ComboFix 08-01-13.1 - Evca 2008-01-14 16:46:54.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.222 [GMT 1:00]
Running from: C:\INSTALACE PROGRAMŮ\PC zabezpečení\ComboFix\ComboFix.exe
Command switches used :: C:\Documents and Settings\Evca\Plocha-IKONY\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\alkaudgn.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\VundoFix Backups
C:\VundoFix Backups\dadqbwyd.dll.bad
C:\VundoFix Backups\dtwnxocy.dll.bad
C:\VundoFix Backups\hyspoing.dll.bad
C:\VundoFix Backups\rqrrrsq.dll.bad
C:\VundoFix Backups\wdtnccmr.dll.bad
C:\VundoFix Backups\wyyxx.ini.bad
C:\VundoFix Backups\wyyxx.ini2.bad
C:\VundoFix Backups\xxyyw.dll.bad
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\alkaudgn.dll
.
((((((((((((((((((((((((( Files Created from 2007-12-14 to 2008-01-14 )))))))))))))))))))))))))))))))
.
2008-01-14 16:44 . 2008-01-14 16:44 193 --a------ C:\vypreg.bat
2008-01-12 22:29 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 21:56 . 2008-01-12 21:56 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-11 21:54 . 2008-01-11 21:54 <DIR> d-------- C:\Documents and Settings\Evca\DoctorWeb
2008-01-11 06:48 . 2008-01-11 06:48 14,554 --a------ C:\WINDOWS\BM37876cd7.xml
2008-01-10 07:38 . 2008-01-10 07:42 3,092 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-10 07:00 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-10 07:00 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-10 07:00 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-10 07:00 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-10 07:00 . 2007-09-28 14:26 25,088 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-09 18:04 . 2008-01-09 18:04 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-01-09 18:04 . 2008-01-09 18:04 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-01-09 18:04 . 2008-01-09 18:04 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-01-09 18:04 . 2008-01-09 18:04 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2008-01-09 18:04 . 2008-01-09 18:04 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-01-09 18:04 . 2008-01-09 18:04 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-01-09 18:02 . 2008-01-09 18:02 26 --a------ C:\WINDOWS\Lic.xxx
2008-01-09 18:01 . 2002-12-05 13:00 135,680 --a------ C:\WINDOWS\R.COM
2008-01-09 18:01 . 2002-12-05 13:00 130,048 --a------ C:\WINDOWS\system32\T.COM
2008-01-07 15:24 . 2008-01-07 15:24 <DIR> d-------- C:\Documents and Settings\Evca\Data aplikací\WinPatrol
2008-01-06 21:16 . 2008-01-06 21:16 <DIR> d-------- C:\karanténa
2008-01-05 22:13 . 2008-01-05 22:13 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ESET
2008-01-05 16:18 . 2008-01-05 16:18 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2008-01-05 16:17 . 2008-01-05 16:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-05 13:25 . 2008-01-08 15:42 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2007-12-21 08:21 . 2007-12-21 08:21 33,800 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-12-21 08:20 . 2007-12-21 08:20 30,216 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 08:19 . 2007-12-21 08:19 39,944 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2007-12-19 07:29 . 2007-12-19 07:29 <DIR> d-------- C:\Program Files\MagicTune Premium
2007-12-19 07:28 . 2007-12-19 07:28 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2007-12-19 07:28 . 2008-01-10 07:01 <DIR> d-------- C:\WINDOWS\LastGood
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-12 21:15 62,580,334 -c--a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-01-12 00:18 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Skyline
2008-01-10 06:04 --------- d-----w C:\Documents and Settings\Evca\Data aplikací\Lavasoft
2008-01-09 20:00 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2008-01-08 17:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-08 16:57 60,136 -c--a-w C:\Documents and Settings\Evca\Data aplikací\GDIPFONTCACHEV1.DAT
2008-01-05 11:07 --------- d-----w C:\Program Files\PASSPORT Electronic Dictionary
2007-12-27 09:57 --------- d-----w C:\Program Files\Spyware Terminator
2007-12-08 21:10 --------- d-----w C:\Program Files\SEC
2007-12-08 20:56 --------- d-----w C:\Program Files\LizardTech
2007-12-07 18:12 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\nView_Profiles
2007-11-19 22:39 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-11-19 22:39 --------- d-----w C:\Program Files\Realtek
2007-11-15 12:14 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2006-08-12 18:11 81,920 ----a-w C:\Documents and Settings\Evca\Data aplikací\ezpinst.exe
2006-08-12 18:11 47,360 ----a-w C:\Documents and Settings\Evca\Data aplikací\pcouffin.sys
2006-01-15 20:32 9,728 --sha-w C:\Program Files\Common Files\Thumbs.db
2005-12-13 10:49 9,728 --sha-w C:\Program Files\Thumbs.db
2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((( snapshot@2008-01-13_22.39.49.02 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-13 21:37:44 32,768 ----a-w C:\WINDOWS\Cookies\index.dat
+ 2008-01-14 15:47:04 32,768 ----a-w C:\WINDOWS\Cookies\index.dat
- 2008-01-12 21:29:39 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-14 15:45:53 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-12 21:29:39 1,191,936 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-14 15:45:53 1,191,936 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-12 21:29:39 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-14 15:45:53 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-12 21:29:39 1,191,936 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-14 15:45:53 1,191,936 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-12 21:29:39 7,987,200 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-14 15:45:54 7,987,200 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-12 21:29:39 1,298,432 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-14 15:45:54 1,298,432 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2008-01-12 21:30:13 241,664 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2008-01-14 15:46:29 241,664 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
- 2008-01-10 05:56:26 32,768 ----a-w C:\WINDOWS\UserData\index.dat
+ 2008-01-14 11:43:42 32,768 ----a-w C:\WINDOWS\UserData\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-12-05 13:00 13312]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2003-04-14 19:30 1491216]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 17:25 1961984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 16:14 86016 C:\WINDOWS\SoundMan.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-06-01 16:22 7618560]
"nwiz"="nwiz.exe" [2006-06-01 17:22 1519616 C:\WINDOWS\system32\nwiz.exe]
"RemoteControl"="C:\VIDEO\LG DVD\PowerDVD\PDVDServ.exe" [2004-11-02 19:24 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2006-05-22 12:26 694272]
"PinnacleDriverCheck"="C:\WINDOWS\System32\\PSDrvCheck.exe" [2004-03-10 23:26 406016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-11 12:58 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 15:51 257088]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-06-01 17:22 86016]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]
"WinPatrol"="C:\Zabezpečení počítače\WinPatrol\winpatrol.exe" [2007-10-26 17:06 292152]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-12-05 13:00 13312]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2002-03-03 10:11:12]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 14:44:06]
GammaTray.lnk - C:\Program Files\MagicTune Premium\GammaTray.exe [2007-12-08 22:10:00]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04]
Monitor.lnk - C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe [2005-11-05 10:17:45]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ :\WINDOW
R0 viasraid;viasraid;C:\WINDOWS\System32\DRIVERS\viasraid.sys [2003-06-12 11:31]
R1 epfwtdir;epfwtdir;C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys [2007-02-20 12:34]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys [2007-02-20 12:34]
R1 prodrv04;Star Force copy protection driver v4;C:\WINDOWS\System32\drivers\prodrv04.sys [2005-01-16 10:43]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator\sp_rsdrv2.sys [2007-11-15 13:14]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys [2002-12-05 13:00]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-14 16:53:13
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-14 16:54:47
ComboFix-quarantined-files.txt 2008-01-14 15:54:40
ComboFix2.txt 2008-01-13 21:40:49
------------------------------------------------------------------------------------
REGEDIT4
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=hex(7):6b,65,72,62,65,72,6f,73,00,6d,73,76,31,5f,30,00,73,\
63,68,61,6e,6e,65,6c,00,77,64,69,67,65,73,74,00,00
"LsaPid"=dword:0000031c
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=hex(7):00,3a,5c,57,49,4e,44,4f,57
"enabledcom"="y"
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\AccessProviders]
"ProviderOrder"=hex(7):57,69,6e,64,6f,77,73,20,4e,54,20,41,63,63,65,73,73,20,\
50,72,6f,76,69,64,65,72,00,00
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,6e,74,6d,61,72,74,61,2e,64,6c,6c,00
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Audit]
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing]
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System]
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Data]
"Pattern"=hex:cd,ad,a9,46,93,b5,10,ee,d6,f8,6a,8d,6f,27,9b,5a,34,36,37,36,33,\
35,31,66,00,68,07,00,01,00,00,00,d8,00,00,00,dc,00,00,00,48,fa,06,00,d6,48,\
57,74,04,00,00,00,a0,fd,06,00,b8,fd,06,00,98,9e,27,c5
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\GBG]
"GrafBlumGroup"=hex:94,7b,af,65,fe,44,f1,92,70
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\JD]
"Lookup"=hex:d9,b0,f6,c1,4e,03
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos]
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Domains]
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\SidCache]
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0]
"Auth132"="IISSUBA"
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Skew1]
"SkewMatrix"=hex:fb,f6,73,34,6a,eb,dc,be,3e,d9,c7,3f,23,49,19,d6
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SSO]
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache]
"Time"=hex:e0,c5,c4,b2,04,c4,c4,01
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,70,2e,65,ac,84,c4,01
"Type"=dword:00000031
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:80,8d,5a,69,ac,84,c4,01
"Type"=dword:00000031
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,24,f3,69,ac,84,c4,01
"Type"=dword:00000031
prosím o kontrolu logu
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u (mezi comobofix a /u musí být mezera) a dej Ok.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:
Pak dej Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: fix.reg
Uložit jako typ: tak tam vyber Všechny soubory
Ulož si daný soubor na plochu
Na ploše by se měl objevit soubor
fix.reg spusť ho vyskočí hláška kde odklikni Ano poté je další hláška kde odklikni OK
Vlož sem nový log z HJT a řekni jestli problémy přetrvávají?
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:
Kód: Vybrat vše
REGEDIT4
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00Pak dej Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: fix.reg
Uložit jako typ: tak tam vyber Všechny soubory
Ulož si daný soubor na plochu
Na ploše by se měl objevit soubor
fix.reg spusť ho vyskočí hláška kde odklikni Ano poté je další hláška kde odklikni OK
Vlož sem nový log z HJT a řekni jestli problémy přetrvávají?
Uděláno, hotovo - tady je log z HJT.
Jinak z mojí strany mohu říct, že v tuto chvíli žádné problémy nezaznamenávám...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:22:54, on 14.1.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Zabezpečení počítače\Ad-aware2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SYSTEM32\GEARSec.exe
C:\VIDEO\LG DVD\PowerDVD\PDVDServ.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Zabezpečení počítače\WinPatrol\winpatrol.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\INSTALACE PROGRAMŮ\PC zabezpečení\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.1.1:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ZABEZP~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\VIDEO\LG DVD\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [WinPatrol] C:\Zabezpečení počítače\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/conte ... ite_EN.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{484C621D-1819-406D-B363-CC8B2EC7C9C9}: NameServer = 212.71.131.166,212.71.131.6
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Zabezpečení počítače\Ad-aware2007\aawservice.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - (no file)
--
End of file - 6173 bytes
Jinak z mojí strany mohu říct, že v tuto chvíli žádné problémy nezaznamenávám...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:22:54, on 14.1.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Zabezpečení počítače\Ad-aware2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SYSTEM32\GEARSec.exe
C:\VIDEO\LG DVD\PowerDVD\PDVDServ.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Zabezpečení počítače\WinPatrol\winpatrol.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\INSTALACE PROGRAMŮ\PC zabezpečení\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.1.1:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ZABEZP~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\VIDEO\LG DVD\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [WinPatrol] C:\Zabezpečení počítače\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/conte ... ite_EN.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{484C621D-1819-406D-B363-CC8B2EC7C9C9}: NameServer = 212.71.131.166,212.71.131.6
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Zabezpečení počítače\Ad-aware2007\aawservice.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - (no file)
--
End of file - 6173 bytes
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
O24 - Desktop Component 0: (no name) - (no file)
po zaškrtnutí klikni na tlačítko Fix Checked
Bylo by dobré si doinstalovat Windows XP SP2 (Service Pack 2)
Pokud tedy nemáš žádné další problémy tak by to bylo vše.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
O24 - Desktop Component 0: (no name) - (no file)
po zaškrtnutí klikni na tlačítko Fix Checked
Bylo by dobré si doinstalovat Windows XP SP2 (Service Pack 2)
Pokud tedy nemáš žádné další problémy tak by to bylo vše.
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 115 hostů