Express Gate
Re: Express Gate
Tak napůl. Je to nebezpečný? Asi jsem ho potřeboval pro spuštění multiplayeru jedné hry, ale při odemykání zčernala obrazovka a musel jsem restartovat. Je to pár dní zpátky, od té doby jsem to nezkoušel. Mám ho zablokovat?
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43292
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Express Gate
Nic neblokuj.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.
Máš notebook či PC Asus?
Pak je ASUS Express gate legální program , který sis s programem a ovladači , případně s aktualizací sám nainstaloval:
http://extranotebook.cnews.cz/expressga ... obnohledem
http://www.svethardware.cz/art_doc-14AE ... D50E2.html
Zkus sem dát screen , nepíše to chybu?
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
File::
c:\windows\Tasks\Google Software Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
Driver::
Lbd
MpKsl3861cbc7
appdrvrem01
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
Firefox::
FF - ProfilePath - c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\22lq19dg.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... cqskins&q=
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.
Máš notebook či PC Asus?
Pak je ASUS Express gate legální program , který sis s programem a ovladači , případně s aktualizací sám nainstaloval:
http://extranotebook.cnews.cz/expressga ... obnohledem
http://www.svethardware.cz/art_doc-14AE ... D50E2.html
Zkus sem dát screen , nepíše to chybu?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Express Gate
Udělal jsem všechno z příspěvku výše.
Log z COMBOFIXu:
ComboFix 11-03-24.06 - oem 26.03.2011 1:09.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2690 [GMT 1:00]
Spuštěný z: c:\documents and settings\oem\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\oem\Plocha\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\windows\Tasks\Google Software Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\crt.dat
c:\windows\system32\cryptnet32.dll
c:\windows\system32\Dll.dll
c:\windows\system32\drivers\str.sys
c:\windows\system32\shimg.dll
c:\windows\Tasks\Google Software Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_APPDRVREM01
-------\Legacy_LBD
-------\Legacy_MPKSL3861CBC7
-------\Service_appdrvrem01
-------\Service_Lbd
-------\Service_MpKsl3861cbc7
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-26 do 2011-03-26 )))))))))))))))))))))))))))))))
.
.
2011-03-25 23:02 . 2011-03-25 23:02 28752 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{4D5059CC-9069-4D80-8B9D-F666E9D1FB59}\MpKsl1f043b4d.sys
2011-03-25 23:01 . 2011-03-25 23:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2011-03-25 22:48 . 2011-03-25 22:30 1112576 ----a-w- c:\windows\system32\ativvamv.dll
2011-03-25 14:40 . 2011-03-25 14:40 -------- d-----w- c:\documents and settings\oem\Data aplikací\The Creative Assembly
2011-03-24 21:40 . 2011-03-25 17:50 -------- d-----w- c:\program files\Defcon
2011-03-24 20:20 . 2011-03-15 04:05 6792528 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{4D5059CC-9069-4D80-8B9D-F666E9D1FB59}\mpengine.dll
2011-03-22 19:25 . 2011-03-22 19:56 -------- d-----w- c:\program files\Sid Meier's Civilization V
2011-02-27 21:00 . 2011-02-27 21:00 -------- d-----w- c:\documents and settings\oem\Data aplikací\Malwarebytes
2011-02-27 21:00 . 2011-02-27 21:00 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-02-27 21:00 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-27 21:00 . 2011-02-27 21:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-27 21:00 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-27 18:59 . 2011-02-11 06:54 5943120 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-02-27 18:59 . 2011-02-27 19:00 -------- d-----w- c:\program files\Microsoft Security Client
2011-02-27 16:45 . 2009-03-18 15:35 26176 ---ha-w- c:\windows\system32\hamachi.sys
2011-02-25 23:30 . 2008-04-13 23:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2011-02-25 23:30 . 2008-04-13 23:10 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2011-02-25 23:30 . 2008-04-13 23:11 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2011-02-25 23:30 . 2008-04-13 23:11 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2011-02-25 23:30 . 2008-04-13 23:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2011-02-25 23:30 . 2008-04-13 23:11 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2011-02-25 19:28 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-02-25 19:28 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-02-25 19:28 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-02-25 19:28 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-02-25 18:59 . 2011-02-25 18:59 -------- d-----w- c:\program files\Eagle Dynamics
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-25 22:34 . 2009-01-30 14:19 6406656 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-03-25 22:33 . 2001-11-09 16:01 24064 ----a-w- c:\windows\system32\ativcoxx.dll
2011-03-25 22:33 . 2009-02-04 05:57 17252352 ----a-w- c:\windows\system32\atioglxx.dll
2011-03-25 22:32 . 2009-01-30 14:21 4029824 ----a-w- c:\windows\system32\ati3duag.dll
2011-03-25 22:32 . 2008-10-21 17:40 45056 ----a-w- c:\windows\system32\ATIODCLI.exe
2011-03-25 22:32 . 2009-02-04 04:44 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-03-25 22:31 . 2009-02-04 04:44 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-03-25 22:31 . 2009-02-04 04:43 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-03-25 22:31 . 2009-02-04 04:43 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-03-25 22:31 . 2009-02-04 03:53 196608 ----a-w- c:\windows\system32\atiadlxx.dll
2011-03-25 22:31 . 2009-02-04 03:52 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-03-25 22:31 . 2009-02-04 02:43 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-03-25 22:31 . 2009-02-04 03:44 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-03-25 22:31 . 2009-02-04 02:42 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-03-25 22:31 . 2010-12-30 15:01 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-03-25 22:31 . 2009-01-30 14:21 2673280 ----a-w- c:\windows\system32\ativvaxx.dll
2011-03-25 22:31 . 2009-02-04 02:40 4636672 ----a-w- c:\windows\system32\aticaldd.dll
2011-03-25 22:31 . 2009-01-30 14:21 302080 ----a-w- c:\windows\system32\ati2dvag.dll
2011-03-25 22:30 . 2010-12-30 15:01 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-03-25 22:30 . 2009-02-04 03:58 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-03-25 22:30 . 2008-10-21 17:40 294912 ----a-w- c:\windows\system32\ATIODE.exe
2011-03-25 22:30 . 2009-02-04 04:41 638976 ----a-w- c:\windows\system32\ati2evxx.exe
2011-03-25 22:30 . 2009-01-30 14:21 847872 ----a-w- c:\windows\system32\ati2cqag.dll
2011-03-25 22:30 . 2009-02-04 04:56 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-03-25 22:30 . 2010-12-30 15:01 118784 ----a-w- c:\windows\system32\atibtmon.exe
2011-03-25 22:30 . 2009-02-04 04:43 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-03-25 22:30 . 2009-02-04 03:54 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-03-25 22:30 . 2009-02-04 04:40 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-03-25 22:30 . 2009-02-04 05:03 483328 ----a-w- c:\windows\system32\atiok3x2.dll
2011-03-25 22:30 . 2009-02-04 03:52 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-02-11 06:54 . 2010-10-17 00:21 5943120 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-09 13:53 . 2004-08-17 13:49 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-17 13:49 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2009-01-27 11:41 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-01-27 11:41 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-17 13:49 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-17 13:48 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2004-08-17 13:44 1854976 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-30 39408]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-04-22 2938552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-16 16806400]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-03-25 570664]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"WTClient"="WTClient.exe" [2009-08-19 32768]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\_hoox_\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"c:\\Program Files\\Steam\\steamapps\\_hoox_\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"c:\\Program Files\\Disney Interactive Studios\\Pure\\Pure.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW_LANFixed.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\EA GAMES\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Program Files\\Steam\\steamapps\\_hoox_\\insurgency\\hl2.exe"=
"c:\\Legendary\\Binaries\\Legendary.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Autodesk\\Maya2008\\bin\\maya.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Codemasters\\OF Dragon Rising\\OFDR.exe"=
"c:\\Program Files\\Bohemia Interactive\\ArmA 2\\arma2.exe"=
"c:\\Program Files\\Steam\\steamapps\\_hoox_\\smashball\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\_hoox_\\age of chivalry\\hl2.exe"=
"c:\\Program Files\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Steam\\steamapps\\_hoox_\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\GRemote\\GRemoteServer.exe"=
"c:\\gPotato.com\\Allods Online\\bin\\Launcher.exe"=
"c:\\gPotato.com\\Allods Online\\bin\\AOgame.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Codemasters\\DiRT2\\dirt2_game.exe"=
"c:\\Program Files\\Steam\\steamapps\\_hoox_\\diprip warm up\\hl2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Ubisoft\\IL-2 Sturmovik 1946\\il2fb.exe"=
"c:\\Program Files\\Opera 11.00 beta\\opera.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's H.A.W.X\\HAWX.exe"=
"c:\\Program Files\\RocketRacer\\RocketRacer.exe"=
"c:\\Program Files\\Eagle Dynamics\\LockOn Flaming Cliffs 2\\bin\\x86\\stable\\simulator.exe"=
"c:\\Program Files\\Steam\\steamapps\\_hoox_\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\_hoox_\\pirates, vikings, and knights ii\\hl2.exe"=
"c:\\Program Files\\Defcon\\defcon.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\empire total war\\Empire.exe"=
"c:\\Program Files\\Steam\\steamapps\\_hoox_\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\amd driver updater, xp, 32 bit\\Setup.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"57688:TCP"= 57688:TCP:Pando Media Booster
"57688:UDP"= 57688:UDP:Pando Media Booster
"5656:UDP"= 5656:UDP:GRemoteServer UDP Port
"10308:TCP"= 10308:TCP:10308
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.1.2009 11:22 721904]
R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [26.12.2009 13:45 2911848]
R1 MpKsl1f043b4d;MpKsl1f043b4d;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{4D5059CC-9069-4D80-8B9D-F666E9D1FB59}\MpKsl1f043b4d.sys [26.3.2011 0:02 28752]
R1 NEOFLTR_600_12507;Juniper Networks TDI Filter Driver (NEOFLTR_600_12507);c:\windows\system32\drivers\NEOFLTR_600_12507.sys [28.12.2007 4:23 64160]
R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [22.6.2009 10:58 23208]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [22.6.2009 10:58 14504]
S2 adffdsxdidsgwm;adffdsxdidsgwm;"c:\docume~1\oem\LOCALS~1\Temp\DAT2C.tmp.exe" --SERVICE --> c:\docume~1\oem\LOCALS~1\Temp\DAT2C.tmp.exe [?]
S2 gupdate1c9c9b2c9a3e876;Služba Google Update (gupdate1c9c9b2c9a3e876);c:\program files\Google\Update\GoogleUpdate.exe [30.4.2009 17:43 133104]
S2 mnalnjcluehn;mnalnjcluehn;"c:\docume~1\oem\LOCALS~1\Temp\DAT3E3.tmp.exe" --SERVICE --> c:\docume~1\oem\LOCALS~1\Temp\DAT3E3.tmp.exe [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\aspi32.sys [23.2.2009 16:18 16512]
S3 AteksoftAudio;WebCamera Plus Audio;c:\windows\system32\drivers\ateksoftaudio.sys [17.7.2010 1:21 11776]
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\btcamdrv.sys [17.7.2010 1:37 219264]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [21.5.2009 22:39 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [21.5.2009 22:39 8320]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ADFFDSXDIDSGWM
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/icqskins/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\22lq19dg.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/icqskins/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Stahuj.cz: stahuj@centrum.cz - c:\program files\Mozilla Firefox\extensions\stahuj@centrum.cz
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Naver: navertheme@nhncorp.com - %profile%\extensions\navertheme@nhncorp.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-26 01:24
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1960408961-1078081533-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1960408961-1078081533-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(1908)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\System32\Drivers\WTSRV.EXE
c:\windows\system32\WTClient.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\WISPTIS.EXE
c:\windows\RTHDCPL.EXE
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2011-03-26 01:32:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-26 00:32
ComboFix2.txt 2011-02-28 19:12
.
Před spuštěním: Volných bajtů: 486 791 135 232
Po spuštění: Volných bajtů: 486 787 231 744
.
- - End Of File - - CD39886F2EB1764231266F77525ED8F6
[/quote]
Log z HJT:
[quote]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:34:45, on 26.3.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\WINDOWS\system32\WTClient.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TO2SSM\McciTrayApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera 11.00 beta\opera.exe
C:\Documents and Settings\oem\Plocha\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/icqskins/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "c:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://neo.csa.cz/dana-cached/setup/Ju ... tupSP1.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: adffdsxdidsgwm - Unknown owner - C:\DOCUME~1\oem\LOCALS~1\Temp\DAT2C.tmp.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1c9c9b2c9a3e876) (gupdate1c9c9b2c9a3e876) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: mnalnjcluehn - Unknown owner - C:\DOCUME~1\oem\LOCALS~1\Temp\DAT3E3.tmp.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE
--
End of file - 8686 bytes
Koukal jsem, že v tom CFScript.txt bylo něco s Firefoxem - používám Operu.
Jinak ano, mám základní desku ASUS. Screen udělat nemůžu - chyba se zobrazuje ještě před naběhnutím Windows.
Zatím díky
Log z COMBOFIXu:
ComboFix 11-03-24.06 - oem 26.03.2011 1:09.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2690 [GMT 1:00]
Spuštěný z: c:\documents and settings\oem\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\oem\Plocha\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\windows\Tasks\Google Software Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\crt.dat
c:\windows\system32\cryptnet32.dll
c:\windows\system32\Dll.dll
c:\windows\system32\drivers\str.sys
c:\windows\system32\shimg.dll
c:\windows\Tasks\Google Software Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_APPDRVREM01
-------\Legacy_LBD
-------\Legacy_MPKSL3861CBC7
-------\Service_appdrvrem01
-------\Service_Lbd
-------\Service_MpKsl3861cbc7
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-26 do 2011-03-26 )))))))))))))))))))))))))))))))
.
.
2011-03-25 23:02 . 2011-03-25 23:02 28752 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{4D5059CC-9069-4D80-8B9D-F666E9D1FB59}\MpKsl1f043b4d.sys
2011-03-25 23:01 . 2011-03-25 23:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2011-03-25 22:48 . 2011-03-25 22:30 1112576 ----a-w- c:\windows\system32\ativvamv.dll
2011-03-25 14:40 . 2011-03-25 14:40 -------- d-----w- c:\documents and settings\oem\Data aplikací\The Creative Assembly
2011-03-24 21:40 . 2011-03-25 17:50 -------- d-----w- c:\program files\Defcon
2011-03-24 20:20 . 2011-03-15 04:05 6792528 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{4D5059CC-9069-4D80-8B9D-F666E9D1FB59}\mpengine.dll
2011-03-22 19:25 . 2011-03-22 19:56 -------- d-----w- c:\program files\Sid Meier's Civilization V
2011-02-27 21:00 . 2011-02-27 21:00 -------- d-----w- c:\documents and settings\oem\Data aplikací\Malwarebytes
2011-02-27 21:00 . 2011-02-27 21:00 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-02-27 21:00 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-27 21:00 . 2011-02-27 21:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-27 21:00 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-27 18:59 . 2011-02-11 06:54 5943120 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-02-27 18:59 . 2011-02-27 19:00 -------- d-----w- c:\program files\Microsoft Security Client
2011-02-27 16:45 . 2009-03-18 15:35 26176 ---ha-w- c:\windows\system32\hamachi.sys
2011-02-25 23:30 . 2008-04-13 23:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2011-02-25 23:30 . 2008-04-13 23:10 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2011-02-25 23:30 . 2008-04-13 23:11 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2011-02-25 23:30 . 2008-04-13 23:11 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2011-02-25 23:30 . 2008-04-13 23:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2011-02-25 23:30 . 2008-04-13 23:11 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2011-02-25 19:28 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-02-25 19:28 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-02-25 19:28 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-02-25 19:28 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-02-25 18:59 . 2011-02-25 18:59 -------- d-----w- c:\program files\Eagle Dynamics
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-25 22:34 . 2009-01-30 14:19 6406656 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-03-25 22:33 . 2001-11-09 16:01 24064 ----a-w- c:\windows\system32\ativcoxx.dll
2011-03-25 22:33 . 2009-02-04 05:57 17252352 ----a-w- c:\windows\system32\atioglxx.dll
2011-03-25 22:32 . 2009-01-30 14:21 4029824 ----a-w- c:\windows\system32\ati3duag.dll
2011-03-25 22:32 . 2008-10-21 17:40 45056 ----a-w- c:\windows\system32\ATIODCLI.exe
2011-03-25 22:32 . 2009-02-04 04:44 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-03-25 22:31 . 2009-02-04 04:44 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-03-25 22:31 . 2009-02-04 04:43 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-03-25 22:31 . 2009-02-04 04:43 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-03-25 22:31 . 2009-02-04 03:53 196608 ----a-w- c:\windows\system32\atiadlxx.dll
2011-03-25 22:31 . 2009-02-04 03:52 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-03-25 22:31 . 2009-02-04 02:43 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-03-25 22:31 . 2009-02-04 03:44 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-03-25 22:31 . 2009-02-04 02:42 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-03-25 22:31 . 2010-12-30 15:01 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-03-25 22:31 . 2009-01-30 14:21 2673280 ----a-w- c:\windows\system32\ativvaxx.dll
2011-03-25 22:31 . 2009-02-04 02:40 4636672 ----a-w- c:\windows\system32\aticaldd.dll
2011-03-25 22:31 . 2009-01-30 14:21 302080 ----a-w- c:\windows\system32\ati2dvag.dll
2011-03-25 22:30 . 2010-12-30 15:01 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-03-25 22:30 . 2009-02-04 03:58 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-03-25 22:30 . 2008-10-21 17:40 294912 ----a-w- c:\windows\system32\ATIODE.exe
2011-03-25 22:30 . 2009-02-04 04:41 638976 ----a-w- c:\windows\system32\ati2evxx.exe
2011-03-25 22:30 . 2009-01-30 14:21 847872 ----a-w- c:\windows\system32\ati2cqag.dll
2011-03-25 22:30 . 2009-02-04 04:56 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-03-25 22:30 . 2010-12-30 15:01 118784 ----a-w- c:\windows\system32\atibtmon.exe
2011-03-25 22:30 . 2009-02-04 04:43 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-03-25 22:30 . 2009-02-04 03:54 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-03-25 22:30 . 2009-02-04 04:40 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-03-25 22:30 . 2009-02-04 05:03 483328 ----a-w- c:\windows\system32\atiok3x2.dll
2011-03-25 22:30 . 2009-02-04 03:52 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-02-11 06:54 . 2010-10-17 00:21 5943120 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-09 13:53 . 2004-08-17 13:49 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-17 13:49 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2009-01-27 11:41 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-01-27 11:41 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-17 13:49 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-17 13:48 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2004-08-17 13:44 1854976 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-30 39408]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-04-22 2938552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-16 16806400]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-03-25 570664]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"WTClient"="WTClient.exe" [2009-08-19 32768]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\_hoox_\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"c:\\Program Files\\Steam\\steamapps\\_hoox_\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"c:\\Program Files\\Disney Interactive Studios\\Pure\\Pure.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW_LANFixed.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\EA GAMES\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Program Files\\Steam\\steamapps\\_hoox_\\insurgency\\hl2.exe"=
"c:\\Legendary\\Binaries\\Legendary.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Autodesk\\Maya2008\\bin\\maya.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Codemasters\\OF Dragon Rising\\OFDR.exe"=
"c:\\Program Files\\Bohemia Interactive\\ArmA 2\\arma2.exe"=
"c:\\Program Files\\Steam\\steamapps\\_hoox_\\smashball\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\_hoox_\\age of chivalry\\hl2.exe"=
"c:\\Program Files\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Steam\\steamapps\\_hoox_\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\GRemote\\GRemoteServer.exe"=
"c:\\gPotato.com\\Allods Online\\bin\\Launcher.exe"=
"c:\\gPotato.com\\Allods Online\\bin\\AOgame.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Codemasters\\DiRT2\\dirt2_game.exe"=
"c:\\Program Files\\Steam\\steamapps\\_hoox_\\diprip warm up\\hl2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Ubisoft\\IL-2 Sturmovik 1946\\il2fb.exe"=
"c:\\Program Files\\Opera 11.00 beta\\opera.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's H.A.W.X\\HAWX.exe"=
"c:\\Program Files\\RocketRacer\\RocketRacer.exe"=
"c:\\Program Files\\Eagle Dynamics\\LockOn Flaming Cliffs 2\\bin\\x86\\stable\\simulator.exe"=
"c:\\Program Files\\Steam\\steamapps\\_hoox_\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\_hoox_\\pirates, vikings, and knights ii\\hl2.exe"=
"c:\\Program Files\\Defcon\\defcon.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\empire total war\\Empire.exe"=
"c:\\Program Files\\Steam\\steamapps\\_hoox_\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\amd driver updater, xp, 32 bit\\Setup.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"57688:TCP"= 57688:TCP:Pando Media Booster
"57688:UDP"= 57688:UDP:Pando Media Booster
"5656:UDP"= 5656:UDP:GRemoteServer UDP Port
"10308:TCP"= 10308:TCP:10308
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.1.2009 11:22 721904]
R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [26.12.2009 13:45 2911848]
R1 MpKsl1f043b4d;MpKsl1f043b4d;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{4D5059CC-9069-4D80-8B9D-F666E9D1FB59}\MpKsl1f043b4d.sys [26.3.2011 0:02 28752]
R1 NEOFLTR_600_12507;Juniper Networks TDI Filter Driver (NEOFLTR_600_12507);c:\windows\system32\drivers\NEOFLTR_600_12507.sys [28.12.2007 4:23 64160]
R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [22.6.2009 10:58 23208]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [22.6.2009 10:58 14504]
S2 adffdsxdidsgwm;adffdsxdidsgwm;"c:\docume~1\oem\LOCALS~1\Temp\DAT2C.tmp.exe" --SERVICE --> c:\docume~1\oem\LOCALS~1\Temp\DAT2C.tmp.exe [?]
S2 gupdate1c9c9b2c9a3e876;Služba Google Update (gupdate1c9c9b2c9a3e876);c:\program files\Google\Update\GoogleUpdate.exe [30.4.2009 17:43 133104]
S2 mnalnjcluehn;mnalnjcluehn;"c:\docume~1\oem\LOCALS~1\Temp\DAT3E3.tmp.exe" --SERVICE --> c:\docume~1\oem\LOCALS~1\Temp\DAT3E3.tmp.exe [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\aspi32.sys [23.2.2009 16:18 16512]
S3 AteksoftAudio;WebCamera Plus Audio;c:\windows\system32\drivers\ateksoftaudio.sys [17.7.2010 1:21 11776]
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\btcamdrv.sys [17.7.2010 1:37 219264]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [21.5.2009 22:39 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [21.5.2009 22:39 8320]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ADFFDSXDIDSGWM
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/icqskins/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\22lq19dg.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/icqskins/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Stahuj.cz: stahuj@centrum.cz - c:\program files\Mozilla Firefox\extensions\stahuj@centrum.cz
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Naver: navertheme@nhncorp.com - %profile%\extensions\navertheme@nhncorp.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-26 01:24
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1960408961-1078081533-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1960408961-1078081533-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(1908)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\System32\Drivers\WTSRV.EXE
c:\windows\system32\WTClient.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\WISPTIS.EXE
c:\windows\RTHDCPL.EXE
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2011-03-26 01:32:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-26 00:32
ComboFix2.txt 2011-02-28 19:12
.
Před spuštěním: Volných bajtů: 486 791 135 232
Po spuštění: Volných bajtů: 486 787 231 744
.
- - End Of File - - CD39886F2EB1764231266F77525ED8F6
[/quote]
Log z HJT:
[quote]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:34:45, on 26.3.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\WINDOWS\system32\WTClient.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TO2SSM\McciTrayApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera 11.00 beta\opera.exe
C:\Documents and Settings\oem\Plocha\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/icqskins/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "c:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://neo.csa.cz/dana-cached/setup/Ju ... tupSP1.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: adffdsxdidsgwm - Unknown owner - C:\DOCUME~1\oem\LOCALS~1\Temp\DAT2C.tmp.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1c9c9b2c9a3e876) (gupdate1c9c9b2c9a3e876) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: mnalnjcluehn - Unknown owner - C:\DOCUME~1\oem\LOCALS~1\Temp\DAT3E3.tmp.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE
--
End of file - 8686 bytes
Koukal jsem, že v tom CFScript.txt bylo něco s Firefoxem - používám Operu.
Jinak ano, mám základní desku ASUS. Screen udělat nemůžu - chyba se zobrazuje ještě před naběhnutím Windows.
Zatím díky
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43292
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Express Gate
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.
Express Gate není žádná nákaza , ale soft od Asusu:
http://www.svethardware.cz/art_doc-14AE ... D50E2.html
Musel si nainstalovat v aktualizacích , či z CD k MB.
Návod
Kód: Vybrat vše
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://neo.csa.cz/dana-cached/setup/Ju ... tupSP1.cab
O23 - Service: adffdsxdidsgwm - Unknown owner - C:\DOCUME~1\oem\LOCALS~1\Temp\DAT2C.tmp.exe (file missing)
O23 - Service: mnalnjcluehn - Unknown owner - C:\DOCUME~1\oem\LOCALS~1\Temp\DAT3E3.tmp.exe (file missing)Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
Driver::
adffdsxdidsgwm
mnalnjcluehn
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.
Express Gate není žádná nákaza , ale soft od Asusu:
http://www.svethardware.cz/art_doc-14AE ... D50E2.html
Musel si nainstalovat v aktualizacích , či z CD k MB.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 3 hosti