VIRY.CZ

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:19:29, on 31.8.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Dokumenty\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll
O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
O2 - BHO: uTorrentControl_v2 - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTo0.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: BS Player - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_0.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_0.dll
O3 - Toolbar: Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
O3 - Toolbar: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTo0.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Windows System Controler] c:\windows\nvsvc32.exe
O4 - HKLM\..\Run: [Windows Message System] c:\windows\smss.exe
O4 - HKLM\..\Run: [WindowsUpdate] C:\Documents and Settings\Dell\Data aplikací\msconfig.exe
O4 - HKLM\..\Run: [msnmsgr.exe] C:\Documents and Settings\Dell\Data aplikací\054911334.exe
O4 - HKLM\..\Run: [svhost.exe] "C:\Documents and Settings\Dell\Data aplikací\svhost.exe"
O4 - HKLM\..\Run: [HKLM] C:\WINDOWS\winr\64bit.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\winr\64bit.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe

--
End of file - 7059 bytes

Jakou chybu systém vypíše?

Po zapnutí počítače, se spustí program "Live Security Platinum" a začne skenovat systém a nejde nic spustit.

Aha. V nouz. režimu dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

ComboFix 12-08-31.03 - Administrator 01.09.2012 1:40.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1015.794 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Dokumenty\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Data aplikací\6F638BFE00081459896717707B07D329\6F638BFE00081459896717707B07D329.exe
c:\documents and settings\Dell\Ganja10.exe
c:\documents and settings\Dell\Ganja104.exe
c:\documents and settings\Dell\Ganja110.exe
c:\documents and settings\Dell\Ganja112.exe
c:\documents and settings\Dell\Ganja116.exe
c:\documents and settings\Dell\Ganja12.exe
c:\documents and settings\Dell\Ganja121.exe
c:\documents and settings\Dell\Ganja122.exe
c:\documents and settings\Dell\Ganja123.exe
c:\documents and settings\Dell\Ganja125.exe
c:\documents and settings\Dell\Ganja136.exe
c:\documents and settings\Dell\Ganja137.exe
c:\documents and settings\Dell\Ganja139.exe
c:\documents and settings\Dell\Ganja142.exe
c:\documents and settings\Dell\Ganja150.exe
c:\documents and settings\Dell\Ganja151.exe
c:\documents and settings\Dell\Ganja153.exe
c:\documents and settings\Dell\Ganja16.exe
c:\documents and settings\Dell\Ganja166.exe
c:\documents and settings\Dell\Ganja17.exe
c:\documents and settings\Dell\Ganja171.exe
c:\documents and settings\Dell\Ganja175.exe
c:\documents and settings\Dell\Ganja176.exe
c:\documents and settings\Dell\Ganja177.exe
c:\documents and settings\Dell\Ganja182.exe
c:\documents and settings\Dell\Ganja183.exe
c:\documents and settings\Dell\Ganja188.exe
c:\documents and settings\Dell\Ganja189.exe
c:\documents and settings\Dell\Ganja19.exe
c:\documents and settings\Dell\Ganja194.exe
c:\documents and settings\Dell\Ganja195.exe
c:\documents and settings\Dell\Ganja20.exe
c:\documents and settings\Dell\Ganja21.exe
c:\documents and settings\Dell\Ganja23.exe
c:\documents and settings\Dell\Ganja30.exe
c:\documents and settings\Dell\Ganja34.exe
c:\documents and settings\Dell\Ganja36.exe
c:\documents and settings\Dell\Ganja4.exe
c:\documents and settings\Dell\Ganja40.exe
c:\documents and settings\Dell\Ganja45.exe
c:\documents and settings\Dell\Ganja51.exe
c:\documents and settings\Dell\Ganja52.exe
c:\documents and settings\Dell\Ganja61.exe
c:\documents and settings\Dell\Ganja68.exe
c:\documents and settings\Dell\Ganja69.exe
c:\documents and settings\Dell\Ganja7.exe
c:\documents and settings\Dell\Ganja70.exe
c:\documents and settings\Dell\Ganja79.exe
c:\documents and settings\Dell\Ganja8.exe
c:\documents and settings\Dell\Ganja84.exe
c:\documents and settings\Dell\Ganja85.exe
c:\documents and settings\Dell\Ganja89.exe
c:\documents and settings\Dell\Ganja99.exe
c:\documents and settings\Dell\Plocha\Internet Explorer.lnk
c:\program files\Incredibar.com
c:\program files\Incredibar.com\incredibar\1.5.11.14\bh\inCRedibar.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibar.crx
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
c:\program files\Web Assistant\ExTEnsion32.dll
c:\windows\34.exe
c:\windows\4.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-28 do 2012-08-31 )))))))))))))))))))))))))))))))
.
.
2012-08-31 22:31 . 2012-08-31 22:31 -------- d-----w- c:\windows\Sun
2012-08-31 18:14 . 2012-08-31 18:16 -------- d-----w- c:\documents and settings\Administrator
2012-08-31 17:52 . 2012-08-31 23:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\6F638BFE00081459896717707B07D329
2012-08-31 17:39 . 2012-08-31 17:39 -------- d-----w- c:\program files\Games
2012-08-31 17:29 . 2012-08-31 17:29 -------- d-----w- c:\documents and settings\Dell\Local Settings\Data aplikací\Google
2012-08-31 17:29 . 2012-08-31 17:29 -------- d-----w- c:\documents and settings\Dell\Local Settings\Data aplikací\CRE
2012-08-31 17:28 . 2012-08-31 17:28 -------- d-----w- c:\documents and settings\Dell\Local Settings\Data aplikací\uTorrentControl_v2
2012-08-31 17:28 . 2012-08-31 17:28 -------- d-----w- c:\program files\uTorrent
2012-08-31 17:25 . 2012-08-31 17:25 -------- d-----w- c:\windows\winr
2012-08-31 16:15 . 2012-08-31 16:15 -------- d-----w- C:\Free Solitaire 3D
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 13:58 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2012-03-22 16:34 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:38 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:38 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:38 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-06-05 15:49 . 2008-04-14 12:00 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-04-14 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-05-06 20:28 . 2012-04-12 13:10 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentControl_v2\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2011-05-09 09:49 176936 ----a-w- c:\program files\BS_Player\prxtbBS_0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\prxtbBS_0.dll" [2011-05-09 176936]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files\uTorrentControl_v2\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"WindowsUpdate"= c:\documents and settings\Dell\Data aplikací\msconfig.exe
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2010 13:47 94872]
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 15:04 115008]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.1.2011 16:41 810144]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3.5.2012 8:31 158856]
S2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [3.6.2012 7:24 185856]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [16.12.2007 14:24 88192]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6.5.2012 22:28 129976]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - APPMGMT
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 10.50.54.1 81.92.155.4 81.92.158.236
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\ri7jwrqs.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-Windows System Controler - c:\windows\nvsvc32.exe
HKLM-Run-Windows Message System - c:\windows\smss.exe
HKU-Default-Run-svhost.exe - c:\documents and settings\Dell\Data aplikací\svhost.exe
AddRemove-Fotosizer - c:\documents and settings\Dell\Plocha\Fotosizer\uninst.exe
AddRemove-incredibar - c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-01 01:43
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-484763869-1957994488-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1f,2e,cb,12,24,08,79,46,be,03,c5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1f,2e,cb,12,24,08,79,46,be,03,c5,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\netprovcredman.dll
.
Celkový čas: 2012-09-01 01:45:08
ComboFix-quarantined-files.txt 2012-08-31 23:45
.
Před spuštěním: Volných bajtů: 69 726 318 592
Po spuštění: Volných bajtů: 70 007 902 208
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 1E99CC70EBCB63FAEA78D4E6281A4FAB
http://1.5.11.14/
1.5.11.14

Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Folder::
c:\program files\uTorrentControl_v2

File::
c:\program files\BS_Player\prxtbBS_0.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
[-HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[-HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]

RegLock::
[HKEY_USERS\S-1-5-21-484763869-1957994488-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

ComboFix 12-08-31.08 - Administrator 01.09.2012 14:31:38.3.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1015.830 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
FILE ::
"c:\program files\BS_Player\prxtbBS_0.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\BS_Player\prxtbBS_0.dll
c:\program files\uTorrentControl_v2
c:\program files\uTorrentControl_v2\GottenAppsContextMenu.xml
c:\program files\uTorrentControl_v2\ldrtbuTor.dll
c:\program files\uTorrentControl_v2\OtherAppsContextMenu.xml
c:\program files\uTorrentControl_v2\prxtbuTo0.dll
c:\program files\uTorrentControl_v2\prxtbuTor.dll
c:\program files\uTorrentControl_v2\SharedAppsContextMenu.xml
c:\program files\uTorrentControl_v2\tbuTor.dll
c:\program files\uTorrentControl_v2\toolbar.cfg
c:\program files\uTorrentControl_v2\ToolbarContextMenu.xml
c:\program files\uTorrentControl_v2\uninstall.exe
c:\program files\uTorrentControl_v2\uTorrentControl_v2ToolbarHelper.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-01 do 2012-09-01 )))))))))))))))))))))))))))))))
.
.
2012-09-01 07:27 . 2012-09-01 07:27 -------- d-----w- c:\documents and settings\Dell\Local Settings\Data aplikací\Opera
2012-09-01 07:27 . 2012-09-01 07:27 -------- d-----w- c:\program files\Opera
2012-08-31 22:31 . 2012-08-31 22:31 -------- d-----w- c:\windows\Sun
2012-08-31 18:14 . 2012-08-31 18:16 -------- d-----w- c:\documents and settings\Administrator
2012-08-31 18:07 . 2012-08-31 18:07 667680 ----a-w- c:\documents and settings\Dell\Data aplikací\B.exe
2012-08-31 18:07 . 2012-08-31 18:07 667680 ----a-w- c:\documents and settings\Dell\Data aplikací\9.exe
2012-08-31 17:52 . 2012-08-31 23:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\6F638BFE00081459896717707B07D329
2012-08-31 17:39 . 2012-08-31 17:39 -------- d-----w- c:\program files\Games
2012-08-31 17:31 . 2012-08-31 17:31 667680 ----a-w- c:\documents and settings\Dell\Data aplikací\2E0.exe
2012-08-31 17:31 . 2012-08-31 17:31 667680 ----a-w- c:\documents and settings\Dell\Data aplikací\2D8.exe
2012-08-31 17:29 . 2012-08-31 17:29 -------- d-----w- c:\documents and settings\Dell\Local Settings\Data aplikací\Google
2012-08-31 17:29 . 2012-08-31 17:29 -------- d-----w- c:\documents and settings\Dell\Local Settings\Data aplikací\CRE
2012-08-31 17:28 . 2012-09-01 04:17 -------- d-----w- c:\documents and settings\Dell\Local Settings\Data aplikací\uTorrentControl_v2
2012-08-31 17:28 . 2012-08-31 17:28 -------- d-----w- c:\program files\uTorrent
2012-08-31 17:27 . 2012-08-31 17:55 -------- d-----w- c:\documents and settings\Dell\Data aplikací\uTorrent
2012-08-31 17:25 . 2012-08-31 17:25 -------- d-----w- c:\windows\winr
2012-08-31 16:15 . 2012-08-31 16:15 -------- d-----w- C:\Free Solitaire 3D
2012-08-30 22:17 . 2012-08-30 22:17 48052 ----a-w- c:\documents and settings\Dell\Data aplikací\8E7.exe
2012-08-30 22:17 . 2012-08-30 22:17 39424 ----a-w- c:\documents and settings\Dell\Data aplikací\8E6.exe
2012-08-30 21:44 . 2012-08-30 21:44 48052 ----a-w- c:\documents and settings\Dell\Data aplikací\7B.exe
2012-08-30 21:44 . 2012-08-30 21:44 39424 ----a-w- c:\documents and settings\Dell\Data aplikací\7A.exe
2012-08-30 21:44 . 2012-08-30 21:44 30208 ---ha-w- c:\documents and settings\Dell\Data aplikací\nar.exe
2012-08-30 21:44 . 2012-08-30 21:44 93184 --sh--r- c:\documents and settings\Dell\Data aplikací\5952672610640.exe
2012-08-30 21:44 . 2012-08-30 21:44 96256 --sh--r- c:\documents and settings\Dell\Data aplikací\1979325921559.exe
2012-08-30 21:44 . 2012-08-30 21:44 48052 --sh--r- c:\documents and settings\Dell\Data aplikací\170993064521673.exe
2012-08-30 21:44 . 2012-08-30 21:44 30208 --sh--r- c:\documents and settings\Dell\Data aplikací\46501623716621.exe
2012-08-30 21:11 . 2012-08-30 21:11 48052 ----a-w- c:\documents and settings\Dell\Data aplikací\160.exe
2012-08-30 21:11 . 2012-08-30 21:11 39424 ----a-w- c:\documents and settings\Dell\Data aplikací\159.exe
2012-08-30 20:38 . 2012-08-31 17:27 667680 ---ha-w- c:\documents and settings\Dell\Data aplikací\ms.exe
2012-08-30 20:32 . 2012-08-30 20:32 48052 ----a-w- c:\documents and settings\Dell\Data aplikací\54.exe
2012-08-30 20:31 . 2012-08-30 20:31 4088 ----a-w- c:\documents and settings\Dell\Data aplikací\53.exe
2012-08-30 05:36 . 2012-08-30 05:36 48052 ----a-w- c:\documents and settings\Dell\Data aplikací\4.exe
2012-08-30 05:23 . 2012-08-30 05:23 48052 ----a-w- c:\documents and settings\Dell\Data aplikací\5.exe
2012-08-30 03:07 . 2012-08-30 03:07 48052 ----a-w- c:\documents and settings\Dell\Data aplikací\2C3.exe
2012-08-30 01:36 . 2012-08-30 01:36 96256 --sh--r- c:\documents and settings\Dell\Data aplikací\1786156559901.exe
2012-08-30 01:23 . 2012-08-30 01:24 22528 ---ha-w- c:\documents and settings\Dell\Data aplikací\r.exe
2012-08-30 00:57 . 2012-08-30 00:57 48052 ----a-w- c:\documents and settings\Dell\Data aplikací\EF.exe
2012-08-30 00:40 . 2012-08-30 00:40 48052 ----a-w- c:\documents and settings\Dell\Data aplikací\6.exe
2012-08-29 23:34 . 2012-08-30 21:44 39424 ---ha-w- c:\documents and settings\Dell\Data aplikací\tec.exe
2012-08-29 23:34 . 2012-08-30 21:44 48052 ---ha-w- c:\documents and settings\Dell\Data aplikací\xx.exe
2012-08-29 23:22 . 2012-08-29 23:22 48052 ----a-w- c:\documents and settings\Dell\Data aplikací\BCE.exe
2012-08-29 23:22 . 2012-08-30 21:48 39424 --sh--r- c:\documents and settings\Dell\Data aplikací\svhost.exe
2012-08-29 23:18 . 2012-08-29 23:18 93184 --sh--r- c:\documents and settings\Dell\Data aplikací\054911334.exe
2012-08-29 23:18 . 2012-08-29 23:18 30208 --sh--r- c:\documents and settings\Dell\Data aplikací\msconfig.exe
2012-08-29 21:33 . 2012-08-29 21:33 93184 --sh--r- c:\documents and settings\Dell\Data aplikací\464409577.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 13:58 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2012-03-22 16:34 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:38 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:38 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:38 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-06-05 15:49 . 2008-04-14 12:00 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-04-14 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-05-06 20:28 . 2012-04-12 13:10 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-31_23.43.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-09-01 12:36 . 2012-09-01 12:36 16384 c:\windows\temp\Perflib_Perfdata_228.dat
- 2008-04-14 12:00 . 2012-08-31 16:45 40326 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2012-09-01 08:18 40326 c:\windows\system32\perfc009.dat
- 2008-04-14 12:00 . 2012-08-31 16:45 46394 c:\windows\system32\perfc005.dat
+ 2008-04-14 12:00 . 2012-09-01 08:18 46394 c:\windows\system32\perfc005.dat
- 2008-04-14 12:00 . 2012-08-31 16:45 311938 c:\windows\system32\perfh009.dat
+ 2008-04-14 12:00 . 2012-09-01 08:18 311938 c:\windows\system32\perfh009.dat
+ 2008-04-14 12:00 . 2012-09-01 08:18 310228 c:\windows\system32\perfh005.dat
- 2008-04-14 12:00 . 2012-08-31 16:45 310228 c:\windows\system32\perfh005.dat
+ 2012-09-01 07:27 . 2012-09-01 07:27 1828352 c:\windows\Installer\11e37b.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr.exe"="c:\documents and settings\Dell\Data aplikací\054911334.exe" [2012-08-29 93184]
"Windows Message System"="c:\windows\smss.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"msnmsgr.exe"="c:\documents and settings\Dell\Data aplikací\054911334.exe" [2012-08-29 93184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"WindowsUpdate"= c:\documents and settings\Dell\Data aplikací\msconfig.exe
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 15:04 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2010 13:47 94872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.1.2011 16:41 810144]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [3.6.2012 7:24 185856]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [16.12.2007 14:24 88192]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3.5.2012 8:31 158856]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6.5.2012 22:28 129976]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3220468
TCP: DhcpNameServer = 192.168.1.1 213.46.172.36
FF - ProfilePath - c:\documents and settings\Dell\Data aplikací\Mozilla\Firefox\Profiles\oygxbh36.default\
FF - prefs.js: browser.search.selectedEngine - uTorrentControl_v2 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8uQzb4jI&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 8cf9b9d400000000000000166fad3f54
FF - user.js: extensions.incredibar_i.instlDay - 15494
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.147:25
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8uQzb4jI
FF - user.js: extensions.incredibar_i.upn2n - 92824469956215214
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-Windows System Controler - c:\windows\nvsvc32.exe
HKCU-Run-Windows Message System - c:\windows\smss.exe
AddRemove-uTorrentControl_v2 Toolbar - c:\program files\uTorrentControl_v2\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-01 14:37
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Kfpkpu = c:\documents and settings\Dell\Data aplikac?\Kfpkpu.exe
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kfpkpu"="c:\\Documents and Settings\\Dell\\Data aplikací\\Kfpkpu.exe"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1236)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Intel\WiFi\bin\WLKeeper.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2012-09-01 14:41:28 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-09-01 12:41
ComboFix2.txt 2012-09-01 08:05
ComboFix3.txt 2012-08-31 23:45
.
Před spuštěním: Volných bajtů: 69 933 883 392
Po spuštění: Volných bajtů: 69 915 201 536
.
- - End Of File - - 295CED966DA3BC7F452EF9CAF1A0DCF2

Počítač je zaneřáděn nějakým virem. Namítkou tento soubor: c:\documents and settings\Dell\Data aplikací\160.exe otestujte online na www.virustotal.com .

Jak to tu vypadá?

VIRY.CZ

Prosím o kontrolu logu. V normální režimu nejdou žádné progr

Prosím o kontrolu logu. V normální režimu nejdou žádné progr

Re: Prosím o kontrolu logu. V normální režimu nejdou žádné p

Re: Prosím o kontrolu logu. V normální režimu nejdou žádné p

Re: Prosím o kontrolu logu. V normální režimu nejdou žádné p

Re: Prosím o kontrolu logu. V normální režimu nejdou žádné p

Re: Prosím o kontrolu logu. V normální režimu nejdou žádné p

Re: Prosím o kontrolu logu. V normální režimu nejdou žádné p

Re: Prosím o kontrolu logu. V normální režimu nejdou žádné p

Re: Prosím o kontrolu logu. V normální režimu nejdou žádné p