VIRY.CZ

Malwarebytes' Anti-Malware
http://www.malwarebytes.org

Verze databáze:

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22.8.2011 13:44:46
mbam-log-2011-08-22 (13-44-37).txt

Typ: Rychlá kontrola
Kontrolované objekty: 194667
Uplynulý čas: 24 minut, 29 sekund

Infikované procesy v paměti: 11
Infikované moduly v paměti: 0
Infikované klíče v registru: 9
Infikované hodnoty v registru: 8
Infikované datové položky v registru: 3
Infikované složky: 0
Infikované soubory: 20

Infikované procesy v paměti:
c:\WINDOWS\update.tray-7-0\svchost.exe (Trojan.Dropper) -> 864 -> No action taken.
c:\WINDOWS\update.tray-12-0\svchost.exe (Trojan.Dropper) -> 884 -> No action taken.
c:\WINDOWS\update.1\svchost.exe (Trojan.Dropper) -> 2924 -> No action taken.
c:\WINDOWS\update.tray-7-0-lnk\svchost.exe (Trojan.Dropper) -> 3028 -> No action taken.
c:\WINDOWS\systemup.exe (Trojan.FakeAlert) -> 140 -> No action taken.
c:\WINDOWS\l1rezerv.exe (Trojan.Agent) -> 1688 -> No action taken.
c:\WINDOWS\sysdriver32.exe (Trojan.Delf) -> 2228 -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 1404 -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 2436 -> No action taken.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 196 -> No action taken.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 1792 -> No action taken.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Delf) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgMgr (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRVSYSDRIVER32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\glaide32 (Rootkit.Rustock) -> No action taken.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico1 (Trojan.Dropper) -> Value: tray_ico1 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Trojan.Dropper) -> Value: wxpdrv -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systemup (Trojan.FakeAlert) -> Value: systemup -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1rezerv.exe (Trojan.Agent) -> Value: l1rezerv.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Delf) -> Value: sysdriver32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Delf) -> Value: sysdriver32_.exe -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\WINDOWS\update.tray-7-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\update.tray-12-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\update.1\svchost.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\update.tray-7-0-lnk\svchost.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\services32.exe (Trojan.Dropper) -> No action taken.
c:\documents and settings\all users\application data\microsoft\shortcuts.000 (Trojan.Downloader) -> No action taken.
c:\documents and settings\administrator\local settings\Temp\~TM45.tmp (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\1906365.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\9162062.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\administrator\local settings\temporary internet files\Content.IE5\2944VEMS\flash-player[1].exe (Trojan.Dropper) -> No action taken.
c:\documents and settings\administrator\local settings\temporary internet files\Content.IE5\8ZO8MCA0\flash-player[1].exe (Trojan.Dropper) -> No action taken.
c:\documents and settings\administrator\local settings\temporary internet files\Content.IE5\U3AWO37K\flash-player[1].exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\systemup.exe (Trojan.FakeAlert) -> No action taken.
c:\documents and settings\administrator\data aplikací\wiaserva.log (Malware.Trace) -> No action taken.
c:\WINDOWS\Temp\679774370.exe (Trojan.FakeAlert.Gen) -> No action taken.
c:\WINDOWS\l1rezerv.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\sysdriver32.exe (Trojan.Delf) -> No action taken.
c:\WINDOWS\sysdriver32_.exe (Trojan.Delf) -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> No action taken.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> No action taken.

Pozor! Tato utilita má velkou schopnost mazat a její použití je určeno výhradně členům týmu tohoto fóra. Svévolné použití může vést ke zboření a reinstalaci systému

Stáhněte ComboFix a uložte jej na Plochu.

Vypněte všechny rezidentní štíty antivirů a všechny programy běžící na pozadí.

Spusťte ComboFix s administrátorským oprávněním.

Potvrďte licenční podmínky a případně i instalaci konzoly pro zotavení

Během skenu nechte počítač naprosto v klidu.

Sken trvá zhruba 15 minut, ale doba se může lišit v závislosti na stavu systému

Po dokončení skenu se zobrazí log (pokud by se neotevřel, lze jej nalézt na systémovém disku jako ComboFix.txt), obsah logu vložte sem

ComboFixu si do dalšího pokynu nevšímejte

ty infikovaný soubory mazat nemám?

ComboFix 11-08-22.02 - Administrator 22.08.2011 14:13:44.1.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1424 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\ADMINI~1\LOCALS~1\Temp\7067474.exe
c:\program files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
c:\windows\btc_client_iplist.txt
c:\windows\ehome\medctrro.exe
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\iun6002.exe
c:\windows\l1rezerv.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\4af7ca5ae7fbec4c9a957f92f0f2c168.elf
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.pyc
c:\windows\phoenix\kernels\phatk\f5f50e5b52a15fe30842dba294a7c2cd.elf
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\0836c456a7de6defc493840818aa2140.elf
c:\windows\phoenix\kernels\poclbm\4967a66698d91eb167f9c54ec7381d21.elf
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.pyc
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\services32.exe
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\systemup.exe
c:\windows\TEMP\36716346-loader2.exe
c:\windows\TEMP\4388889.exe
c:\windows\TEMP\8139604.exe
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\update.tray-12-0\svchost.exe
c:\windows\update.tray-7-0\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVBTCCLIENT
-------\Legacy_SRVIECHECK
-------\Legacy_SRVSYSDRIVER32
-------\Legacy_WXPDRIVERS
-------\Service_glaide32
-------\Service_srvbtcclient
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-22 do 2011-08-22 )))))))))))))))))))))))))))))))
.
.
2011-08-22 11:11 . 2011-08-22 11:11 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2011-08-22 11:10 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-22 11:10 . 2011-08-22 11:10 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-08-22 11:10 . 2011-08-22 11:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-22 11:10 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 10:06 . 2011-08-22 12:17 -------- d--h--w- c:\windows\update.tray-12-0
2011-08-22 10:06 . 2011-08-22 10:06 -------- d--h--w- c:\windows\update.tray-12-0-lnk
2011-08-22 10:04 . 2011-08-22 10:04 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2011-08-22 10:02 . 2011-08-22 10:11 -------- d-----w- c:\windows\system32\drivers\AVG
2011-08-22 09:46 . 2011-08-22 10:25 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2011-08-22 09:36 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-22 09:36 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-08-22 08:40 . 2011-08-22 08:40 -------- d-----w- C:\Temp
2011-08-22 08:36 . 2011-08-22 08:36 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-08-22 08:36 . 2011-08-22 08:36 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2011-08-22 08:35 . 2011-08-22 08:35 -------- d-----w- c:\windows\ufa
2011-08-22 08:34 . 2011-08-22 08:35 -------- d--h--w- c:\windows\update.7.1
2011-08-22 08:34 . 2011-08-22 08:35 246272 ----a-w- c:\windows\unrar.exe
2011-08-22 08:32 . 2011-08-22 08:32 -------- d-----w- c:\windows\av_ico
2011-08-22 08:30 . 2011-08-22 12:17 -------- d--h--w- c:\windows\update.tray-7-0
2011-08-22 08:30 . 2011-08-22 08:30 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-08-22 08:20 . 2011-08-22 08:20 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-08-15 15:44 . 2011-08-15 15:44 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-08-15 09:24 . 2011-08-15 09:24 -------- d-----w- c:\program files\FileZilla FTP Client
2011-08-13 18:57 . 2011-08-13 18:57 0 ---ha-w- c:\documents and settings\Administrator\Local Settings\Data aplikací\BIT19.tmp
2011-08-11 14:33 . 2011-08-11 14:33 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-08-11 14:31 . 2011-08-11 14:31 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-08-11 14:23 . 2011-08-11 14:26 -------- dc-h--w- c:\windows\ie8
2011-08-10 20:42 . 2011-08-10 21:17 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\.minecraft
2011-08-10 05:41 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 05:41 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-04 09:26 . 2007-04-01 23:16 2916438 ----a-w- c:\windows\system32\rcm.dll
2011-08-04 09:26 . 2007-04-01 23:16 2777088 ----a-w- c:\windows\system32\rhrdk.10.v40.dll
2011-08-04 08:12 . 2011-08-04 08:12 -------- d-----w- c:\program files\Rhino 4.0 SDK
2011-08-04 07:17 . 2011-08-04 07:17 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\RandomControl
2011-08-03 23:12 . 2011-08-03 23:12 -------- d-----w- c:\documents and settings\Administrator\Library
2011-08-03 23:12 . 2011-08-03 23:12 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\com.adobe.ExMan
2011-08-03 23:03 . 2011-08-03 23:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Robert_McNeel_&_Associate
2011-08-03 22:58 . 2011-08-03 22:59 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\MaxwellDotNET
2011-08-03 11:01 . 2011-08-04 07:29 2367488 ----a-w- c:\windows\system32\frysdk32.dll
2011-08-03 11:01 . 2011-08-03 11:01 -------- d-----w- C:\feversoft
2011-08-03 10:53 . 2011-08-03 10:53 -------- d-----w- c:\program files\Common Files\InstallShield Shared
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-22 09:18 . 2008-12-09 19:59 67440 ----a-w- c:\windows\system32\DCP.EXE
2011-08-22 09:18 . 2008-12-09 19:59 104368 ----a-w- c:\windows\system32\DCOMPERM.DLL
2011-07-15 13:29 . 2004-08-03 21:15 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2002-09-23 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-04 11:43 . 2008-12-18 15:11 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2008-12-18 15:11 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2008-12-18 15:11 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2008-12-18 15:11 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2008-12-18 15:11 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2008-12-18 15:11 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2008-12-18 15:11 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2008-12-18 15:11 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-24 14:10 . 2007-10-08 14:47 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:31 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:31 . 2004-08-17 13:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 18:31 . 2004-08-17 13:49 43520 ------w- c:\windows\system32\licmgr10.dll
2011-06-23 12:05 . 2004-08-17 13:44 385024 ------w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-17 13:49 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-14 11:17 . 2011-06-14 11:17 4608 ----a-w- c:\windows\system32\bbchlp.dll
2011-06-14 11:17 . 2011-06-14 11:17 4096 ----a-w- c:\windows\system32\drivers\bbcap.sys
2011-06-14 11:17 . 2011-06-14 11:17 30720 ----a-w- c:\windows\system32\bbcap.dll
2011-06-06 11:35 . 2004-08-17 13:44 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-28 08:46 . 2011-02-21 04:55 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\prxtbSof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Softonic_English\prxtbSof0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\prxtbSof0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{930F1200-F5F1-4870-BAC6-E233EC8E7023}"= "c:\program files\Softonic_English\prxtbSof0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-03-14 486856]
"GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2010-09-02 2181744]
"Gmail Notifier.exe"="c:\program files\Gmail Notifier\Gmail Notifier.exe" [2011-04-07 2155008]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-08 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-08 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-6-8 393216]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-12-24 380928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Graphisoft\\ArchiCAD 11\\ArchiCAD.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Graphisoft\\ArchiCAD 12\\ArchiCAD.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows iLivid Toolbar\\ToolBar\\dtUser.exe"=
"c:\\Program Files\\Rhinoceros 4.0\\System\\Rhino4.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"11903:TCP"= 11903:TCP:BitComet 11903 TCP
"11903:UDP"= 11903:UDP:BitComet 11903 UDP
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.3.2008 20:17 717296]
R2 ddservice;ddservice;c:\windows\update.7.1\svchostdriver.exe srv --> c:\windows\update.7.1\svchostdriver.exe srv [?]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [14.6.2011 13:17 4096]
S2 avgfws;AVG Firewall;"c:\program files\AVG\AVG10\avgfws.exe" --> c:\program files\AVG\AVG10\avgfws.exe [?]
S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" --> c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]
S2 avgwd;AVG WatchDog;"c:\program files\AVG\AVG10\avgwdsvc.exe" --> c:\program files\AVG\AVG10\avgwdsvc.exe [?]
S2 gupdate1c991075c372a0c;Služba Google Update (gupdate1c991075c372a0c);c:\program files\Google\Update\GoogleUpdate.exe [17.2.2009 15:55 133104]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [17.2.2009 15:55 133104]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-17 13:55]
.
2011-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-17 13:55]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.ask.com/?l=dis&o=14852
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} -
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: DhcpNameServer = 194.228.41.113 160.218.161.54
TCP: Interfaces\{F8D0B028-AB7B-4D78-AAAE-261FB832EDF4}: NameServer = 192.168.1.2
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\3xoi8x60.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=406&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: O2CPlayer Plugin: o2cplayer@eleco.com - %profile%\extensions\o2cplayer@eleco.com
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - c:\program files\AVAST Software\Avast\ashShell.dll
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-OEXPRESS - (no file)
HKLM-Run-wxpdrv - c:\windows\services32.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico0 - c:\windows\update.tray-7-0\svchost.exe
HKLM-Run-tray_ico1 - c:\windows\update.tray-12-0\svchost.exe
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
HKLM-Run-systemup - c:\windows\systemup.exe
HKLM-Run-l1rezerv.exe - c:\windows\l1rezerv.exe
HKLM-Run-avast - c:\program files\AVAST Software\Avast\avastUI.exe
HKLM-Run-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe
AddRemove-avast - c:\program files\AVAST Software\Avast\aswRunDll.exe
AddRemove-AVG - c:\program files\AVG\AVG10\avgmfapx.exe
AddRemove-conduitEngine - c:\program files\ConduitEngine\ConduitEngineUninstall.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-22 14:21
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1060284298-261903793-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,73,92,88,a5,46,62,4d,a0,18,7c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,73,92,88,a5,46,62,4d,a0,18,7c,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2128)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Google\Update\1.3.21.65\GoogleCrashHandler.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\windows\update.7.1\svchostdriver.exe
c:\windows\system32\RUNDLL32.EXE
c:\progra~1\WI371A~1\Datamngr\DATAMN~1.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\update.7.1\svchostdriver.exe
c:\program files\OpenOffice.org 2.2\program\soffice.exe
c:\program files\OpenOffice.org 2.2\program\soffice.BIN
.
**************************************************************************
.
Celkový čas: 2011-08-22 14:25:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-22 12:25
.
Před spuštěním: 7 791 366 144
Po spuštění: Volných bajtů: 13 667 930 112
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=AlwaysOff /fastdetect
.
Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 5EE398012F33FBCCAC08C1FEEF219C7B

Otevřete Poznámkový blok, vložte do něj následující text a uložte soubor na Plochu jako CFScript.txt. Pak soubor přetáhněte na ikonu ComboFixu (viz obrázek). Po restartu se otevře log, ten sem vložte.

Kód: Vybrat vše

killall::

collect::
c:\windows\update.7.1\svchostdriver.exe

file::
c:\windows\unrar.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

folder::
c:\windows\update.tray-12-0
c:\windows\update.tray-12-0-lnk
c:\windows\ufa
c:\windows\update.7.1
c:\windows\av_ico
c:\windows\update.tray-7-0
c:\windows\update.tray-7-0-lnk

registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"DLA"=-
"AdobeCS4ServiceManager"=-
"GrooveMonitor"=-
"SunJavaUpdateSched"=-
"NvMediaCenter"=-
"QuickTime Task"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\utorrent.exe"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11903:TCP"=-
"11903:UDP"=-

DDS::
uStart Page = hxxp://www.ask.com/?l=dis&o=14852

Firefox::
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\3xoi8x60.default\
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=406&q=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff


RegLock::
[HKEY_USERS\S-1-5-21-1060284298-261903793-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]

Driver::
ddservice
gupdate
gupdatem

reboot::

ComboFix 11-08-22.04 - Administrator 22.08.2011 23:35:54.2.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1377 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFSCRIPT.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\unrar.exe"
.
file zipped: c:\windows\update.7.1\svchostdriver.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\ADMINI~1\LOCALS~1\Temp\7600619.exe
c:\program files\Java\jre6\lib\deploy\jqs\ff
c:\program files\Java\jre6\lib\deploy\jqs\ff\chrome.manifest
c:\program files\Java\jre6\lib\deploy\jqs\ff\chrome\content\overlay.js
c:\program files\Java\jre6\lib\deploy\jqs\ff\chrome\content\overlay.xul
c:\program files\Java\jre6\lib\deploy\jqs\ff\install.rdf
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components\ITB_History.js
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\prefs.js
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\user.js
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\icqtoolbar.jar
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\install.rdf
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\manifest.mf
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.rsa
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.sf
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.gif
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.src
c:\windows\av_ico
c:\windows\av_ico\ico_avast_desktop.ico
c:\windows\av_ico\ico_avast_start.ico
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\l1rezerv.exe
c:\windows\loader2.exe_ok
c:\windows\proc_list1.log
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\systemup.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\TEMP\1068412.exe
c:\windows\ufa
c:\windows\ufa\ufa.exe
c:\windows\unrar.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\update.7.1
c:\windows\update.7.1\svchostdriver.exe
c:\windows\update.tray-12-0-lnk
c:\windows\update.tray-12-0-lnk\svchost.exe
c:\windows\update.tray-12-0
c:\windows\update.tray-7-0-lnk
c:\windows\update.tray-7-0-lnk\svchost.exe
c:\windows\update.tray-7-0
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DDSERVICE
-------\Legacy_SRVBTCCLIENT
-------\Legacy_SRVIECHECK
-------\Legacy_SRVSYSDRIVER32
-------\Service_ddservice
-------\Service_gupdatem
-------\Service_srvbtcclient
-------\Service_srviecheck
-------\Service_srvsysdriver32
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-22 do 2011-08-22 )))))))))))))))))))))))))))))))
.
.
2011-08-22 21:31 . 2011-08-22 21:31 -------- d-----w- c:\program files\AVAST Software
2011-08-22 21:31 . 2011-08-22 21:31 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2011-08-22 11:11 . 2011-08-22 11:11 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2011-08-22 11:10 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-22 11:10 . 2011-08-22 11:10 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-08-22 11:10 . 2011-08-22 11:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-22 11:10 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 10:04 . 2011-08-22 10:04 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2011-08-22 10:02 . 2011-08-22 10:11 -------- d-----w- c:\windows\system32\drivers\AVG
2011-08-22 09:46 . 2011-08-22 10:25 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2011-08-22 09:36 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-22 08:40 . 2011-08-22 08:40 -------- d-----w- C:\Temp
2011-08-22 08:36 . 2011-08-22 08:36 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-08-22 08:36 . 2011-08-22 08:36 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2011-08-22 08:20 . 2011-08-22 08:20 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-08-15 15:44 . 2011-08-15 15:44 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-08-15 09:24 . 2011-08-15 09:24 -------- d-----w- c:\program files\FileZilla FTP Client
2011-08-13 18:57 . 2011-08-13 18:57 0 ---ha-w- c:\documents and settings\Administrator\Local Settings\Data aplikací\BIT19.tmp
2011-08-11 14:33 . 2011-08-11 14:33 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-08-11 14:31 . 2011-08-11 14:31 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-08-11 14:23 . 2011-08-11 14:26 -------- dc-h--w- c:\windows\ie8
2011-08-10 20:42 . 2011-08-10 21:17 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\.minecraft
2011-08-10 05:41 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 05:41 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-04 09:26 . 2007-04-01 23:16 2916438 ----a-w- c:\windows\system32\rcm.dll
2011-08-04 09:26 . 2007-04-01 23:16 2777088 ----a-w- c:\windows\system32\rhrdk.10.v40.dll
2011-08-04 08:12 . 2011-08-04 08:12 -------- d-----w- c:\program files\Rhino 4.0 SDK
2011-08-04 07:17 . 2011-08-04 07:17 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\RandomControl
2011-08-03 23:12 . 2011-08-03 23:12 -------- d-----w- c:\documents and settings\Administrator\Library
2011-08-03 23:12 . 2011-08-03 23:12 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\com.adobe.ExMan
2011-08-03 23:03 . 2011-08-03 23:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Robert_McNeel_&_Associate
2011-08-03 22:58 . 2011-08-03 22:59 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\MaxwellDotNET
2011-08-03 11:01 . 2011-08-04 07:29 2367488 ----a-w- c:\windows\system32\frysdk32.dll
2011-08-03 11:01 . 2011-08-03 11:01 -------- d-----w- C:\feversoft
2011-08-03 10:53 . 2011-08-03 10:53 -------- d-----w- c:\program files\Common Files\InstallShield Shared
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-22 09:18 . 2008-12-09 19:59 67440 ----a-w- c:\windows\system32\DCP.EXE
2011-08-22 09:18 . 2008-12-09 19:59 104368 ----a-w- c:\windows\system32\DCOMPERM.DLL
2011-07-15 13:29 . 2004-08-03 21:15 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2002-09-23 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-04 11:35 . 2008-12-18 15:11 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2008-12-18 15:11 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2008-12-18 15:11 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2008-12-18 15:11 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-06-24 14:10 . 2007-10-08 14:47 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:31 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:31 . 2004-08-17 13:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 18:31 . 2004-08-17 13:49 43520 ------w- c:\windows\system32\licmgr10.dll
2011-06-23 12:05 . 2004-08-17 13:44 385024 ------w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-17 13:49 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-14 11:17 . 2011-06-14 11:17 4608 ----a-w- c:\windows\system32\bbchlp.dll
2011-06-14 11:17 . 2011-06-14 11:17 4096 ----a-w- c:\windows\system32\drivers\bbcap.sys
2011-06-14 11:17 . 2011-06-14 11:17 30720 ----a-w- c:\windows\system32\bbcap.dll
2011-06-06 11:35 . 2004-08-17 13:44 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-28 08:46 . 2011-02-21 04:55 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-22_12.21.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-22 21:42 . 2011-08-22 21:42 16384 c:\windows\temp\Perflib_Perfdata_5a4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\prxtbSof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Softonic_English\prxtbSof0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\prxtbSof0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{930F1200-F5F1-4870-BAC6-E233EC8E7023}"= "c:\program files\Softonic_English\prxtbSof0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-03-14 486856]
"GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2010-09-02 2181744]
"Gmail Notifier.exe"="c:\program files\Gmail Notifier\Gmail Notifier.exe" [2011-04-07 2155008]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-08 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192]
"systemup"="c:\windows\systemup.exe" [BU]
"l1rezerv.exe"="c:\windows\l1rezerv.exe" [BU]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-6-8 393216]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-12-24 380928]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Graphisoft\\ArchiCAD 11\\ArchiCAD.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Graphisoft\\ArchiCAD 12\\ArchiCAD.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows iLivid Toolbar\\ToolBar\\dtUser.exe"=
"c:\\Program Files\\Rhinoceros 4.0\\System\\Rhino4.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.3.2008 20:17 717296]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [14.6.2011 13:17 4096]
S2 avgfws;AVG Firewall;"c:\program files\AVG\AVG10\avgfws.exe" --> c:\program files\AVG\AVG10\avgfws.exe [?]
S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" --> c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]
S2 avgwd;AVG WatchDog;"c:\program files\AVG\AVG10\avgwdsvc.exe" --> c:\program files\AVG\AVG10\avgwdsvc.exe [?]
S2 gupdate1c991075c372a0c;Služba Google Update (gupdate1c991075c372a0c);c:\program files\Google\Update\GoogleUpdate.exe [17.2.2009 15:55 133104]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} -
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: DhcpNameServer = 194.228.41.113 160.218.161.54
TCP: Interfaces\{F8D0B028-AB7B-4D78-AAAE-261FB832EDF4}: NameServer = 192.168.1.2
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\3xoi8x60.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=406&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: O2CPlayer Plugin: o2cplayer@eleco.com - %profile%\extensions\o2cplayer@eleco.com
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-22 23:42
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3872)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\WI371A~1\Datamngr\DATAMN~1.EXE
c:\program files\Google\Update\1.3.21.65\GoogleCrashHandler.exe
c:\program files\OpenOffice.org 2.2\program\soffice.exe
c:\program files\OpenOffice.org 2.2\program\soffice.BIN
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-08-22 23:46:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-22 21:46
ComboFix2.txt 2011-08-22 12:25
.
Před spuštěním: Volných bajtů: 13 640 785 920
Po spuštění: Volných bajtů: 13 690 990 592
.
Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 2416ED01EF5F560007ED93BE56410CCF
Nahr nˇ probŘhlo ŁspŘçnŘ

Jak je na tom PC?

VIRY.CZ

FB virus-dobrý den-posílám LOG děkuji

FB virus-dobrý den-posílám LOG děkuji

Re: FB virus-dobrý den-posílám LOG děkuji

Re: FB virus-dobrý den-posílám LOG děkuji

posílám sken

Re: FB virus-dobrý den-posílám LOG děkuji

Re: FB virus-dobrý den-posílám LOG děkuji

Re: FB virus-dobrý den-posílám LOG děkuji