Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Preventivka = podozrenie na nieco nekale
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Preventivka = podozrenie na nieco nekale
Ahojte, skusime tento log
Logfile of random's system information tool 1.08 (written by random/random)
Run by ada at 2010-12-12 22:16:42
Microsoft Windows 7 Home Premium
System drive C: has 2 GB (10%) free of 18 GB
Total RAM: 3071 MB (66% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:17:02, on 12. 12. 2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Users\ada\AppData\Roaming\wjlky.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Users\ada\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
D:\LimeWire\LimeWire.exe
C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\ada\Downloads\RSIT.exe
C:\Program Files\trend micro\ada.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.1\youtubedownloaderToolbarIE.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
O2 - BHO: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.1\youtubedownloaderToolbarIE.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll
O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.1\youtubedownloaderToolbarIE.dll
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\ada\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: LimeWire On Startup.lnk = D:\LimeWire\LimeWire.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\ICQ7.2\ICQ.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9EB0721-00A9-4705-967B-BB224F53679D}: NameServer = 213.151.200.31 213.151.208.162
O20 - AppInit_DLLs: C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
--
End of file - 6390 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-888288195-3430977384-1261427866-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-888288195-3430977384-1261427866-1001UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
UrlHelper Class - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll [2010-09-07 585096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}]
MediaBar - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll [2009-11-20 87472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-18 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
YouTube Downloader Toolbar - C:\Program Files\YouTube Downloader Toolbar\IE\4.1\youtubedownloaderToolbarIE.dll [2010-10-22 726016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-03-28 1017592]
{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - MediaBar - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll [2009-11-20 87472]
{F3FEE66E-E034-436a-86E4-9690573BEE8A} - YouTube Downloader Toolbar - C:\Program Files\YouTube Downloader Toolbar\IE\4.1\youtubedownloaderToolbarIE.dll [2010-10-22 726016]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2008-12-03 218408]
"avast!"=C:\Program Files\Alwil Software\Avast4\ashDisp.exe [2009-11-25 81000]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"DATAMNGR"=C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE [2010-09-07 972720]
""= []
"SearchSettings"=C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2010-10-22 524288]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\ada\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-03 136176]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []
"Pando Media Booster"=C:\Program Files\Pando Networks\Media Booster\PMB.exe [2010-09-15 2969496]
C:\Users\ada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
LimeWire On Startup.lnk - D:\LimeWire\LimeWire.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-12-12 22:16:43 ----D---- C:\Program Files\trend micro
2010-12-12 22:16:42 ----D---- C:\rsit
2010-12-02 20:42:27 ----D---- C:\Users\ada\AppData\Roaming\uTorrent
2010-12-02 16:20:36 ----A---- C:\Windows\iPlayer.INI
2010-12-02 16:19:58 ----D---- C:\Program Files\InterActual
2010-12-01 20:25:36 ----A---- C:\Users\ada\AppData\Roaming\wjlky.exe
======List of files/folders modified in the last 1 months======
2010-12-12 22:16:54 ----D---- C:\Windows\Prefetch
2010-12-12 22:16:49 ----D---- C:\Windows\Temp
2010-12-12 22:16:43 ----RD---- C:\Program Files
2010-12-12 22:16:40 ----D---- C:\Windows\System32
2010-12-12 22:16:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-12 22:16:39 ----D---- C:\Windows\inf
2010-12-12 22:13:13 ----D---- C:\Users\ada\AppData\Roaming\LimeWire
2010-12-12 22:12:15 ----D---- C:\Windows\system32\drivers
2010-12-04 20:34:19 ----D---- C:\Windows\system32\config
2010-12-04 20:33:35 ----SHD---- C:\System Volume Information
2010-12-02 22:37:07 ----D---- C:\Windows
2010-12-01 20:25:36 ----D---- C:\Windows\system32\Tasks
2010-11-29 13:39:58 ----D---- C:\Windows\system32\catroot2
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-07-13 1096704]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-13 347264]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 12032]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-07-14 84992]
R3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-09-10 102912]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys [2009-07-24 101248]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-10-22 386560]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-06-07 129640]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-22 136120]
-----------------EOF-----------------
Logfile of random's system information tool 1.08 (written by random/random)
Run by ada at 2010-12-12 22:16:42
Microsoft Windows 7 Home Premium
System drive C: has 2 GB (10%) free of 18 GB
Total RAM: 3071 MB (66% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:17:02, on 12. 12. 2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Users\ada\AppData\Roaming\wjlky.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Users\ada\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
D:\LimeWire\LimeWire.exe
C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\ada\Downloads\RSIT.exe
C:\Program Files\trend micro\ada.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.1\youtubedownloaderToolbarIE.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
O2 - BHO: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.1\youtubedownloaderToolbarIE.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll
O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.1\youtubedownloaderToolbarIE.dll
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\ada\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: LimeWire On Startup.lnk = D:\LimeWire\LimeWire.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\ICQ7.2\ICQ.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9EB0721-00A9-4705-967B-BB224F53679D}: NameServer = 213.151.200.31 213.151.208.162
O20 - AppInit_DLLs: C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
--
End of file - 6390 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-888288195-3430977384-1261427866-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-888288195-3430977384-1261427866-1001UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
UrlHelper Class - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll [2010-09-07 585096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}]
MediaBar - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll [2009-11-20 87472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-18 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
YouTube Downloader Toolbar - C:\Program Files\YouTube Downloader Toolbar\IE\4.1\youtubedownloaderToolbarIE.dll [2010-10-22 726016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-03-28 1017592]
{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - MediaBar - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll [2009-11-20 87472]
{F3FEE66E-E034-436a-86E4-9690573BEE8A} - YouTube Downloader Toolbar - C:\Program Files\YouTube Downloader Toolbar\IE\4.1\youtubedownloaderToolbarIE.dll [2010-10-22 726016]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2008-12-03 218408]
"avast!"=C:\Program Files\Alwil Software\Avast4\ashDisp.exe [2009-11-25 81000]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"DATAMNGR"=C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE [2010-09-07 972720]
""= []
"SearchSettings"=C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2010-10-22 524288]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\ada\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-03 136176]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []
"Pando Media Booster"=C:\Program Files\Pando Networks\Media Booster\PMB.exe [2010-09-15 2969496]
C:\Users\ada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
LimeWire On Startup.lnk - D:\LimeWire\LimeWire.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-12-12 22:16:43 ----D---- C:\Program Files\trend micro
2010-12-12 22:16:42 ----D---- C:\rsit
2010-12-02 20:42:27 ----D---- C:\Users\ada\AppData\Roaming\uTorrent
2010-12-02 16:20:36 ----A---- C:\Windows\iPlayer.INI
2010-12-02 16:19:58 ----D---- C:\Program Files\InterActual
2010-12-01 20:25:36 ----A---- C:\Users\ada\AppData\Roaming\wjlky.exe
======List of files/folders modified in the last 1 months======
2010-12-12 22:16:54 ----D---- C:\Windows\Prefetch
2010-12-12 22:16:49 ----D---- C:\Windows\Temp
2010-12-12 22:16:43 ----RD---- C:\Program Files
2010-12-12 22:16:40 ----D---- C:\Windows\System32
2010-12-12 22:16:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-12 22:16:39 ----D---- C:\Windows\inf
2010-12-12 22:13:13 ----D---- C:\Users\ada\AppData\Roaming\LimeWire
2010-12-12 22:12:15 ----D---- C:\Windows\system32\drivers
2010-12-04 20:34:19 ----D---- C:\Windows\system32\config
2010-12-04 20:33:35 ----SHD---- C:\System Volume Information
2010-12-02 22:37:07 ----D---- C:\Windows
2010-12-01 20:25:36 ----D---- C:\Windows\system32\Tasks
2010-11-29 13:39:58 ----D---- C:\Windows\system32\catroot2
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-07-13 1096704]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-13 347264]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 12032]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-07-14 84992]
R3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-09-10 102912]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys [2009-07-24 101248]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-10-22 386560]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-06-07 129640]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-22 136120]
-----------------EOF-----------------
Re: Preventivka = podozrenie na nieco nekale
Zdravim a pekny vecer\noc preji
Co ze log neni v interni sekci Navody mam psane ve vykani, tak se neleknout
Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy. Ten ICQ Toolbar dokaze delat silene veci s PC
No havet tam je Pustime CF a uvidime co vse najde
PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Co ze log neni v interni sekci Navody mam psane ve vykani, tak se neleknout
Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy. Ten ICQ Toolbar dokaze delat silene veci s PC
No havet tam je Pustime CF a uvidime co vse najde
PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
Re: Preventivka = podozrenie na nieco nekale
Dakujem za pozornost, je to dcerina masina. Nemam uz taku istotu ako za starych cias.
Prikladam log z GMER:
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-12 22:48:43
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 FUJITSU_MHZ2320BH_G2 rev.8909
Running: o73kr0kt.exe; Driver: C:\Users\ada\AppData\Local\Temp\uwldrpog.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A54579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A78F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- User code sections - GMER 1.0.15 ----
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtCreateFile + 6 77324A16 4 Bytes [28, 00, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtCreateFile + B 77324A1B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtMapViewOfSection + 6 77325076 1 Byte [28]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtMapViewOfSection + 6 77325076 4 Bytes [28, 03, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtMapViewOfSection + B 7732507B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtOpenFile + 6 77325126 4 Bytes [68, 00, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtOpenFile + B 7732512B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtOpenProcess + 6 773251D6 4 Bytes [A8, 01, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtOpenProcess + B 773251DB 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtOpenProcessToken + 6 773251E6 4 Bytes CALL 763268EC C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtOpenProcessToken + B 773251EB 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtOpenProcessTokenEx + 6 773251F6 4 Bytes [A8, 02, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtOpenProcessTokenEx + B 773251FB 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtOpenThread + 6 77325256 4 Bytes [68, 01, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtOpenThread + B 7732525B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtOpenThreadToken + 6 77325266 4 Bytes [68, 02, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtOpenThreadToken + B 7732526B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtOpenThreadTokenEx + 6 77325276 4 Bytes CALL 7632697D C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtOpenThreadTokenEx + B 7732527B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtQueryAttributesFile + 6 77325386 4 Bytes [A8, 00, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtQueryAttributesFile + B 7732538B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtQueryFullAttributesFile + 6 77325436 4 Bytes CALL 76326B3B C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtQueryFullAttributesFile + B 7732543B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtSetInformationFile + 6 77325A86 4 Bytes [28, 01, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtSetInformationFile + B 77325A8B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtSetInformationThread + 6 77325AE6 4 Bytes [28, 02, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtSetInformationThread + B 77325AEB 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtUnmapViewOfSection + 6 77325E06 1 Byte [68]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtUnmapViewOfSection + 6 77325E06 4 Bytes [68, 03, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtUnmapViewOfSection + B 77325E0B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtCreateFile + 6 77324A16 4 Bytes [28, 00, 27, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtCreateFile + B 77324A1B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtMapViewOfSection + 6 77325076 1 Byte [28]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtMapViewOfSection + 6 77325076 4 Bytes [28, 03, 27, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtMapViewOfSection + B 7732507B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenFile + 6 77325126 4 Bytes [68, 00, 27, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenFile + B 7732512B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenProcess + 6 773251D6 4 Bytes [A8, 01, 27, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenProcess + B 773251DB 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenProcessToken + 6 773251E6 4 Bytes CALL 763278EC C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenProcessToken + B 773251EB 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenProcessTokenEx + 6 773251F6 4 Bytes [A8, 02, 27, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenProcessTokenEx + B 773251FB 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenThread + 6 77325256 4 Bytes [68, 01, 27, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenThread + B 7732525B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenThreadToken + 6 77325266 4 Bytes [68, 02, 27, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenThreadToken + B 7732526B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenThreadTokenEx + 6 77325276 4 Bytes CALL 7632797D C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenThreadTokenEx + B 7732527B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtQueryAttributesFile + 6 77325386 4 Bytes [A8, 00, 27, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtQueryAttributesFile + B 7732538B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtQueryFullAttributesFile + 6 77325436 4 Bytes CALL 76327B3B C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtQueryFullAttributesFile + B 7732543B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtSetInformationFile + 6 77325A86 4 Bytes [28, 01, 27, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtSetInformationFile + B 77325A8B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtSetInformationThread + 6 77325AE6 4 Bytes [28, 02, 27, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtSetInformationThread + B 77325AEB 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtUnmapViewOfSection + 6 77325E06 1 Byte [68]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtUnmapViewOfSection + 6 77325E06 4 Bytes [68, 03, 27, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtUnmapViewOfSection + B 77325E0B 1 Byte [E2]
.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[3340] kernel32.dll!SetUnhandledExceptionFilter 76473142 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtCreateFile + 6 77324A16 4 Bytes [28, 00, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtCreateFile + B 77324A1B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtMapViewOfSection + 6 77325076 1 Byte [28]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtMapViewOfSection + 6 77325076 4 Bytes [28, 03, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtMapViewOfSection + B 7732507B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenFile + 6 77325126 4 Bytes [68, 00, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenFile + B 7732512B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenProcess + 6 773251D6 4 Bytes [A8, 01, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenProcess + B 773251DB 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenProcessToken + 6 773251E6 4 Bytes CALL 763268EC C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenProcessToken + B 773251EB 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenProcessTokenEx + 6 773251F6 4 Bytes [A8, 02, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenProcessTokenEx + B 773251FB 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenThread + 6 77325256 4 Bytes [68, 01, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenThread + B 7732525B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenThreadToken + 6 77325266 4 Bytes [68, 02, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenThreadToken + B 7732526B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenThreadTokenEx + 6 77325276 4 Bytes CALL 7632697D C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenThreadTokenEx + B 7732527B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtQueryAttributesFile + 6 77325386 4 Bytes [A8, 00, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtQueryAttributesFile + B 7732538B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtQueryFullAttributesFile + 6 77325436 4 Bytes CALL 76326B3B C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtQueryFullAttributesFile + B 7732543B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtSetInformationFile + 6 77325A86 4 Bytes [28, 01, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtSetInformationFile + B 77325A8B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtSetInformationThread + 6 77325AE6 4 Bytes [28, 02, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtSetInformationThread + B 77325AEB 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtUnmapViewOfSection + 6 77325E06 1 Byte [68]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtUnmapViewOfSection + 6 77325E06 4 Bytes [68, 03, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtUnmapViewOfSection + B 77325E0B 1 Byte [E2]
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000047 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\BTHUSB \Device\00000070 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000072 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0021860069bf
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0021860069bf (not active ControlSet)
---- EOF - GMER 1.0.15 ----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
a idem spustit CF, ak by som sa uz nevratil, CF narazil na problem
Prikladam log z GMER:
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-12 22:48:43
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 FUJITSU_MHZ2320BH_G2 rev.8909
Running: o73kr0kt.exe; Driver: C:\Users\ada\AppData\Local\Temp\uwldrpog.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A54579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A78F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- User code sections - GMER 1.0.15 ----
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtCreateFile + 6 77324A16 4 Bytes [28, 00, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtCreateFile + B 77324A1B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtMapViewOfSection + 6 77325076 1 Byte [28]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtMapViewOfSection + 6 77325076 4 Bytes [28, 03, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtMapViewOfSection + B 7732507B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtOpenFile + 6 77325126 4 Bytes [68, 00, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtOpenFile + B 7732512B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtOpenProcess + 6 773251D6 4 Bytes [A8, 01, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtOpenProcess + B 773251DB 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtOpenProcessToken + 6 773251E6 4 Bytes CALL 763268EC C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtOpenProcessToken + B 773251EB 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtOpenProcessTokenEx + 6 773251F6 4 Bytes [A8, 02, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtOpenProcessTokenEx + B 773251FB 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtOpenThread + 6 77325256 4 Bytes [68, 01, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtOpenThread + B 7732525B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtOpenThreadToken + 6 77325266 4 Bytes [68, 02, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtOpenThreadToken + B 7732526B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtOpenThreadTokenEx + 6 77325276 4 Bytes CALL 7632697D C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtOpenThreadTokenEx + B 7732527B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtQueryAttributesFile + 6 77325386 4 Bytes [A8, 00, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtQueryAttributesFile + B 7732538B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtQueryFullAttributesFile + 6 77325436 4 Bytes CALL 76326B3B C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtQueryFullAttributesFile + B 7732543B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtSetInformationFile + 6 77325A86 4 Bytes [28, 01, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtSetInformationFile + B 77325A8B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtSetInformationThread + 6 77325AE6 4 Bytes [28, 02, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtSetInformationThread + B 77325AEB 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtUnmapViewOfSection + 6 77325E06 1 Byte [68]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtUnmapViewOfSection + 6 77325E06 4 Bytes [68, 03, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[532] ntdll.dll!NtUnmapViewOfSection + B 77325E0B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtCreateFile + 6 77324A16 4 Bytes [28, 00, 27, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtCreateFile + B 77324A1B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtMapViewOfSection + 6 77325076 1 Byte [28]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtMapViewOfSection + 6 77325076 4 Bytes [28, 03, 27, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtMapViewOfSection + B 7732507B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenFile + 6 77325126 4 Bytes [68, 00, 27, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenFile + B 7732512B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenProcess + 6 773251D6 4 Bytes [A8, 01, 27, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenProcess + B 773251DB 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenProcessToken + 6 773251E6 4 Bytes CALL 763278EC C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenProcessToken + B 773251EB 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenProcessTokenEx + 6 773251F6 4 Bytes [A8, 02, 27, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenProcessTokenEx + B 773251FB 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenThread + 6 77325256 4 Bytes [68, 01, 27, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenThread + B 7732525B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenThreadToken + 6 77325266 4 Bytes [68, 02, 27, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenThreadToken + B 7732526B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenThreadTokenEx + 6 77325276 4 Bytes CALL 7632797D C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtOpenThreadTokenEx + B 7732527B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtQueryAttributesFile + 6 77325386 4 Bytes [A8, 00, 27, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtQueryAttributesFile + B 7732538B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtQueryFullAttributesFile + 6 77325436 4 Bytes CALL 76327B3B C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtQueryFullAttributesFile + B 7732543B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtSetInformationFile + 6 77325A86 4 Bytes [28, 01, 27, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtSetInformationFile + B 77325A8B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtSetInformationThread + 6 77325AE6 4 Bytes [28, 02, 27, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtSetInformationThread + B 77325AEB 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtUnmapViewOfSection + 6 77325E06 1 Byte [68]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtUnmapViewOfSection + 6 77325E06 4 Bytes [68, 03, 27, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[2332] ntdll.dll!NtUnmapViewOfSection + B 77325E0B 1 Byte [E2]
.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[3340] kernel32.dll!SetUnhandledExceptionFilter 76473142 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtCreateFile + 6 77324A16 4 Bytes [28, 00, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtCreateFile + B 77324A1B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtMapViewOfSection + 6 77325076 1 Byte [28]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtMapViewOfSection + 6 77325076 4 Bytes [28, 03, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtMapViewOfSection + B 7732507B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenFile + 6 77325126 4 Bytes [68, 00, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenFile + B 7732512B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenProcess + 6 773251D6 4 Bytes [A8, 01, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenProcess + B 773251DB 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenProcessToken + 6 773251E6 4 Bytes CALL 763268EC C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenProcessToken + B 773251EB 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenProcessTokenEx + 6 773251F6 4 Bytes [A8, 02, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenProcessTokenEx + B 773251FB 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenThread + 6 77325256 4 Bytes [68, 01, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenThread + B 7732525B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenThreadToken + 6 77325266 4 Bytes [68, 02, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenThreadToken + B 7732526B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenThreadTokenEx + 6 77325276 4 Bytes CALL 7632697D C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenThreadTokenEx + B 7732527B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtQueryAttributesFile + 6 77325386 4 Bytes [A8, 00, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtQueryAttributesFile + B 7732538B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtQueryFullAttributesFile + 6 77325436 4 Bytes CALL 76326B3B C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtQueryFullAttributesFile + B 7732543B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtSetInformationFile + 6 77325A86 4 Bytes [28, 01, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtSetInformationFile + B 77325A8B 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtSetInformationThread + 6 77325AE6 4 Bytes [28, 02, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtSetInformationThread + B 77325AEB 1 Byte [E2]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtUnmapViewOfSection + 6 77325E06 1 Byte [68]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtUnmapViewOfSection + 6 77325E06 4 Bytes [68, 03, 17, 00]
.text C:\Users\ada\AppData\Local\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtUnmapViewOfSection + B 77325E0B 1 Byte [E2]
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000047 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\BTHUSB \Device\00000070 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000072 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0021860069bf
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0021860069bf (not active ControlSet)
---- EOF - GMER 1.0.15 ----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
a idem spustit CF, ak by som sa uz nevratil, CF narazil na problem
Re: Preventivka = podozrenie na nieco nekale
No pri uvodnim skenu CF vetsinou PC nesunda Gmer vypada zajimave, nejaka take podobne zmaty jako tam vidim dela TDL Rootkit, ale uvidime co CFko najde...Budu tu dneska tak do pulnoci
Re: Preventivka = podozrenie na nieco nekale
Je tam toho dost a mal som podozrenie na rootkity. Zda sa, ze v tomto smere chlapci velky pokrok neurobili. Ale pokracujem pod tvojim dozorom (masina sa musela vychladit, takze problem bude aj so znecistenym HW):
ComboFix 10-12-11.06 - ada . 12. 2010 22:56:53.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.421.1051.18.3071.1932 [GMT 1:00]
Running from: c:\users\ada\Downloads\ComboFix.exe
AV: avast! antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\ada\AppData\Local\Temp\jna7386225364851248341.dll
c:\users\ada\AppData\Roaming\wjlky.exe
c:\windows\Temp\_ex-08.exe
c:\windows\Temp\_ex-68.exe
.
((((((((((((((((((((((((( Files Created from 2010-11-12 to 2010-12-12 )))))))))))))))))))))))))))))))
.
2010-12-12 21:55 . 2010-12-12 21:56 -------- d-----w- C:\32788R22FWJFW
2010-12-12 21:16 . 2010-12-12 21:17 -------- d-----w- c:\program files\trend micro
2010-12-12 21:16 . 2010-12-12 21:17 -------- d-----w- C:\rsit
2010-12-02 19:42 . 2010-12-02 19:42 -------- d-----w- c:\users\ada\AppData\Roaming\uTorrent
2010-12-02 15:19 . 2010-12-02 15:20 -------- d-----w- c:\program files\InterActual
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-30 13:09 . 2010-07-09 19:14 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-09-30 13:09 . 2010-07-09 19:14 458048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-09-24 12:31 . 2010-09-24 12:31 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-09-24 12:31 . 2010-09-24 12:31 458048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\ada\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-07-03 136176]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [BU]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-09-15 2969496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
c:\users\ada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - d:\limewire\LimeWire.exe [2010-7-8 503808]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-07-24 101248]
S1 aswSP;avast! Self Protection; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
Contents of the 'Scheduled Tasks' folder
2010-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-888288195-3430977384-1261427866-1001Core.job
- c:\users\ada\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-03 14:04]
2010-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-888288195-3430977384-1261427866-1001UA.job
- c:\users\ada\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-03 14:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.imesh.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {B9EB0721-00A9-4705-967B-BB224F53679D} = 213.151.200.31 213.151.208.162
.
- - - - ORPHANS REMOVED - - - -
BHO-{474597C5-AB09-49d6-A4D5-2E8D7341384E} - c:\progra~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
AddRemove-Graboid Video - c:\users\ada\Desktop\Graboid\uninst.exe
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\users\ada\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\ada\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\ada\AppData\Local\Google\Chrome\Application\chrome.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2010-12-12 23:13:05 - machine was rebooted
ComboFix-quarantined-files (2).txt 2010-03-21 15:42
ComboFix-quarantined-files.txt 2010-12-12 22:13
Pre-Run: 1 881 948 160 bytes free
Post-Run: 2 443 608 064 bytes free
- - End Of File - - 489CA1982C9998E05AA3BC496AC348BE
ComboFix 10-12-11.06 - ada . 12. 2010 22:56:53.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.421.1051.18.3071.1932 [GMT 1:00]
Running from: c:\users\ada\Downloads\ComboFix.exe
AV: avast! antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\ada\AppData\Local\Temp\jna7386225364851248341.dll
c:\users\ada\AppData\Roaming\wjlky.exe
c:\windows\Temp\_ex-08.exe
c:\windows\Temp\_ex-68.exe
.
((((((((((((((((((((((((( Files Created from 2010-11-12 to 2010-12-12 )))))))))))))))))))))))))))))))
.
2010-12-12 21:55 . 2010-12-12 21:56 -------- d-----w- C:\32788R22FWJFW
2010-12-12 21:16 . 2010-12-12 21:17 -------- d-----w- c:\program files\trend micro
2010-12-12 21:16 . 2010-12-12 21:17 -------- d-----w- C:\rsit
2010-12-02 19:42 . 2010-12-02 19:42 -------- d-----w- c:\users\ada\AppData\Roaming\uTorrent
2010-12-02 15:19 . 2010-12-02 15:20 -------- d-----w- c:\program files\InterActual
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-30 13:09 . 2010-07-09 19:14 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-09-30 13:09 . 2010-07-09 19:14 458048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-09-24 12:31 . 2010-09-24 12:31 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-09-24 12:31 . 2010-09-24 12:31 458048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\ada\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-07-03 136176]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [BU]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-09-15 2969496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
c:\users\ada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - d:\limewire\LimeWire.exe [2010-7-8 503808]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-07-24 101248]
S1 aswSP;avast! Self Protection; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
Contents of the 'Scheduled Tasks' folder
2010-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-888288195-3430977384-1261427866-1001Core.job
- c:\users\ada\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-03 14:04]
2010-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-888288195-3430977384-1261427866-1001UA.job
- c:\users\ada\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-03 14:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.imesh.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {B9EB0721-00A9-4705-967B-BB224F53679D} = 213.151.200.31 213.151.208.162
.
- - - - ORPHANS REMOVED - - - -
BHO-{474597C5-AB09-49d6-A4D5-2E8D7341384E} - c:\progra~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
AddRemove-Graboid Video - c:\users\ada\Desktop\Graboid\uninst.exe
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\users\ada\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\ada\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\ada\AppData\Local\Google\Chrome\Application\chrome.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2010-12-12 23:13:05 - machine was rebooted
ComboFix-quarantined-files (2).txt 2010-03-21 15:42
ComboFix-quarantined-files.txt 2010-12-12 22:13
Pre-Run: 1 881 948 160 bytes free
Post-Run: 2 443 608 064 bytes free
- - End Of File - - 489CA1982C9998E05AA3BC496AC348BE
Re: Preventivka = podozrenie na nieco nekale
Mrknul bych tedy na vetraky a vetraci otvory, pak muzem zmerit teploty pripadne...
Pokud nemate, tak presunte Combofix na plochu
Chybi mi tam mbr, CF jej jaksi neudelal, takze musime sami Rootkity ted CF detekuje velmi kvalitne, radci uz docela hodne vzorku nasbirali s sUBS je zakomponoval do mazani vcetne mbr rootkitu
Stahnete MBR na plochu http://www2.gmer.net/mbr/mbr.exe ale nespoustejte
Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R
Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"=- "EA Core"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UCam_Menu"=- "SunJavaUpdateSched"=- File:: c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-888288195-3430977384-1261427866-1001Core.job c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-888288195-3430977384-1261427866-1001UA.job DDS:: uStart Page = hxxp://search.imesh.com/ uSearchURL,(Default) = hxxp://www.google.com/search?q=%s RegLock:: [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Chybi mi tam mbr, CF jej jaksi neudelal, takze musime sami Rootkity ted CF detekuje velmi kvalitne, radci uz docela hodne vzorku nasbirali s sUBS je zakomponoval do mazani vcetne mbr rootkitu
Stahnete MBR na plochu http://www2.gmer.net/mbr/mbr.exe ale nespoustejte
Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R
- Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
"%userprofile%\Desktop\mbr" -t
- Kliknete na OK
- Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte
Re: Preventivka = podozrenie na nieco nekale
Musim pockat, ten kram je prilis teply. Nieco tam bolo skryte v planovanych ulohach. Na zaver skusime odstranit smejda z Google chrome, lebo Web Search nebude asi default vyhladavac . Maly moment prosim, Este som nevidel posledny vypis z CF a caka ma aj kontrola MBR
Re: Preventivka = podozrenie na nieco nekale
Ja tam podle gmeru
tusim TDL nebo TDS rootkita, tohle obcas dela...mel by ho mbr odhalit...
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A54579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A78F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
Re: Preventivka = podozrenie na nieco nekale
cakam na znizenie teploty,
log CF sa nevytvoril, spustil som znova a znova to mazalo tento kram:
Uvidime po starte. Vsetky zbytocne toolbary odstranene, vsetky hovadiny odinstalovane alebo zmazane aj s klucami.
Nainstalovany Total commander (jak sa v tom mohla dcera orientovat bez TC???)
MBR test je OK
log CF sa nevytvoril, spustil som znova a znova to mazalo tento kram:
Kód: Vybrat vše
c:\users\ada\AppData\Local\Temp\jna7386225364851248341.dll
Nainstalovany Total commander (jak sa v tom mohla dcera orientovat bez TC???)
MBR test je OK
Re: Preventivka = podozrenie na nieco nekale
Mrknul bych na vetraky a ventilatory (cpu, gk, zdroj) jestli nejsou zanesene prachem...
Re: Preventivka = podozrenie na nieco nekale
luxovat masinu budem az cez den
log CF:
ComboFix 10-12-11.06 - ada . 12. 2010 0:06.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.421.1051.18.3071.2220 [GMT 1:00]
Running from: c:\users\ada\Downloads\ComboFix.exe
AV: avast! antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\ada\AppData\Local\Temp\jna934133785480915543.dll
.
---- Previous Run -------
.
c:\users\ada\AppData\Local\Temp\jna5920570766015916177.dll
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-888288195-3430977384-1261427866-1001Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-888288195-3430977384-1261427866-1001UA.job
.
((((((((((((((((((((((((( Files Created from 2010-11-12 to 2010-12-12 )))))))))))))))))))))))))))))))
.
2010-12-12 23:10 . 2010-12-12 23:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-12 22:57 . 2010-12-12 22:57 -------- d-----w- C:\totalcmd
2010-12-12 22:57 . 2010-12-12 22:57 -------- d-----w- c:\users\ada\AppData\Roaming\GHISLER
2010-12-12 22:57 . 2010-11-29 06:56 545 ----a-w- c:\windows\UC.PIF
2010-12-12 22:57 . 2010-11-29 06:56 545 ----a-w- c:\windows\RAR.PIF
2010-12-12 22:57 . 2010-11-29 06:56 545 ----a-w- c:\windows\PKZIP.PIF
2010-12-12 22:57 . 2010-11-29 06:56 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-12-12 22:57 . 2010-11-29 06:56 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-12-12 22:57 . 2010-11-29 06:56 545 ----a-w- c:\windows\LHA.PIF
2010-12-12 22:57 . 2010-11-29 06:56 545 ----a-w- c:\windows\ARJ.PIF
2010-12-12 21:16 . 2010-12-12 21:17 -------- d-----w- c:\program files\trend micro
2010-12-12 21:16 . 2010-12-12 21:17 -------- d-----w- C:\rsit
2010-12-02 19:42 . 2010-12-02 19:42 -------- d-----w- c:\users\ada\AppData\Roaming\uTorrent
2010-12-02 15:19 . 2010-12-02 15:20 -------- d-----w- c:\program files\InterActual
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-30 13:09 . 2010-07-09 19:14 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-09-30 13:09 . 2010-07-09 19:14 458048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-09-24 12:31 . 2010-09-24 12:31 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-09-24 12:31 . 2010-09-24 12:31 458048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]
c:\users\ada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - d:\limewire\LimeWire.exe [2010-7-8 503808]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-07-24 101248]
S1 aswSP;avast! Self Protection; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {B9EB0721-00A9-4705-967B-BB224F53679D} = 213.151.200.31 213.151.208.162
.
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2010-12-13 00:19:49 - machine was rebooted
ComboFix-quarantined-files (2).txt 2010-03-21 15:42
ComboFix-quarantined-files.txt 2010-12-12 23:19
ComboFix2.txt 2010-12-12 22:13
Pre-Run: 2 542 645 248 bytes free
Post-Run: 2 448 756 736 bytes free
- - End Of File - - 31837974ECD781C2FF58BD23A0EAE33F
Ak chces ist spat tak bez problemov, poradim si a napisem sem vysledok. Start masiny sa zrychlil, na portoch ziadna zbytocna komunikacia, mam z toho lepsi pocit.
log CF:
ComboFix 10-12-11.06 - ada . 12. 2010 0:06.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.421.1051.18.3071.2220 [GMT 1:00]
Running from: c:\users\ada\Downloads\ComboFix.exe
AV: avast! antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\ada\AppData\Local\Temp\jna934133785480915543.dll
.
---- Previous Run -------
.
c:\users\ada\AppData\Local\Temp\jna5920570766015916177.dll
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-888288195-3430977384-1261427866-1001Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-888288195-3430977384-1261427866-1001UA.job
.
((((((((((((((((((((((((( Files Created from 2010-11-12 to 2010-12-12 )))))))))))))))))))))))))))))))
.
2010-12-12 23:10 . 2010-12-12 23:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-12 22:57 . 2010-12-12 22:57 -------- d-----w- C:\totalcmd
2010-12-12 22:57 . 2010-12-12 22:57 -------- d-----w- c:\users\ada\AppData\Roaming\GHISLER
2010-12-12 22:57 . 2010-11-29 06:56 545 ----a-w- c:\windows\UC.PIF
2010-12-12 22:57 . 2010-11-29 06:56 545 ----a-w- c:\windows\RAR.PIF
2010-12-12 22:57 . 2010-11-29 06:56 545 ----a-w- c:\windows\PKZIP.PIF
2010-12-12 22:57 . 2010-11-29 06:56 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-12-12 22:57 . 2010-11-29 06:56 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-12-12 22:57 . 2010-11-29 06:56 545 ----a-w- c:\windows\LHA.PIF
2010-12-12 22:57 . 2010-11-29 06:56 545 ----a-w- c:\windows\ARJ.PIF
2010-12-12 21:16 . 2010-12-12 21:17 -------- d-----w- c:\program files\trend micro
2010-12-12 21:16 . 2010-12-12 21:17 -------- d-----w- C:\rsit
2010-12-02 19:42 . 2010-12-02 19:42 -------- d-----w- c:\users\ada\AppData\Roaming\uTorrent
2010-12-02 15:19 . 2010-12-02 15:20 -------- d-----w- c:\program files\InterActual
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-30 13:09 . 2010-07-09 19:14 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-09-30 13:09 . 2010-07-09 19:14 458048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-09-24 12:31 . 2010-09-24 12:31 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-09-24 12:31 . 2010-09-24 12:31 458048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]
c:\users\ada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - d:\limewire\LimeWire.exe [2010-7-8 503808]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-07-24 101248]
S1 aswSP;avast! Self Protection; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {B9EB0721-00A9-4705-967B-BB224F53679D} = 213.151.200.31 213.151.208.162
.
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2010-12-13 00:19:49 - machine was rebooted
ComboFix-quarantined-files (2).txt 2010-03-21 15:42
ComboFix-quarantined-files.txt 2010-12-12 23:19
ComboFix2.txt 2010-12-12 22:13
Pre-Run: 2 542 645 248 bytes free
Post-Run: 2 448 756 736 bytes free
- - End Of File - - 31837974ECD781C2FF58BD23A0EAE33F
Ak chces ist spat tak bez problemov, poradim si a napisem sem vysledok. Start masiny sa zrychlil, na portoch ziadna zbytocna komunikacia, mam z toho lepsi pocit.
Re: Preventivka = podozrenie na nieco nekale
Me uz se ten CF taky docela libi
Odinstalujte Combofix
TFC http://oldtimer.geekstogo.com/TFC.exe
Panel čistič
Doporucuji provest defragmentaci disku
Napis jak se pak chova po vyluxovani
Odinstalujte Combofix
- Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
- Napiste ComboFix /Uninstall
- Stisknete Enter
- Tohle smaze Combofix a jeho slozky
- Stahnete a spustte
- Pro potvrzeni volby mackejte A, Enter
- Po pouziti utilitu smazte
- Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
- Stahnete a spustte
- Kliknete na CleanUp a potvrdte YES
- Program uklidi a restartuje PC
TFC http://oldtimer.geekstogo.com/TFC.exe
- Stahnete a spustte
- Kliknete na Start a potvrdte OK
- Program uklidi a restartuje pc
- Po pouziti utilitu smazte
Panel čistič
- Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
- dejte Hledej problémy
- nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
- postup opakujte dokud nebude bez problemu - vetsinou cca 3x
- Zde muzete odinstalovat nepotrebne programy
Doporucuji provest defragmentaci disku
- Nejjednodussi (ale nejmene ucinny) zpusob je pomoci utility ve windowsech
- Kliknete na Tento pocitac, dale na disk kliknete pravym tlacitkem, vyberte Vlastnosti
- prepnete se do zalozky Nastroje
- Nyni vidite pomucky Defragmentace - spustte ji kliknutim na Defragmentovat
- Toto provedte se vsemi disky
- Dalsi moznosti (a mnou doporucenou) je pres programek Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
- Program stahnete, nainstalujte (dejte fajfku pryc u yahoo toolbaru) a spustte
- Kliknete na Analyzovat
- Pokud je ve sloupci Fragmentováno vice jak 5%, doporucuji provest defragmentaci (klik na Defragmentovat)
- Postup provedte se vsemi disky
- Posledni moznost je pres jednoduchy programek JKDefrag http://www.stahuj.centrum.cz/utility_a_ ... /jkdefrag/
- Vyhodou programku je, ze se neinstaluje
- Staci tedy jen stahnout dle verze vaseho OS a rozbalit
- Nasledne spustit pomoci souboru JKDefrag pripadne JKDefrag64
- Probehne analyza disku a nasledne i defragmentace
Napis jak se pak chova po vyluxovani
Re: Preventivka = podozrenie na nieco nekale
dakujem, zajtra to vycistim, zoptimalizujem a vyluxujem, Ten kram s dll koncovkou je spusteny pod limewire, tak ho nebudem likvidovat.
Dobra praca, som rad, ze to tu stale funguje a ze sa dokazete postarat aj o penzistov na odpocinku :DDD
Pozdravujem vsetkych borcov
Dobra praca, som rad, ze to tu stale funguje a ze sa dokazete postarat aj o penzistov na odpocinku :DDD
Pozdravujem vsetkych borcov
Re: Preventivka = podozrenie na nieco nekale
pozdrav poleti i do interni...napis pak jak se to zlepsilo, pro muj klid duse
Re: Preventivka = podozrenie na nieco nekale
Masina funguje, pouzili sme Crap Cleaner a defragmentaciu. Zvysok bola otazka silneho prudu vzduchu na vetraky. Zistili sme, ze Avast preklikas, a pred nespravnym klikanim uzivatela nezachrani