60416]
lbcxd870.exe [2010-11-13 60416]
setup_9.0.0.722_14.11.2010_00-18.lnk - c:\program files\Virus Removal Tool\setup_9.0.0.722_14.11.2010_00-18\startup.exe [2010-11-13 72208]
siojzavl.exe [2010-11-13 60416]
vb5rniy1.exe [2010-11-13 60416]
vvrhhdttpff.exe [2010-11-13 60416]
vwrhidtu.exe [2010-11-13 60416]
w1soojaavm.exe [2010-11-13 60416]
c:\documents and settings\Kuba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
1ciy1kp.exe [2010-11-13 60416]
60hc0je.exe [2010-11-13 60416]
70pfl66.exe [2010-11-13 60416]
cyytkkfwwr.exe [2010-11-13 60416]
e1awwriidu.exe [2010-11-13 60416]
ee6qq6cc6.exe [2010-11-13 60416]
g1cyytkk.exe [2010-11-13 60416]
lbcxd870.exe [2010-11-13 60416]
setup_9.0.0.722_14.11.2010_00-18.lnk - c:\program files\Virus Removal Tool\setup_9.0.0.722_14.11.2010_00-18\startup.exe [2010-11-13 72208]
siojzavl.exe [2010-11-13 60416]
vb5rniy1.exe [2010-11-13 60416]
vvrhhdttpff.exe [2010-11-13 60416]
vwrhidtu.exe [2010-11-13 60416]
w1soojaavm.exe [2010-11-13 60416]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 09:27 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AVerQuick.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\acerWireless]
2004-06-09 09:15 417792 ----a-w- c:\program files\acer\Wireless\Utility\wlanutil.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]
2005-01-31 06:05 253952 ----a-w- c:\program files\Atheros\ACU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-21 23:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-04-28 19:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp]
2004-10-15 09:31 356352 ----a-w- c:\program files\Intel\Wireless\Bin\EOUWiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
2010-01-27 01:07 256280 ----a-w- c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-10-27 12:20 133432 ----a-w- c:\program files\ICQ7.1\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2004-10-15 09:27 385024 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2005-09-05 09:43 319488 ----a-w- c:\program files\Launch Manager\QtZgAcer.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-03-29 13:24 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 08:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Pro Dispatcher v3]
2009-03-24 10:45 606208 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2010-04-13 20:02 3037696 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-04-13 165456]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-04-13 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-04-13 17744]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-13 136176]
S3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\system32\drivers\averhbtv.sys [2010-04-14 302848]
.
Obsah adresáře 'Naplánované úlohy'
2010-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-13 20:11]
2010-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-13 20:11]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60446
IE: Crawler Search - tbr:iemenu
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/update ... 0.31.0.cab
FF - ProfilePath - c:\documents and settings\Kuba\Data aplikací\Mozilla\Firefox\Profiles\6un76x5m.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx? ... 60446&qkw=
FF - component: c:\documents and settings\Kuba\Data aplikací\Mozilla\Firefox\Profiles\6un76x5m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Crawler\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\firefox\components\xwsg.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-14 17:51
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-602162358-1547161642-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AAF5C051-4D4A-C0AC-1299-F96ABDD814D7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(960)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
- - - - - - - > 'explorer.exe'(3860)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\acs.exe
c:\program files\Intel\Wireless\Bin\OProtSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2010-11-14 17:56:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-14 16:56
ComboFix2.txt 2010-11-14 12:21
ComboFix3.txt 2010-11-14 07:40
ComboFix4.txt 2010-11-13 20:45
Před spuštěním: Volných bajtů: 28,795,842,560
Po spuštění: Volných bajtů: 28,789,354,496
- - End Of File - - AA4BE09E7F013786EC55FA1B3B77AE67
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vir
Ještě se to pořád drží v adresáři "Po spuštění" . Otevřte složku c:\documents and settings\Kuba\Nabídka start\programy\po spuštění a zkuste je ručně smazat. Případně použijte Avenger: http://www.viry.cz/forum/viewtopic.php?f=15&t=19832 se skriptem:
Files to delete:
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\1ciy1kp.exe
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\60hc0je.exe
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\70pfl66.exe
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\cyytkkfwwr.exe
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\e1awwriidu.exe
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\ee6qq6cc6.exe
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\g1cyytkk.exe
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\lbcxd870.exe
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\siojzavl.exe
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vb5rniy1.exe
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vvrhhdttpff.exe
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vwrhidtu.exe
c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\w1soojaavm.exe
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vir
To je divné - složka "Po spuštění" byla prázdná, takže ani Avenger je nevymazal - viz. log. Ale všechny ty programy jsou uvedny v CCleaneru, kde se ovládají programy spuštěné při zapnutí PC. Takže jsem je alespoň deaktivoval a teď jsou i po restartu vedeny jako deaktivované.
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\1ciy1kp.exe" not found!
Deletion of file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\1ciy1kp.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\60hc0je.exe" not found!
Deletion of file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\60hc0je.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\70pfl66.exe" not found!
Deletion of file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\70pfl66.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\cyytkkfwwr.exe" not found!
Deletion of file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\cyytkkfwwr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\e1awwriidu.exe" not found!
Deletion of file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\e1awwriidu.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\ee6qq6cc6.exe" not found!
Deletion of file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\ee6qq6cc6.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\g1cyytkk.exe" not found!
Deletion of file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\g1cyytkk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\lbcxd870.exe" not found!
Deletion of file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\lbcxd870.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\siojzavl.exe" not found!
Deletion of file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\siojzavl.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vb5rniy1.exe" not found!
Deletion of file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vb5rniy1.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vvrhhdttpff.exe" not found!
Deletion of file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vvrhhdttpff.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vwrhidtu.exe" not found!
Deletion of file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vwrhidtu.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\w1soojaavm.exe" not found!
Deletion of file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\w1soojaavm.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Completed script processing.
*******************
Finished! Terminate.
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\1ciy1kp.exe" not found!
Deletion of file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\1ciy1kp.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\60hc0je.exe" not found!
Deletion of file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\60hc0je.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\70pfl66.exe" not found!
Deletion of file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\70pfl66.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\cyytkkfwwr.exe" not found!
Deletion of file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\cyytkkfwwr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\e1awwriidu.exe" not found!
Deletion of file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\e1awwriidu.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\ee6qq6cc6.exe" not found!
Deletion of file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\ee6qq6cc6.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\g1cyytkk.exe" not found!
Deletion of file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\g1cyytkk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\lbcxd870.exe" not found!
Deletion of file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\lbcxd870.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\siojzavl.exe" not found!
Deletion of file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\siojzavl.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vb5rniy1.exe" not found!
Deletion of file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vb5rniy1.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vvrhhdttpff.exe" not found!
Deletion of file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vvrhhdttpff.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vwrhidtu.exe" not found!
Deletion of file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\vwrhidtu.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\w1soojaavm.exe" not found!
Deletion of file "c:\documents and settings\Kuba\Nabídka Start\Programy\Po spuštění\w1soojaavm.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Completed script processing.
*******************
Finished! Terminate.
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vir
OK, to bude v pořádku, pokud vám PC korektně funguje (měl jste ho hodně zavirovaný). Quoobox je opravdu karanténa ComboFixu, kterou můžete smazat.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
. Mockrát děkuji za pomoc-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vir
Rádo se stalo!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?