já bych potřeboval pomoc. Mám problém s načítáním stránek. Stránka se někdy nenačte, musím ji aktualizovat, pak již funguje. Někdy přestane fungovat celý net a pomůže jen restartace. Dělá se to i v jiných prohlížečích.
Projel jsem různé testy, ale žádný nepomohl. Já jsem celkem na počítače slabý, tak promiňte, jeslti zním trochu banálně.
Kdyby někdo věděl co s tím, tak budu moc vděčný za radu. Fakt díky:)
Tady je jestě log z Hijack this.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:59, on 27.9.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Mail\WinMail.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?CZ (file missing)
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/red ... &site=home (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Plánovač automatické aktualizace LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 12499 bytes
NAČÍTÁNÍ STRÁNEK - hijack this log přitomen:)
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43292
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: NAČÍTÁNÍ STRÁNEK - hijack this log přitomen:)
Vítej na fóru PC-HELP!
Máš 32bit. verzi OS?Pokud ano:
Vypni rez. štít u antiviru.
Stáhni si ComboFix (by sUBs)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Máš 32bit. verzi OS?Pokud ano:
Vypni rez. štít u antiviru.
Stáhni si ComboFix (by sUBs)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: NAČÍTÁNÍ STRÁNEK - hijack this log přitomen:)
Díky moc, tady je log. Snad jsem vše udělal správně, vážně díky za pomoc.
ComboFix 08-09-27.01 - a4am 2008-09-27 22:45:19.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.1.1029.18.1126 [GMT 2:00]
Spuštěný z: C:\Users\a4am\Desktop\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
/wow section nedokončena
((((((((((((((((((((((((( Soubory vytvořené od 2008-08-27 do 2008-09-27 )))))))))))))))))))))))))))))))
.
V tomto časovém úseku nebyly vytvořeny žádné nové soubory.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-27 12:24 --------- d---a-w C:\ProgramData\TEMP
2008-09-27 11:41 --------- d-----w C:\Program Files\Spyware Doctor
2008-09-26 22:59 --------- d-----w C:\Users\a4am\AppData\Roaming\Malwarebytes
2008-09-26 22:59 --------- d-----w C:\ProgramData\Malwarebytes
2008-09-26 22:59 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-26 18:20 --------- d-----w C:\Users\a4am\AppData\Roaming\PC Tools
2008-09-25 22:29 --------- d-----w C:\Users\a4am\AppData\Roaming\Skype
2008-09-25 22:03 --------- d-----w C:\Users\a4am\AppData\Roaming\skypePM
2008-09-25 21:27 --------- d-----w C:\Program Files\Trend Micro
2008-09-25 19:08 --------- d-----w C:\ProgramData\Symantec
2008-09-25 12:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-25 12:11 --------- d-----w C:\Program Files\Symantec
2008-09-25 11:30 --------- d-----w C:\Program Files\CCleaner
2008-09-23 18:44 --------- d-----w C:\Program Files\ICQ6
2008-09-21 22:37 --------- d-----w C:\Program Files\The KMPlayer
2008-09-21 22:16 --------- d-----w C:\Program Files\Common Files\xing shared
2008-09-21 22:16 --------- d-----w C:\Program Files\Common Files\Real
2008-09-21 22:15 --------- d-----w C:\Program Files\Real
2008-09-21 09:03 --------- d-----w C:\Users\a4am\AppData\Roaming\LimeWire
2008-09-14 21:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-14 21:38 --------- d-----w C:\Program Files\VisualConnection
2008-09-14 19:43 --------- d-----w C:\Users\a4am\AppData\Roaming\TOSHIBA
2008-09-14 19:16 --------- d-----w C:\Program Files\Gothic III
2008-09-07 22:11 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-09-07 22:11 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-09-06 20:40 --------- d-----w C:\Program Files\InTune
2008-09-03 10:36 --------- d-----w C:\Program Files\Power Tab Software
2008-09-03 10:27 --------- d-----w C:\Program Files\Guitar Pro 5
2008-09-01 18:25 --------- d-----w C:\Program Files\MTA San Andreas
2008-08-31 12:52 --------- d-----w C:\ProgramData\Megaupload
2008-08-31 12:52 --------- d-----w C:\ProgramData\EmailNotifier
2008-08-29 09:35 --------- d-----w C:\Program Files\SCP Image Magic
2008-08-24 15:30 --------- d-----w C:\Users\a4am\AppData\Roaming\GHISLER
2008-08-17 09:50 --------- d-----w C:\Users\a4am\AppData\Roaming\Canneverbe_Limited
2008-08-17 09:25 13,824 ----a-w C:\Windows\system32\drivers\splitcam.sys
2008-08-17 09:24 --------- d-----w C:\Program Files\SplitCam
2008-08-17 08:51 --------- d-----w C:\Program Files\CDBurnerXP
2008-08-16 20:49 --------- d-----w C:\Users\a4am\AppData\Roaming\Winamp
2008-08-06 23:48 --------- d-----w C:\Program Files\Winamp
2008-08-05 09:55 --------- d-----w C:\Program Files\Rockstar Games
2008-07-31 09:14 --------- d-----w C:\Program Files\ICQLite
2008-07-30 20:50 --------- d-----w C:\Users\a4am\AppData\Roaming\AdobeUM
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-14 20:58 56 ---ha-w C:\Users\All Users\ezsidmv.dat
2008-07-14 20:58 56 ---ha-w C:\ProgramData\ezsidmv.dat
2008-07-04 10:54 174 --sha-w C:\Program Files\desktop.ini
2008-07-04 10:34 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-07-04 10:34 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-07-04 10:34 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-07-04 10:34 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-07-04 10:34 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-07-04 10:34 299,008 ----a-w C:\Windows\System32\wlansec.dll
2008-07-04 10:34 289,280 ----a-w C:\Windows\System32\wlanmsm.dll
2008-07-04 10:34 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-07-04 10:34 2,923,520 ----a-w C:\Windows\explorer.exe
2008-07-04 10:33 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-07-04 10:31 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-07-04 10:31 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-07-04 10:31 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-07-04 10:31 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-07-04 10:28 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-07-04 10:28 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-07-04 10:27 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-07-04 10:27 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-07-04 10:24 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-07-04 10:24 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-07-04 10:24 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-07-04 10:22 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-07-04 10:19 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-07-04 10:18 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-07-04 10:18 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-07-04 10:18 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-07-04 10:18 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-07-04 10:15 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-07-04 10:15 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-07-04 10:15 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-07-04 10:14 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-07-04 10:13 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-04 10:13 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-04 10:13 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-04 10:13 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-04 10:13 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-04 10:13 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-04 10:13 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-07-04 10:12 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-07-04 10:12 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-07-04 10:10 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-07-04 10:10 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-07-04 10:08 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-07-04 10:08 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-07-04 10:07 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-07-04 10:07 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-07-04 1232896]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-05-23 509496]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 438272]
"topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 577536]
"Desktop SMS"="C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe" [2007-01-19 1507328]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 413696]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-19 861744]
"Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-05-07 3139164]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 217088]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-07-09 36352]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-09-22 185896]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-06-10 1163656]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-25 C:\Windows\RtHDVCpl.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-02-27 2756608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{92616F65-0E58-49C1-A02D-FD0495FE0F7B}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{D20CCB2B-8668-424D-A4F1-F77D1CA7FAA5}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{11907D34-66EC-4597-B1C2-4930EEBFA6D9}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{7ED9C13A-B042-43ED-8C92-DE695523AE23}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{18C860BF-DB6C-4D21-9D15-D04D64E3FAA8}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{C0968F27-391A-442B-A6A3-A0FE3A104A55}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{ED80D4AF-CAB8-4B34-A954-8881AB132E87}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{65BC5A69-0973-408A-9127-E657DE797ACB}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{4E1BD599-9E99-45E2-93C9-465ABE0B67F1}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{3F57AD9A-D7BE-4995-8A00-72A4B4A53C24}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{85C3CE19-97C6-49D1-A3B2-44844F4043D3}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{C71293FE-199A-40F7-BA0B-1D985FF0AF1D}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{83B0834B-FFD3-44B7-B473-FEF55BCFF0AB}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{A4C999E1-2CE1-4196-A81F-01AA225A6161}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{DDC5D96A-9F76-462E-9BCC-6CFC633B5BA0}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{34AD784E-32B0-4813-92BC-BBDACA303A95}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{4A6BEC6F-285F-487A-880A-C81B959D7484}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{CCB72556-1312-44D3-B2EA-5EBDBACBDF2C}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{D672E0AF-EA6F-4E4B-A8AB-CB946FB06F9E}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{E093A431-0F4F-4E78-93A8-B7A79F61555A}C:\\program files\\bitlord\\bitlord.exe"= UDP:C:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{5436FD15-A3A8-4700-BB08-C187617922C6}C:\\program files\\bitlord\\bitlord.exe"= TCP:C:\program files\bitlord\bitlord.exe:BitLord
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312]
R1 PSched;Plánovač paketů technologie QoS;C:\Windows\system32\DRIVERS\pacer.sys [2008-07-04 70144]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-04-15 71096]
R2 Plánovač automatické aktualizace LiveUpdate;Plánovač automatické aktualizace LiveUpdate;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 554352]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-16 2602496]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57ae6b09-7db4-11dd-8953-001b38b6f939}]
\shell\AutoRun\command - EXPLORER.EXE
\shell\explore\Command - EXPLORER.EXE
\shell\open\Command - EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{953d18df-48eb-11dd-aec8-001b38b6f939}]
\shell\AutoRun\command - G:\Setup.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Obsah adresáře 'Naplánované úlohy'
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKLM-Run-HWSetup - \HWSetup.exe
MSConfigStartUp-Orb - C:\Program Files\Winamp Remote\bin\OrbTray.exe
.
------- Doplňkový sken -------
.
FireFox -: Profile - C:\Users\a4am\AppData\Roaming\Mozilla\Firefox\Profiles\2v7rziyz.a4am\
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava11.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava12.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava13.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava14.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava32.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npoji610.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 22:46:31
Windows 6.0.6000 NTFS
detected NTDLL code modification:
ZwClose
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
**************************************************************************
.
Celkový čas: 2008-09-27 22:50:48
ComboFix-quarantined-files.txt 2008-09-27 20:50:45
Před spuštěním: Syst‚m nem…§e nal‚zt text zpr vy źˇslo 0x2379 v˙souboru zpr v pro Application.
Po spuštění: 5,301,653,504
235 --- E O F --- 2008-07-07 14:43:39
ComboFix 08-09-27.01 - a4am 2008-09-27 22:45:19.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.1.1029.18.1126 [GMT 2:00]
Spuštěný z: C:\Users\a4am\Desktop\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
/wow section nedokončena
((((((((((((((((((((((((( Soubory vytvořené od 2008-08-27 do 2008-09-27 )))))))))))))))))))))))))))))))
.
V tomto časovém úseku nebyly vytvořeny žádné nové soubory.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-27 12:24 --------- d---a-w C:\ProgramData\TEMP
2008-09-27 11:41 --------- d-----w C:\Program Files\Spyware Doctor
2008-09-26 22:59 --------- d-----w C:\Users\a4am\AppData\Roaming\Malwarebytes
2008-09-26 22:59 --------- d-----w C:\ProgramData\Malwarebytes
2008-09-26 22:59 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-26 18:20 --------- d-----w C:\Users\a4am\AppData\Roaming\PC Tools
2008-09-25 22:29 --------- d-----w C:\Users\a4am\AppData\Roaming\Skype
2008-09-25 22:03 --------- d-----w C:\Users\a4am\AppData\Roaming\skypePM
2008-09-25 21:27 --------- d-----w C:\Program Files\Trend Micro
2008-09-25 19:08 --------- d-----w C:\ProgramData\Symantec
2008-09-25 12:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-25 12:11 --------- d-----w C:\Program Files\Symantec
2008-09-25 11:30 --------- d-----w C:\Program Files\CCleaner
2008-09-23 18:44 --------- d-----w C:\Program Files\ICQ6
2008-09-21 22:37 --------- d-----w C:\Program Files\The KMPlayer
2008-09-21 22:16 --------- d-----w C:\Program Files\Common Files\xing shared
2008-09-21 22:16 --------- d-----w C:\Program Files\Common Files\Real
2008-09-21 22:15 --------- d-----w C:\Program Files\Real
2008-09-21 09:03 --------- d-----w C:\Users\a4am\AppData\Roaming\LimeWire
2008-09-14 21:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-14 21:38 --------- d-----w C:\Program Files\VisualConnection
2008-09-14 19:43 --------- d-----w C:\Users\a4am\AppData\Roaming\TOSHIBA
2008-09-14 19:16 --------- d-----w C:\Program Files\Gothic III
2008-09-07 22:11 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-09-07 22:11 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-09-06 20:40 --------- d-----w C:\Program Files\InTune
2008-09-03 10:36 --------- d-----w C:\Program Files\Power Tab Software
2008-09-03 10:27 --------- d-----w C:\Program Files\Guitar Pro 5
2008-09-01 18:25 --------- d-----w C:\Program Files\MTA San Andreas
2008-08-31 12:52 --------- d-----w C:\ProgramData\Megaupload
2008-08-31 12:52 --------- d-----w C:\ProgramData\EmailNotifier
2008-08-29 09:35 --------- d-----w C:\Program Files\SCP Image Magic
2008-08-24 15:30 --------- d-----w C:\Users\a4am\AppData\Roaming\GHISLER
2008-08-17 09:50 --------- d-----w C:\Users\a4am\AppData\Roaming\Canneverbe_Limited
2008-08-17 09:25 13,824 ----a-w C:\Windows\system32\drivers\splitcam.sys
2008-08-17 09:24 --------- d-----w C:\Program Files\SplitCam
2008-08-17 08:51 --------- d-----w C:\Program Files\CDBurnerXP
2008-08-16 20:49 --------- d-----w C:\Users\a4am\AppData\Roaming\Winamp
2008-08-06 23:48 --------- d-----w C:\Program Files\Winamp
2008-08-05 09:55 --------- d-----w C:\Program Files\Rockstar Games
2008-07-31 09:14 --------- d-----w C:\Program Files\ICQLite
2008-07-30 20:50 --------- d-----w C:\Users\a4am\AppData\Roaming\AdobeUM
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-14 20:58 56 ---ha-w C:\Users\All Users\ezsidmv.dat
2008-07-14 20:58 56 ---ha-w C:\ProgramData\ezsidmv.dat
2008-07-04 10:54 174 --sha-w C:\Program Files\desktop.ini
2008-07-04 10:34 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-07-04 10:34 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-07-04 10:34 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-07-04 10:34 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-07-04 10:34 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-07-04 10:34 299,008 ----a-w C:\Windows\System32\wlansec.dll
2008-07-04 10:34 289,280 ----a-w C:\Windows\System32\wlanmsm.dll
2008-07-04 10:34 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-07-04 10:34 2,923,520 ----a-w C:\Windows\explorer.exe
2008-07-04 10:33 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-07-04 10:31 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-07-04 10:31 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-07-04 10:31 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-07-04 10:31 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-07-04 10:28 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-07-04 10:28 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-07-04 10:27 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-07-04 10:27 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-07-04 10:24 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-07-04 10:24 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-07-04 10:24 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-07-04 10:22 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-07-04 10:19 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-07-04 10:18 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-07-04 10:18 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-07-04 10:18 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-07-04 10:18 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-07-04 10:15 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-07-04 10:15 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-07-04 10:15 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-07-04 10:14 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-07-04 10:13 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-04 10:13 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-04 10:13 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-04 10:13 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-04 10:13 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-04 10:13 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-04 10:13 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-07-04 10:12 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-07-04 10:12 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-07-04 10:10 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-07-04 10:10 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-07-04 10:08 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-07-04 10:08 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-07-04 10:07 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-07-04 10:07 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-07-04 1232896]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-05-23 509496]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 438272]
"topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 577536]
"Desktop SMS"="C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe" [2007-01-19 1507328]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 413696]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-19 861744]
"Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-05-07 3139164]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 217088]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-07-09 36352]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-09-22 185896]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-06-10 1163656]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-25 C:\Windows\RtHDVCpl.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-02-27 2756608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{92616F65-0E58-49C1-A02D-FD0495FE0F7B}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{D20CCB2B-8668-424D-A4F1-F77D1CA7FAA5}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{11907D34-66EC-4597-B1C2-4930EEBFA6D9}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{7ED9C13A-B042-43ED-8C92-DE695523AE23}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{18C860BF-DB6C-4D21-9D15-D04D64E3FAA8}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{C0968F27-391A-442B-A6A3-A0FE3A104A55}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{ED80D4AF-CAB8-4B34-A954-8881AB132E87}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{65BC5A69-0973-408A-9127-E657DE797ACB}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{4E1BD599-9E99-45E2-93C9-465ABE0B67F1}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{3F57AD9A-D7BE-4995-8A00-72A4B4A53C24}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{85C3CE19-97C6-49D1-A3B2-44844F4043D3}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{C71293FE-199A-40F7-BA0B-1D985FF0AF1D}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{83B0834B-FFD3-44B7-B473-FEF55BCFF0AB}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{A4C999E1-2CE1-4196-A81F-01AA225A6161}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{DDC5D96A-9F76-462E-9BCC-6CFC633B5BA0}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{34AD784E-32B0-4813-92BC-BBDACA303A95}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{4A6BEC6F-285F-487A-880A-C81B959D7484}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{CCB72556-1312-44D3-B2EA-5EBDBACBDF2C}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{D672E0AF-EA6F-4E4B-A8AB-CB946FB06F9E}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{E093A431-0F4F-4E78-93A8-B7A79F61555A}C:\\program files\\bitlord\\bitlord.exe"= UDP:C:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{5436FD15-A3A8-4700-BB08-C187617922C6}C:\\program files\\bitlord\\bitlord.exe"= TCP:C:\program files\bitlord\bitlord.exe:BitLord
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312]
R1 PSched;Plánovač paketů technologie QoS;C:\Windows\system32\DRIVERS\pacer.sys [2008-07-04 70144]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-04-15 71096]
R2 Plánovač automatické aktualizace LiveUpdate;Plánovač automatické aktualizace LiveUpdate;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 554352]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-16 2602496]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57ae6b09-7db4-11dd-8953-001b38b6f939}]
\shell\AutoRun\command - EXPLORER.EXE
\shell\explore\Command - EXPLORER.EXE
\shell\open\Command - EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{953d18df-48eb-11dd-aec8-001b38b6f939}]
\shell\AutoRun\command - G:\Setup.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Obsah adresáře 'Naplánované úlohy'
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKLM-Run-HWSetup - \HWSetup.exe
MSConfigStartUp-Orb - C:\Program Files\Winamp Remote\bin\OrbTray.exe
.
------- Doplňkový sken -------
.
FireFox -: Profile - C:\Users\a4am\AppData\Roaming\Mozilla\Firefox\Profiles\2v7rziyz.a4am\
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava11.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava12.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava13.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava14.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava32.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npoji610.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 22:46:31
Windows 6.0.6000 NTFS
detected NTDLL code modification:
ZwClose
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
**************************************************************************
.
Celkový čas: 2008-09-27 22:50:48
ComboFix-quarantined-files.txt 2008-09-27 20:50:45
Před spuštěním: Syst‚m nem…§e nal‚zt text zpr vy źˇslo 0x2379 v˙souboru zpr v pro Application.
Po spuštění: 5,301,653,504
235 --- E O F --- 2008-07-07 14:43:39
-
- Mohlo by vás zajímat
- Odpovědi
- Zobrazení
- Poslední příspěvek
-
-
zamrzání Ntb + dlouhé načítání stránek a aplikací
od PARKR » 11 led 2025 12:56 » v Problémy s hardwarem - 8
- 2490
-
od PARKR
Zobrazit poslední příspěvek
11 led 2025 15:10
-
-
- 4
- 2484
-
od PARKR
Zobrazit poslední příspěvek
08 úno 2025 09:18
-
-
Problém s načítáním stránek - bílá blikající obrazovka po přihlášení
od linkinlot9 » 31 pro 2024 15:36 » v Programování a tvorba webu - 1
- 1599
-
od kecalek
Zobrazit poslední příspěvek
31 pro 2024 16:27
-
-
-
Chyba načítání stránky v prohlížeči, kde to fungovalo! Příloha(y)
od Minapark » 23 srp 2024 11:53 » v Internet a internetové prohlížeče - 5
- 4951
-
od Minapark
Zobrazit poslední příspěvek
30 srp 2024 09:29
-
Zpět na “Internet a internetové prohlížeče”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 1 host