VIRY.CZ

Dobrý den.

Při startu počítače a při pokusu se dostat do registrů přes příkazový řádek pomocí regedit mi to vyhodí takovou hlášku:
Aplikace nebo knihovna DLL C:\WINDOWS\AUTHZ.dll není platnou bitovou kopií systému Windows. Porovnejte soubor s instalační disketou.

Budu rád za jakékoliv rady. Děkuji.

Zde je log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Bohdan at 2013-01-14 16:54:31
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 10 GB (19%) free of 50 GB
Total RAM: 3581 MB (88% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:54:42, on 14.1.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\logon.scr
C:\Program Files\Mozilla Firefox\firefox.exe
E:\download\sos\RSIT.exe
C:\Program Files\trend micro\Bohdan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://E:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://E:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://E:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://E:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2215208145
O17 - HKLM\System\CCS\Services\Tcpip\..\{80199DE1-90FB-4403-983D-1E7A268052D5}: NameServer = 87.236.198.210,213.151.89.89,81.0.217.1,80.250.5.161,87.236.198.211
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Windows Logon (winlogon) - Unknown owner - C:\WINDOWS\services.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: Windows Update (wupdmgr) - Unknown owner - C:\WINDOWS\services.exe

--
End of file - 4502 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Bohdan\Data aplikací\Mozilla\Firefox\Profiles\yb4j8dch.default

prefs.js - "browser.startup.homepage" - "http://seznam.cz/"
prefs.js - "extensions.enabledItems" - "{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.27"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.146 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIBitCometAgent.xpt

C:\Program Files\Mozilla Firefox\plugins\
npBitCometAgent.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Bohdan\Data aplikací\Mozilla\Firefox\Profiles\yb4j8dch.default\extensions\
{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - E:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll [2009-07-16 664888]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-10-30 4297136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CesarFTP\Server.exe"="C:\Program Files\CesarFTP\Server.exe:*:Enabled:Server"
"C:\Program Files\CesarFTP\CesarFTP.exe"="C:\Program Files\CesarFTP\CesarFTP.exe:*:Enabled:CesarFTP"
"C:\Documents and Settings\Bohdan\Plocha\servery-hry\AA\AADeployClient.exe"="C:\Documents and Settings\Bohdan\Plocha\servery-hry\AA\AADeployClient.exe:*:Enabled:AADeployClient"
"C:\Documents and Settings\Bohdan\Plocha\servery-hry\AA\System\Server.exe"="C:\Documents and Settings\Bohdan\Plocha\servery-hry\AA\System\Server.exe:*:Enabled:Server"
"C:\Documents and Settings\Bohdan\Plocha\servery-hry\CS2D\cs2d_dedicated.exe"="C:\Documents and Settings\Bohdan\Plocha\servery-hry\CS2D\cs2d_dedicated.exe:*:Enabled:cs2d_dedicated"
"C:\Documents and Settings\Bohdan\Plocha\servery-hry\CS2D2\cs2d_dedicated.exe"="C:\Documents and Settings\Bohdan\Plocha\servery-hry\CS2D2\cs2d_dedicated.exe:*:Enabled:cs2d_dedicated"
"C:\Program Files\TeamViewer3\TeamViewer.exe"="C:\Program Files\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:iw3mp"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"E:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="E:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Abyss Web Server\abyssws.exe"="C:\Program Files\Abyss Web Server\abyssws.exe:*:Enabled:Abyss Web Server X1"
"E:\Program Files\Teamspeak2_RC2\server_windows.exe"="E:\Program Files\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server"
"C:\Documents and Settings\Bohdan\Plocha\Teamspeak2_RC2\Teamspeak2_RC2\server_windows.exe"="C:\Documents and Settings\Bohdan\Plocha\Teamspeak2_RC2\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare2\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare2\iw3mp.exe:*:Enabled:iw3mp"
"E:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="E:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:iw3mp"
"E:\zalohy muj\sdc213\StrongDC.exe"="E:\zalohy muj\sdc213\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Documents and Settings\Bohdan\Plocha\servery-hry\tmn\TrackmaniaServer.exe"="C:\Documents and Settings\Bohdan\Plocha\servery-hry\tmn\TrackmaniaServer.exe:*:Enabled:TrackmaniaServer"
"E:\Program Files\BitComet\BitComet.exe"="E:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe"
"C:\PHP\php.exe"="C:\PHP\php.exe:*:Enabled:CLI"
"C:\Program Files\Activision\Modern Warfare 2\iw4.exe"="C:\Program Files\Activision\Modern Warfare 2\iw4.exe:*:Enabled:iw4"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"E:\Program Files\Activision\cod4\iw3mp.exe"="E:\Program Files\Activision\cod4\iw3mp.exe:*:Enabled:iw3mp"
"E:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="E:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"E:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="E:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"C:\Documents and Settings\Bohdan\Plocha\COD2 origo\CoD2MP_s.exe"="C:\Documents and Settings\Bohdan\Plocha\COD2 origo\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"E:\Program Files\Activision\Kopie - Call of Duty - World at War\CoDWaWmp.exe"="E:\Program Files\Activision\Kopie - Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R): World at War Multiplayer"
"C:\Program Files\VertrigoServ\Apache\bin\v_apache.exe"="C:\Program Files\VertrigoServ\Apache\bin\v_apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\VertrigoServ\Mysql\bin\v_mysqld.exe"="C:\Program Files\VertrigoServ\Mysql\bin\v_mysqld.exe:*:Enabled:v_mysqld"
"C:\WINDOWS\winlogon.exe"="C:\WINDOWS\winlogon.exe:*:Enabled:winlogon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm

======List of files/folders created in the last 1 month======

2013-01-14 16:54:31 ----D---- C:\rsit
2013-01-14 16:54:31 ----D---- C:\Program Files\trend micro
2013-01-13 16:47:56 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2013-01-13 16:47:56 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2013-01-13 16:47:55 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2013-01-13 16:47:55 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2013-01-13 16:47:55 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2013-01-13 16:47:55 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2013-01-13 16:47:55 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2013-01-13 16:47:55 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2013-01-13 16:47:42 ----A---- C:\WINDOWS\system32\aswBoot.exe
2013-01-13 16:47:42 ----A---- C:\WINDOWS\avastSS.scr
2013-01-13 16:47:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2013-01-13 16:47:27 ----D---- C:\Program Files\AVAST Software
2013-01-13 15:49:08 ----A---- C:\WINDOWS\system32\drivers\revoflt.sys
2013-01-13 15:49:05 ----D---- C:\Program Files\VS Revo Group
2013-01-10 13:56:38 ----D---- C:\WINDOWS\Cache
2013-01-10 13:56:38 ----D---- C:\WINDOWS\apps
2013-01-10 13:56:38 ----A---- C:\WINDOWS\zlib1.dll
2013-01-10 13:56:38 ----A---- C:\WINDOWS\wupdmgr.exe
2013-01-10 13:56:38 ----A---- C:\WINDOWS\wpdmtp.dll
2013-01-10 13:56:37 ----D---- C:\WINDOWS\dlimagecache
2013-01-10 13:56:37 ----A---- C:\WINDOWS\winlogon.dll
2013-01-10 13:56:37 ----A---- C:\WINDOWS\ssleay32.dll
2013-01-10 13:56:37 ----A---- C:\WINDOWS\services.exe
2013-01-10 13:56:37 ----A---- C:\WINDOWS\msimsg.dll
2013-01-10 13:56:37 ----A---- C:\WINDOWS\libeay32.dll
2013-01-10 13:56:37 ----A---- C:\WINDOWS\ils.dll
2013-01-10 13:56:37 ----A---- C:\WINDOWS\icardres.dll
2013-01-10 13:56:37 ----A---- C:\WINDOWS\dht_feed.dll
2013-01-10 13:56:37 ----A---- C:\WINDOWS\cryptnet.dll
2013-01-10 13:56:37 ----A---- C:\WINDOWS\cpwmon2k.dll
2013-01-10 13:56:37 ----A---- C:\WINDOWS\cic.dll
2013-01-10 13:56:37 ----A---- C:\WINDOWS\avwav.dll
2013-01-10 13:56:37 ----A---- C:\WINDOWS\authz.dll
2013-01-10 03:01:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2757638$
2012-12-22 09:49:42 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-12-22 03:00:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2753842-v2$

======List of files/folders modified in the last 1 month======

2013-01-14 16:54:31 ----RD---- C:\Program Files
2013-01-14 16:54:24 ----D---- C:\WINDOWS\Prefetch
2013-01-14 16:53:48 ----D---- C:\Program Files\Mozilla Firefox
2013-01-14 16:47:00 ----D---- C:\WINDOWS\Temp
2013-01-14 11:43:38 ----D---- C:\WINDOWS\system32
2013-01-14 11:43:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-01-14 11:35:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-01-13 20:24:43 ----D---- C:\WINDOWS
2013-01-13 16:57:03 ----SHD---- C:\WINDOWS\Installer
2013-01-13 16:48:44 ----D---- C:\Program Files\Google
2013-01-13 16:47:58 ----SD---- C:\WINDOWS\Tasks
2013-01-13 16:47:56 ----D---- C:\WINDOWS\system32\drivers
2013-01-13 16:47:51 ----D---- C:\WINDOWS\WinSxS
2013-01-13 16:47:51 ----D---- C:\Config.Msi
2013-01-13 16:04:50 ----SHD---- C:\WINDOWS\CSC
2013-01-13 15:49:09 ----HD---- C:\WINDOWS\inf
2013-01-13 14:09:32 ----D---- C:\WINDOWS\system32\DirectX
2013-01-13 14:09:08 ----RSD---- C:\WINDOWS\assembly
2013-01-13 14:03:54 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2013-01-13 14:03:46 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2013-01-13 14:03:45 ----A---- C:\WINDOWS\system32\pbsvc.exe
2013-01-11 15:03:52 ----A---- C:\WINDOWS\wincmd.ini
2013-01-11 14:39:21 ----D---- C:\WINDOWS\Debug
2013-01-10 20:50:22 ----D---- C:\BigBrotherBot
2013-01-10 14:19:31 ----SHD---- C:\System Volume Information
2013-01-10 03:09:08 ----D---- C:\WINDOWS\Microsoft.NET
2013-01-10 03:01:59 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-01-10 03:00:16 ----A---- C:\WINDOWS\system32\MRT.exe
2013-01-09 19:01:31 ----HD---- C:\WINDOWS\$hf_mig$
2013-01-04 20:24:04 ----D---- C:\WINDOWS\system32\CatRoot2
2012-12-21 16:59:28 ----A---- C:\WINDOWS\WORDPAD.INI
2012-12-16 13:23:59 ----A---- C:\WINDOWS\system32\atmfd.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel RAID Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2008-11-03 304920]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-10-30 25256]
R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\AswRdr.sys [2012-10-30 35928]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-10-30 738504]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-10-30 361032]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-10-30 54232]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2011-03-07 218688]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-10-30 21256]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-10-30 97608]
R3 E1000;Intel(R) PRO/1000 Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2007-03-25 171416]
R3 G200e;G200e; C:\WINDOWS\system32\DRIVERS\G200em.sys [2007-04-13 201600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-06-19 255896]
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 Revoflt;Revoflt; C:\WINDOWS\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-30 44808]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2013-01-13 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2013-01-13 107832]
R2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2004-06-15 380928]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-13 136176]
S2 NOD32FiXTemDono;Eset Nod32 Boot; C:\WINDOWS\system32\regedt32.exe [2008-04-14 3584]
S2 winlogon;Windows Logon; C:\WINDOWS\services.exe [2011-06-05 110592]
S2 wupdmgr;Windows Update; C:\WINDOWS\services.exe [2011-06-05 110592]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-13 136176]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-07 129976]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Zdravím!
Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Zde je log ComboFix:

ComboFix 13-01-14.01 - Bohdan 14.01.2013 18:51:02.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3581.3203 [GMT 1:00]
Spuštěný z: c:\documents and settings\Bohdan\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\cic.dll
c:\windows\dht_feed.dll
c:\windows\ils.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WINLOGON
-------\Service_winlogon
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-14 do 2013-01-14 )))))))))))))))))))))))))))))))
.
.
2013-01-14 15:54 . 2013-01-14 15:54 -------- d-----w- C:\rsit
2013-01-14 15:54 . 2013-01-14 15:54 -------- d-----w- c:\program files\trend micro
2013-01-13 15:47 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-01-13 15:47 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-01-13 15:47 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-01-13 15:47 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-01-13 15:47 . 2012-10-30 22:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-01-13 15:47 . 2012-10-30 22:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2013-01-13 15:47 . 2012-10-30 22:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2013-01-13 15:47 . 2012-10-30 22:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2013-01-13 15:47 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2013-01-13 15:47 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2013-01-13 15:47 . 2013-01-13 15:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2013-01-13 15:47 . 2013-01-13 15:47 -------- d-----w- c:\program files\AVAST Software
2013-01-13 14:49 . 2013-01-13 14:49 -------- d-----w- c:\documents and settings\Bohdan\Local Settings\Data aplikací\VS Revo Group
2013-01-13 14:49 . 2009-12-30 10:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2013-01-13 14:49 . 2013-01-13 14:49 -------- d-----w- c:\program files\VS Revo Group
2012-12-22 08:49 . 2013-01-13 15:35 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-22 08:49 . 2013-01-13 15:35 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-13 13:04 . 2011-04-26 15:11 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-01-13 13:04 . 2011-04-22 21:49 22328 ----a-w- c:\documents and settings\Bohdan\Data aplikací\PnkBstrK.sys
2013-01-13 13:03 . 2011-04-22 21:49 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-01-13 13:03 . 2011-04-22 21:49 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2013-01-13 13:03 . 2011-04-22 21:49 682280 ----a-w- c:\windows\system32\pbsvc.exe
2012-12-16 12:23 . 2008-04-14 11:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 11:55 . 2008-04-14 11:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:00 . 2008-04-14 11:00 1371648 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:03 . 2008-04-14 11:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-10-31 11:32 . 2008-04-14 11:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-10-31 11:32 . 2008-04-14 11:00 668160 ----a-w- c:\windows\system32\wininet.dll
2012-10-31 11:32 . 2008-04-14 11:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-10-31 11:29 . 2008-04-14 11:00 370176 ----a-w- c:\windows\system32\html.iec
2012-07-07 20:20 . 2012-07-07 20:20 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-04-24 . A1E5F364CBF3DFD4CA276774E29DF896 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2011-04-24 . A1E5F364CBF3DFD4CA276774E29DF896 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
.
.
[-] 2008-11-03 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
c:\windows\System32\ksuser.dll ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CesarFTP\\Server.exe"=
"c:\\Program Files\\CesarFTP\\CesarFTP.exe"=
"e:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Abyss Web Server\\abyssws.exe"=
"e:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"e:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"e:\\zalohy muj\\sdc213\\StrongDC.exe"=
"e:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\Activision\\cod4\\iw3mp.exe"=
"e:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"e:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Documents and Settings\\Bohdan\\Plocha\\COD2 origo\\CoD2MP_s.exe"=
"c:\\Program Files\\VertrigoServ\\Apache\\bin\\v_apache.exe"=
"c:\\Program Files\\VertrigoServ\\Mysql\\bin\\v_mysqld.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"21:TCP"= 21:TCP:FTP
"2048:TCP"= 2048:TCP:FTP2
"28960:TCP"= 28960:TCP:cod
"22763:TCP"= 22763:TCP:BitComet 22763 TCP
"22763:UDP"= 22763:UDP:BitComet 22763 UDP
"5900:TCP"= 5900:TCP:VNC
"28911:TCP"= 28911:TCP:pokus
"28911:UDP"= 28911:UDP:pokus1
"28960:UDP"= 28960:UDP:pokus2
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [13.1.2013 16:47 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13.1.2013 16:47 361032]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [7.3.2011 17:29 218688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13.1.2013 16:47 21256]
R2 wupdmgr;Windows Update;c:\windows\services.exe [10.1.2013 13:56 110592]
R3 G200e;G200e;c:\windows\system32\drivers\G200em.sys [12.3.2008 1:29 201600]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [14.4.2008 12:00 3584]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [13.1.2013 15:49 27064]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-13 15:48 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-01-14 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-01-13 22:50]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-13 15:47]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-13 15:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: Stáhnout odkaz s použitím BitCometu - e:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - e:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - e:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: Interfaces\{80199DE1-90FB-4403-983D-1E7A268052D5}: NameServer = 87.236.198.210,213.151.89.89,81.0.217.1,80.250.5.161,87.236.198.211
FF - ProfilePath - c:\documents and settings\Bohdan\Data aplikací\Mozilla\Firefox\Profiles\yb4j8dch.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - ExtSQL: 2013-01-13 16:48; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-14 19:00
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\windows\wupdmgr.exe
c:\windows\system32\rdpclip.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2013-01-14 19:01:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-01-14 18:01
.
Před spuštěním: Volných bajtů: 10 045 243 392
Po spuštění: 9 910 915 072
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - EF2D486E683E083B97937F1E3B46CCE9

Zdravim a pekny vecer preji

Omlouvam se kolegovi za vstup

Zabalte mi prosim slozku c:\qoobox a uploadnete na LP http://leteckaposta.cz/

Chci zjistit jestli tam CF naaahodou nemaze legitimni sluzbu systemu, nebo je to jen haveti stejne pojmenovana sluzba

Diiiky

Bohužel nejde mi to zabalit odepírámi to přístup.

Ale vyřešil jsem to takto máte ji zde: http://89.187.135.147/Qoobox

OK, diky, proberu to s kolegou...

Omlouvam se za zdrzeni reseni

S kolegou jsem to probral, je to v poradku

jen poprosim, vlezte do slozky c:\qoobox a zabalte cely obcas krom slozky BackEnv - ta dela problemy...cely rar pak nekam hodte

A neznate kde jste se takhle nakazil??

Dobrý den.

Zde je zabalená ta složka bez backenv.

http://89.187.135.147/Qoobox.rar

Bohužel nevím kde jsem se takto nakazil. Ten počítač je využíván jako serverovna takže je možné cokoliv.

OK, diky...z me strany je to tedy vse, dale se Vam bude venovat kolega Rudy

Ještě dočistíme. Odtud: http://www.dll-files.com/dllindex/dll-f ... tml?ksuser stáhněte knihovnu ksuser.dll. Je zabalena v zipu. Rozbalte ji na plochu. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Driver::
NOD32FiXTemDono

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"28960:TCP"=-
"22763:TCP"=-
"22763:UDP"=-
"28911:TCP"=-
"28911:TCP"=-
"28960:UDP"=-

FCopy::
c:\documents and settings\Bohdan\Plocha\ksuser.dll | c:\windows\System32\ksuser.dll

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Zde je log ComboFix:

ComboFix 13-01-15.02 - Bohdan 16.01.2013 14:56:00.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3581.3115 [GMT 1:00]
Spuštěný z: c:\documents and settings\Bohdan\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Bohdan\Plocha\CFscript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\msmqinst.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\services.exe
c:\windows\system32\OLD12.tmp
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\winlogon.dll
c:\windows\wupdmgr.exe
.
.
--------------- FCopy ---------------
.
c:\documents and settings\Bohdan\Plocha\ksuser.dll --> c:\windows\System32\ksuser.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NOD32FiXTemDono
-------\Legacy_wupdmgr
-------\Service_wupdmgr
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-16 do 2013-01-16 )))))))))))))))))))))))))))))))
.
.
2013-01-16 13:56 . 2008-04-14 07:51 4096 -c--a-w- c:\windows\system32\dllcache\ksuser.dll
2013-01-16 13:56 . 2008-04-14 07:51 4096 ----a-w- c:\windows\system32\ksuser.dll
2013-01-14 15:54 . 2013-01-14 15:54 -------- d-----w- C:\rsit
2013-01-14 15:54 . 2013-01-14 15:54 -------- d-----w- c:\program files\trend micro
2013-01-13 15:47 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-01-13 15:47 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-01-13 15:47 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-01-13 15:47 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-01-13 15:47 . 2012-10-30 22:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-01-13 15:47 . 2012-10-30 22:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2013-01-13 15:47 . 2012-10-30 22:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2013-01-13 15:47 . 2012-10-30 22:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2013-01-13 15:47 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2013-01-13 15:47 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2013-01-13 15:47 . 2013-01-13 15:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2013-01-13 15:47 . 2013-01-13 15:47 -------- d-----w- c:\program files\AVAST Software
2013-01-13 14:49 . 2013-01-13 14:49 -------- d-----w- c:\documents and settings\Bohdan\Local Settings\Data aplikací\VS Revo Group
2013-01-13 14:49 . 2009-12-30 10:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2013-01-13 14:49 . 2013-01-13 14:49 -------- d-----w- c:\program files\VS Revo Group
2012-12-22 08:49 . 2013-01-13 15:35 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-22 08:49 . 2013-01-13 15:35 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-13 13:04 . 2011-04-26 15:11 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-01-13 13:04 . 2011-04-22 21:49 22328 ----a-w- c:\documents and settings\Bohdan\Data aplikací\PnkBstrK.sys
2013-01-13 13:03 . 2011-04-22 21:49 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-01-13 13:03 . 2011-04-22 21:49 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2013-01-13 13:03 . 2011-04-22 21:49 682280 ----a-w- c:\windows\system32\pbsvc.exe
2012-12-16 12:23 . 2008-04-14 11:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 11:55 . 2008-04-14 11:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:00 . 2008-04-14 11:00 1371648 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:03 . 2008-04-14 11:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-10-31 11:32 . 2008-04-14 11:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-10-31 11:32 . 2008-04-14 11:00 668160 ----a-w- c:\windows\system32\wininet.dll
2012-10-31 11:32 . 2008-04-14 11:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-10-31 11:29 . 2008-04-14 11:00 370176 ----a-w- c:\windows\system32\html.iec
2012-07-07 20:20 . 2012-07-07 20:20 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-04-24 . A1E5F364CBF3DFD4CA276774E29DF896 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2011-04-24 . A1E5F364CBF3DFD4CA276774E29DF896 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
.
[-] 2008-11-03 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CesarFTP\\Server.exe"=
"c:\\Program Files\\CesarFTP\\CesarFTP.exe"=
"e:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Abyss Web Server\\abyssws.exe"=
"e:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"e:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"e:\\zalohy muj\\sdc213\\StrongDC.exe"=
"e:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\Activision\\cod4\\iw3mp.exe"=
"e:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"e:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Documents and Settings\\Bohdan\\Plocha\\COD2 origo\\CoD2MP_s.exe"=
"c:\\Program Files\\VertrigoServ\\Apache\\bin\\v_apache.exe"=
"c:\\Program Files\\VertrigoServ\\Mysql\\bin\\v_mysqld.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"21:TCP"= 21:TCP:FTP
"2048:TCP"= 2048:TCP:FTP2
"5900:TCP"= 5900:TCP:VNC
"28911:UDP"= 28911:UDP:pokus1
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [13.1.2013 16:47 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13.1.2013 16:47 361032]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [7.3.2011 17:29 218688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13.1.2013 16:47 21256]
R3 G200e;G200e;c:\windows\system32\drivers\G200em.sys [12.3.2008 1:29 201600]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [13.1.2013 15:49 27064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-13 15:48 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-01-16 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-01-13 22:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: Stáhnout odkaz s použitím BitCometu - e:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - e:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - e:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: Interfaces\{80199DE1-90FB-4403-983D-1E7A268052D5}: NameServer = 87.236.198.210,213.151.89.89,81.0.217.1,80.250.5.161,87.236.198.211
FF - ProfilePath - c:\documents and settings\Bohdan\Data aplikací\Mozilla\Firefox\Profiles\yb4j8dch.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - ExtSQL: 2013-01-13 16:48; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-16 15:06
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\windows\system32\rdpclip.exe
c:\windows\system32\wscntfy.exe
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2013-01-16 15:07:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-01-16 14:07
ComboFix2.txt 2013-01-14 18:01
.
Před spuštěním: 9 764 491 264
Po spuštění: 9 530 961 920
.
- - End Of File - - 96D0316CC4EDB05C24E762C229186D2B

Log již vypadá čistý. Nastala nějaká změna?

Pokud problém nepominul, stáhněte odtud knihovnu authz.dll: http://www.dll-files.com/dllindex/dll-files.shtml?authz . Rozbalte na plochu a nakopírujte do adresáře c:\windows\System32.

Změna nenastala musel jsem tedy stáhnout authz.dll a nakopíroval jsem ho c:\windows\System32
Pak jsem zkusil příkaz ke spustění registrů regedit a háže to zas jinou chybu.

Vstupní bod procedury _except_handler4_common se nepodařilo v dynamicky propojované knihovně msvcrt.dll nalézt.

Spusťte znovu ComboFix tímto skriptem:

File::
C:\WINDOWS\authz.dll

Reboot::

VIRY.CZ

Problém s AUTHZ.dll

Problém s AUTHZ.dll

Re: Problém s AUTHZ.dll

Re: Problém s AUTHZ.dll

Re: Problém s AUTHZ.dll

Re: Problém s AUTHZ.dll

Re: Problém s AUTHZ.dll

Re: Problém s AUTHZ.dll

Re: Problém s AUTHZ.dll

Re: Problém s AUTHZ.dll

Re: Problém s AUTHZ.dll

Re: Problém s AUTHZ.dll

Re: Problém s AUTHZ.dll

Re: Problém s AUTHZ.dll

Re: Problém s AUTHZ.dll

Re: Problém s AUTHZ.dll