Začervený PC
Napsal: 20 led 2010 22:05
Dobrý večer. Mám zavirovaný PC. Žádám Vás o pomoc. Posílám logy z GMER, GMER 2 a ComboFix. Log z OTL.txt je tak strašně dlouhý, že mi ho jaksi nechce fórum přijmout. Obsahuje asi 130 000 znaků.
GMER log po spuštění programu:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-20 21:38:03
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Macasovi\LOCALS~1\Temp\kxtdypow.sys
---- System - GMER 1.0.15 ----
Code \??\C:\DOCUME~1\Macasovi\LOCALS~1\Temp\catchme.sys pIofCallDriver
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
---- Threads - GMER 1.0.15 ----
Thread System [4:360] 81541930
---- EOF - GMER 1.0.15 ----
GMER log:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-20 21:51:45
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Macasovi\LOCALS~1\Temp\kxtdypow.sys
---- System - GMER 1.0.15 ----
SSDT 815438A0 ZwAssignProcessToJobObject
SSDT 81542CB0 ZwOpenProcess
SSDT 815430D0 ZwOpenThread
SSDT 815436D0 ZwSuspendProcess
SSDT 815434F0 ZwSuspendThread
SSDT 81542EE0 ZwTerminateProcess
SSDT 81543310 ZwTerminateThread
Code \??\C:\DOCUME~1\Macasovi\LOCALS~1\Temp\catchme.sys pIofCallDriver
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF94E7360, 0x1DE5ED, 0xE8000020]
? C:\DOCUME~1\Macasovi\LOCALS~1\Temp\catchme.sys Systém nemůže nalézt uvedený soubor. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Systém nemůže nalézt uvedený soubor. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2004] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 00]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 15, 00]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 15, 00]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 15, 00]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F29C
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 15, 00]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 15, 00]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 15, 00]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F330
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 15, 00]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F4BD
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 15, 00]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 15, 00]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 15, 00]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 15, 00]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 15, 00]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F29C
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 15, 00]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 15, 00]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 15, 00]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F330
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 15, 00]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F4BD
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 15, 00]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 15, 00]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
---- Threads - GMER 1.0.15 ----
Thread System [4:360] 81541930
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6C 0xC7 0x18 0xB2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x23 0x1B 0x75 0xBA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7D 0xDE 0xE4 0xB5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6C 0xC7 0x18 0xB2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x23 0x1B 0x75 0xBA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7D 0xDE 0xE4 0xB5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\vqzjwltr@DisplayName Config Support
Reg HKLM\SYSTEM\ControlSet002\Services\vqzjwltr@Type 32
Reg HKLM\SYSTEM\ControlSet002\Services\vqzjwltr@Start 2
Reg HKLM\SYSTEM\ControlSet002\Services\vqzjwltr@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\vqzjwltr@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\vqzjwltr@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\vqzjwltr@Description Poskytuje mapova? koncov?ch bod? a r?zn? dal?? slu?by RPC.
Reg HKLM\SYSTEM\ControlSet002\Services\vqzjwltr\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\vqzjwltr\Parameters@ServiceDll C:\WINDOWS\system32\uphql.dll
---- EOF - GMER 1.0.15 ----
ComboFix log:
ComboFix 10-01-19.08 - Macasovi 20.01.2010 21:15:19.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.255.100 [GMT 1:00]
Spuštěný z: c:\documents and settings\Macasovi\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Macasovi\LOCALS~1\Temp\install_flash_player.exe
c:\windows\logfile32.txt
c:\windows\system32\ieuinit.inf
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-20 do 2010-01-20 )))))))))))))))))))))))))))))))
.
2010-01-20 19:13 . 2010-01-20 19:36 16896 ----a-w- C:\sdsd.exe
2010-01-20 19:12 . 2005-02-25 03:34 22752 ----a-w- c:\windows\system32\spupdsvc.exe
2010-01-20 19:12 . 2010-01-20 19:12 -------- d--h--w- c:\windows\$hf_mig$
2010-01-20 19:05 . 2010-01-20 19:04 75264 --sh--r- c:\windows\win7.exe
2010-01-20 19:04 . 2010-01-20 19:04 75264 ----a-w- c:\windows\system32\55.scr
2010-01-20 18:56 . 2010-01-20 18:56 306432 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-01-20 18:56 . 2007-12-20 09:41 29440 ----a-w- c:\windows\system32\uxtuneup.dll
2010-01-20 18:56 . 2010-01-20 18:56 -------- d-----w- c:\program files\TuneUp Utilities 2008
2010-01-20 18:54 . 2010-01-20 18:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-20 18:19 . 2010-01-20 18:19 34563 ----a-w- c:\windows\system32\71.scr
2010-01-19 16:15 . 2001-08-17 20:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2010-01-19 15:39 . 2006-05-03 21:53 174592 ----a-w- c:\windows\system32\framedyn.dll
2010-01-19 15:39 . 2003-02-21 17:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-01-19 15:38 . 2010-01-19 15:39 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2010-01-19 15:38 . 2006-07-24 15:05 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-01-19 15:37 . 2010-01-19 15:37 -------- d-----w- c:\program files\Samsung
2010-01-18 17:06 . 2010-01-19 10:50 -------- d-----w- c:\windows\nview
2010-01-18 17:06 . 2005-08-02 15:35 176128 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-18 17:05 . 2010-01-18 17:05 -------- d-----w- C:\NVIDIA
2010-01-18 16:47 . 2010-01-18 16:47 -------- d-----w- c:\program files\ESET
2010-01-18 16:41 . 2003-06-18 16:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-01-18 16:41 . 2003-06-18 16:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2010-01-18 16:40 . 2010-01-18 16:40 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-01-18 16:39 . 2010-01-18 16:40 -------- d-----w- c:\windows\SHELLNEW
2010-01-18 16:30 . 2010-01-18 16:36 -------- d-----w- c:\program files\DAEMON Tools Pro
2010-01-18 16:28 . 2010-01-18 16:28 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-18 13:45 . 2010-01-18 13:45 -------- d-----w- c:\program files\ICQ6Toolbar
2010-01-18 13:45 . 2010-01-19 15:37 -------- d--h--w- c:\program files\InstallShield Installation Information
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-18 17:05 . 2010-01-17 13:40 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-17 19:07 . 2010-01-17 13:25 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-17 19:07 . 2010-01-17 13:25 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-01-17 19:04 . 2010-01-17 13:25 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-01-17 13:55 . 2010-01-17 13:55 -------- d-----w- c:\program files\uTorrent
2010-01-17 13:46 . 2010-01-17 13:46 -------- d-----w- c:\program files\VIA Technologies, INC
2010-01-17 13:38 . 2001-10-25 14:00 46016 ----a-w- c:\windows\system32\perfc005.dat
2010-01-17 13:38 . 2001-10-25 14:00 309716 ----a-w- c:\windows\system32\perfh005.dat
2010-01-17 13:28 . 2010-01-17 13:28 -------- d-----w- c:\program files\microsoft frontpage
2010-01-17 13:20 . 2010-01-17 13:20 21812 ----a-w- c:\windows\system32\emptyregdb.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\System32\\55.scr"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3580:TCP"= 3580:TCP:dyxyad
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11.9.2009 7:23 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [11.9.2009 7:26 96408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11.9.2009 7:24 735960]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.1.2010 17:28 685816]
S2 vqzjwltr;Config Support;c:\windows\system32\svchost.exe -k netsvcs [17.8.2004 14:49 14336]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
vqzjwltr
.
Obsah adresáře 'Naplánované úlohy'
2010-01-20 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 14:17]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-20 21:19
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vqzjwltr]
"ServiceDll"="c:\windows\system32\uphql.dll"
.
Celkový čas: 2010-01-20 21:21:58
ComboFix-quarantined-files.txt 2010-01-20 20:21
Před spuštěním: 881 205 248
Po spuštění: 862 154 752
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - EC4EF2AACF08AFEB8D506B3D2645A124
Děkuji mnohokrát!
GMER log po spuštění programu:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-20 21:38:03
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Macasovi\LOCALS~1\Temp\kxtdypow.sys
---- System - GMER 1.0.15 ----
Code \??\C:\DOCUME~1\Macasovi\LOCALS~1\Temp\catchme.sys pIofCallDriver
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
---- Threads - GMER 1.0.15 ----
Thread System [4:360] 81541930
---- EOF - GMER 1.0.15 ----
GMER log:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-20 21:51:45
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Macasovi\LOCALS~1\Temp\kxtdypow.sys
---- System - GMER 1.0.15 ----
SSDT 815438A0 ZwAssignProcessToJobObject
SSDT 81542CB0 ZwOpenProcess
SSDT 815430D0 ZwOpenThread
SSDT 815436D0 ZwSuspendProcess
SSDT 815434F0 ZwSuspendThread
SSDT 81542EE0 ZwTerminateProcess
SSDT 81543310 ZwTerminateThread
Code \??\C:\DOCUME~1\Macasovi\LOCALS~1\Temp\catchme.sys pIofCallDriver
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF94E7360, 0x1DE5ED, 0xE8000020]
? C:\DOCUME~1\Macasovi\LOCALS~1\Temp\catchme.sys Systém nemůže nalézt uvedený soubor. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Systém nemůže nalézt uvedený soubor. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2004] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 00]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 15, 00]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 15, 00]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 15, 00]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F29C
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 15, 00]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 15, 00]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 15, 00]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F330
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 15, 00]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F4BD
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 15, 00]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 15, 00]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2516] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 15, 00]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 15, 00]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 15, 00]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F29C
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 15, 00]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 15, 00]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 15, 00]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F330
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 15, 00]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F4BD
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 15, 00]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 15, 00]
.text C:\Documents and Settings\Macasovi\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
---- Threads - GMER 1.0.15 ----
Thread System [4:360] 81541930
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6C 0xC7 0x18 0xB2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x23 0x1B 0x75 0xBA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7D 0xDE 0xE4 0xB5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6C 0xC7 0x18 0xB2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x23 0x1B 0x75 0xBA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7D 0xDE 0xE4 0xB5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\vqzjwltr@DisplayName Config Support
Reg HKLM\SYSTEM\ControlSet002\Services\vqzjwltr@Type 32
Reg HKLM\SYSTEM\ControlSet002\Services\vqzjwltr@Start 2
Reg HKLM\SYSTEM\ControlSet002\Services\vqzjwltr@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\vqzjwltr@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\vqzjwltr@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\vqzjwltr@Description Poskytuje mapova? koncov?ch bod? a r?zn? dal?? slu?by RPC.
Reg HKLM\SYSTEM\ControlSet002\Services\vqzjwltr\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\vqzjwltr\Parameters@ServiceDll C:\WINDOWS\system32\uphql.dll
---- EOF - GMER 1.0.15 ----
ComboFix log:
ComboFix 10-01-19.08 - Macasovi 20.01.2010 21:15:19.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.255.100 [GMT 1:00]
Spuštěný z: c:\documents and settings\Macasovi\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Macasovi\LOCALS~1\Temp\install_flash_player.exe
c:\windows\logfile32.txt
c:\windows\system32\ieuinit.inf
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-20 do 2010-01-20 )))))))))))))))))))))))))))))))
.
2010-01-20 19:13 . 2010-01-20 19:36 16896 ----a-w- C:\sdsd.exe
2010-01-20 19:12 . 2005-02-25 03:34 22752 ----a-w- c:\windows\system32\spupdsvc.exe
2010-01-20 19:12 . 2010-01-20 19:12 -------- d--h--w- c:\windows\$hf_mig$
2010-01-20 19:05 . 2010-01-20 19:04 75264 --sh--r- c:\windows\win7.exe
2010-01-20 19:04 . 2010-01-20 19:04 75264 ----a-w- c:\windows\system32\55.scr
2010-01-20 18:56 . 2010-01-20 18:56 306432 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-01-20 18:56 . 2007-12-20 09:41 29440 ----a-w- c:\windows\system32\uxtuneup.dll
2010-01-20 18:56 . 2010-01-20 18:56 -------- d-----w- c:\program files\TuneUp Utilities 2008
2010-01-20 18:54 . 2010-01-20 18:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-20 18:19 . 2010-01-20 18:19 34563 ----a-w- c:\windows\system32\71.scr
2010-01-19 16:15 . 2001-08-17 20:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2010-01-19 15:39 . 2006-05-03 21:53 174592 ----a-w- c:\windows\system32\framedyn.dll
2010-01-19 15:39 . 2003-02-21 17:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-01-19 15:38 . 2010-01-19 15:39 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2010-01-19 15:38 . 2006-07-24 15:05 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-01-19 15:37 . 2010-01-19 15:37 -------- d-----w- c:\program files\Samsung
2010-01-18 17:06 . 2010-01-19 10:50 -------- d-----w- c:\windows\nview
2010-01-18 17:06 . 2005-08-02 15:35 176128 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-18 17:05 . 2010-01-18 17:05 -------- d-----w- C:\NVIDIA
2010-01-18 16:47 . 2010-01-18 16:47 -------- d-----w- c:\program files\ESET
2010-01-18 16:41 . 2003-06-18 16:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-01-18 16:41 . 2003-06-18 16:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2010-01-18 16:40 . 2010-01-18 16:40 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-01-18 16:39 . 2010-01-18 16:40 -------- d-----w- c:\windows\SHELLNEW
2010-01-18 16:30 . 2010-01-18 16:36 -------- d-----w- c:\program files\DAEMON Tools Pro
2010-01-18 16:28 . 2010-01-18 16:28 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-18 13:45 . 2010-01-18 13:45 -------- d-----w- c:\program files\ICQ6Toolbar
2010-01-18 13:45 . 2010-01-19 15:37 -------- d--h--w- c:\program files\InstallShield Installation Information
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-18 17:05 . 2010-01-17 13:40 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-17 19:07 . 2010-01-17 13:25 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-17 19:07 . 2010-01-17 13:25 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-01-17 19:04 . 2010-01-17 13:25 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-01-17 13:55 . 2010-01-17 13:55 -------- d-----w- c:\program files\uTorrent
2010-01-17 13:46 . 2010-01-17 13:46 -------- d-----w- c:\program files\VIA Technologies, INC
2010-01-17 13:38 . 2001-10-25 14:00 46016 ----a-w- c:\windows\system32\perfc005.dat
2010-01-17 13:38 . 2001-10-25 14:00 309716 ----a-w- c:\windows\system32\perfh005.dat
2010-01-17 13:28 . 2010-01-17 13:28 -------- d-----w- c:\program files\microsoft frontpage
2010-01-17 13:20 . 2010-01-17 13:20 21812 ----a-w- c:\windows\system32\emptyregdb.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\System32\\55.scr"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3580:TCP"= 3580:TCP:dyxyad
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11.9.2009 7:23 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [11.9.2009 7:26 96408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11.9.2009 7:24 735960]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.1.2010 17:28 685816]
S2 vqzjwltr;Config Support;c:\windows\system32\svchost.exe -k netsvcs [17.8.2004 14:49 14336]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
vqzjwltr
.
Obsah adresáře 'Naplánované úlohy'
2010-01-20 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 14:17]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-20 21:19
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vqzjwltr]
"ServiceDll"="c:\windows\system32\uphql.dll"
.
Celkový čas: 2010-01-20 21:21:58
ComboFix-quarantined-files.txt 2010-01-20 20:21
Před spuštěním: 881 205 248
Po spuštění: 862 154 752
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - EC4EF2AACF08AFEB8D506B3D2645A124
Děkuji mnohokrát!